Library Weaknesses

Get All Library Weaknesses

This endpoint retrieves a list of Library Weakness resources.

GET /api/v2/library/problems/

Query Parameters

The following parameters may be used to filter the Library Weakness resources in the response.

Parameter Description
risk_rating Given a risk rating 0-10, returns all Library Weaknesses with specified rating.
type__in Returns all Library Weaknesses which are either built-in, built-in modified or custom
ordering Orders Library Weaknesses by the specified fields. This endpoint supports ordering by id and name.
absolute_urls Whether to use absolute or relative urls (default is False).
to_html Whether to convert markdown to HTML (default is False).
search Filter Library Weaknesses by performing a textual search on id and name.

GET /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [{
        "id": "P257",
        "db_id": 1,
        "title": "Privacy Violation",
        "text": "This is some example description.",
        "risk_rating": 5,
        "type": "Built-in",
        "cwe": [1, 2],
        "created": "2010-10-20T13:46:08-04:00",
        "updated": "2019-08-28T16:55:57.214000-04:00",
        "active": true
    }]
}

Include Parameters

See the Include Parameters section for more details.

Parameter Description
category Includes the category that applies to each Library Weakness.
cwe Includes the list of CWEs that apply to each Library Weakness. # TODO
related_tasks Includes a list of Countermeasures that relate to each Library Weakness.
match_conditions Includes the set of the Match Conditions that apply to each Library Weakness. These are used to determine relevancy to a Project.
GET /api/v2/library/problems/?include=related_tasks,category,cwe HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [{
        "id": "P257",
        "db_id": 1,
        "title": "Privacy Violation",
        "text": "This is some example description.",
        "risk_rating": 5,
        "type": "Built-in",
        "created": "2010-10-20T13:46:08-04:00",
        "updated": "2019-08-28T16:55:57.214000-04:00",
        "category": "XML and Web Services",
        "cwe": [{
            "url": "http://cwe.mitre.org/data/definitions/359",
            "title": "Exposure of Private Information ('Privacy Violation')",
            "id": 359
        }],
        "related_tasks": [{
            "id": "CT1",
            "db_id": -1,
            "title": "Example Countermeasure 1",
            "priority": 10,
            "text": "Example Countermeasure solution",
            "phase": "X1"
        }],
        "active": true
    }]
}

Get a specific Library Weakness

This endpoint retrieves a single Library Weakness resource, as specified by the id parameter.

GET /api/v2/library/problems/{problem_id}/

Query Parameters

Parameter Description
show_original Whether to return to the original content for a Built-In Modified Library Weakness (default is False).

URL Parameters

Parameter Description
problem_id The id of the Library Weakness to retrieve.

All of the expand and include parameters for the 'Get all Library Weaknesses' endpoint apply here as well.

GET /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": "P12",
    "title": "Missing or Incorrect XML Validation",
    "text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
    "cwe": [
        112
    ],
    "created": "2010-10-20T13:46:04-04:00",
    "updated": "2024-05-13T11:52:28.769941-04:00",
    "risk_rating": 6,
    "db_id": 12,
    "type": "Built-in",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Example"
    },
    "active": true
}

Create a Library Weakness

This endpoint creates a new Library Weakness resource.

POST /api/v2/library/problems/

Fields Required Description
title Yes The title of the Library Weakness. Note: This name cannot match existing Library Weakness names
risk_rating Yes The risk rating of the Library Weakness. This should be a number between 1 and 10.
description Yes The description of the Library Weakness.
cwe No An number array that represents the CWEs assigned to this Library Weakness.
match_conditions No A list of dictionaries representing the set of match conditions belonging to this Library Weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, this Library Weakness will be included in projects that include the answer. When an answer is in the excluded array, this Library Weakness will not be included in projects that include this answer.
active No Library Weaknesses can be activated or deactivated (defaults to true). Note: This field can only be set if the ENABLE_MODIFY_WEAKNESS_ACTIVE_STATUS flag is enabled.
POST /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "title": "A New Weakness",
    "risk_rating": 7,
    "text": "Some description",
    "cwe": [1],
    "match_conditions": [
        {
            "required": ["A6"],
            "excluded": []
        }
    ],
    "active": false
}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "db_id": -1,
    "id": "CP1",
    "title": "A New Weakness",
    "risk_rating": 7,
    "text": "Some description",
    "type": "Custom",
    "cwe": [
        1
    ],
    "match_conditions": [
        {
            "db_id": -1,
            "id": "CMC1",
            "required": [
                "A6"
            ],
            "excluded": []
        }
    ],
    "created": "2024-05-13T16:50:10.145696-04:00",
    "updated": "2024-05-13T16:50:10.145720-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Example"
    },
    "active": false
}

Update a Library Weakness

This endpoint updates a specific Library Weakness resource, as specified by the id parameter.

PATCH /api/v2/library/problem/{problem_id}/

URL Parameters

Parameter Description
problem_id The id of the Library Weakness to update

Payload

Fields Required Description
title No The title of the Library Weakness. Note: This name cannot match existing Library Weakness names
risk_rating No The risk rating of the Library Weakness. This should be a number between 1 and 10.
description No The description of the Library Weakness.
cwe No An number array that represents the CWEs assigned to this Library Weakness. This can only be edited for custom content.
match_conditions No A list of dictionaries representing the set of match conditions belonging to this Library Weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, this Library Weakness will be included in projects that include the answer. When an answer is in the excluded array, this Library Weakness will not be included in projects that include this answer.
active No Library Weaknesses can be activated or deactivated. Deactivating a Library Weakness will also deactivate any active related countermeasures. Activating a Library Weakness will not activate any inactive related countermeasures. Note: This field can only be set if the ENABLE_MODIFY_WEAKNESS_ACTIVE_STATUS flag is enabled.
PATCH /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "title": "A New Weakness",
    "risk_rating": 7,
    "text": "Some description",
    "cwe": [1],
    "match_conditions": [
        {
            "required": ["A6"],
            "excluded": []
        }
    ],
    "active": false
}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "db_id": 12,
    "id": "P12",
    "title": "A New Weakness",
    "risk_rating": 7,
    "text": "Some description",
    "cwe": [
        1
    ],
    "match_conditions": [
        {
            "db_id": -70,
            "id": "CMC67",
            "required": [
                "A6"
            ],
            "excluded": []
        }
    ],
    "created": "2010-10-20T13:46:04-04:00",
    "updated": "2024-05-13T16:58:08.465041-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Example"
    },
    "active": false
}

Delete a Library Weakness

This endpoint deletes a specific Library Weakness resource, as specified by the id parameter.

DELETE /api/v2/library/problem/{problem_id}/

URL Parameters

Parameter Description
problem_id The id of the Library Weakness to retrieve.

Payload

Fields Required Description
new_weakness_id No The ID of the Library Weakness to remap the related Library Countermeasures to. Required when the Library Weakness has related Library Countermeasures.
DELETE /api/v2/problem/CP1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "new_weakness_id": "CP2"
}
HTTP/1.1 204 NO CONTENT
Content-Type: application/json

{}

results matching ""

    No results matching ""