adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(qualys): strip() defensif sur credentials + extraction enrichie de l erreur Qualys (responseCode + errorMessage + errorResolution + RAW fallback si format inconnu)

Browse Source
This commit is contained in:
Pierre & Lumière 2026-05-05 18:28:13 +02:00
parent c77b4b22eb
commit 1bad243f5e
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/services/qualys_service.py
View File

@ -17,11 +17,12 @@ CACHE_TTL = 600 # 10 minutes
def _get_qualys_creds(db): def _get_qualys_creds(db):
"""Recupere les credentials Qualys depuis les secrets chiffres""" """Recupere les credentials Qualys depuis les secrets chiffres.
url = get_secret(db, "qualys_url") or "https://qualysapi.qualys.eu" .strip() defensif : un copier-coller peut ajouter newline/CR."""
user = get_secret(db, "qualys_user") or "" url = (get_secret(db, "qualys_url") or "https://qualysapi.qualys.eu").strip()
pwd = get_secret(db, "qualys_pass") or "" user = (get_secret(db, "qualys_user") or "").strip()
proxy = get_secret(db, "qualys_proxy") or "" pwd = (get_secret(db, "qualys_pass") or "").strip()
proxy = (get_secret(db, "qualys_proxy") or "").strip()
bypass = (get_secret(db, "qualys_bypass_proxy") or "").lower() == "true" bypass = (get_secret(db, "qualys_bypass_proxy") or "").lower() == "true"
if bypass: if bypass:
proxy = "" proxy = ""
@ -87,15 +88,22 @@ def search_assets_api(db, query, field="name", operator="CONTAINS", force_refres
return {"ok": False, "msg": f"Erreur API: {e}", "assets": []} return {"ok": False, "msg": f"Erreur API: {e}", "assets": []}
if r.status_code != 200 or "SUCCESS" not in r.text: if r.status_code != 200 or "SUCCESS" not in r.text:
# Inclure le détail Qualys (errorMessage / errorResolution sont dans le XML) # Extraire un max d'info Qualys pour debug
import re as _re import re as _re
err_msg = "" err_msg = ""
m = _re.search(r"<responseCode>([^<]+)</responseCode>", r.text or "")
if m: err_msg += " [" + m.group(1).strip() + "]"
m = _re.search(r"<errorMessage>([^<]+)</errorMessage>", r.text or "") m = _re.search(r"<errorMessage>([^<]+)</errorMessage>", r.text or "")
if m: err_msg += " | errorMessage: " + m.group(1).strip() if m: err_msg += " | errorMessage: " + m.group(1).strip()
m = _re.search(r"<errorResolution>([^<]+)</errorResolution>", r.text or "") m = _re.search(r"<errorResolution>([^<]+)</errorResolution>", r.text or "")
if m: err_msg += " | errorResolution: " + m.group(1).strip() if m: err_msg += " | errorResolution: " + m.group(1).strip()
m = _re.search(r"<responseCode>([^<]+)</responseCode>", r.text or "") # Si Qualys retourne <RETURN status="FAILED">message</RETURN> (legacy /api/2.0/fo)
if m: err_msg = " [" + m.group(1).strip() + "]" + err_msg m = _re.search(r'<RETURN[^>]*status="FAILED"[^>]*>\s*([^<]+?)\s*</RETURN>',
r.text or "", _re.DOTALL)
if m: err_msg += " | RETURN: " + m.group(1).strip()
# Fallback : dump brut tronqué (utile si XML non standard)
if not err_msg and r.text:
err_msg = " | RAW: " + r.text[:500].replace("\n", " ")
return {"ok": False, return {"ok": False,
"msg": f"API HTTP {r.status_code}{err_msg}", "msg": f"API HTTP {r.status_code}{err_msg}",
"assets": []} "assets": []}