Project Problems
Get All Project Problems
This endpoint retrieves a list of Library Problem resources that are applicable to a particular Project.
GET /api/v2/projects/{project_id}/problems/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the Project to retrieve Problems for |
Query Parameters
The following parameters may be used to filter the Library Problem resources in the response.
| Parameter | Description |
|---|---|
| risk_rating | Given a risk rating 0-10, returns all Problems with specified rating |
| absolute_urls | Whether to use absolute or relative urls (default is False) |
| to_html | Whether to convert markdown to html (default is False) |
| search | Filter Problems by performing a textual search on title, description, and Task titles. |
| risk_relevant_tasks_count | Limits the tasks counted for task_count to those relevant for the project's risk policy if True and non-relevant for False. Requires task_count in included fields. |
GET /api/v2/projects/1936/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "1936-P257",
"problem_id": "P257",
"title": "Privacy Violation",
"text": "This is some example description.",
"risk_rating": 5,
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"manually_added_from_library": false,
"project_specific": false
}]
}
Include Parameters
See the Include Parameters section for more details.
| Parameter | Description |
|---|---|
| category | Includes the category that applies to each Problem |
| cwe | Includes the list of CWEs that apply to each Problem |
| tasks_count | Includes the number of Tasks related to each Problem that are accepted into the particular Project. This is the same count of Tasks that would be returned by the Project Problem Tasks endpoint. |
GET /api/v2/projects/1936/problems/?include=category,cwe,tasks_count HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "1936-P257",
"problem_id": "P257",
"title": "Privacy Violation",
"text": "This is some example description.",
"risk_rating": 5,
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"manually_added_from_library": false,
"project_specific": false,
"category": "XML and Web Services",
"cwe": [{
"url": "http://cwe.mitre.org/data/definitions/359",
"title": "Exposure of Private Information ('Privacy Violation')",
"id": 359
}],
"tasks_count": 1
}]
}
Filter Parameters
Problems can be filtered by their various properties, or by properties of their related Tasks. If a related Task filter is passed, we return only Problems that have at least one related Task that matches the filter condition. If no filters are passed, we default to returning all applicable Problems of the particular Project.
| Parameter | Expected values | Description | Custom Field Lookup support |
|---|---|---|---|
| risk_rating | 1-10 | Filter by Problem risk rating | Yes |
| source | default, custom, manual, project | Filter by problem source (builtin problem, custom problem, manually added library problem, project specific problem) | supports __in only |
| task_priority | 1-10 | Filter by related Task priority | Yes |
| task_status | status item id (TS1) | Filter by related Task status | Yes |
| task_assigned_to | Filter by related Task assigned user's email/username | Yes | |
| tasks_count | integer (>0) | Filter by number of tasks | Yes |
Get a Specific Project Problem
This endpoint retrieves a single Library Problem resource of a particular Project, as specified by the problem_id parameter.
GET /api/v2/projects/{project_id}/problems/{problem_id}/
All the parameters for the 'Get All Project Problems ' endpoint apply here as well.
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the Project the Problem is associated with |
| problem_id | The id of the Problem to retrieve |
GET /api/v2/projects/1936/problems/1936-P3/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "1936-P3",
"problem_id": "P3",
"title": "Example Library Problem",
"text": "This is some example description.",
"risk_rating": 5,
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"manually_added_from_library": false,
"project_specific": false
}
Create a New Project Specific Problem
Creates a new Problem resource that is project specific.
POST /api/v2/projects/{project_id}/problems/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the project the new problem belongs to |
Payload
| Fields | Required | Description |
|---|---|---|
| cwe | No | A list of CWE IDs that apply to the new problem. |
| risk_rating | Yes | The risk rating value from 0-10. |
| text | Yes | The description of the new problem. |
| title | Yes | The title of the new problem. |
POST /api/v2/projects/1/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"cwe": [7, 10],
"risk_rating": 9,
"text": "Problem Description",
"title": "Project Specific Problem"
}
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": "1-PP1",
"problem_id": "PP1",
"title": "Project Specific Problem",
"text": "Problem Description",
"cwe": [
{
"id": 7,
"title": "J2EE Misconfiguration: Missing Custom Error Page [Variant]",
"url": "http://cwe.mitre.org/data/definitions/7"
},
{
"id": 10,
"title": "ASP.NET Environment Issues [Category]",
"url": "http://cwe.mitre.org/data/definitions/10"
}
],
"created": "2020-08-31T10:41:37.026216-04:00",
"updated": "2020-08-31T10:41:36.995456-04:00",
"risk_rating": 9,
"manually_added_from_library": false,
"project_specific": true
}
Create a new Problem from an existing Library Problem
Add a Library Problem to a project. Only Library Problems that aren't applicable to a Project can be added.
POST /api/v2/projects/{project_id}/problems/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the Project the new Problem belongs to |
Payload
| Fields | Required | Description |
|---|---|---|
| problem_id | Yes | The id of the Library Problem to add to the Project. |
POST /api/v2/projects/1/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"problem_id": "P123"
}
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": "2-P123",
"problem_id": "P123",
"title": "Sensitive information uncleared before release",
"text": "If the memory and storage devices of a system or application are not cleared when an operation is finished, its data can become accessible to unauthorized people. In one of the possible scenarios, this may happen when memory is reallocated, or when a resource is released and is no longer in service.",
"created": "2010-10-20T13:46:09-04:00",
"updated": "2019-08-28T16:55:58.362000-04:00",
"risk_rating": 3,
"manually_added_from_library": true
}
Delete a Problem
Delete a single Problem resource, as specified by the Project and Problem id parameters.
Only manually added Library Problems and project specific Problems may be deleted.
DELETE /api/v2/projects/{project_id}/problems/{id}/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the Project this Problem belongs to |
| id | The id of the Problem to delete |
DELETE /api/v2/projects/2/problems/2-P123/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 204 NO CONTENT