Add monthly-report ++reports option, fix report id

timopollmeier · timopollmeier · commit 1178f8a57f8c · 2025-08-22T08:44:22.000+02:00
The monthly-report script now looks for reports in identifiers
modified in the given month.
A new ++reports option has been added to choose whether to skip
getting the reports (only returning the vulnerability counts), get the
last report in the selected month or get a list of all reports in the
selected month.
For this the argument parsing and help/usage text are changed to use
argparse.

This addresses the problem that the shown report ids could previously
be outside the selected date range.
diff --git a/scripts/monthly-report-gos24.10.gmp.py b/scripts/monthly-report-gos24.10.gmp.py
@@ -3,37 +3,16 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 
 import sys
-from argparse import Namespace
-from datetime import date, timedelta
+from argparse import ArgumentParser, Namespace, RawDescriptionHelpFormatter
+from datetime import date, datetime, timedelta
 
 from gvm.protocols.gmp import Gmp
 from terminaltables import AsciiTable
 
 
-def check_args(args: Namespace) -> None:
-    len_args = len(args.script) - 1
-    if len_args < 2:
-        message = """
-        This script will display all vulnerabilities from the hosts of the
-        reports in a given month!
-        It needs two parameters after the script name.
-        First one is the month and second one is the year.
-        Both parameters are plain numbers, so no text.
-
-        Explicitly made for GOS 24.10.
-
-        1. <month>  -- month of the monthly report
-        2. <year>   -- year of the monthly report
-
-        Example:
-            $ gvm-script --gmp-username name --gmp-password pass \
-    ssh --hostname <gsm> scripts/monthly-report2.gmp.py 05 2019
-        """
-        print(message)
-        sys.exit()
-
-
-def print_reports(gmp: Gmp, from_date: date, to_date: date) -> None:
+def print_reports(
+    gmp: Gmp, from_date: date, to_date: date, reports_choice: str
+) -> None:
     host_filter = (
         f"rows=-1 and modified>{from_date.isoformat()} "
         f"and created<{to_date.isoformat()}"
@@ -45,9 +24,30 @@ def print_reports(gmp: Gmp, from_date: date, to_date: date) -> None:
     sum_high = 0
     sum_medium = 0
     sum_low = 0
-    table_data = [
-        ["Hostname", "IP", "Bericht", "critical", "high", "medium", "low"]
-    ]
+
+    table_header = ["Hostname", "IP", "Critical", "High", "Medium", "Low"]
+    if reports_choice == "last":
+        table_header = [
+            "Hostname",
+            "IP",
+            "Report",
+            "Critical",
+            "High",
+            "Medium",
+            "Low",
+        ]
+    elif reports_choice == "list":
+        table_header = [
+            "Hostname",
+            "IP",
+            "Reports",
+            "Critical",
+            "High",
+            "Medium",
+            "Low",
+        ]
+
+    table_data = [table_header]
 
     for host in hosts_xml.xpath("asset"):
         ip = host.xpath("name/text()")[0]
@@ -95,13 +95,35 @@ def print_reports(gmp: Gmp, from_date: date, to_date: date) -> None:
         sum_high += high
         sum_critical += critical
 
-        best_os_cpe_report_id = host.xpath(
-            'host/detail/name[text()="best_os_cpe"]/../source/@id'
-        )[0]
-
-        table_data.append(
-            [hostname, ip, best_os_cpe_report_id, critical, high, medium, low]
-        )
+        if reports_choice == "none":
+            table_data.append([hostname, ip, critical, high, medium, low])
+        else:
+            report_host_identifiers = host.xpath(
+                "identifiers/identifier[source/deleted = 0 and"
+                '  (source/type = "Report Host"'
+                '   or source/type = "Report Host Detail")]'
+            )
+            report_ids = []
+            for identifier in report_host_identifiers:
+                mod_date = datetime.fromisoformat(
+                    identifier.findtext("modification_time")
+                ).date()
+                
+                if mod_date >= to_date or mod_date < from_date:
+                    continue
+                
+                report_ids.append(identifier.find("source").get("id"))
+                if reports_choice == 'last':
+                    break
+
+            if reports_choice == 'last':
+                table_data.append(
+                    [hostname, ip, report_ids[0], critical, high, medium, low]
+                )
+            else:
+                table_data.append(
+                    [hostname, ip, ',\n'.join(report_ids)+'\n', critical, high, medium, low]
+                )
 
     table = AsciiTable(table_data)
     print(f"{table.table}\n")
@@ -118,16 +140,45 @@ def print_reports(gmp: Gmp, from_date: date, to_date: date) -> None:
 def main(gmp: Gmp, args: Namespace) -> None:
     # pylint: disable=undefined-variable
 
-    check_args(args)
+    description_message = """
+This script will display all vulnerabilities from the hosts of the \
+reports in a given month and year.
+These must be given after the script name as plain numbers.
+
+This version is explicitly made for GOS 24.10.
+
+Example:
+    $ gvm-script --gmp-username name --gmp-password pass \
+ssh --hostname <gsm> scripts/monthly-report2.gmp.py 05 2019
+    """
+
+    parser = ArgumentParser(
+        prog=("gvm-script [...] " + args.script[0]),
+        formatter_class=RawDescriptionHelpFormatter,
+        prefix_chars="+",
+        description=description_message,
+    )
+    parser.add_argument("month", type=int, help="month of the monthly report")
+    parser.add_argument("year", type=int, help="year of the monthly report")
+    parser.add_argument(
+        "++reports",
+        choices=["none", "last", "list"],
+        default="last",
+        help=(
+            "what to show in the reports column:"
+            ' "none": do not show a reports column;'
+            ' "last": show the last report in the selected month;'
+            ' "list": show a list of reports in the selected month.'
+        ),
+    )
+    script_args, _ = parser.parse_known_args(args.script[1:])
 
-    month = int(args.script[1])
-    year = int(args.script[2])
-    from_date = date(year, month, 1)
+    from_date = date(script_args.year, script_args.month, 1)
     to_date = from_date + timedelta(days=31)
     # To have the first day in month
     to_date = to_date.replace(day=1)
 
-    print_reports(gmp, from_date, to_date)
+    print_reports(gmp, from_date, to_date, script_args.reports)
 
 
 if __name__ == "__gmp__":
