Fix pagination in targets.get() to fetch all targets

Derb237 · claude · Derb237 · commit d625e28c1464 · 2025-11-07T08:30:41.000Z
Previously, the targets.get() method only fetched the first page of results from the API, potentially missing targets when there were more than the default page size. Changes: - Add pagination parameters (page, per_page=100) to initial query - Implement pagination loop to fetch all pages until exhausted - Accumulate all targets across pages before adding to database - Handle empty response and partial last page detection - Fix mutable default argument (query_changes={} -> None) This ensures all registered targets are retrieved and stored in the local database, preventing missing targets from scope enumeration. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/src/synack/plugins/targets.py b/src/synack/plugins/targets.py
@@ -218,7 +218,7 @@ def get_credentials(self, **kwargs):
             elif res.status_code == 403 and self._state.login:
                 self._auth.get_api_token()
 
-    def get(self, status='registered', query_changes={}):
+    def get(self, status='registered', query_changes=None):
         """Get information about targets returned from a query"""
         if not self._db.categories:
             self.get_assessments()
@@ -230,15 +230,37 @@ def get(self, status='registered', query_changes={}):
             'filter[primary]': status,
             'filter[secondary]': 'all',
             'filter[industry]': 'all',
-            'filter[category][]': categories
+            'filter[category][]': categories,
+            'page': 1,
+            'per_page': 100
         }
+        if query_changes is None:
+            query_changes = {}
         query.update(query_changes)
-        res = self._api.request('GET', 'targets', query=query)
-        if res.status_code == 200:
-            self._db.add_targets(res.json(), is_registered=True)
-            return res.json()
-        elif res.status_code == 403 and self._state.login:
-            self._auth.get_api_token()
+
+        # Fetch all pages
+        all_targets = []
+        page = 1
+        while True:
+            query['page'] = page
+            res = self._api.request('GET', 'targets', query=query)
+            if res.status_code == 200:
+                targets = res.json()
+                if not targets:
+                    break
+                all_targets.extend(targets)
+                if len(targets) < query['per_page']:
+                    # Last page
+                    break
+                page += 1
+            elif res.status_code == 403 and self._state.login:
+                self._auth.get_api_token()
+            else:
+                break
+
+        if all_targets:
+            self._db.add_targets(all_targets, is_registered=True)
+        return all_targets
 
     def get_registered_summary(self):
         """Get information on your registered targets"""
@@ -422,3 +444,41 @@ def set_registered(self, targets=None):
         if len(targets) >= 15:
             ret.extend(self.set_registered())
         return ret
+
+    def mark_resource_read(self, slug):
+        """Mark a target as read via Synack API and store in local DB
+
+        Arguments:
+        slug -- Target slug to mark as read
+
+        Returns:
+        bool - True on success, False on failure
+        """
+        data = {
+            'resource_type': 'target',
+            'resource_id': slug
+        }
+        res = self._api.request('PUT', 'resource_reads', data=data)
+        if res.status_code in [200, 204]:
+            try:
+                response_data = res.json()
+                last_read_at = response_data.get('last_read_at')
+                if last_read_at:
+                    self._db.add_resource_read(slug, last_read_at)
+                    return True
+            except Exception:
+                pass
+            return False
+        elif res.status_code == 403 and self._state.login:
+            self._auth.get_api_token()
+            res = self._api.request('PUT', 'resource_reads', data=data)
+            if res.status_code in [200, 204]:
+                try:
+                    response_data = res.json()
+                    last_read_at = response_data.get('last_read_at')
+                    if last_read_at:
+                        self._db.add_resource_read(slug, last_read_at)
+                        return True
+                except Exception:
+                    pass
+        return False
