Library Weaknesses
Get All Library Weaknesses
This endpoint retrieves a list of Library Weakness resources.
GET /api/v2/library/problems/
Query Parameters
The following parameters may be used to filter the Library Weakness resources in the response.
Parameter | Description |
---|---|
risk_rating | Given a risk rating 0-10, returns all Library Weaknesses with specified rating. |
type__in | Returns all Library Weaknesses which are either built-in, built-in modified or custom |
ordering | Orders Library Weaknesses by the specified fields. This endpoint supports ordering by id and name. |
absolute_urls | Whether to use absolute or relative urls (default is False). |
to_html | Whether to convert markdown to HTML (default is False). |
search | Filter Library Weaknesses by performing a textual search on id and name. |
GET /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "P257",
"db_id": 1,
"title": "Privacy Violation",
"text": "This is some example description.",
"risk_rating": 5,
"type": "Built-in",
"cwe": [1, 2],
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"active": true
}]
}
Include Parameters
See the Include Parameters section for more details.
Parameter | Description |
---|---|
category | Includes the category that applies to each Library Weakness. |
cwe | Includes the list of CWEs that apply to each Library Weakness. # TODO |
related_tasks | Includes a list of Countermeasures that relate to each Library Weakness. |
match_conditions | Includes the set of the Match Conditions that apply to each Library Weakness. These are used to determine relevancy to a Project. |
GET /api/v2/library/problems/?include=related_tasks,category,cwe HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "P257",
"db_id": 1,
"title": "Privacy Violation",
"text": "This is some example description.",
"risk_rating": 5,
"type": "Built-in",
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"category": "XML and Web Services",
"cwe": [{
"url": "http://cwe.mitre.org/data/definitions/359",
"title": "Exposure of Private Information ('Privacy Violation')",
"id": 359
}],
"related_tasks": [{
"id": "CT1",
"db_id": -1,
"title": "Example Countermeasure 1",
"priority": 10,
"text": "Example Countermeasure solution",
"phase": "X1"
}],
"active": true
}]
}
Get a specific Library Weakness
This endpoint retrieves a single Library Weakness resource, as specified by the id parameter.
GET /api/v2/library/problems/{problem_id}/
Query Parameters
Parameter | Description |
---|---|
show_original | Whether to return to the original content for a Built-In Modified Library Weakness (default is False). |
URL Parameters
Parameter | Description |
---|---|
problem_id | The id of the Library Weakness to retrieve. |
All of the expand and include parameters for the 'Get all Library Weaknesses' endpoint apply here as well.
GET /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "P12",
"title": "Missing or Incorrect XML Validation",
"text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
"cwe": [
112
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2024-05-13T11:52:28.769941-04:00",
"risk_rating": 6,
"db_id": 12,
"type": "Built-in",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Example"
},
"active": true
}
Create a Library Weakness
This endpoint creates a new Library Weakness resource.
POST /api/v2/library/problems/
Fields | Required | Description |
---|---|---|
title | Yes | The title of the Library Weakness. Note: This name cannot match existing Library Weakness names |
risk_rating | Yes | The risk rating of the Library Weakness. This should be a number between 1 and 10. |
description | Yes | The description of the Library Weakness. |
cwe | No | An number array that represents the CWEs assigned to this Library Weakness. |
match_conditions | No | A list of dictionaries representing the set of match conditions belonging to this Library Weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, this Library Weakness will be included in projects that include the answer. When an answer is in the excluded array, this Library Weakness will not be included in projects that include this answer. |
active | No | Library Weaknesses can be activated or deactivated (defaults to true ). Note: This field can only be set if the ENABLE_MODIFY_WEAKNESS_ACTIVE_STATUS flag is enabled. |
POST /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"cwe": [1],
"match_conditions": [
{
"required": ["A6"],
"excluded": []
}
],
"active": false
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"db_id": -1,
"id": "CP1",
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"type": "Custom",
"cwe": [
1
],
"match_conditions": [
{
"db_id": -1,
"id": "CMC1",
"required": [
"A6"
],
"excluded": []
}
],
"created": "2024-05-13T16:50:10.145696-04:00",
"updated": "2024-05-13T16:50:10.145720-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Example"
},
"active": false
}
Update a Library Weakness
This endpoint updates a specific Library Weakness resource, as specified by the id parameter.
PATCH /api/v2/library/problem/{problem_id}/
URL Parameters
Parameter | Description |
---|---|
problem_id | The id of the Library Weakness to update |
Payload
Fields | Required | Description |
---|---|---|
title | No | The title of the Library Weakness. Note: This name cannot match existing Library Weakness names |
risk_rating | No | The risk rating of the Library Weakness. This should be a number between 1 and 10. |
description | No | The description of the Library Weakness. |
cwe | No | An number array that represents the CWEs assigned to this Library Weakness. This can only be edited for custom content. |
match_conditions | No | A list of dictionaries representing the set of match conditions belonging to this Library Weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, this Library Weakness will be included in projects that include the answer. When an answer is in the excluded array, this Library Weakness will not be included in projects that include this answer. |
active | No | Library Weaknesses can be activated or deactivated. Deactivating a Library Weakness will also deactivate any active related countermeasures. Activating a Library Weakness will not activate any inactive related countermeasures. Note: This field can only be set if the ENABLE_MODIFY_WEAKNESS_ACTIVE_STATUS flag is enabled. |
PATCH /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"cwe": [1],
"match_conditions": [
{
"required": ["A6"],
"excluded": []
}
],
"active": false
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"db_id": 12,
"id": "P12",
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"cwe": [
1
],
"match_conditions": [
{
"db_id": -70,
"id": "CMC67",
"required": [
"A6"
],
"excluded": []
}
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2024-05-13T16:58:08.465041-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Example"
},
"active": false
}
Delete a Library Weakness
This endpoint deletes a specific Library Weakness resource, as specified by the id parameter.
DELETE /api/v2/library/problem/{problem_id}/
URL Parameters
Parameter | Description |
---|---|
problem_id | The id of the Library Weakness to retrieve. |
Payload
Fields | Required | Description |
---|---|---|
new_weakness_id | No | The ID of the Library Weakness to remap the related Library Countermeasures to. Required when the Library Weakness has related Library Countermeasures. |
DELETE /api/v2/problem/CP1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"new_weakness_id": "CP2"
}
HTTP/1.1 204 NO CONTENT
Content-Type: application/json
{}