ScansAPI.create isn't using the correct Policy UUID at creation.

[rpayne-rms]

Describe the bug
Credentials are not created in tio.scans.create when using parameters policy, scanner, and folder_id.

To Reproduce
Using tio.scans.create, credentials are passed and confirmed via WUI using the below Tenable provided example.
>>> scan = tio.scans.create( ... name='Example123', ... targets=['127.0.0.1'], ... credentials={'Host': {'Windows': [{ ... 'auth_method': 'Password', ... 'username': 'Admin', ... 'password': 'example', ... 'domain': '' ... }]}})

Credentials no longer populated in this example scan = tio.scans.create( name='Rick API Scan Test14 using TIOscansCreate creds from SteveAtTenable as last block', description='Rick test api description with creds from SteveAtTenable with policy, scanner, folder_id before credentials', targets=['1.2.3.4'], policy='1234', scanner='tenablescanner', folder_id='1234, credentials={'Host': {'Windows': [{ 'auth_method': 'Password', 'username': 'Admin', 'password': 'example', 'domain': '' }]}})

Expected behavior
Credentials should populate regardless of other parameters being used.

Screenshots
This is easy to reproduce. I can add any specific screenshot upon request.

System Information (please complete the following information):

• OS: W10 > WSL Ubuntu 18.04.2 LTS
• Architecture 64bit
• Version 2.7.15+
• Memory [e.g. 4G]

Additional context
Detailed discussion: https://community.tenable.com/s/feed/0D5f200006YeHMPCA3

[Systemgeek-louis]

This code works:

from tenable.io import TenableIO
import logging
logging.basicConfig(level=logging.DEBUG)

tio = TenableIO(access_key='KEY', secret_key='KEY')
scan = tio.scans.create(
    name='Test scan',
    credentials={'Host': {'SSH': [{'id': '1b6f3a8e-a2b8-48f3-b113-b5c2452bca3b'}]}},
    targets=['127.0.0.1'])
sdetials = tio.scans.details(scan['id'])
print (sdetials)

I see the cred in the WUI as expected.
This code does not work:

from tenable.io import TenableIO
import logging
logging.basicConfig(level=logging.DEBUG)

tio = TenableIO(access_key='KEY', secret_key='KEY')
scan = tio.scans.create(
    name='Test scan',
    credentials={'Host': {'SSH': [{'id': '1b6f3a8e-a2b8-48f3-b113-b5c2452bca3b'}]}},
    policy='User_Scan_Policy',
    targets=['127.0.0.1'])

sdetials = tio.scans.details(scan['id'])
print (sdetials)

No Cred in the WUI. It seems that create scans does not like it when you try to create with a Policy either.

[SteveMcGrath]

So this one took a lot of UI hacking to get to the bottom of it. In the end, I have to have another call to the editor API to a previously unknown endpoint and retrieve a different UUID than what was previously assumed to work.

essentially you need to call /editor/scan/policy/{POLICY_ID} to get the template UUID.

I have a modified version working already, however am still working on documentation.

[rpayne-rms]

Steve,

I upgraded to the latest pyTenable, ran my original code, and received this error. What parameters need to be updated?

$ python SecondTestScan.py No handlers could be found for logger "tenable.errors.UnexpectedValueError" Traceback (most recent call last): File "SecondTestScan.py", line 48, in <module> folder_id='3570' File "/home/rpayne/.local/lib/python2.7/site-packages/tenable/io/scans.py", line 369, in create scan = self._create_scan_document(kw) File "/home/rpayne/.local/lib/python2.7/site-packages/tenable/io/scans.py", line 127, in _create_scan_document raise UnexpectedValueError('policy setting is invalid.') tenable.errors.UnexpectedValueError: policy setting is invalid.

Code: scan = tio.scans.create( name='Rick API Scan Test15 using TIOscansCreate creds from SteveAtTenable 0.3.26', description='Rick test api description with creds from SteveAtTenable with policy, scanner, folder_id before credentials', targets=['1.2.3.4'], credentials={'Host': {'Windows': [{ 'auth_method': 'Password', 'username': 'Admin', 'password': 'example', 'domain': '', }]}}, policy='3279', scanner='tenable', folder_id='3570' )

[SteveMcGrath]

policy should be an integer, not a string.