前言

• 在调用awvs的rest-api的时候，虽然有官方的文档，但是需要一个一个接口去写，非常的麻烦，到Acunetix的官网找rest-api文档时看到了使用swagger生成python的sdk，但是找不到文章中的swagger.yaml文件，应该是要通过邮件获取，所以去github上搜索发现了一个Acunetix Scanner API12的openapi文件，考虑的两个版本接口相差不大，很多接口都还是和之前一样的，就直接使用这个文件了。

usage

• 支持生成的编程语言，我喜欢使用rust，所以就以生成rust的sdk作为例子，go语言同理。

➜  ~ openapi-generator-cli list -s
ada,ada-server,android,apache2,apex,asciidoc,aspnetcore,avro-schema,bash,crystal,c,clojure,cwiki,cpp-qt-client,cpp-qt-qhttpengine-server,cpp-pistache-server,cpp-restbed-server,cpp-restsdk,cpp-tiny,cpp-tizen,cpp-ue4,csharp,csharp-netcore,csharp-netcore-functions,dart,dart-dio,eiffel,elixir,elm,erlang-client,erlang-proper,erlang-server,fsharp-functions,fsharp-giraffe-server,go,go-echo-server,go-server,go-gin-server,graphql-schema,graphql-nodejs-express-server,groovy,kotlin,kotlin-server,kotlin-spring,kotlin-vertx,ktorm-schema,haskell-http-client,haskell,haskell-yesod,java,jaxrs-cxf-client,java-inflector,java-micronaut-client,java-micronaut-server,java-msf4j,java-pkmst,java-play-framework,java-undertow-server,java-vertx-web,java-camel,jaxrs-cxf,jaxrs-cxf-extended,jaxrs-cxf-cdi,jaxrs-jersey,jaxrs-resteasy,jaxrs-resteasy-eap,jaxrs-spec,javascript,javascript-apollo,javascript-flowtyped,javascript-closure-angular,jmeter,k6,lua,markdown,mysql-schema,nim,nodejs-express-server,objc,ocaml,openapi,openapi-yaml,plantuml,perl,php,php-laravel,php-lumen,php-slim4,php-symfony,php-mezzio-ph,php-dt,powershell,protobuf-schema,python-legacy,python,python-fastapi,python-experimental,python-flask,python-aiohttp,python-blueplanet,r,ruby,ruby-on-rails,ruby-sinatra,rust,rust-server,scalatra,scala-akka,scala-akka-http-server,scala-finch,scala-gatling,scala-lagom-server,scala-play-server,scala-sttp,scalaz,spring,dynamic-html,html,html2,swift5,typescript,typescript-angular,typescript-aurelia,typescript-axios,typescript-fetch,typescript-inversify,typescript-jquery,typescript-nestjs,typescript-node,typescript-redux-query,typescript-rxjs,wsdl-schema

• 查看rust 配置，library参数是使用哪一个http库去发送请求，默认是reqwest，要修改可以使用--library指定，可以使用--package-name修改packageName为你自己喜欢的名字作为sdk的名称。

➜  ~ openapi-generator-cli config-help -g rust

CONFIG OPTIONS

        enumNameSuffix
            Suffix that will be appended to all enum names. (Default: )

        hideGenerationTimestamp
            Hides the generation timestamp when files are generated. (Default: true)

        library
            library template (sub-template) to use. (Default: reqwest)
                hyper - HTTP client: Hyper.
                reqwest - HTTP client: Reqwest.

        packageName
            Rust package name (convention: lowercase). (Default: openapi)

        packageVersion
            Rust package version. (Default: 1.0.0)

        supportAsync
            If set, generate async function call instead. This option is for 'reqwest' library only (Default: true)

        supportMultipleResponses
            If set, return type wraps an enum of all possible 2xx schemas. This option is for 'reqwest' library only (Default: false)

        useSingleRequestParameter
            Setting this property to true will generate functions with a single argument containing all API endpoint parameters instead of one argument per parameter. (Default: false)

        withAWSV4Signature
            whether to include AWS v4 signature support (Default: false)

➜  ~

生成rust的sdk

• -i openapi的yaml文档输入文件
• -o 生成sdk代码的目录

➜  ~ openapi-generator-cli generate -g rust -i openapi.yaml -o IdeaProjects/acunetix_rs/acunetix_sdk
...
################################################################################
# Thanks for using OpenAPI Generator.                                          #
# Please consider donation to help us maintain this project 🙏                 #
# <https://opencollective.com/openapi_generator/donate>                          #
################################################################################

目录结构

• 可以看到文档都生成好了，有每一个参数的类型和描述。
• moduls目录是请求和响应各种数据结构
• api目录的default_api文件中是awvs的rest-api全部接口

➜  acunetix_sdk git:(master) ✗ ls --tree
├── Cargo.toml
├── docs
│   ├── ApiResponse.md
│   ├── DefaultApi.md
│   ├── ...很多
├── git_push.sh
├── README.md
└── src
    ├── apis
    │   ├── configuration.rs
    │   ├── default_api.rs
    │   └── mod.rs
    ├── lib.rs
    └── models
        ├── api_response.rs
        ├── info.rs
        ├── license.rs
        ├── license_extra.rs
        ├── license_limit.rs
        ├── login_req.rs
        ├── ...很多
        └── update_info.rs

调用sdk

• 新建一个rust项目，然后把上面生成好的sdk目录移动到，acunetix_rs目录里面作为子模块。

cargo new acunetix_rs

• 添加sdk到项目依赖，package是你生成sdk时候设置的packageName，默认是openapi，我把它改为acunetix_sdk，方便调用。

[package]
name = "acunetix_rs"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at <https://doc.rust-lang.org/cargo/reference/manifest.html>

[dependencies]
acunetix_sdk = { path = "acunetix_sdk", package = "acunetix_sdk" }

• 调用函数示例：
• 初始化使用默认配置，设置上后端的BaseURL和Token
• 因为要忽略自签名的证书，所以要自定义请求的Client

use std::time::Duration;
use acunetix_sdk::apis::configuration::{ApiKey, Configuration};
use acunetix_sdk::apis::default_api as acunetix_api;
use reqwest::redirect::Policy;

#[tokio::main]
async fn main() {
    let mut api_config = Configuration::default();
    let api_key = ApiKey {
        prefix: None,
        key: String::from("1986ad8c0a5b3df4d7028d5f3c06e936cafd94cb0191d430f8a57416536ddd410"),
    };
    let client = reqwest::Client::builder()
        .pool_max_idle_per_host(0)
        .danger_accept_invalid_certs(true)
        .danger_accept_invalid_hostnames(true)
        .redirect(Policy::none())
        .timeout(Duration::new(30, 0)).build().unwrap();
    api_config.api_key = Some(api_key);
    api_config.client = client;
    api_config.base_path = String::from("<https://192.168.0.116:13443/api/v1>");
    let info = acunetix_api::get_info(&api_config).await;
    println!("{:?}", info);
}

• 测试输出

Ok(Info { acumonitor: Some(true), build_number: Some("220401065"), license: Some(License { access: true, actived: None, email: "[email protected]", expired: false, expires: "2099-12-31T17:59:59", features: Some(["export_waf", "vuln_retest", "updates", "trending_graphs", "target_business_criticality", "scanning_profiles", "multi_engine", "bug_tracking_integration", "acumonitor", "api_key", "target_groups", "multi_user", "continuous_scans", "compliance_reports", "network_scans", "offline_activations", "pause_resume"]), limits: Some(LicenseLimit { demo_targets: Some(500), standard_targets: Some(999999), engines: Some(999999), users: None }), license_key: Some("1111-1111-1111-1111"), maintenance_expired: Some(false), maintenance_expires: Some("2099-12-31T17:59:59"), product_code: Some("AOPENT") }), license_extra: None, major_version: Some("14"), minor_version: Some("7"), update_info: Some(UpdateInfo { build_number: "-", major_version: "13", minor_version: "-", new_update: false, update_status: Some("not_available") }) })

总结

• 现在很多Web框架都兼容openapi的标准，在开放完后可以直接生成openapi的yaml文档，而且像insomnia这些api管理工具也直接导出，每次接口更新后使用openapi-generator重新生成就可以了，不用重复修改代码。
• 而且openapi还有可视的编辑器，可以非常方便的对yaml文件进行编辑。
• 后面会逐步将12版本的常用接口更新到14版本。
• 项目地址：https://github.com/emo-cat/acunetix_rs

参考

• https://openapi-generator.tech/docs/usage
• https://www.acunetix.com/blog/docs/acunetix-api-with-python/
• https://www.twilio.com/docs/openapi/generating-a-rust-client-for-twilios-api