Examples¶
Here are examples of getting a list of vulnerabilities.
Get a List of Vulnerabilities¶
Request using the ‘curl’ command:
curl -X GET \
"https://secure.cigital.com/api/public/v3/vulnerabilities" \
-H "accept: application/json" \
-H "token: e0694859051609f44760351d6e455ec63759763c"
Request using an Apache Groovy script:
// NOTE: Environment (env) and other variables have to be
// defined beforehand..
// The downloaded report will be available in the Jenkins path
// where it is executed.
def print_all_vulnerabilities = \
httpRequest ignoreSslErrors: false,quiet: false,\
acceptType: 'APPLICATION_JSON',\
httpMode: 'GET',customHeaders:[[name:'token',value:"${env.token}"]],\
url:"${env.hostURL}/api/public/v3/vulnerabilities"
println(print_all_vulnerabilities.content)
Request using Java source code:
public void printAllVulnerabilities() {
Client client = ClientBuilder.newClient();
WebTarget target = client.target(MSP_URL)
.path("/api/public/v3.1/vulnerabilities");
Response response = target.request().header("token", MSP_TOKEN)
.accept(MediaType.APPLICATION_JSON).get(Response.class);
if (response.getStatus() == 200) {
System.out.println(response.readEntity(String.class));
} else {
System.out.println(response.readEntity(String.class));
}
client.close();
}
Response:
Status: 200
Response Body in JSON:
{
"version": "1.2",
"generatedAt": "2020-07-23T11:38:10.895417Z",
"reportUploadDate": "NA",
"vulnerabilities": {
"vulnerabilities": [
{
"title": "Failure to Handle Windows ::DATA Alternate Data Stream",
"systemic": "NO",
"severity": "Medium",
"impactDescription": "NAsfsdfsdf",
"description": "sfsdfsdf",
"recommendation": "NAsfsdfsdf",
"stepsToReproduce": "sfsdfsdf",
"pci":,
"cwe":,
"nist": {
"version": "NIST_V5",
"impact": "High",
"likelihood": "Medium"
},
"owasp": {
"family": "Security Decisions Via Untrusted Inputs"
},
"sans":,
"instances": {
"instances": [
{
"id": "VULNERABILITY_908410592",
"targetId": "TARGET_1121088706",
"targetName": "testratifylib",
"targetUrl": "http://ratify.lib",
"serviceType": "WEB_APPLICATION_TEST",
"testType": "Pen Testing Standard (PT-S)",
"type": "dynamic",
"url": "http://demo.com",
"parameters": {
"parameters": [
{
"type": "cookie",
"name": "d",
"value": "d"
}
]
},
"state": "New",
"occurences": {
"occurences": [
{
"open": {
"date": "Tue Jul 21 03:14:34 UTC 2020",
"testId": "TEST_1461638823"
}
}
]
},
"pocs":,
"status": "OPEN"
}
]
}
}
]
}
}
Response Body in XML:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MSPortalXmlReport>
<version>1.2</version>
<generatedAt>2020-07-23T11:42:31.199983Z</generatedAt>
<reportUploadDate>NA</reportUploadDate>
<vulnerabilities>
<vulnerability>
<title><![CDATA[Failure to Handle Windows
::DATA Alternate Data Stream]]></title>
<systemic>NO</systemic>
<severity>Medium</severity>
<impactDescription><![CDATA[NAsfsdfsdf]]>
</impactDescription>
<description><![CDATA[sfsdfsdf]]></description>
<recommendation><![CDATA[NAsfsdfsdf]]></recommendation>
<stepsToReproduce><![CDATA[sfsdfsdf]]>
</stepsToReproduce>
<pci/>
<cwe/>
<nist>
<version>NIST_V5</version>
<impact>High</impact>
<likelihood>Medium</likelihood>
</nist>
<owasp>
<family><!
[CDATA[Security Decisions Via Untrusted Inputs]]>
</family>
</owasp>
<sans/>
<instances>
<instance>
<id>VULNERABILITY_908410592</id>
<targetId>TARGET_1121088706</targetId>
<targetName>testratifylib</targetName>
<targetUrl><![CDATA[http://ratify.lib]]>
</targetUrl>
<serviceType>WEB_APPLICATION_TEST</serviceType>
<testType>Pen Testing Standard (PT-S)</testType>
<type>dynamic</type>
<url><![CDATA[http://demo.com]]></url>
<parameters>
<parameter>
<type>cookie</type>
<name><![CDATA[d]]></name>
<value><![CDATA[d]]></value>
</parameter>
</parameters>
<state>New</state>
<occurences>
<occurence>
<open>
<date>Tue Jul 21 03:14:34 UTC 2020</date>
<testId>TEST_1461638823</testId>
</open>
</occurence>
</occurences>
<pocs/>
<status>OPEN</status>
</instance>
</instances>
</vulnerability>
</vulnerabilities>
</MSPortalXmlReport>
Parent topic:Get Vulnerabilities v3