Skip to content

Add Faraday v5.22 service#350

Draft
wayto213 wants to merge 3 commits into
chaitin:mainfrom
wayto213:feat/issue-349-faraday-v5-22
Draft

Add Faraday v5.22 service#350
wayto213 wants to merge 3 commits into
chaitin:mainfrom
wayto213:feat/issue-349-faraday-v5-22

Conversation

@wayto213

@wayto213 wayto213 commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Closes #349

接入产品

  • 产品名称:Faraday
  • 产品类型:漏洞管理 / 安全评估协作平台
  • 测试版本:Faraday v5.22.0(本地镜像由官方 GitHub tag v5.22.0 构建,容器内安装包显示 faradaysec==5.22.0
  • API 版本:Faraday REST API v3
  • 本地测试地址:http://127.0.0.1:5985
  • 认证方式:HTTP Basic Auth

实现范围

本 PR 新增 infobyte-faraday-v5-22 service package,覆盖 Faraday 常用漏洞管理联动场景:

  • ListWorkspaces -> GET /_api/v3/ws
  • CreateWorkspace -> POST /_api/v3/ws
  • ListHosts -> GET /_api/v3/ws/{workspace_name}/hosts
  • CreateHost -> POST /_api/v3/ws/{workspace_name}/hosts
  • ListVulnerabilities -> GET /_api/v3/ws/{workspace_name}/vulns
  • GetVulnerability -> GET /_api/v3/ws/{workspace_name}/vulns/{object_id}
  • CreateVulnerability -> POST /_api/v3/ws/{workspace_name}/vulns

测试结果

cd services
npm run validate -- --service-dir infobyte__faraday_v5-22
npm test -- --service-dir infobyte__faraday_v5-22
npm_config_cache=/private/tmp/octobus-npm-cache npm run pack:check
  • validate: passed
  • test: 26/26 passed
  • pack:check: passed
  • OctoBus 单服务导入与 Connect RPC 联调:7/7 方法返回 200。
  • 机器人评审回归用例:已覆盖 workspace_name 仅拒绝 .../\,并允许 demo..hostsv1.2.3 等合法名称;extra_fields 不覆盖已校验字段。

截图证据

Faraday v5.22.0 真实 UI 已在本地测试环境打开并截图,截图展示本 PR 联调创建的 octobus_pr_issue_349_* 工作区。页面顶部可见漏洞总数,列表视图中可见通过 Direct API 和 OctoBus Connect RPC 创建的真实 workspace 记录。

faraday-workspaces-list-evidence-real

联调证据:OctoBus Connect RPC 跑通(主体链路)

本节证明测试主体是 OctoBus 接入链路:请求先进入本地 OctoBus daemon 的 /capsets/{capset}/connect/{instance}/{service}/{method},再由本 PR 新增 service 调用真实 Faraday v5.22.0 API。OctoBus 响应中的 httpStatusrawBody 来自上游 Faraday API;认证信息已脱敏。

OctoBus 方法 OctoBus endpoint HTTP 状态 上游状态
CreateWorkspace POST :19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/CreateWorkspace HTTP/1.1 200 201
CreateHost POST :19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/CreateHost HTTP/1.1 200 201
ListWorkspaces POST :19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/ListWorkspaces HTTP/1.1 200 200
ListHosts POST :19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/ListHosts HTTP/1.1 200 200
CreateVulnerability POST :19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/CreateVulnerability HTTP/1.1 200 201
GetVulnerability POST :19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/GetVulnerability HTTP/1.1 200 200
ListVulnerabilities POST :19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/ListVulnerabilities HTTP/1.1 200 200

以下贴出全部 7 个 OctoBus Connect RPC 方法的真实请求 / 响应原文,覆盖创建、查询和列表链路。响应体中的 httpStatusrawBody 来自上游 Faraday API,认证信息已脱敏;为控制 PR 描述长度,每段响应中冗余的 rawJson(rawBody 的 protobuf 重建副本)已省略,完整 protobuf 形态可在本地通过 OctoBus daemon 复现。

OctoBus Connect RPC:CreateWorkspace 跑通

Request

POST http://127.0.0.1:19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/CreateWorkspace HTTP/1.1
Host: 127.0.0.1:19199
Accept: application/json
Content-Type: application/json

{
  "name": "octobus_pr_issue_349_rpc_20260630151007",
  "description": "Created through OctoBus Connect RPC for Faraday v5.22 issue 349",
  "customer": "octobus",
  "active": true,
  "public": false,
  "importance": 1
}

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 2189

{"httpStatus": 201, "rawBody": "{\"_id\": 13, \"id\": 13, \"customer\": \"octobus\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_rpc_20260630151007\", \"public\": false, \"scope\": [], \"stats\": {\"credentials\": 0, \"hosts\": 0, \"host_confirmed\": 0, \"host_notclosed\": 0, \"host_notclosed_confirmed\": 0, \"services\": 0, \"open_services\": 0, \"service_confirmed\": 0, \"service_notclosed\": 0, \"service_notclosed_confirmed\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 0, \"opened_vulns\": 0, \"re_opened_vulns\": 0, \"risk_accepted_vulns\": 0, \"closed_vulns\": 0, \"confirmed_vulns\": 0, \"notclosed_vulns\": 0, \"notclosed_confirmed_vulns\": 0, \"total_vulns\": 0, \"critical_vulns\": 0, \"high_vulns\": 0, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0, \"code_vulns_confirmed\": 0, \"std_vulns_confirmed\": 0, \"opened_vulns_confirmed\": 0, \"re_opened_vulns_confirmed\": 0, \"risk_accepted_vulns_confirmed\": 0, \"closed_vulns_confirmed\": 0, \"critical_vulns_confirmed\": 0, \"high_vulns_confirmed\": 0, \"medium_vulns_confirmed\": 0, \"low_vulns_confirmed\": 0, \"info_vulns_confirmed\": 0, \"unclassified_vulns_confirmed\": 0, \"web_vulns_notclosed\": 0, \"code_vulns_notclosed\": 0, \"std_vulns_notclosed\": 0, \"critical_vulns_notclosed\": 0, \"high_vulns_notclosed\": 0, \"medium_vulns_notclosed\": 0, \"low_vulns_notclosed\": 0, \"info_vulns_notclosed\": 0, \"unclassified_vulns_notclosed\": 0, \"web_vulns_notclosed_confirmed\": 0, \"code_vulns_notclosed_confirmed\": 0, \"std_vulns_notclosed_confirmed\": 0, \"critical_vulns_notclosed_confirmed\": 0, \"high_vulns_notclosed_confirmed\": 0, \"medium_vulns_notclosed_confirmed\": 0, \"low_vulns_notclosed_confirmed\": 0, \"info_vulns_notclosed_confirmed\": 0, \"unclassified_vulns_notclosed_confirmed\": 0}, \"create_date\": \"2026-06-30T15:12:08.627459+00:00\", \"update_date\": \"2026-06-30T15:12:08.646477+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 1}"}

OctoBus Connect RPC:CreateHost 跑通

Request

POST http://127.0.0.1:19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/CreateHost HTTP/1.1
Host: 127.0.0.1:19199
Accept: application/json
Content-Type: application/json

{
  "workspaceName": "octobus_pr_issue_349_rpc_20260630151007",
  "ip": "10.203.0.62",
  "description": "Created through OctoBus Connect RPC",
  "os": "Linux",
  "owned": false,
  "hostnames": [
    "octobus-rpc-evidence.local"
  ]
}

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 1074

{"httpStatus": 201, "rawBody": "{\"_id\": 13, \"_rev\": \"\", \"creator_command_id\": null, \"creator_command_tool\": null, \"creator_command_params\": null, \"default_gateway\": \"\", \"description\": \"Created through OctoBus Connect RPC\", \"hostnames\": [\"octobus-rpc-evidence.local\"], \"id\": 13, \"importance\": 0, \"ip\": \"10.203.0.62\", \"mac\": \"\", \"metadata\": {\"command_id\": null, \"creator\": \"\", \"owner\": \"faraday\", \"update_time\": \"2026-06-30T15:12:09.087076+00:00\", \"create_time\": \"2026-06-30T15:12:09.028406+00:00\", \"update_user\": null, \"update_action\": 0, \"update_controller_action\": \"\"}, \"name\": \"10.203.0.62\", \"os\": \"Linux\", \"owned\": false, \"owner\": \"faraday\", \"services\": 0, \"open_services\": 0, \"services_status\": [], \"vulns\": 0, \"type\": \"Host\", \"service_summaries\": [], \"severity_counts\": {\"host_id\": 13, \"critical\": 0, \"high\": 0, \"med\": 0, \"low\": 0, \"info\": 0, \"unclassified\": 0, \"total\": 0}, \"versions\": [], \"workspace_name\": \"octobus_pr_issue_349_rpc_20260630151007\"}"}

OctoBus Connect RPC:ListWorkspaces 跑通

Request

POST http://127.0.0.1:19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/ListWorkspaces HTTP/1.1
Host: 127.0.0.1:19199
Accept: application/json
Content-Type: application/json

{}

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 10651

{"httpStatus": 200, "rawBody": "{\"rows\": [{\"_id\": 1, \"id\": 1, \"customer\": \"octobus\", \"description\": \"OctoBus issue 349 Faraday v5.22 validation workspace\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_issue_349\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 1, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-27T08:25:25.677015+00:00\", \"update_date\": \"2026-06-27T08:25:25.705626+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 3, \"id\": 3, \"customer\": \"octobus\", \"description\": \"Direct Faraday API evidence for OctoBus issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_api_20260627083835\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 1, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-27T08:38:36.034471+00:00\", \"update_date\": \"2026-06-27T08:38:36.064478+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 4, \"id\": 4, \"customer\": \"octobus\", \"description\": \"Direct Faraday API evidence for OctoBus issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_api_20260627083904\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 1, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-27T08:39:04.573998+00:00\", \"update_date\": \"2026-06-27T08:39:04.602521+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 6, \"id\": 6, \"customer\": \"octobus\", \"description\": \"Direct Faraday API evidence for OctoBus issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_api_20260627084006\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 1, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-27T08:40:06.472155+00:00\", \"update_date\": \"2026-06-27T08:40:06.487599+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 8, \"id\": 8, \"customer\": \"octobus\", \"description\": \"Direct Faraday API evidence for OctoBus issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_api_20260630150634\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 1, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-30T15:07:40.047253+00:00\", \"update_date\": \"2026-06-30T15:07:40.151019+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 10, \"id\": 10, \"customer\": \"octobus\", \"description\": \"Direct Faraday API evidence for OctoBus issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_api_20260630150822\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 1, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-30T15:09:18.105396+00:00\", \"update_date\": \"2026-06-30T15:09:18.134140+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 12, \"id\": 12, \"customer\": \"octobus\", \"description\": \"Direct Faraday API evidence for OctoBus issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_api_20260630151007\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 1, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-30T15:10:09.960401+00:00\", \"update_date\": \"2026-06-30T15:12:01.398593+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 5, \"id\": 5, \"customer\": \"octobus\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_rpc_20260627083904\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 0, \"medium_vulns\": 1, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-27T08:39:10.762611+00:00\", \"update_date\": \"2026-06-27T08:39:10.782478+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 7, \"id\": 7, \"customer\": \"octobus\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_rpc_20260627084006\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 0, \"medium_vulns\": 1, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-27T08:40:12.222845+00:00\", \"update_date\": \"2026-06-27T08:40:12.236249+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 9, \"id\": 9, \"customer\": \"octobus\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_rpc_20260630150634\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 0, \"opened_vulns\": 0, \"closed_vulns\": 0, \"confirmed_vulns\": 0, \"total_vulns\": 0, \"critical_vulns\": 0, \"high_vulns\": 0, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-30T15:07:51.209994+00:00\", \"update_date\": \"2026-06-30T15:07:51.229543+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 11, \"id\": 11, \"customer\": \"octobus\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_rpc_20260630150822\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 0, \"medium_vulns\": 1, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-30T15:09:25.073184+00:00\", \"update_date\": \"2026-06-30T15:09:25.093637+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 13, \"id\": 13, \"customer\": \"octobus\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_pr_issue_349_rpc_20260630151007\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 0, \"opened_vulns\": 0, \"closed_vulns\": 0, \"confirmed_vulns\": 0, \"total_vulns\": 0, \"critical_vulns\": 0, \"high_vulns\": 0, \"medium_vulns\": 0, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-30T15:12:08.627459+00:00\", \"update_date\": \"2026-06-30T15:12:08.646477+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}, {\"_id\": 2, \"id\": 2, \"customer\": \"octobus\", \"description\": \"Created through OctoBus service CLI for Faraday v5.22 validation\", \"active\": true, \"duration\": {\"start_date\": null, \"end_date\": null}, \"name\": \"octobus_service_issue_349\", \"public\": false, \"scope\": [], \"stats\": {\"hosts\": 1, \"services\": 0, \"web_vulns\": 0, \"code_vulns\": 0, \"std_vulns\": 1, \"opened_vulns\": 1, \"closed_vulns\": 0, \"confirmed_vulns\": 1, \"total_vulns\": 1, \"critical_vulns\": 0, \"high_vulns\": 0, \"medium_vulns\": 1, \"low_vulns\": 0, \"info_vulns\": 0, \"unclassified_vulns\": 0, \"web_vulns_confirmed\": 0}, \"create_date\": \"2026-06-27T08:27:02.825516+00:00\", \"update_date\": \"2026-06-27T08:27:02.848845+00:00\", \"readonly\": false, \"last_run_agent_date\": null, \"importance\": 0}], \"count\": 13}"}

OctoBus Connect RPC:ListHosts 跑通

Request

POST http://127.0.0.1:19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/ListHosts HTTP/1.1
Host: 127.0.0.1:19199
Accept: application/json
Content-Type: application/json

{
  "workspaceName": "octobus_pr_issue_349_rpc_20260630151007",
  "stats": true
}

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 1140

{"httpStatus": 200, "rawBody": "{\"rows\": [{\"id\": 13, \"key\": 13, \"value\": {\"_id\": 13, \"_rev\": \"\", \"creator_command_id\": null, \"creator_command_tool\": null, \"creator_command_params\": null, \"default_gateway\": \"\", \"description\": \"Created through OctoBus Connect RPC\", \"hostnames\": [\"octobus-rpc-evidence.local\"], \"id\": 13, \"importance\": 0, \"ip\": \"10.203.0.62\", \"mac\": \"\", \"metadata\": {\"command_id\": null, \"creator\": \"\", \"owner\": \"faraday\", \"update_time\": \"2026-06-30T15:12:09.087076+00:00\", \"create_time\": \"2026-06-30T15:12:09.028406+00:00\", \"update_user\": null, \"update_action\": 0, \"update_controller_action\": \"\"}, \"name\": \"10.203.0.62\", \"os\": \"Linux\", \"owned\": false, \"owner\": \"faraday\", \"services\": 0, \"open_services\": 0, \"services_status\": [], \"vulns\": 0, \"type\": \"Host\", \"service_summaries\": [], \"severity_counts\": {\"host_id\": 13, \"critical\": 0, \"high\": 0, \"med\": 0, \"low\": 0, \"info\": 0, \"unclassified\": 0, \"total\": 0}, \"versions\": [], \"workspace_name\": \"octobus_pr_issue_349_rpc_20260630151007\"}}], \"count\": 1}"}

OctoBus Connect RPC:CreateVulnerability 跑通

Request

POST http://127.0.0.1:19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/CreateVulnerability HTTP/1.1
Host: 127.0.0.1:19199
Accept: application/json
Content-Type: application/json

{
  "workspaceName": "octobus_pr_issue_349_rpc_20260630151007",
  "name": "OctoBus Connect RPC evidence vulnerability",
  "severity": "medium",
  "type": "Vulnerability",
  "desc": "Created through OctoBus Connect RPC for Faraday v5.22 issue 349",
  "status": "open",
  "confirmed": true,
  "tool": "OctoBus",
  "parent": 13,
  "parentType": "Host",
  "cve": [
    "CVE-2026-3493"
  ],
  "externalId": "octobus-rpc-20260630151007"
}

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 4583

{"httpStatus": 201, "rawBody": "{\"confirmed\": true, \"data\": \"\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"last_detected\": null, \"id\": 12, \"name\": \"OctoBus Connect RPC evidence vulnerability\", \"resolution\": \"\", \"service\": null, \"severity\": \"med\", \"status\": \"open\", \"target\": \"10.203.0.62\", \"tool\": \"OctoBus\", \"_attachments\": {}, \"_id\": 12, \"_rev\": \"\", \"custom_fields\": {}, \"cve\": [\"CVE-2026-3493\"], \"cvss2\": {\"vector_string\": null, \"base_score\": null, \"exploitability_score\": null, \"impact_score\": null, \"base_severity\": null, \"temporal_score\": null, \"temporal_severity\": null, \"environmental_score\": null, \"environmental_severity\": null, \"access_vector\": null, \"access_complexity\": null, \"authentication\": null, \"confidentiality_impact\": null, \"integrity_impact\": null, \"availability_impact\": null, \"exploitability\": null, \"remediation_level\": null, \"report_confidence\": null, \"collateral_damage_potential\": null, \"target_distribution\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null}, \"cvss3\": {\"vector_string\": null, \"base_score\": null, \"exploitability_score\": null, \"impact_score\": null, \"base_severity\": null, \"temporal_score\": null, \"temporal_severity\": null, \"environmental_score\": null, \"environmental_severity\": null, \"attack_vector\": null, \"attack_complexity\": null, \"privileges_required\": null, \"user_interaction\": null, \"confidentiality_impact\": null, \"integrity_impact\": null, \"availability_impact\": null, \"exploit_code_maturity\": null, \"remediation_level\": null, \"report_confidence\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null, \"modified_attack_vector\": null, \"modified_attack_complexity\": null, \"modified_privileges_required\": null, \"modified_user_interaction\": null, \"modified_scope\": null, \"modified_confidentiality_impact\": null, \"modified_integrity_impact\": null, \"modified_availability_impact\": null, \"scope\": null}, \"cvss4\": {\"vector_string\": null, \"base_score\": null, \"base_severity\": null, \"attack_vector\": null, \"attack_complexity\": null, \"attack_requirements\": null, \"privileges_required\": null, \"user_interaction\": null, \"vulnerable_system_confidentiality_impact\": null, \"subsequent_system_confidentiality_impact\": null, \"vulnerable_system_integrity_impact\": null, \"subsequent_system_integrity_impact\": null, \"vulnerable_system_availability_impact\": null, \"subsequent_system_availability_impact\": null, \"safety\": null, \"automatable\": null, \"recovery\": null, \"value_density\": null, \"vulnerability_response_effort\": null, \"provider_urgency\": null, \"modified_attack_vector\": null, \"modified_attack_complexity\": null, \"modified_attack_requirements\": null, \"modified_privileges_required\": null, \"modified_user_interaction\": null, \"modified_vulnerable_system_confidentiality_impact\": null, \"modified_subsequent_system_confidentiality_impact\": null, \"modified_vulnerable_system_integrity_impact\": null, \"modified_subsequent_system_integrity_impact\": null, \"modified_vulnerable_system_availability_impact\": null, \"modified_subsequent_system_availability_impact\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null, \"exploit_maturity\": null}, \"cwe\": [], \"date\": \"2026-06-30T15:12:10.274774+00:00\", \"desc\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"easeofresolution\": null, \"external_id\": \"octobus-rpc-20260630151007\", \"host_os\": \"Linux\", \"hostnames\": [\"octobus-rpc-evidence.local\"], \"impact\": {\"accountability\": false, \"availability\": false, \"confidentiality\": false, \"integrity\": false}, \"issuetracker\": {}, \"metadata\": {\"command_id\": null, \"creator\": \"OctoBus\", \"owner\": \"faraday\", \"update_time\": \"2026-06-30T15:12:10.328006+00:00\", \"create_time\": \"2026-06-30T15:12:10.274774+00:00\", \"update_user\": null, \"update_action\": 0, \"update_controller_action\": \"\"}, \"obj_id\": \"12\", \"owned\": false, \"owner\": \"faraday\", \"parent\": 13, \"parent_type\": \"Host\", \"policyviolations\": [], \"refs\": [], \"risk\": {\"score\": null, \"severity\": null}, \"tags\": [], \"type\": \"Vulnerability\", \"workspace_name\": \"octobus_pr_issue_349_rpc_20260630151007\", \"update_date\": \"2026-06-30T15:12:10.328006+00:00\"}"}

OctoBus Connect RPC:GetVulnerability 跑通

Request

POST http://127.0.0.1:19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/GetVulnerability HTTP/1.1
Host: 127.0.0.1:19199
Accept: application/json
Content-Type: application/json

{
  "workspaceName": "octobus_pr_issue_349_rpc_20260630151007",
  "objectId": 12
}

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 4765

{"httpStatus": 200, "rawBody": "{\"confirmed\": true, \"data\": \"\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"last_detected\": null, \"id\": 12, \"name\": \"OctoBus Connect RPC evidence vulnerability\", \"resolution\": \"\", \"service\": null, \"severity\": \"med\", \"status\": \"open\", \"target\": \"10.203.0.62\", \"tool\": \"OctoBus\", \"_attachments\": {}, \"_id\": 12, \"_rev\": \"\", \"custom_fields\": {}, \"cve\": [\"CVE-2026-3493\"], \"cvss2\": {\"vector_string\": null, \"base_score\": null, \"exploitability_score\": null, \"impact_score\": null, \"base_severity\": null, \"temporal_score\": null, \"temporal_severity\": null, \"environmental_score\": null, \"environmental_severity\": null, \"access_vector\": null, \"access_complexity\": null, \"authentication\": null, \"confidentiality_impact\": null, \"integrity_impact\": null, \"availability_impact\": null, \"exploitability\": null, \"remediation_level\": null, \"report_confidence\": null, \"collateral_damage_potential\": null, \"target_distribution\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null}, \"cvss3\": {\"vector_string\": null, \"base_score\": null, \"exploitability_score\": null, \"impact_score\": null, \"base_severity\": null, \"temporal_score\": null, \"temporal_severity\": null, \"environmental_score\": null, \"environmental_severity\": null, \"attack_vector\": null, \"attack_complexity\": null, \"privileges_required\": null, \"user_interaction\": null, \"confidentiality_impact\": null, \"integrity_impact\": null, \"availability_impact\": null, \"exploit_code_maturity\": null, \"remediation_level\": null, \"report_confidence\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null, \"modified_attack_vector\": null, \"modified_attack_complexity\": null, \"modified_privileges_required\": null, \"modified_user_interaction\": null, \"modified_scope\": null, \"modified_confidentiality_impact\": null, \"modified_integrity_impact\": null, \"modified_availability_impact\": null, \"scope\": null}, \"cvss4\": {\"vector_string\": null, \"base_score\": null, \"base_severity\": null, \"attack_vector\": null, \"attack_complexity\": null, \"attack_requirements\": null, \"privileges_required\": null, \"user_interaction\": null, \"vulnerable_system_confidentiality_impact\": null, \"subsequent_system_confidentiality_impact\": null, \"vulnerable_system_integrity_impact\": null, \"subsequent_system_integrity_impact\": null, \"vulnerable_system_availability_impact\": null, \"subsequent_system_availability_impact\": null, \"safety\": null, \"automatable\": null, \"recovery\": null, \"value_density\": null, \"vulnerability_response_effort\": null, \"provider_urgency\": null, \"modified_attack_vector\": null, \"modified_attack_complexity\": null, \"modified_attack_requirements\": null, \"modified_privileges_required\": null, \"modified_user_interaction\": null, \"modified_vulnerable_system_confidentiality_impact\": null, \"modified_subsequent_system_confidentiality_impact\": null, \"modified_vulnerable_system_integrity_impact\": null, \"modified_subsequent_system_integrity_impact\": null, \"modified_vulnerable_system_availability_impact\": null, \"modified_subsequent_system_availability_impact\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null, \"exploit_maturity\": null}, \"cwe\": [], \"date\": \"2026-06-30T15:12:10.274774+00:00\", \"desc\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"easeofresolution\": null, \"external_id\": \"octobus-rpc-20260630151007\", \"host_os\": \"Linux\", \"hostnames\": [\"octobus-rpc-evidence.local\"], \"impact\": {\"accountability\": false, \"availability\": false, \"confidentiality\": false, \"integrity\": false}, \"issuetracker\": {}, \"metadata\": {\"command_id\": null, \"creator\": \"OctoBus\", \"owner\": \"faraday\", \"update_time\": \"2026-06-30T15:12:10.328006+00:00\", \"create_time\": \"2026-06-30T15:12:10.274774+00:00\", \"update_user\": null, \"update_action\": 0, \"update_controller_action\": \"\"}, \"obj_id\": \"12\", \"owned\": false, \"owner\": \"faraday\", \"parent\": 13, \"parent_type\": \"Host\", \"policyviolations\": [], \"refs\": [], \"risk\": {\"score\": null, \"severity\": null}, \"tags\": [], \"type\": \"Vulnerability\", \"workspace_name\": \"octobus_pr_issue_349_rpc_20260630151007\", \"update_date\": \"2026-06-30T15:12:10.328006+00:00\", \"method\": \"\", \"path\": \"\", \"request\": \"\", \"response\": \"\", \"status_code\": null, \"website\": \"\", \"owasp\": [], \"params\": \"\", \"pname\": \"\", \"query\": \"\"}"}

OctoBus Connect RPC:ListVulnerabilities 跑通

Request

POST http://127.0.0.1:19199/capsets/faraday-pr-evidence/connect/faraday-pr-evidence/InfobyteFaradayV522.Faraday/ListVulnerabilities HTTP/1.1
Host: 127.0.0.1:19199
Accept: application/json
Content-Type: application/json

{
  "workspaceName": "octobus_pr_issue_349_rpc_20260630151007"
}

Response

HTTP/1.1 200 OK
content-type: application/json

{"httpStatus": 200, "rawBody": "{\"vulnerabilities\": [{\"id\": 12, \"key\": 12, \"value\": {\"confirmed\": true, \"data\": \"\", \"description\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"last_detected\": null, \"id\": 12, \"name\": \"OctoBus Connect RPC evidence vulnerability\", \"resolution\": \"\", \"service\": null, \"severity\": \"med\", \"status\": \"open\", \"target\": \"10.203.0.62\", \"tool\": \"OctoBus\", \"_attachments\": {}, \"_id\": 12, \"_rev\": \"\", \"custom_fields\": {}, \"cve\": [\"CVE-2026-3493\"], \"cvss2\": {\"vector_string\": null, \"base_score\": null, \"exploitability_score\": null, \"impact_score\": null, \"base_severity\": null, \"temporal_score\": null, \"temporal_severity\": null, \"environmental_score\": null, \"environmental_severity\": null, \"access_vector\": null, \"access_complexity\": null, \"authentication\": null, \"confidentiality_impact\": null, \"integrity_impact\": null, \"availability_impact\": null, \"exploitability\": null, \"remediation_level\": null, \"report_confidence\": null, \"collateral_damage_potential\": null, \"target_distribution\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null}, \"cvss3\": {\"vector_string\": null, \"base_score\": null, \"exploitability_score\": null, \"impact_score\": null, \"base_severity\": null, \"temporal_score\": null, \"temporal_severity\": null, \"environmental_score\": null, \"environmental_severity\": null, \"attack_vector\": null, \"attack_complexity\": null, \"privileges_required\": null, \"user_interaction\": null, \"confidentiality_impact\": null, \"integrity_impact\": null, \"availability_impact\": null, \"exploit_code_maturity\": null, \"remediation_level\": null, \"report_confidence\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null, \"modified_attack_vector\": null, \"modified_attack_complexity\": null, \"modified_privileges_required\": null, \"modified_user_interaction\": null, \"modified_scope\": null, \"modified_confidentiality_impact\": null, \"modified_integrity_impact\": null, \"modified_availability_impact\": null, \"scope\": null}, \"cvss4\": {\"vector_string\": null, \"base_score\": null, \"base_severity\": null, \"attack_vector\": null, \"attack_complexity\": null, \"attack_requirements\": null, \"privileges_required\": null, \"user_interaction\": null, \"vulnerable_system_confidentiality_impact\": null, \"subsequent_system_confidentiality_impact\": null, \"vulnerable_system_integrity_impact\": null, \"subsequent_system_integrity_impact\": null, \"vulnerable_system_availability_impact\": null, \"subsequent_system_availability_impact\": null, \"safety\": null, \"automatable\": null, \"recovery\": null, \"value_density\": null, \"vulnerability_response_effort\": null, \"provider_urgency\": null, \"modified_attack_vector\": null, \"modified_attack_complexity\": null, \"modified_attack_requirements\": null, \"modified_privileges_required\": null, \"modified_user_interaction\": null, \"modified_vulnerable_system_confidentiality_impact\": null, \"modified_subsequent_system_confidentiality_impact\": null, \"modified_vulnerable_system_integrity_impact\": null, \"modified_subsequent_system_integrity_impact\": null, \"modified_vulnerable_system_availability_impact\": null, \"modified_subsequent_system_availability_impact\": null, \"confidentiality_requirement\": null, \"integrity_requirement\": null, \"availability_requirement\": null, \"exploit_maturity\": null}, \"cwe\": [], \"date\": \"2026-06-30T15:12:10.274774+00:00\", \"desc\": \"Created through OctoBus Connect RPC for Faraday v5.22 issue 349\", \"easeofresolution\": null, \"external_id\": \"octobus-rpc-20260630151007\", \"host_os\": \"Linux\", \"hostnames\": [\"octobus-rpc-evidence.local\"], \"impact\": {\"accountability\": false, \"availability\": false, \"confidentiality\": false, \"integrity\": false}, \"issuetracker\": {}, \"metadata\": {\"command_id\": null, \"creator\": \"OctoBus\", \"owner\": \"faraday\", \"update_time\": \"2026-06-30T15:12:10.328006+00:00\", \"create_time\": \"2026-06-30T15:12:10.274774+00:00\", \"update_user\": null, \"update_action\": 0, \"update_controller_action\": \"\"}, \"obj_id\": \"12\", \"owned\": false, \"owner\": \"faraday\", \"parent\": 13, \"parent_type\": \"Host\", \"policyviolations\": [], \"refs\": [], \"risk\": {\"score\": null, \"severity\": null}, \"tags\": [], \"type\": \"Vulnerability\", \"workspace_name\": \"octobus_pr_issue_349_rpc_20260630151007\", \"update_date\": \"2026-06-30T15:12:10.328006+00:00\", \"method\": \"\", \"path\": \"\", \"request\": \"\", \"response\": \"\", \"status_code\": null, \"website\": \"\", \"owasp\": [], \"params\": \"\", \"pname\": \"\", \"query\": \"\"}}], \"count\": 1}"}

联调证据:目标产品 Faraday API 跑通(完整原文)

以下为本次真实 Faraday v5.22.0 API 调用结果,目标地址为本地测试实例 http://127.0.0.1:5985。Basic Auth 已脱敏,路径、状态码、请求体、响应体保持完整可见。本节对应上方 7 个 OctoBus 方法的上游目标 API 原文。

Faraday API:CreateWorkspace 跑通

Request

POST http://127.0.0.1:5985/_api/v3/ws HTTP/1.1
Host: 127.0.0.1:5985
Accept: application/json
Content-Type: application/json
Authorization: Basic ****

{
  "name": "octobus_pr_issue_349_api_20260630151007",
  "description": "Direct Faraday API evidence for OctoBus issue 349",
  "customer": "octobus",
  "active": true,
  "public": false,
  "importance": 2
}

Response

HTTP/1.1 201 CREATED
content-type: application/json
content-length: 1981

{"_id": 12, "id": 12, "customer": "octobus", "description": "Direct Faraday API evidence for OctoBus issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_api_20260630151007", "public": false, "scope": [], "stats": {"credentials": 0, "hosts": 0, "host_confirmed": 0, "host_notclosed": 0, "host_notclosed_confirmed": 0, "services": 0, "open_services": 0, "service_confirmed": 0, "service_notclosed": 0, "service_notclosed_confirmed": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 0, "opened_vulns": 0, "re_opened_vulns": 0, "risk_accepted_vulns": 0, "closed_vulns": 0, "confirmed_vulns": 0, "notclosed_vulns": 0, "notclosed_confirmed_vulns": 0, "total_vulns": 0, "critical_vulns": 0, "high_vulns": 0, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0, "code_vulns_confirmed": 0, "std_vulns_confirmed": 0, "opened_vulns_confirmed": 0, "re_opened_vulns_confirmed": 0, "risk_accepted_vulns_confirmed": 0, "closed_vulns_confirmed": 0, "critical_vulns_confirmed": 0, "high_vulns_confirmed": 0, "medium_vulns_confirmed": 0, "low_vulns_confirmed": 0, "info_vulns_confirmed": 0, "unclassified_vulns_confirmed": 0, "web_vulns_notclosed": 0, "code_vulns_notclosed": 0, "std_vulns_notclosed": 0, "critical_vulns_notclosed": 0, "high_vulns_notclosed": 0, "medium_vulns_notclosed": 0, "low_vulns_notclosed": 0, "info_vulns_notclosed": 0, "unclassified_vulns_notclosed": 0, "web_vulns_notclosed_confirmed": 0, "code_vulns_notclosed_confirmed": 0, "std_vulns_notclosed_confirmed": 0, "critical_vulns_notclosed_confirmed": 0, "high_vulns_notclosed_confirmed": 0, "medium_vulns_notclosed_confirmed": 0, "low_vulns_notclosed_confirmed": 0, "info_vulns_notclosed_confirmed": 0, "unclassified_vulns_notclosed_confirmed": 0}, "create_date": "2026-06-30T15:10:09.960401+00:00", "update_date": "2026-06-30T15:12:01.398593+00:00", "readonly": false, "last_run_agent_date": null, "importance": 2}

Faraday API:CreateHost 跑通

Request

POST http://127.0.0.1:5985/_api/v3/ws/octobus_pr_issue_349_api_20260630151007/hosts HTTP/1.1
Host: 127.0.0.1:5985
Accept: application/json
Content-Type: application/json
Authorization: Basic ****

{
  "ip": "10.203.0.61",
  "description": "Direct Faraday API evidence host for OctoBus issue 349",
  "os": "Linux",
  "owned": false,
  "hostnames": [
    "octobus-api-evidence.local"
  ]
}

Response

HTTP/1.1 201 CREATED
content-type: application/json
content-length: 943

{"_id": 12, "_rev": "", "creator_command_id": null, "creator_command_tool": null, "creator_command_params": null, "default_gateway": "", "description": "Direct Faraday API evidence host for OctoBus issue 349", "hostnames": ["octobus-api-evidence.local"], "id": 12, "importance": 0, "ip": "10.203.0.61", "mac": "", "metadata": {"command_id": null, "creator": "", "owner": "faraday", "update_time": "2026-06-30T15:12:02.296019+00:00", "create_time": "2026-06-30T15:12:02.211790+00:00", "update_user": null, "update_action": 0, "update_controller_action": ""}, "name": "10.203.0.61", "os": "Linux", "owned": false, "owner": "faraday", "services": 0, "open_services": 0, "services_status": [], "vulns": 0, "type": "Host", "service_summaries": [], "severity_counts": {"host_id": 12, "critical": 0, "high": 0, "med": 0, "low": 0, "info": 0, "unclassified": 0, "total": 0}, "versions": [], "workspace_name": "octobus_pr_issue_349_api_20260630151007"}

Faraday API:CreateVulnerability 跑通

Request

POST http://127.0.0.1:5985/_api/v3/ws/octobus_pr_issue_349_api_20260630151007/vulns HTTP/1.1
Host: 127.0.0.1:5985
Accept: application/json
Content-Type: application/json
Authorization: Basic ****

{
  "name": "Direct Faraday API evidence vulnerability",
  "severity": "high",
  "type": "Vulnerability",
  "desc": "Created by direct Faraday API evidence for OctoBus issue 349",
  "status": "open",
  "confirmed": true,
  "tool": "OctoBus",
  "parent": 12,
  "parent_type": "Host",
  "cve": [
    "CVE-2026-3492"
  ],
  "external_id": "octobus-direct-20260630151007"
}

Response

HTTP/1.1 201 CREATED
content-type: application/json
content-length: 4204

{"confirmed": true, "data": "", "description": "Created by direct Faraday API evidence for OctoBus issue 349", "last_detected": null, "id": 11, "name": "Direct Faraday API evidence vulnerability", "resolution": "", "service": null, "severity": "high", "status": "open", "target": "10.203.0.61", "tool": "OctoBus", "_attachments": {}, "_id": 11, "_rev": "", "custom_fields": {}, "cve": ["CVE-2026-3492"], "cvss2": {"vector_string": null, "base_score": null, "exploitability_score": null, "impact_score": null, "base_severity": null, "temporal_score": null, "temporal_severity": null, "environmental_score": null, "environmental_severity": null, "access_vector": null, "access_complexity": null, "authentication": null, "confidentiality_impact": null, "integrity_impact": null, "availability_impact": null, "exploitability": null, "remediation_level": null, "report_confidence": null, "collateral_damage_potential": null, "target_distribution": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null}, "cvss3": {"vector_string": null, "base_score": null, "exploitability_score": null, "impact_score": null, "base_severity": null, "temporal_score": null, "temporal_severity": null, "environmental_score": null, "environmental_severity": null, "attack_vector": null, "attack_complexity": null, "privileges_required": null, "user_interaction": null, "confidentiality_impact": null, "integrity_impact": null, "availability_impact": null, "exploit_code_maturity": null, "remediation_level": null, "report_confidence": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null, "modified_attack_vector": null, "modified_attack_complexity": null, "modified_privileges_required": null, "modified_user_interaction": null, "modified_scope": null, "modified_confidentiality_impact": null, "modified_integrity_impact": null, "modified_availability_impact": null, "scope": null}, "cvss4": {"vector_string": null, "base_score": null, "base_severity": null, "attack_vector": null, "attack_complexity": null, "attack_requirements": null, "privileges_required": null, "user_interaction": null, "vulnerable_system_confidentiality_impact": null, "subsequent_system_confidentiality_impact": null, "vulnerable_system_integrity_impact": null, "subsequent_system_integrity_impact": null, "vulnerable_system_availability_impact": null, "subsequent_system_availability_impact": null, "safety": null, "automatable": null, "recovery": null, "value_density": null, "vulnerability_response_effort": null, "provider_urgency": null, "modified_attack_vector": null, "modified_attack_complexity": null, "modified_attack_requirements": null, "modified_privileges_required": null, "modified_user_interaction": null, "modified_vulnerable_system_confidentiality_impact": null, "modified_subsequent_system_confidentiality_impact": null, "modified_vulnerable_system_integrity_impact": null, "modified_subsequent_system_integrity_impact": null, "modified_vulnerable_system_availability_impact": null, "modified_subsequent_system_availability_impact": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null, "exploit_maturity": null}, "cwe": [], "date": "2026-06-30T15:12:02.663318+00:00", "desc": "Created by direct Faraday API evidence for OctoBus issue 349", "easeofresolution": null, "external_id": "octobus-direct-20260630151007", "host_os": "Linux", "hostnames": ["octobus-api-evidence.local"], "impact": {"accountability": false, "availability": false, "confidentiality": false, "integrity": false}, "issuetracker": {}, "metadata": {"command_id": null, "creator": "OctoBus", "owner": "faraday", "update_time": "2026-06-30T15:12:02.705345+00:00", "create_time": "2026-06-30T15:12:02.663318+00:00", "update_user": null, "update_action": 0, "update_controller_action": ""}, "obj_id": "11", "owned": false, "owner": "faraday", "parent": 12, "parent_type": "Host", "policyviolations": [], "refs": [], "risk": {"score": null, "severity": null}, "tags": [], "type": "Vulnerability", "workspace_name": "octobus_pr_issue_349_api_20260630151007", "update_date": "2026-06-30T15:12:02.705345+00:00"}

Faraday API:GetVulnerability 跑通

Request

GET http://127.0.0.1:5985/_api/v3/ws/octobus_pr_issue_349_api_20260630151007/vulns/11 HTTP/1.1
Host: 127.0.0.1:5985
Accept: application/json
Authorization: Basic ****

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 4350

{"confirmed": true, "data": "", "description": "Created by direct Faraday API evidence for OctoBus issue 349", "last_detected": null, "id": 11, "name": "Direct Faraday API evidence vulnerability", "resolution": "", "service": null, "severity": "high", "status": "open", "target": "10.203.0.61", "tool": "OctoBus", "_attachments": {}, "_id": 11, "_rev": "", "custom_fields": {}, "cve": ["CVE-2026-3492"], "cvss2": {"vector_string": null, "base_score": null, "exploitability_score": null, "impact_score": null, "base_severity": null, "temporal_score": null, "temporal_severity": null, "environmental_score": null, "environmental_severity": null, "access_vector": null, "access_complexity": null, "authentication": null, "confidentiality_impact": null, "integrity_impact": null, "availability_impact": null, "exploitability": null, "remediation_level": null, "report_confidence": null, "collateral_damage_potential": null, "target_distribution": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null}, "cvss3": {"vector_string": null, "base_score": null, "exploitability_score": null, "impact_score": null, "base_severity": null, "temporal_score": null, "temporal_severity": null, "environmental_score": null, "environmental_severity": null, "attack_vector": null, "attack_complexity": null, "privileges_required": null, "user_interaction": null, "confidentiality_impact": null, "integrity_impact": null, "availability_impact": null, "exploit_code_maturity": null, "remediation_level": null, "report_confidence": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null, "modified_attack_vector": null, "modified_attack_complexity": null, "modified_privileges_required": null, "modified_user_interaction": null, "modified_scope": null, "modified_confidentiality_impact": null, "modified_integrity_impact": null, "modified_availability_impact": null, "scope": null}, "cvss4": {"vector_string": null, "base_score": null, "base_severity": null, "attack_vector": null, "attack_complexity": null, "attack_requirements": null, "privileges_required": null, "user_interaction": null, "vulnerable_system_confidentiality_impact": null, "subsequent_system_confidentiality_impact": null, "vulnerable_system_integrity_impact": null, "subsequent_system_integrity_impact": null, "vulnerable_system_availability_impact": null, "subsequent_system_availability_impact": null, "safety": null, "automatable": null, "recovery": null, "value_density": null, "vulnerability_response_effort": null, "provider_urgency": null, "modified_attack_vector": null, "modified_attack_complexity": null, "modified_attack_requirements": null, "modified_privileges_required": null, "modified_user_interaction": null, "modified_vulnerable_system_confidentiality_impact": null, "modified_subsequent_system_confidentiality_impact": null, "modified_vulnerable_system_integrity_impact": null, "modified_subsequent_system_integrity_impact": null, "modified_vulnerable_system_availability_impact": null, "modified_subsequent_system_availability_impact": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null, "exploit_maturity": null}, "cwe": [], "date": "2026-06-30T15:12:02.663318+00:00", "desc": "Created by direct Faraday API evidence for OctoBus issue 349", "easeofresolution": null, "external_id": "octobus-direct-20260630151007", "host_os": "Linux", "hostnames": ["octobus-api-evidence.local"], "impact": {"accountability": false, "availability": false, "confidentiality": false, "integrity": false}, "issuetracker": {}, "metadata": {"command_id": null, "creator": "OctoBus", "owner": "faraday", "update_time": "2026-06-30T15:12:02.705345+00:00", "create_time": "2026-06-30T15:12:02.663318+00:00", "update_user": null, "update_action": 0, "update_controller_action": ""}, "obj_id": "11", "owned": false, "owner": "faraday", "parent": 12, "parent_type": "Host", "policyviolations": [], "refs": [], "risk": {"score": null, "severity": null}, "tags": [], "type": "Vulnerability", "workspace_name": "octobus_pr_issue_349_api_20260630151007", "update_date": "2026-06-30T15:12:02.705345+00:00", "method": "", "path": "", "request": "", "response": "", "status_code": null, "website": "", "owasp": [], "params": "", "pname": "", "query": ""}

Faraday API:ListWorkspaces 跑通

Request

GET http://127.0.0.1:5985/_api/v3/ws?limit=5 HTTP/1.1
Host: 127.0.0.1:5985
Accept: application/json
Authorization: Basic ****

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 8875

{"rows": [{"_id": 1, "id": 1, "customer": "octobus", "description": "OctoBus issue 349 Faraday v5.22 validation workspace", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_issue_349", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 1, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-27T08:25:25.677015+00:00", "update_date": "2026-06-27T08:25:25.705626+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 3, "id": 3, "customer": "octobus", "description": "Direct Faraday API evidence for OctoBus issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_api_20260627083835", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 1, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-27T08:38:36.034471+00:00", "update_date": "2026-06-27T08:38:36.064478+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 4, "id": 4, "customer": "octobus", "description": "Direct Faraday API evidence for OctoBus issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_api_20260627083904", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 1, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-27T08:39:04.573998+00:00", "update_date": "2026-06-27T08:39:04.602521+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 6, "id": 6, "customer": "octobus", "description": "Direct Faraday API evidence for OctoBus issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_api_20260627084006", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 1, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-27T08:40:06.472155+00:00", "update_date": "2026-06-27T08:40:06.487599+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 8, "id": 8, "customer": "octobus", "description": "Direct Faraday API evidence for OctoBus issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_api_20260630150634", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 1, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-30T15:07:40.047253+00:00", "update_date": "2026-06-30T15:07:40.151019+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 10, "id": 10, "customer": "octobus", "description": "Direct Faraday API evidence for OctoBus issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_api_20260630150822", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 1, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-30T15:09:18.105396+00:00", "update_date": "2026-06-30T15:09:18.134140+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 12, "id": 12, "customer": "octobus", "description": "Direct Faraday API evidence for OctoBus issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_api_20260630151007", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 1, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-30T15:10:09.960401+00:00", "update_date": "2026-06-30T15:12:01.398593+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 5, "id": 5, "customer": "octobus", "description": "Created through OctoBus Connect RPC for Faraday v5.22 issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_rpc_20260627083904", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 0, "medium_vulns": 1, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-27T08:39:10.762611+00:00", "update_date": "2026-06-27T08:39:10.782478+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 7, "id": 7, "customer": "octobus", "description": "Created through OctoBus Connect RPC for Faraday v5.22 issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_rpc_20260627084006", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 0, "medium_vulns": 1, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-27T08:40:12.222845+00:00", "update_date": "2026-06-27T08:40:12.236249+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 9, "id": 9, "customer": "octobus", "description": "Created through OctoBus Connect RPC for Faraday v5.22 issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_rpc_20260630150634", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 0, "opened_vulns": 0, "closed_vulns": 0, "confirmed_vulns": 0, "total_vulns": 0, "critical_vulns": 0, "high_vulns": 0, "medium_vulns": 0, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-30T15:07:51.209994+00:00", "update_date": "2026-06-30T15:07:51.229543+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 11, "id": 11, "customer": "octobus", "description": "Created through OctoBus Connect RPC for Faraday v5.22 issue 349", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_pr_issue_349_rpc_20260630150822", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 0, "medium_vulns": 1, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-30T15:09:25.073184+00:00", "update_date": "2026-06-30T15:09:25.093637+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}, {"_id": 2, "id": 2, "customer": "octobus", "description": "Created through OctoBus service CLI for Faraday v5.22 validation", "active": true, "duration": {"start_date": null, "end_date": null}, "name": "octobus_service_issue_349", "public": false, "scope": [], "stats": {"hosts": 1, "services": 0, "web_vulns": 0, "code_vulns": 0, "std_vulns": 1, "opened_vulns": 1, "closed_vulns": 0, "confirmed_vulns": 1, "total_vulns": 1, "critical_vulns": 0, "high_vulns": 0, "medium_vulns": 1, "low_vulns": 0, "info_vulns": 0, "unclassified_vulns": 0, "web_vulns_confirmed": 0}, "create_date": "2026-06-27T08:27:02.825516+00:00", "update_date": "2026-06-27T08:27:02.848845+00:00", "readonly": false, "last_run_agent_date": null, "importance": 0}], "count": 12}

Faraday API:ListHosts 跑通

Request

GET http://127.0.0.1:5985/_api/v3/ws/octobus_pr_issue_349_api_20260630151007/hosts?stats=true HTTP/1.1
Host: 127.0.0.1:5985
Accept: application/json
Authorization: Basic ****

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 999

{"rows": [{"id": 12, "key": 12, "value": {"_id": 12, "_rev": "", "creator_command_id": null, "creator_command_tool": null, "creator_command_params": null, "default_gateway": "", "description": "Direct Faraday API evidence host for OctoBus issue 349", "hostnames": ["octobus-api-evidence.local"], "id": 12, "importance": 0, "ip": "10.203.0.61", "mac": "", "metadata": {"command_id": null, "creator": "", "owner": "faraday", "update_time": "2026-06-30T15:12:02.296019+00:00", "create_time": "2026-06-30T15:12:02.211790+00:00", "update_user": null, "update_action": 0, "update_controller_action": ""}, "name": "10.203.0.61", "os": "Linux", "owned": false, "owner": "faraday", "services": 0, "open_services": 0, "services_status": [], "vulns": 0, "type": "Host", "service_summaries": [], "severity_counts": {"host_id": 12, "critical": 0, "high": 0, "med": 0, "low": 0, "info": 0, "unclassified": 0, "total": 0}, "versions": [], "workspace_name": "octobus_pr_issue_349_api_20260630151007"}}], "count": 1}

Faraday API:ListVulnerabilities 跑通

Request

GET http://127.0.0.1:5985/_api/v3/ws/octobus_pr_issue_349_api_20260630151007/vulns HTTP/1.1
Host: 127.0.0.1:5985
Accept: application/json
Authorization: Basic ****

Response

HTTP/1.1 200 OK
content-type: application/json
content-length: 4417

{"vulnerabilities": [{"id": 11, "key": 11, "value": {"confirmed": true, "data": "", "description": "Created by direct Faraday API evidence for OctoBus issue 349", "last_detected": null, "id": 11, "name": "Direct Faraday API evidence vulnerability", "resolution": "", "service": null, "severity": "high", "status": "open", "target": "10.203.0.61", "tool": "OctoBus", "_attachments": {}, "_id": 11, "_rev": "", "custom_fields": {}, "cve": ["CVE-2026-3492"], "cvss2": {"vector_string": null, "base_score": null, "exploitability_score": null, "impact_score": null, "base_severity": null, "temporal_score": null, "temporal_severity": null, "environmental_score": null, "environmental_severity": null, "access_vector": null, "access_complexity": null, "authentication": null, "confidentiality_impact": null, "integrity_impact": null, "availability_impact": null, "exploitability": null, "remediation_level": null, "report_confidence": null, "collateral_damage_potential": null, "target_distribution": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null}, "cvss3": {"vector_string": null, "base_score": null, "exploitability_score": null, "impact_score": null, "base_severity": null, "temporal_score": null, "temporal_severity": null, "environmental_score": null, "environmental_severity": null, "attack_vector": null, "attack_complexity": null, "privileges_required": null, "user_interaction": null, "confidentiality_impact": null, "integrity_impact": null, "availability_impact": null, "exploit_code_maturity": null, "remediation_level": null, "report_confidence": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null, "modified_attack_vector": null, "modified_attack_complexity": null, "modified_privileges_required": null, "modified_user_interaction": null, "modified_scope": null, "modified_confidentiality_impact": null, "modified_integrity_impact": null, "modified_availability_impact": null, "scope": null}, "cvss4": {"vector_string": null, "base_score": null, "base_severity": null, "attack_vector": null, "attack_complexity": null, "attack_requirements": null, "privileges_required": null, "user_interaction": null, "vulnerable_system_confidentiality_impact": null, "subsequent_system_confidentiality_impact": null, "vulnerable_system_integrity_impact": null, "subsequent_system_integrity_impact": null, "vulnerable_system_availability_impact": null, "subsequent_system_availability_impact": null, "safety": null, "automatable": null, "recovery": null, "value_density": null, "vulnerability_response_effort": null, "provider_urgency": null, "modified_attack_vector": null, "modified_attack_complexity": null, "modified_attack_requirements": null, "modified_privileges_required": null, "modified_user_interaction": null, "modified_vulnerable_system_confidentiality_impact": null, "modified_subsequent_system_confidentiality_impact": null, "modified_vulnerable_system_integrity_impact": null, "modified_subsequent_system_integrity_impact": null, "modified_vulnerable_system_availability_impact": null, "modified_subsequent_system_availability_impact": null, "confidentiality_requirement": null, "integrity_requirement": null, "availability_requirement": null, "exploit_maturity": null}, "cwe": [], "date": "2026-06-30T15:12:02.663318+00:00", "desc": "Created by direct Faraday API evidence for OctoBus issue 349", "easeofresolution": null, "external_id": "octobus-direct-20260630151007", "host_os": "Linux", "hostnames": ["octobus-api-evidence.local"], "impact": {"accountability": false, "availability": false, "confidentiality": false, "integrity": false}, "issuetracker": {}, "metadata": {"command_id": null, "creator": "OctoBus", "owner": "faraday", "update_time": "2026-06-30T15:12:02.705345+00:00", "create_time": "2026-06-30T15:12:02.663318+00:00", "update_user": null, "update_action": 0, "update_controller_action": ""}, "obj_id": "11", "owned": false, "owner": "faraday", "parent": 12, "parent_type": "Host", "policyviolations": [], "refs": [], "risk": {"score": null, "severity": null}, "tags": [], "type": "Vulnerability", "workspace_name": "octobus_pr_issue_349_api_20260630151007", "update_date": "2026-06-30T15:12:02.705345+00:00", "method": "", "path": "", "request": "", "response": "", "status_code": null, "website": "", "owasp": [], "params": "", "pname": "", "query": ""}}], "count": 1}

@monkeyscan

monkeyscan Bot commented Jun 27, 2026

Copy link
Copy Markdown

PR Title: Add Faraday v5.22 service

Commit: 0518fc4

本次 PR 新增 OctoBus 服务 infobyte__faraday_v5-22,用于封装 Faraday v5.22 的 API。变更包括 proto 定义、JSON schema 配置/密钥、服务主入口、核心实现(HTTP 请求、Basic Auth、protobuf 值转换、列表/对象响应解析)、测试及 README。整体结构清晰,测试覆盖了主要读写操作、参数校验和错误路径。但代码在路径拼接和数据合并方面存在两处需要修复的问题:1) workspace_name 直接拼入 URL 路径时 encodeURIComponent 未过滤 ...,存在路径穿越风险;2) applyExtraFields 在部分 handler 中先于必填字段应用,导致 extra_fields 可能覆盖已经过校验的字段,破坏数据完整性。

@wayto213
wayto213 marked this pull request as ready for review June 27, 2026 09:05
Comment thread services/infobyte__faraday_v5-22/src/infobyte-faraday-v5-22.js Outdated
Comment thread services/infobyte__faraday_v5-22/src/infobyte-faraday-v5-22.js
@monkeyscan

monkeyscan Bot commented Jun 27, 2026

Copy link
Copy Markdown

PR Title: Add Faraday v5.22 service

Commit: aa27d75

本次PR修复了Faraday v5.22服务中的两个历史安全问题:

  1. 路径遍历防护:在 encodePathSegment 中增加了对 workspace_name 的校验,拒绝 ...、包含 ../\ 的路径段,防止路径遍历攻击。

  2. 数据完整性保护:在 applyExtraFields 中,从 Object.assign(body, extra) 改为仅当 body 中不存在该键时才合并 extra_fields,防止 extra_fields 覆盖已经过校验的必填字段。

测试文件同步更新了相关断言,验证了路径校验和字段不覆盖的行为。

总体评估:修复方向正确,基本解决了安全问题。但 encodePathSegment 中对 .. 子串的匹配过于宽泛,可能导致合法的 workspace_name(如 demo..hosts)被误拒,建议收窄校验逻辑。

Comment thread services/infobyte__faraday_v5-22/src/infobyte-faraday-v5-22.js
@monkeyscan

monkeyscan Bot commented Jun 27, 2026

Copy link
Copy Markdown

PR Title: Add Faraday v5.22 service

Commit: 552f202

本次 PR 修正了 encodePathSegment 中对路径分段包含 .. 子串的过度校验。原实现使用 segment.includes('..'),导致 v1.2.3demo..hosts 等完全合法的工作区名称被误拒。修改后仅保留对独立路径分量 ... 的精确拦截,以及路径分隔符 /\\ 的检测,不再对包含 .. 子串的合法字符串进行拦截。测试用例同步更新,验证了 demo..hostsv1.2.3 现在可以正常通过编码,同时移除了对 demo..hosts 应抛异常的预期。该改动消除了误报,同时保留了防止路径遍历的安全边界,改动正确且安全。

@innomentats

Copy link
Copy Markdown
Member

测试的对象仍然是所对接的服务而不是 octobus ?

@wayto213

Copy link
Copy Markdown
Contributor Author

已按这个口径重新整理并更新 PR 正文。现在联调证据以 OctoBus Connect RPC 为主体链路:请求先进入本地 OctoBus daemon 的 /capsets/{capset}/connect/{instance}/{service}/{method},再由本 PR 新增 service 调用真实 Faraday v5.22.0 API。正文中已列出 7 个 OctoBus 方法的调用状态,并贴出 OctoBus RPC 的真实 request/response 示例,可以看到 OctoBus 返回 200,且响应体内的 httpStatus / rawBody 来自上游 Faraday。

同时,为满足 PR 的完整联调证据要求,正文保留并补齐了目标产品 Faraday API 的完整 request/response 原文,包含 CreateWorkspaceCreateHostCreateVulnerabilityGetVulnerability 以及 3 个 List 接口(ListWorkspacesListHostsListVulnerabilities)。路径、状态码、请求体、响应体均完整可见,认证信息已脱敏。

@innomentats

Copy link
Copy Markdown
Member

还是只覆盖了两个接口?

@innomentats
innomentats marked this pull request as draft June 30, 2026 16:15
@wayto213

Copy link
Copy Markdown
Contributor Author

@innomentats 已按要求补齐:OctoBus Connect RPC 主体链路的完整 request / response 原文从 2/7 扩到 7/7,与正文汇总表行序一致(CreateWorkspace → CreateHost → ListWorkspaces → ListHosts → CreateVulnerability → GetVulnerability → ListVulnerabilities)。

数据沿用上一轮的 octobus_pr_issue_349_rpc_20260630151007 workspace(与正文其他段落引用一致,未新建测试资源)。每段响应保留 httpStatusrawBody(即上游 Faraday 真实响应原文),由于 GitHub PR body 64KB 上限,rawJson(rawBody 的 protobuf 重建副本)已省略,并在 RPC 节开头明确说明。Faraday API 7 个直连原文章节保持不变。

请复核,感谢。

@wayto213
wayto213 marked this pull request as ready for review July 1, 2026 00:17
@monkeyscan

monkeyscan Bot commented Jul 10, 2026

Copy link
Copy Markdown

PR Title: Add Faraday v5.22 service

Commit: a592c71

本次 PR 是一个大规模的功能合并,涉及 519 个文件变更。核心改动包括:新增多个第三方安全设备/服务适配器(阿里云 WAF3、DBAudit、火绒、Hermes Gateway、OpenCTI、FOFA、M01 情报、NSFOCUS NGFW、OWASP Dependency-Track、青藤 HIDS v5、Riversec WAF、锐捷行为防火墙、Telegram Bot API、腾讯 TIX SaaS、火山引擎云防火墙等)、SDK 增强(HTTP 工具模块、错误处理、CLI 上下文绑定)、服务导入功能重构(支持多部分表单上传)以及大量现有服务的安全加固(TLS 跳过逻辑统一、凭证字段从 config 迁移到 secret、敏感信息脱敏)。

审查发现了以下关键问题:

  1. TopSec FW V3.7.6 使用全局 Map 缓存登录会话凭证,缺乏 TTL 和容量控制,存在内存泄漏和凭证长期暴露风险;
  2. 多个新增服务(青藤 HIDS v5、M01 情报、OpenCTI、Telegram Bot API)在调用原生 fetch 时传入 timeoutMsskipTlsVerify 等非标准字段,这些字段被 Node.js/undici 静默忽略,导致超时和 TLS 跳过配置实际上无效;
  3. 火绒终端安全服务在 config schema 中声明了 skipTlsVerify 但实现中完全未使用,造成接口契约与实现不一致。

整体评估:PR 以功能扩展和安全改进为主,方向正确,但部分新增服务在 HTTP 客户端实现上回退到了已被修复的过时模式,需要与现有服务的正确模式对齐。

@wayto213
wayto213 force-pushed the feat/issue-349-faraday-v5-22 branch from a592c71 to 552f202 Compare July 10, 2026 03:13
@wayto213
wayto213 marked this pull request as draft July 10, 2026 03:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Faraday_漏洞管理平台_v5.22.0

3 participants