Performing API calls from VBscript - Part II

Document created by Scr1ptW1zard on Apr 23, 2012
Version 1Show Document
  • View in full screen mode

     In this document, I would like to explain how I perform launching and downloading reports.

 

     The first subroutine is launchReport:

 

Sub launchReport(template_id,xmlName,iSec)
'//*****************************************************************************
'// Description: Launch the report specified by the provided template_id value.
'//
'// Input: template_id - The ID number assigned to the report template.
'//                      (This can be obtained from the 'Info' selection of the
'//                       'Quick Actions' menu)
'//        xmlName     - The name to store the results of the report.
'//        iSec        - The number of seconds to pause between checking if the report
'//                      has completed.
'//
'// Output: Report stored in XML format.
'//
'//*****************************************************************************
    Dim ReportID
    getXMLFile 2, xmlName,"report/?action=launch&template_id=" & template_id & "&output_format=xml", "POST"

    ReportID=getReportID(xmlName)
    Do
        wscript.sleep 1000*iSec
    Loop While Not chkReport(ReportID)

    getXMLFile 2, xmlName,"report/?action=fetch&id=" & reportID, "POST"
    delReport reportID
End Sub

 

     This subroutine uses the getXMLFile subroutine I mentioned in "Performing API calls from VBscript - Part I". By supplying the appropriate report tempate ID, the report will be generated just as any other report. The unique feature of this subroutine is that I have added the ability to wait for the report to complete, then download the report. This is done by first finding the report ID for the newly requested report.

 

     To determine the report ID, I use the getReportID function:

 

Function getReportID(xmlFile)
'//*****************************************************************************
'// Description: Obtain report ID from provided response file. This function is
'//              dependant on and must be called from launchReport().
'//
'// Input: xmlFile - File indicating report.
'//
'// Output: The report ID generated from Qualys.
'//
'//*****************************************************************************
    Dim oReportXML, oReports, report, oReportChild
    getReportID="0"
    Set oReportXML = CreateObject("Microsoft.XMLDOM")
    oReportXML.async=false
    oReportXML.setProperty "SelectionLanguage", "XPath"
'Wait for xmlFile to be created
    While Not oFS.FileExists(DataPath & xmlFile)
        wscript.sleep 5000
    Wend
    If oReportXML.Load(DataPath & xmlFile) Then
        Set oReports=oReportXML.documentElement.SelectNodes("RESPONSE/ITEM_LIST/ITEM")
        If Not oReports.Length=0 Then
            For Each report In oReports
                 Set oReportChild=report.SelectSingleNode("VALUE")
                 If Not oReportChild Is Nothing Then getReportID=oReportChild.Text
            Next
        End If
    End If
End Function

 

 

     The getReportID function will read the report ID value from the XML file produced when the report is launched. Once the report ID is known, I periodically check if the report has the state of "Finished". The time (in seconds) to pause between checking for the report status, is defined by the iSec argument to the launchReport subroutine. The numbers of seconds you choose to use should be based on how long the report typically takes to be generated. As an example, if a report takes about two minutes to generate, choose 120 seconds. By doing this, the check will ocurr every two minutes until the report is "Finished". Choosing too small of a time period will cause un-needed use of your allocated number of API calls available, and quickly lock you from using the API call for many hours.

 

     The checking of the report status is performed by the chkReport function:

 

Function chkReport(ID)
'//*****************************************************************************
'// Description: Determine if provided report ID has reached the state of "Finished".
'//
'// Input: ID - Report ID as provided by Qualys.
'//
'// Output: True  - If report is "Finished".
'//         False - If report is not "Finished".
'//
'//*****************************************************************************
    Dim oReportXML, oReports
    getXMLFile 2, "report_list_status.xml","report/?action=list&state=Finished&id=" & ID, "POST"

    chkReport=False
    Set oReportXML = CreateObject("Microsoft.XMLDOM")
    oReportXML.async=false
    oReportXML.setProperty "SelectionLanguage", "XPath"
    If oReportXML.Load(DataPath & "report_list_status.xml") Then
        Set oReports=oReportXML.documentElement.SelectNodes("RESPONSE/REPORT_LIST/REPORT[ID='" & ID & "'][STATUS/STATE='Finished']")
        If Not oReports.Length=0 Then chkReport=True
    End If
End Function

 

      Again, the chkReport function uses the getXMLFile. If the state for the provided report ID is "Finished" the chkReport function returns 'True', otherwise it returns 'False'. Once the chkReport function returns 'True', the report is downloaded, again using getXMLFile, using the 'fetch' argument. After the report has been downloaded, it is then deleted from the report share (to save space on the report share).

 

      The deletion if performed by the delReport function:

 

Sub delReport(ID)
'//*****************************************************************************
'// Description: Deletes the designated report ID from subscription.
'//
'// Input: ID - Report ID as provided by Qualys.
'//
'// Output: A file named "deletedReport.xml" that contains the result of the
'//         deletion process.
'//
'//*****************************************************************************

    getXMLFile 2, "deletedReport.xml", "report/?action=delete&id=" & ID, "POST"
End Sub

 

     The delReport function simply uses the delete action against the supplied report ID, sending this to the getXMLFile subroutine.

 

Attached is an example of the complete script file.

 

Hope this is helpful. Let me know if you have any questions.

Attachments

Outcomes