Examples¶
Here are examples of getting a list of vulnerabilities.
Get Individual Vulnerability¶
Request using the ‘curl’ command:
curl -X GET \
"https://secure.cigital.com/api/public/v3/vulnerabilities/
VULNERABILITY_375692682" \
-H "accept: application/xml" \
-H "token: e0694859051609f44760351d6e455ec63759763c"
Request using an Apache Groovy script:
// NOTE: Environment (env) and other variables have to be
// defined beforehand..
// The downloaded report will be available in the Jenkins path
// where it is executed.
def print_vulnerabilities_by_id = httpRequest \
ignoreSslErrors: false,quiet: false,\
acceptType: 'APPLICATION_JSON',\
httpMode: 'GET',customHeaders:[[name:'token',value:"${env.token}"]],\
url:"${env.hostURL}/api/public/v3/vulnerabilities/"+${env.vulnId}
println(print_vulnerabilities_by_id.content)
Request using Java source code:
public void printlVulnerabilitiesById(String vulnId) {
Client client = ClientBuilder.newClient();
WebTarget target = client.target(MSP_URL).path("/api/public/v3/vulnerabilities/"+vulnId);
Response response = target.request().header("token", MSP_TOKEN)
.accept(MediaType.APPLICATION_JSON).get(Response.class);
if (response.getStatus() == 200) {
System.out.println(response.readEntity(String.class));
} else {
System.out.println(response.readEntity(String.class));
}
client.close();
}
Response:
Status: 200
Response Body in JSON:
{
"version": 1.2,
"generatedAt": "2019-11-18T10:47:04.091878Z",
"vulnerabilities": [
{
"title": "Missing Content",
"systemic": "YES",
"severity": "Minimal",
"impactDescription": "impact description",
"description": "vulnerability description",
"recommendation": "vulnerability recommendation",
"stepsToReproduce": "vulnerability steps to reproduce",
"pci": {
"id": "6.5.1",
"description": "Injection Flaws"
},
"cwe": {
"id": 81,
"category": "sample category",
"flawname": "sampleple category flawname"
},
"cveId": 123,
"fixLocation": "application",
"cvss": {
"version": "CVSS-V2",
"vector": "(AV:N/AC:M/Au:S/C:C/I:P/A:P/E:H/RL:OF/RC:C/CDP:H
/TD:ND/CR:ND/IR:ND/AR:ND)",
"score": 8.2
},
"nist": {
"version": "NIST-V1",
"impact": "Critical",
"likelihood": "Critical",
"classification": "Critical",
"impactDescription": "sample impact description",
"likelihoodDescription": "likelihood description"
},
"owasp": {
"family": "Command Execution: Format String"
},
"sans": {
"code": "sample code"
},
"referenceUrls": [
{
"referenceUrl": "https://www.w3.org/TR/CSP2/"
}
],
"instances": {
"id": "VULNERABILITY_1138884077",
"targetId": "TARGET_663209325",
"targetName": "target new",
"targetUrl": "http://www.target.com",
"serviceType": "WEB_APPLICATION_TEST",
"testType": "DAST Standard (DAST-S) (TEST)",
"type": "DYNAMIC",
"url": "http://demo.com",
"parameters": {
"type": "Parameter",
"name": "parameter name",
"value": "parameter value"
},
"instanceStepsToReproduce":
"instance steps to reproduce for instance1",
"state": "OLD",
"occurences": {
"open": {
"date": "2019-11-18T10:47:04.091878Z",
"testId": "TEST_1234"
},
"close": {
"date": "2019-11-18T10:47:04.091878Z",
"testId": "TEST_1234"
},
"retest": {
"date": "2019-11-18T10:47:04.091878Z"
}
},
"pocs": {
"description": "poc description",
"pocInstanceId": "POC_7142522155"
},
"evidences": {
"fileName": "file1.java",
"methodName": "getParameter",
"lineNumbers": 123,
"codeSnippet": "getParameter()"
},
"shortDescription": "short description",
"status": "OPEN"
}
}
]
}
Response Body in XML:
<?xml version="1.0" encoding="UTF-8"?>
<Vulnerabilities>
<version>1.2</version>
<generatedAt>2019-11-18T10:47:04.091878Z</generatedAt>
<vulnerabilities>
<title>Missing Content</title>
<systemic>YES</systemic>
<severity>Minimal</severity>
<impactDescription>impact description</impactDescription>
<description>vulnerability description</description>
<recommendation>vulnerability recommendation</recommendation>
<stepsToReproduce>vulnerability steps to reproduce</stepsToReproduce>
<pci>
<id>6.5.1</id>
<description>Injection Flaws</description>
</pci>
<cwe>
<id>81</id>
<category>sample category</category>
<flawname>sampleple category flawname</flawname>
</cwe>
<cveId>123</cveId>
<fixLocation>application</fixLocation>
<cvss>
<version>CVSS-V2</version>
<vector>(AV:N/AC:M/Au:S/C:C/I:P/A:P/E:H/RL:OF/RC:C/CDP:H
/TD:ND/CR:ND/IR:ND/AR:ND)</vector>
<score>8.2</score>
</cvss>
<nist>
<version>NIST-V1</version>
<impact>Critical</impact>
<likelihood>Critical</likelihood>
<classification>Critical</classification>
<impactDescription>sample impact description</impactDescription>
<likelihoodDescription>
likelihood description
</likelihoodDescription>
</nist>
<owasp>
<family>Command Execution: Format String</family>
</owasp>
<sans>
<code>sample code</code>
</sans>
<referenceUrls>
<referenceUrl>https://www.w3.org/TR/CSP2/</referenceUrl>
</referenceUrls>
<instances>
<id>VULNERABILITY_1138884077</id>
<targetId>TARGET_663209325</targetId>
<targetName>target new</targetName>
<targetUrl>http://www.target.com</targetUrl>
<serviceType>WEB_APPLICATION_TEST</serviceType>
<testType>DAST Standard (DAST-S) (TEST)</testType>
<type>DYNAMIC</type>
<url>http://demo.com</url>
<parameters>
<type>Parameter</type>
<name>parameter name</name>
<value>parameter value</value>
</parameters>
<instanceStepsToReproduce>instance steps to reproduce
for instance1</instanceStepsToReproduce>
<state>OLD</state>
<occurences>
<open>
<date>2019-11-18T10:47:04.091878Z</date>
<testId>TEST_1234</testId>
</open>
<close>
<date>2019-11-18T10:47:04.091878Z</date>
<testId>TEST_1234</testId>
</close>
<retest>
<date>2019-11-18T10:47:04.091878Z</date>
</retest>
</occurences>
<pocs>
<description>poc description</description>
<pocInstanceId>POC_7142522155</pocInstanceId>
</pocs>
<evidences>
<fileName>file1.java</fileName>
<methodName>getParameter</methodName>
<lineNumbers>123</lineNumbers>
<codeSnippet>getParameter()</codeSnippet>
</evidences>
<shortDescription>short description</shortDescription>
<status>OPEN</status>
</instances>
</vulnerabilities>
</Vulnerabilities>
Parent topic:Get Individual Vulnerability