Library Weaknesses
Get All Library Weaknesses
This endpoint retrieves a list of Library Weakness resources.
GET /api/v2/library/problems/
Query Parameters
The following parameters may be used to filter the Library Weakness resources in the response.
Parameter | Description |
---|---|
absolute_urls | Whether to use absolute or relative urls (default is false ). |
active | Filter Library Weaknesses based on whether they are active or not. Valid values: true , false . |
cwe__in | Given CWE ids, returns all Library Weaknesses with any of the specified CWEs. |
ordering | Orders Library Weaknesses by the specified fields. This endpoint supports ordering by id , title , and active . |
risk_rating | Given a risk rating 1-10, returns all Library Weaknesses with specified rating. |
search | Filter Library Weaknesses by performing a textual search on its id or title . |
show_original | Whether to return the original content for Built-in Modified Library Weaknesses (default is false ). |
to_html | Whether to convert markdown to HTML (default is false ). |
type__in | Returns all Library Weaknesses which are either Built-in, Built-in Modified or Custom. |
GET /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"id": "P12",
"title": "Missing or Incorrect XML Validation",
"text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
"cwe": [
112
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2024-05-13T11:52:28.769941-04:00",
"risk_rating": 6,
"db_id": 12,
"type": "Built-in",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Example"
},
"active": true
}
]
}
Expand Parameters
See the Expand Parameters section for more details.
Parameter | Description |
---|---|
answers | Expands the required and excluded answers for the match monditions that apply to each Library Weakness. Must be used with the match_conditions include parameter. Can only be used when Threat Engines is disabled. |
attributes | Expands the required and excluded attributes for the match conditions that apply to each Library Weakness. Must be used with the match_conditions include parameter. Can only be used when Threat Engines is enabled. |
GET /api/v2/library/problems/?include=match_conditions&expand=answers HTTP/1.1
Accept: application/json
Authorization: Token: "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"id": "P12",
"title": "Missing or Incorrect XML Validation",
"text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
"cwe": [
112
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2025-05-30T13:37:33.109235-04:00",
"risk_rating": 6,
"db_id": 12,
"type": "Built-in",
"match_conditions": [
{
"db_id": 750,
"id": "MC750",
"required": [
{
"id": "A13",
"text": "XML",
"description": "The system receives/sends Extensible Markup Language (XML) messages...",
"display_text": "Generates or reads data/files in the following formats: - XML",
"is_active": true
},
{
"id": "A742",
"text": "New/modified user input OR changes to how user input is used",
"description": "You have added or modified input from the user (e.g. a new form field on a web page)...",
"display_text": "Changes to User Input/Output Since Last Release - New/modified user input OR changes to how user input is used",
"is_active": true
}
],
"excluded": []
}
],
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"active": true
}
]
}
Include Parameters
See the Include Parameters section for more details.
Parameter | Description |
---|---|
category | Includes the category that applies to each Library Weakness. |
cwe | Includes an expanded list of CWEs that apply to each Library Weakness. |
related_tasks | Includes a list of Library Countermeasures that relate to each Library Weakness. |
match_conditions | Includes the set of the match conditions that apply to each Library Weakness. These are used to determine relevancy to a Project. |
GET /api/v2/library/problems/?include=related_tasks,category,cwe,match_conditions HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"id": "P12",
"title": "Missing or Incorrect XML Validation",
"text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
"cwe": [
{
"id": 112,
"title": "Missing XML Validation [Base]",
"url": "http://cwe.mitre.org/data/definitions/112"
}
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2025-05-30T13:37:33.109235-04:00",
"risk_rating": 6,
"category": null,
"db_id": 12,
"type": "Built-in",
"match_conditions": [
{
"db_id": 750,
"id": "MC750",
"required": [
"A13",
"A742"
],
"excluded": []
}
],
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"active": true,
"related_tasks": [
{
"id": "T55",
"title": "Validate all XML input",
"text": "Validate all XML input when it is first received to reduce or eliminate many XML-based attacks...",
"priority": 6,
"phase": "X1",
"db_id": 55,
"active": true
}
]
}
]
}
Get a specific Library Weakness
This endpoint retrieves a single Library Weakness resource, as specified by the id parameter.
GET /api/v2/library/problems/{problem_id}/
URL Parameters
Parameter | Description |
---|---|
problem_id | The id of the Library Weakness to retrieve. |
Query Parameters
Parameter | Description |
---|---|
show_original | Whether to return the original content for a Built-in Modified Library Weakness (default is false ). |
All of the expand and include parameters for the 'Get All Library Weaknesses' endpoint apply here as well.
GET /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "P12",
"title": "Missing or Incorrect XML Validation",
"text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
"cwe": [
112
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2024-05-13T11:52:28.769941-04:00",
"risk_rating": 6,
"db_id": 12,
"type": "Built-in",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"active": true
}
Create a Library Weakness
This endpoint creates a new Library Weakness resource.
POST /api/v2/library/problems/
Fields | Required | Description |
---|---|---|
title | Yes | The title of the Library Weakness. Note: This name cannot match existing Library Weakness names |
risk_rating | Yes | The risk rating of the Library Weakness. This should be a number between 1 and 10. |
description | Yes | The description of the Library Weakness. |
cwe | No | An number array that represents the CWEs assigned to the Library Weakness. |
match_conditions | No | A list of dictionaries representing the set of match conditions belonging to the Library Weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, the Library Weakness will be included in projects that include the answer. When an answer is in the excluded array, the Library Weakness will not be included in projects that include this answer. |
active | No | The active status of the Library Weakness (defaults to true ). |
POST /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"cwe": [1],
"match_conditions": [
{
"required": ["A6"],
"excluded": []
}
],
"active": false
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"db_id": -1,
"id": "CP1",
"title": "A New Weakness",
"risk_rating": 7,
"text": "Some description",
"type": "Custom",
"cwe": [
1
],
"match_conditions": [
{
"db_id": -1,
"id": "CMC1",
"required": [
"A6"
],
"excluded": []
}
],
"created": "2024-05-13T16:50:10.145696-04:00",
"updated": "2024-05-13T16:50:10.145720-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"active": false
}
Update a Library Weakness
This endpoint updates a specific Library Weakness resource, as specified by the id parameter.
PATCH /api/v2/library/problems/{problem_id}/
URL Parameters
Parameter | Description |
---|---|
problem_id | The id of the Library Weakness to update. |
Payload
Fields | Required | Description |
---|---|---|
title | No | The title of the Library Weakness. Note: This name cannot match existing Library Weakness names |
risk_rating | No | The risk rating of the Library Weakness. This should be a number between 1 and 10. |
description | No | The description of the Library Weakness. |
cwe | No | An number array that represents the CWEs assigned to the Library Weakness. |
match_conditions | No | A list of dictionaries representing the set of match conditions belonging to the Library Weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, the Library Weakness will be included in projects that include the answer. When an answer is in the excluded array, the Library Weakness will not be included in projects that include this answer. |
active | No | Library Weaknesses can be activated or deactivated. Deactivating a Library Weakness will also deactivate any active related Library Countermeasures. Activating a Library Weakness will not activate any inactive related Library Countermeasures. |
PATCH /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"title": "An Updated Weakness",
"risk_rating": 7,
"text": "Some description",
"cwe": [1],
"match_conditions": [
{
"required": ["A6"],
"excluded": []
}
],
"active": false
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"db_id": 12,
"id": "P12",
"title": "An Updated Weakness",
"risk_rating": 7,
"text": "Some description",
"cwe": [
1
],
"match_conditions": [
{
"db_id": -70,
"id": "CMC67",
"required": [
"A6"
],
"excluded": []
}
],
"created": "2010-10-20T13:46:04-04:00",
"updated": "2024-05-13T16:58:08.465041-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"active": false
}
Delete a Library Weakness
This endpoint deletes a specific Library Weakness resource, as specified by the id parameter.
DELETE /api/v2/library/problems/{problem_id}/
URL Parameters
Parameter | Description |
---|---|
problem_id | The id of the Library Weakness to delete. |
Payload
Fields | Required | Description |
---|---|---|
new_weakness_id | No | The ID of the Library Weakness to remap the related Library Countermeasures to. Required when the Library Weakness has related Library Countermeasures. |
DELETE /api/v2/problems/CP1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"new_weakness_id": "CP2"
}
HTTP/1.1 204 NO CONTENT
Content-Type: application/json
{}