GitLocker: The Coding Marketplace

Description:

appknox 4.3.0

appknox-python
Command-line interface & Python wrapper for the Appknox API.

Python API documentation is available here.

Installation
appknox-python is officially supported on python 3.5 & 3.6. pip is the recommended way to install appknox-python.
pip install appknox

Usage
$ appknox
Usage: appknox [OPTIONS] COMMAND [ARGS]...

Command line wrapper for the Appknox API

Options:
-v, --verbose Specify log verbosity.
-k, --insecure Allow Insecure Connection
--help Show this message and exit.

Commands:
analyses List analyses for file
files List files for project
login Log in and save session credentials
logout Delete session credentials
organizations List organizations
projects List projects
recent_uploads List recent file uploads by the user
report Download report for file
upload Upload and scan package
switch_organization Switch organization in CLI instance
vulnerability Get vulnerability
whoami Show session info
reports list Show the list of reports for a file
reports create Creates a new report for a file
reports download summary-csv Downloads the report summary in CSV format
reports download summary-excel Downloads the report summary in Excel format

Authentication
Log in to appknox CLI using your secure.appknox.com credentials.
$ appknox login
Username: viren
Password:
Logged in to https://api.appknox.com

Using Environment Variables
Instead of login we can use environment variables for authentication. This will be useful for scenarios such as CI/CD setup.
$ export APPKNOX_ACCESS_TOKEN=aaaabbbbbcccddeeeffgghhh
$ export APPKNOX_ORGANIZATION_ID=2
$ export HTTP_PROXY=http://proxy.local
$ export HTTPS_PROXY=https://proxy.local

Supported variables are:

Environment variable
Value

APPKNOX_ACCESS_TOKEN
Access token can be generated from Appknox dashboard (Settings → Developer Settings → Generate token).

APPKNOX_HOST
Defaults to https://api.appknox.com

APPKNOX_ORGANIZATION_ID
Your Appknox organization id

HTTP_PROXY
Set your HTTP proxy ex: http://proxy.local

HTTPS_PROXY
Set your HTTPS proxy ex: https://proxy.local

Data fetch & actions

Available commands
Use

organizations
List organizations of user

projects
List projects user has access to

files <project_id>
List files for a project

analyses <file_id>
List analyses for a file

vulnerability <vulnerability_id>
Get vulnerability detail

owasp <owasp_id>
Get OWASP detail

upload <path_to_app_package>
Upload app file from given path and get the file_id

rescan <file_id>
Rescan a file (this will create a new file under the same project.)

reports list <file_id>
Lists all the reports associated with the file

reports create <file_id>
Create a new report for the file and returns report ID

reports download summary-csv <report_id>
Outputs the report summary in CSV format

reports download summary-excel <report_id>
Outputs the report summary in Excel format

Example:
$ appknox organizations
id name
---- -------
2 MyOrganization

$ appknox projects
id created_on file_count package_name platform updated_on
---- ------------------- ------------ ----------------------------- ---------- -------------------
3 2017-06-23 07:19:26 3 org.owasp.goatdroid.fourgoats 0 2017-06-23 07:26:55
4 2017-06-27 08:27:54 2 com.appknox.mfva 0 2017-06-27 08:30:04

$ appknox files 4
id name version version_code
---- ------ --------- --------------
6 MFVA 1 6
7 MFVA 1 6

$ appknox reports list 4
id language
---- ------
1 en
2 en

$ appknox reports create 4
3

$ appknox reports download summary-csv 3
Organization ID,Project ID,Application Name,Application Namespace,Platform,Version,Version Code,File ID,Test Case,Scan Type,Severity,Risk Override,CVSS Score,Findings,Description,Noncompliant Code Example,Compliant Solution,Business Implication,OWASP,CWE,MSTG,ASVS,PCI-DSS,GDPR,Created On
1,1,MFVA,com.appknox.mfva,Android,1.1,1605631525,51,Broken SSL Trust Manager,Static,High,,6.9,"BluK8lNUoeHkNxZ3GVrKN9BP2
NVWmfbtHDiJBOTbOEpCnsbMhc6T31t...(Truncated)

$ appknox reports download summary-csv 3 --output /path/to/output/report_summary.csv
<No output: This command will download the report summary to given output path>

Using Proxy
Appknox client and CLI both supports HTTP and HTTPS proxy. While using the client, if you need to set-up a proxy then please follow the example below
from appknox.client import Appknox

client = Appknox(
access_token="Your-Access-Token", # This is your access token which you can get from developer setting
https_proxy="http://proxy.local", # Use https_proxy by default since cloud server connects to https service
insecure=True, # Use insecure connections, because proxies might have their own set of certificates which maynot be trusted
) # Insecure connections are not reccomended though

To use it in CLI example:
$ export HTTPS_PROXY=http://127.0.0.1:8080
$ appknox --insecure login
Username:

Note: Please avoid using --insecure flag or setting insecure=True in client, this will allow an attacker to perform MITM attack, but this might be required for proxies to work alongside.

Development
Update docs
Install sphinx-autobuild:
pip install sphinx-autobuild

Build docs:
sphinx-autobuild -b html sphinx-docs docs

License: MIT