Examples¶
Here are examples of getting a list of vulnerabilities.
Get a List of Vulnerabilities¶
Request using the ‘curl’ command:
curl -X GET \
"https://secure.cigital.com/api/public/v3.2/vulnerabilities" \
-H "accept: application/json" \
-H "token: e0694859051609f44760351d6e455ec63759763c"
Request using an Apache Groovy script:
// NOTE: Environment (env) and other variables have to be
// defined beforehand..
// The downloaded report will be available in the Jenkins path
// where it is executed.
def print_all_vulnerabilities = \
httpRequest ignoreSslErrors: false,quiet: false,\
acceptType: 'APPLICATION_JSON',\
httpMode: 'GET',customHeaders:[[name:'token',value:"${env.token}"]],\
url:"${env.hostURL}/api/public/v3.2/vulnerabilities"
println(print_all_vulnerabilities.content)
Request using Java source code:
public void printAllVulnerabilities() {
Client client = ClientBuilder.newClient();
WebTarget target = client.target(MSP_URL)
.path("/api/public/v3.2/vulnerabilities");
Response response = target.request().header("token", MSP_TOKEN)
.accept(MediaType.APPLICATION_JSON).get(Response.class);
if (response.getStatus() == 200) {
System.out.println(response.readEntity(String.class));
} else {
System.out.println(response.readEntity(String.class));
}
client.close();
}
Get a List of all Open Vulnerabilities with time range¶
Python script to fetch the open vulnerabilities from 1st October 2023 to 31st October 2023:
import requests
import time
def fetch_data(api_url, token):
all_data = []
next_page = None
page = 0
headers = {"token": token, "Accept": "application/json"}
while True:
start_time = time.time()
response = requests.get(api_url, params={"cursor": next_page}, headers=headers)
if response.status_code != 200:
print(f"Failed to fetch data. Status code: {response.status_code}")
break
data = response.json()
print()
if "vulnerabilities" in data:
all_data.extend(data["vulnerabilities"]) # Assuming the API returns data in an "vulnerabilities" key
# Check if there is a next page
if "cursor" in data:
next_page = data["cursor"]
page = page + 1
else:
break
elapsed_time = time.time() - start_time
print(f"Fetched data for page: {page} " + " ---- cursor: " + next_page + f" ------- Data fetching took {elapsed_time:.2f} seconds")
return all_data
# Example usage
api_url = "https://secure.cigital.com/api/public/v3.2/vulnerabilities?limit=1000&status=Open&createdBefore=2023-10-31 23:59:59&createdAfter=2023-10-01 00:00:00" # Replace with the required critieria
token = "c4b52bad6283d078595850bbbb2fab01ea680ac7" # Replace with the actual API token
total_start_time = time.time()
result = fetch_data(api_url, token)
total_elapsed_time = time.time() - total_start_time
print(f"Total data fetching took {total_elapsed_time:.2f} seconds")
# Process or save the data as needed
Response:
Status: 200
Response Body in JSON:
{
"vulnerabilities": [
{
"customerId": "CUST_1586677087",
"targetId": "TARGET_7068642784",
"targetName": "NST test",
"targetUrl": "NST test",
"serviceType": "NETWORK_TEST",
"testType": "NST Standard 250IP (NST-S-250IP)",
"testId": "TEST_146491698053799014",
"vulnerabilityId": "VULNERABILITY_68931698054303841",
"title": "Second Order SQL Injection",
"vulnerableUrl": "http://abc.com/launch/myprofile",
"vulnerableType": "dynamic",
"severity": "High",
"state": "New",
"vulnerabilityStatus": "OPEN",
"systemic": "NO",
"description": "descriotion",
"parameter": {
"variantParamaterTypeName": "bhjnkml",
"parameterName": "jhnklm",
"parameterValue": "bhjnkml"
},"pocs": [
{
"pocInstanceId": "POC_305961698054303980",
"pocDescription": "Caption12345"
}
],
"stepsToReproduce": "Stepas to reproduce<br>",
"impactDescription": "Not Applicable",
"recommendation": "remediation",
"openDate": "2023-10-23T05:30:00+0530",
"openTestId": "TEST_146491698053799014",
"createdDate": "2023-10-23T05:30:00+0530",
"updatedDate": "2023-10-23T05:30:00+0530",
"nistImpact": "High",
"nistLikelihood": "Medium",
"nistVersion": "NIST_800-30",
"pciId": "6.5.1",
"pciDescription": "Injection Flaws",
"owaspFamily": "Client Side Attacks: Content Spoofing"
},
{
"customerId": "CUST_1586677087",
"targetId": "TARGET_1488825631",
"targetName": "target1",
"targetUrl": "http://abc.com/launch/myprofile",
"serviceType": "WEB_APPLICATION_TEST",
"testType": "Pen Testing Essential (PT-E)",
"testId": "TEST_416711694677122410",
"vulnerabilityId": "VULNERABILITY_771011677753581363",
"title": "Cross-Site Request Forgery (CSRF)",
"vulnerableUrl": "https://instance-example.com/cross/open",
"vulnerableType": "dynamic",
"severity": "Medium",
"state": "Old",
"vulnerabilityStatus": "OPEN",
"systemic": "NO",
"description": "description",
"parameter": {
"variantParamaterTypeName": "bhjnkml",
"parameterName": "jhnklm",
"parameterValue": "bhjnkml"
},"pocs": [
{
"pocInstanceId": "POC_305961698054303980",
"pocDescription": "Caption12345"
}
],
"impactDescription": "Not Applicable",
"recommendation": "remediation",
"openDate": "2023-10-25T05:30:00+0530",
"openTestId": "TEST_416711694677122410",
"createdDate": "2023-10-25T05:30:00+0530",
"updatedDate": "2023-10-25T05:30:00+0530",
"nistImpact": "Medium",
"nistLikelihood": "Medium",
"nistVersion": "NIST_800-30",
"pciId": "6.5.9",
"pciDescription": "Cross-site Request Forgery",
"cweId": "352",
"owaspFamily": "Cross-site Request Forgery"
}
],
"cursor": "NTgw"
}
Response Body in XML:
<?xml version="1.0" encoding="US-ASCII" standalone="yes"?>
<response>
<vulnerabilities>
<vulnerability>
<customerId>CUST_1586677087</customerId>
<targetId>TARGET_7068642784</targetId>
<targetName>NST test</targetName>
<targetUrl>
<![CDATA[NST test]]>
</targetUrl>
<serviceType>NETWORK_TEST</serviceType>
<testType>NST Standard 250IP (NST-S-250IP)</testType>
<testId>TEST_146491698053799014</testId>
<vulnerabilityId>VULNERABILITY_68931698054303841</vulnerabilityId>
<title>
<![CDATA[Second Order SQL Injection]]>
</title>
<vulnerableUrl>
<![CDATA[http://abc.com/launch/app/param=216938057215691]]>
</vulnerableUrl>
<vulnerableType>dynamic</vulnerableType>
<severity>High</severity>
<state>New</state>
<vulnerabilityStatus>OPEN</vulnerabilityStatus>
<systemic>NO</systemic>
<description>
<![CDATA[description]]>
</description>
<pocs>
<pocInstanceId>POC_305961698054303980</pocInstanceId>
<pocDescription>
<![CDATA[Caption12345]]>
</pocDescription>
</pocs>
<stepsToReproduce>
<![CDATA[steps to reporuduce<br>]]>
</stepsToReproduce>
<impactDescription>
<![CDATA[Not Applicable]]>
</impactDescription>
<recommendation>
<![CDATA[remediation]]>
</recommendation>
<openDate>2023-10-23T05:30:00+05:30</openDate>
<openTestId>TEST_146491698053799014</openTestId>
<createdDate>2023-10-23T05:30:00+05:30</createdDate>
<updatedDate>2023-10-23T05:30:00+05:30</updatedDate>
<nistImpact>High</nistImpact>
<nistLikelihood>Medium</nistLikelihood>
<nistVersion>NIST_800-30</nistVersion>
<pciId>6.5.1</pciId>
<pciDescription>
<![CDATA[Injection Flaws]]>
</pciDescription>
<owaspFamily>
<![CDATA[Client Side Attacks: Content Spoofing]]>
</owaspFamily>
</vulnerability>
<vulnerability>
<customerId>CUST_1586677087</customerId>
<targetId>TARGET_1488825631</targetId>
<targetName>target1</targetName>
<targetUrl>
<![CDATA[https://abc.com/index.html/myprofile]]>
</targetUrl>
<serviceType>WEB_APPLICATION_TEST</serviceType>
<testType>Pen Testing Essential (PT-E)</testType>
<testId>TEST_416711694677122410</testId>
<vulnerabilityId>VULNERABILITY_771011677753581363</vulnerabilityId>
<title>
<![CDATA[Cross-Site Request Forgery (CSRF)]]>
</title>
<vulnerableUrl>
<![CDATA[https://instance-example.com/cross/open]]>
</vulnerableUrl>
<vulnerableType>dynamic</vulnerableType>
<severity>Medium</severity>
<state>Old</state>
<vulnerabilityStatus>OPEN</vulnerabilityStatus>
<systemic>NO</systemic>
<description>
<![CDATA[description]]>
</description>
<impactDescription>
<![CDATA[Not Applicable]]>
</impactDescription>
<recommendation>
<![CDATA[remediation]]>
</recommendation>
<openDate>2023-10-25T05:30:00+05:30</openDate>
<openTestId>TEST_416711694677122410</openTestId>
<createdDate>2023-10-25T05:30:00+05:30</createdDate>
<updatedDate>2023-10-25T05:30:00+05:30</updatedDate>
<nistImpact>Medium</nistImpact>
<nistLikelihood>Medium</nistLikelihood>
<nistVersion>NIST_800-30</nistVersion>
<pciId>6.5.9</pciId>
<pciDescription>
<![CDATA[Cross-site Request Forgery]]>
</pciDescription>
<cweId>352</cweId>
<owaspFamily>
<![CDATA[Cross-site Request Forgery]]>
</owaspFamily>
</vulnerability>
</vulnerabilities>
<cursor>NTgw</cursor>
</response>
Parent topic:Get Vulnerabilities v3.2