Library Weaknesses

Get All Library Weaknesses

This endpoint retrieves a list of Library Weakness resources.

GET /api/v2/library/problems/

Query Parameters

The following parameters may be used to filter the Library Weakness resources in the response.

Parameter Description
absolute_urls Whether to use absolute or relative urls (default is false).
active Filter Library Weaknesses based on whether they are active or not. Valid values: true, false.
cwe__in Given CWE ids, returns all Library Weaknesses with any of the specified CWEs.
ordering Orders Library Weaknesses by the specified fields. This endpoint supports ordering by id, title, and active.
risk_rating Given a risk rating 1-10, returns all Library Weaknesses with specified rating.
search Filter Library Weaknesses by performing a textual search on its id or title.
show_original Whether to return the original content for Built-in Modified Library Weaknesses (default is false).
to_html Whether to convert markdown to HTML (default is false).
type__in Returns all Library Weaknesses which are either Built-in, Built-in Modified or Custom.
GET /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [
        {
            "id": "P12",
            "title": "Missing or Incorrect XML Validation",
            "text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
            "cwe": [
                112
            ],
            "created": "2010-10-20T13:46:04-04:00",
            "updated": "2024-05-13T11:52:28.769941-04:00",
            "risk_rating": 6,
            "db_id": 12,
            "type": "Built-in",
            "last_updated_by": {
                "id": 1,
                "email": "admin@example.com",
                "first_name": "Admin",
                "last_name": "Example"
            },
            "active": true
        }
    ]
}

Expand Parameters

See the Expand Parameters section for more details.

Parameter Description
answers Expands the required and excluded answers for the match monditions that apply to each Library Weakness. Must be used with the match_conditions include parameter. Can only be used when Threat Engines is disabled.
attributes Expands the required and excluded attributes for the match conditions that apply to each Library Weakness. Must be used with the match_conditions include parameter. Can only be used when Threat Engines is enabled.
GET /api/v2/library/problems/?include=match_conditions&expand=answers HTTP/1.1
Accept: application/json
Authorization: Token: "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [
        {
            "id": "P12",
            "title": "Missing or Incorrect XML Validation",
            "text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
            "cwe": [
                112
            ],
            "created": "2010-10-20T13:46:04-04:00",
            "updated": "2025-05-30T13:37:33.109235-04:00",
            "risk_rating": 6,
            "db_id": 12,
            "type": "Built-in",
            "match_conditions": [
                {
                    "db_id": 750,
                    "id": "MC750",
                    "required": [
                        {
                            "id": "A13",
                            "text": "XML",
                            "description": "The system receives/sends Extensible Markup Language (XML) messages...",
                            "display_text": "Generates or reads data/files in the following formats: - XML",
                            "is_active": true
                        },
                        {
                            "id": "A742",
                            "text": "New/modified user input OR changes to how user input is used",
                            "description": "You have added or modified input from the user (e.g. a new form field on a web page)...",
                            "display_text": "Changes to User Input/Output Since Last Release - New/modified user input OR changes to how user input is used",
                            "is_active": true
                        }
                    ],
                    "excluded": []
                }
            ],
            "last_updated_by": {
                "id": 1,
                "email": "admin@example.com",
                "first_name": "Admin",
                "last_name": "Testerton"
            },
            "active": true
        }
    ]
}

Include Parameters

See the Include Parameters section for more details.

Parameter Description
category Includes the category that applies to each Library Weakness.
cwe Includes an expanded list of CWEs that apply to each Library Weakness.
related_tasks Includes a list of Library Countermeasures that relate to each Library Weakness.
match_conditions Includes the set of the match conditions that apply to each Library Weakness. These are used to determine relevancy to a Project.
GET /api/v2/library/problems/?include=related_tasks,category,cwe,match_conditions HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [
        {
            "id": "P12",
            "title": "Missing or Incorrect XML Validation",
            "text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
            "cwe": [
                {
                    "id": 112,
                    "title": "Missing XML Validation [Base]",
                    "url": "http://cwe.mitre.org/data/definitions/112"
                }
            ],
            "created": "2010-10-20T13:46:04-04:00",
            "updated": "2025-05-30T13:37:33.109235-04:00",
            "risk_rating": 6,
            "category": null,
            "db_id": 12,
            "type": "Built-in",
            "match_conditions": [
                {
                    "db_id": 750,
                    "id": "MC750",
                    "required": [
                        "A13",
                        "A742"
                    ],
                    "excluded": []
                }
            ],
            "last_updated_by": {
                "id": 1,
                "email": "admin@example.com",
                "first_name": "Admin",
                "last_name": "Testerton"
            },
            "active": true,
            "related_tasks": [
                {
                    "id": "T55",
                    "title": "Validate all XML input",
                    "text": "Validate all XML input when it is first received to reduce or eliminate many XML-based attacks...",
                    "priority": 6,
                    "phase": "X1",
                    "db_id": 55,
                    "active": true
                }
            ]
        }
    ]
}

Get a specific Library Weakness

This endpoint retrieves a single Library Weakness resource, as specified by the id parameter.

GET /api/v2/library/problems/{problem_id}/

URL Parameters

Parameter Description
problem_id The id of the Library Weakness to retrieve.

Query Parameters

Parameter Description
show_original Whether to return the original content for a Built-in Modified Library Weakness (default is false).

All of the expand and include parameters for the 'Get All Library Weaknesses' endpoint apply here as well.

GET /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": "P12",
    "title": "Missing or Incorrect XML Validation",
    "text": "The application accepts XML from an untrusted source without validating it against a proper schema...",
    "cwe": [
        112
    ],
    "created": "2010-10-20T13:46:04-04:00",
    "updated": "2024-05-13T11:52:28.769941-04:00",
    "risk_rating": 6,
    "db_id": 12,
    "type": "Built-in",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "active": true
}

Create a Library Weakness

This endpoint creates a new Library Weakness resource.

POST /api/v2/library/problems/

Fields Required Description
title Yes The title of the Library Weakness. Note: This name cannot match existing Library Weakness names
risk_rating Yes The risk rating of the Library Weakness. This should be a number between 1 and 10.
description Yes The description of the Library Weakness.
cwe No An number array that represents the CWEs assigned to the Library Weakness.
match_conditions No A list of dictionaries representing the set of match conditions belonging to the Library Weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, the Library Weakness will be included in projects that include the answer. When an answer is in the excluded array, the Library Weakness will not be included in projects that include this answer.
active No The active status of the Library Weakness (defaults to true).
POST /api/v2/library/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "title": "A New Weakness",
    "risk_rating": 7,
    "text": "Some description",
    "cwe": [1],
    "match_conditions": [
        {
            "required": ["A6"],
            "excluded": []
        }
    ],
    "active": false
}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "db_id": -1,
    "id": "CP1",
    "title": "A New Weakness",
    "risk_rating": 7,
    "text": "Some description",
    "type": "Custom",
    "cwe": [
        1
    ],
    "match_conditions": [
        {
            "db_id": -1,
            "id": "CMC1",
            "required": [
                "A6"
            ],
            "excluded": []
        }
    ],
    "created": "2024-05-13T16:50:10.145696-04:00",
    "updated": "2024-05-13T16:50:10.145720-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "active": false
}

Update a Library Weakness

This endpoint updates a specific Library Weakness resource, as specified by the id parameter.

PATCH /api/v2/library/problems/{problem_id}/

URL Parameters

Parameter Description
problem_id The id of the Library Weakness to update.

Payload

Fields Required Description
title No The title of the Library Weakness. Note: This name cannot match existing Library Weakness names
risk_rating No The risk rating of the Library Weakness. This should be a number between 1 and 10.
description No The description of the Library Weakness.
cwe No An number array that represents the CWEs assigned to the Library Weakness.
match_conditions No A list of dictionaries representing the set of match conditions belonging to the Library Weakness. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, the Library Weakness will be included in projects that include the answer. When an answer is in the excluded array, the Library Weakness will not be included in projects that include this answer.
active No Library Weaknesses can be activated or deactivated. Deactivating a Library Weakness will also deactivate any active related Library Countermeasures. Activating a Library Weakness will not activate any inactive related Library Countermeasures.
PATCH /api/v2/library/problems/P12/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "title": "An Updated Weakness",
    "risk_rating": 7,
    "text": "Some description",
    "cwe": [1],
    "match_conditions": [
        {
            "required": ["A6"],
            "excluded": []
        }
    ],
    "active": false
}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "db_id": 12,
    "id": "P12",
    "title": "An Updated Weakness",
    "risk_rating": 7,
    "text": "Some description",
    "cwe": [
        1
    ],
    "match_conditions": [
        {
            "db_id": -70,
            "id": "CMC67",
            "required": [
                "A6"
            ],
            "excluded": []
        }
    ],
    "created": "2010-10-20T13:46:04-04:00",
    "updated": "2024-05-13T16:58:08.465041-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "active": false
}

Delete a Library Weakness

This endpoint deletes a specific Library Weakness resource, as specified by the id parameter.

DELETE /api/v2/library/problems/{problem_id}/

URL Parameters

Parameter Description
problem_id The id of the Library Weakness to delete.

Payload

Fields Required Description
new_weakness_id No The ID of the Library Weakness to remap the related Library Countermeasures to. Required when the Library Weakness has related Library Countermeasures.
DELETE /api/v2/problems/CP1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "new_weakness_id": "CP2"
}
HTTP/1.1 204 NO CONTENT
Content-Type: application/json

{}

results matching ""

    No results matching ""