Library Weaknesses
Get All Library Weaknesses
This endpoint retrieves a list of Library Weakness resources.
GET /api/v2/library/problems/
Query Parameters
The following parameters may be used to filter the library Weakness resources in the response.
| Parameter | Description |
|---|---|
| risk_rating | Given a risk rating 0-10, returns all Weaknesses with specified rating. |
| type__in | Returns all Weaknesses which are either built-in, built-in modified or custom |
| ordering | Orders Weaknesses by the specified fields. This endpoint supports ordering by id and name. |
| absolute_urls | Whether to use absolute or relative urls (default is False). |
| to_html | Whether to convert markdown to HTML (default is False). |
| search | Filter Weaknesses by performing a textual search on id and name. |
GET /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "P257",
"db_id": 1,
"title": "Privacy Violation",
"text": "This is some example description.",
"risk_rating": 5,
"type": "Built-in",
"cwe": [1, 2],
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00"
}]
}
Include Parameters
See the Include Parameters section for more details.
| Parameter | Description |
|---|---|
| category | Includes the category that applies to each Weakness. |
| cwe | Includes the list of CWEs that apply to each Weakness. # TODO |
| related_tasks | Includes a list of Countermeasures that relate to each Weakness. |
| match_conditions | Includes the set of the Match Conditions that apply to each Weakness. These are used to determine relevancy to a Project. |
GET /api/v2/library/problems/?include=related_tasks,category,cwe HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "P257",
"db_id": 1,
"title": "Privacy Violation",
"text": "This is some example description.",
"risk_rating": 5,
"type": "Built-in",
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"category": "XML and Web Services",
"cwe": [{
"url": "http://cwe.mitre.org/data/definitions/359",
"title": "Exposure of Private Information ('Privacy Violation')",
"id": 359
}],
"related_tasks": [{
"id": "CT1",
"db_id": -1,
"title": "Example Countermeasure 1",
"priority": 10,
"text": "Example Countermeasure solution",
"phase": "X1"
}]
}]
}
Get a specific Library Weakness
This endpoint retrieves a single library Weakness resource, as specified by the id parameter.
GET /api/v2/library/problems/{problem_id}/
Query Parameters
| Parameter | Description |
|---|---|
| show_original | Whether to return to the original content for a Built-In Modified Problem (default is False). |
URL Parameters
| Parameter | Description |
|---|---|
| problem_id | The id of the Weakness to retrieve. |
All of the expand and include parameters for the 'Get all Library Weaknesses' endpoint apply here as well.
GET /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "P12",
"title": "Missing or Incorrect XML Validation",
"text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
"cwe": [
112
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2024-05-13T11:52:28.769941-04:00",
"risk_rating": 6,
"db_id": 12,
"type": "Built-in",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Example"
}
}
Create a Library Weakness
This endpoint creates a new Library Weakness resource.
POST /api/v2/library/problems/
| Fields | Required | Description |
|---|---|---|
| title | Yes | The title of the library weakness. Note: This name cannot match existing library weakness names |
| risk_rating | Yes | The risk rating of the library weakness. This should be a number between 1 and 10. |
| description | Yes | The description of the library weakness. |
| cwe | No | An number array that represents the CWEs assigned to this libray weakness. |
| match_conditions | No | A list of dictionaries representing the set of match conditions belonging to this library weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, this weakness will be included in projects that include the answer. When an answer is in the excluded arrya, this weakness will not be included in projects that include this answer. |
POST /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"cwe": [1],
"match_conditions": [
{
"required": ["A6"],
"excluded": []
}
]
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"db_id": -1,
"id": "CP1",
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"type": "Custom",
"cwe": [
1
],
"match_conditions": [
{
"db_id": -1,
"id": "CMC1",
"required": [
"A6"
],
"excluded": []
}
],
"created": "2024-05-13T16:50:10.145696-04:00",
"updated": "2024-05-13T16:50:10.145720-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Example"
}
}
Update a Library Weakness
This endpoint updates a specific Library Weakness resource, as specified by the id parameter.
PATCH /api/v2/library/problem/{problem_id}/
URL Parameters
| Parameter | Description |
|---|---|
| problem_id | The id of the Library Weakness to update |
Payload
| Fields | Required | Description |
|---|---|---|
| title | No | The title of the library weakness. Note: This name cannot match existing library weakness names |
| risk_rating | No | The risk rating of the library weakness. This should be a number between 1 and 10. |
| description | No | The description of the library weakness. |
| cwe | No | An number array that represents the CWEs assigned to this libray weakness. This can only be edited for custom content. |
| match_conditions | No | A list of dictionaries representing the set of match conditions belonging to this library weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, this weakness will be included in projects that include the answer. When an answer is in the excluded array, this weakness will not be included in projects that include this answer. |
PATCH /api/v2/library/weakness/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"match_conditions": [
{
"required": ["A6"],
"excluded": []
}
]
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"db_id": 12,
"id": "P12",
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"cwe": [
112
],
"match_conditions": [
{
"db_id": -70,
"id": "CMC67",
"required": [
"A6"
],
"excluded": []
}
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2024-05-13T16:58:08.465041-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Example"
}
}
Delete a Library Weakness
This endpoint deletes a specific Library Weakness resource, as specified by the id parameter.
DELETE /api/v2/library/problem/{problem_id}/
URL Parameters
| Parameter | Description |
|---|---|
| problem_id | The id of the Weakness to retrieve. |
Payload
| Fields | Required | Description |
|---|---|---|
| new_weakness_id | No | The ID of the Library Weakness to remap the related Library Countermeasures to. Required when the Library Weakness has related Library Countermeasures. |
DELETE /api/v2/profiles/P1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"new_weakness_id": "P2"
}
HTTP/1.1 204 NO CONTENT
Content-Type: application/json
{}