Library Countermeasures

⚠️ Breaking Changes for the Library Countermeasures API endpoint (/api/v2/library/tasks/) in 2024.3:

  • The 'active' field for Library Countermeasures will always be included in the API response. Previously the 'active' field was only included if 'include=active' param was specified.
  • The include param 'active' has been deprecated and will be removed.
  • The API endpoint will now include deactivated Library Countermeasures in the API response by default. Previously it only returned active Library Countermeasures and required the use of the hidden param 'show_inactive=true' to include deactivated Library Countermeasures in the API response.
  • The 'show_inactive' param has been deprecated and will be removed. To filter by active or inactive Library Countermeasures, use the new 'active' query parameter

Get all Library Countermeasures

This endpoint retrieves a list of Library Countermeasure resources.

GET /api/v2/library/tasks/

Query parameters

The following parameters may be used to filter the Library Countermeasure resources in the response.

Parameter Description
ordering Sort Countermeasures by the specified field. Prefix field name with minus to sort descending. Sortable fields: last_update_date, last_updated_by.
priority Given a priority 0-10, returns all Countermeasures matching specified priority
priority__in Given a list of priorities 0-10 separated by ,s, returns all Countermeasures matching specified priorities
phase Given a Phase id, returns all Countermeasures in specified Phase
phase__in Given a list of Phase ids separated by ,s, returns all Countermeasures in specified Phases
tag Given a tag, returns all Countermeasures with the specified tag (multiple tags can be provided, e.g. ?tag=tag1&tag=tag2)
type__in Returns all Weaknesses which are either built-in, built-in modified or custom
active Filter Countermeasures based on whether they are active or not. Valid values: true, false.
absolute_urls Whether to use absolute or relative urls (default is False)
to_html Whether to convert markdown to html (default is False)
show_inactive Whether to show inactive Countermeasures (default is False). Removed in 2024.3, use ?active=True to show only active Countermeasures.
show_original Whether to return to the original content for a Built-In Modified Countermeasure (default is False).
last_updated_date_from Returns all Countermeasures updated at or after the specified date. Note that if you would like to filter the date by UTC time, add a 'Z' to the end of the time. Otherwise, it is assumed you are filtering using local time. This is consistent with the ISO format, which we use for our dates. An example of the format can be found here: https://www.w3.org/TR/NOTE-datetime.
last_updated_date_to Returns all Countermeasures updated at or before the specified date. Note that if you would like to filter the date by UTC time, add a 'Z' to the end of the time. Otherwise, it is assumed you are filtering using local time. This is consistent with the ISO format, which we use for our dates. An example of the format can be found here: https://www.w3.org/TR/NOTE-datetime.
last_updated_by Given a specific User id, returns all Countermeasures updated by the User matching the specified id
last_updated_by__in Given a list of User ids separated by ,s, returns all Countermeasures updated by any of the Users matching the specified ids
regulation Given a Compliance Regulation id, returns all Library Countermeasures with Compliance Regulations matching specified id
regulation__in Given a list of Compliance Regulation ids separated by ,s, returns all Library Countermeasures with Compliance Regulations matching specified ids
regulation__isnull Whether to return Library Countermeasures with empty or non-empty regulation sections (default is False)
problem Given a Weakness id, returns all Library Countermeasures with specified Weakness id
GET /api/v2/library/tasks/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [{
        "priority": 8,
        "db_id": 1,
        "url": "http://example.com/library/tasks/T179/",
        "problem": "P1",
        "title": "Allow access for users to remove their data from the system",
        "text": "Some example description",
        "phase": "X1",
        "id": "T179",
        "active": true,
        "type": "Built-in",
        "created_by": {
            "id": 1,
            "email": "admin@example.com",
            "first_name": "Admin",
            "last_name": "Testerton"
        },
        "created_date": "2019-05-15T16:52:17.415000-04:00",
        "last_updated_date": "2021-06-25T14:47:43.788000-04:00",
        "last_updated_by": {
            "id": 1,
            "email": "admin@example.com",
            "first_name": "Admin",
            "last_name": "Testerton"
        }
    }]
}

Expand parameters

See the Expand Parameters section for more details.

Parameter Description
problem Expands the Weakness fields in the Countermeasure response object
phase Expands the phase field
answers The answers field is expanded.
GET /api/v2/library/tasks/?expand=problem HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [{
        "priority": 8,
        "db_id": 1,
        "tags": [],
        "url": "http://example.com/library/tasks/T179/",
        "problem": {
        "risk_rating": 5,
                "text": "This is some example content.",
                "cwe": [{
                    "url": "http://cwe.mitre.org/data/definitions/359",
                    "title": "Exposure of Private Information ('Privacy Violation')",
                    "cwe_id": 359
                }],
            "id": "P257",
            "db_id": 257,
            "title": "P257: Privacy Violation"
        },
        "title": "Allow access for users to remove their data from the system",
        "text": "Some example description",
        "phase": "X1",
        "id": "T179",
        "active": true,
        "type": "Built-in",
        "created_by": {
            "id": 1,
            "email": "admin@example.com",
            "first_name": "Admin",
            "last_name": "Testerton"
        },
        "created_date_time": "2019-05-15T16:52:17.415000-04:00",
        "last_updated_date": "2021-06-25T14:47:43.788000-04:00",
        "last_updated_by": {
            "id": 1,
            "email": "admin@example.com",
            "first_name": "Admin",
            "last_name": "Testerton"
        }
    }]
}

Include Parameters

See the Include Parameters section for more details.

Parameter Description
amendments Includes a list of amendments on each Countermeasure
categories Includes a list of categories that apply to each Countermeasure
how_tos Includes a list of How-Tos for each Countermeasure. These are language specific examples of how to implement the Countermeasure
tags Includes a list of tags attached to each Countermeasure
match_conditions Includes a list of match conditions attached to each Countermeasure and if combined with the expand problem param will also show the match conditions for the problem
verification_coverage Includes a list of verification coverages of each Countermeasure
active Returns a Boolean indicating whether the Countermeasure is active. Removed in 2024.3, the active field will always be included.
GET /api/v2/library/tasks/?include=verification_coverage,categories,tags,how_tos,amendments HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [{
        "priority": 8,
        "db_id": 1,
        "tags": ["tag1", "tag2", "tag3"],
        "url": "http://example.com/library/tasks/T179/",
        "problem": "P1",
        "title": "Allow access for users to remove their data from the system",
        "text": "Some example description",
        "phase": "X1",
        "id": "T179",
        "active": true,
        "categories": [
            "Authorization"
        ],
        "amendments": [{
            "id": "TA123",
            "title": "TA123",
            "text": "Some additional information about this Countermeasure..."
        }],
        "verification_coverage": [
            "No Automated Static Analysis Coverage"
        ],
        "how_tos": [{
            "id": "I131",
            "title": "I131: Manually with browser",
            "slug": "test-account-lockout-manually-browser",
            "url": "http://a7069ccda519b00c4/....",
            "text": "1. Open your web browser ..."
        }],
        "type": "Built-in",
        "created_by": {
            "id": 1,
            "email": "admin@example.com",
            "first_name": "Admin",
            "last_name": "Testerton"
        },
        "created_date_time": "2019-05-15T16:52:17.415000-04:00",
        "last_updated_date": "2021-06-25T14:47:43.788000-04:00",
        "last_updated_by": {
            "id": 1,
            "email": "admin@example.com",
            "first_name": "Admin",
            "last_name": "Testerton"
        },
        "match_conditions": [{
            "db_id": 523,
            "id": "MC523",
            "required": ["A19"],
            "excluded": ["A713"]
        }]
    }]
}

Get a specific Library Countermeasure

This endpoint retrieves a single Library Countermeasure resource, as specified by the id parameter.

GET /api/v2/library/tasks/{task_id}/

GET /api/v2/library/problems/{problem_id}/

Query Parameters

Parameter Description
show_original Whether to return to the original content for a Built-In Modified Countermeasure (default is False).

URL Parameters

Parameter Description
task_id The id of the Library Countermeasure to retrieve

All of the expand and include parameters for the 'Get all Library Countermeasures' endpoint apply here as well.

GET /api/v2/library/tasks/T3/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "priority": 8,
    "db_id": 1,
    "tags": [],
    "url": "http://example.com/library/tasks/T3/",
    "problem": "P1",
    "title": "Example Library Countermeasure",
    "text": "Some example description",
    "phase": "X1",
    "id": "T3",
    "active": true,
    "type": "Built-in",
    "created_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "created_date": "2019-05-15T16:52:17.415000-04:00",
    "last_updated_date": "2021-06-25T14:47:43.788000-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    }
}

Create a Library Countermeasure

This endpoint creates a new Library Countermeasure resource.

POST /api/v2/library/tasks/

Payload

Fields Required Description
title Yes The title of the Library Countermeasure.
text Yes The description text of the Library Countermeasure.
problem Yes The Weakness the Library Countermeasure is trying to solve.
priority Yes The priority of the Library Countermeasure.
phase Yes The phase in which the Library Countermeasure will appear in a project.
match_conditions No The match conditions for the Library Countermeasure.
tags No The list of tags associated with the Library Countermeasure.
active No The active status of the Library Countermeasure. If no value is provided the new Countermeasure will be active.
POST /api/v2/library/tasks/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "title": "A New Countermeasure",
    "text": "Countermeasure Description",
    "problem": "P1",
    "priority": 9,
    "phase": "X1",
    "match_conditions": [{
        "required": ["A19"],
        "excluded": ["A713"]
    }],
    "tags": ["tag1", "tag2"]
}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": "CT1",
    "title": "A New Countermeasure",
    "text": "Countermeasure Description",
    "created_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "created_date_time": "2024-07-11T12:28:35.779232-04:00",
    "last_updated_date": "2024-07-11T12:28:35.779259-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "url": "http://example.com/library/tasks/CT1/",
    "problem": "P1",
    "priority": 9,
    "phase": "X1",
    "db_id": -1,
    "type": "Custom",
    "active": true,
    "match_conditions": [{
        "db_id": 523,
        "id": "MC523",
        "required": ["A19"],
        "excluded": ["A713"]
    }],
    "tags": ["tag1", "tag2"]
}

Update a Library Countermeasure

This endpoint updates a specific Library Countermeasure resource, as specified by the id parameter.

PATCH /api/v2/library/tasks/{task_id}/

URL Parameters

Parameter Description
task_id The id of the Library Countermeasure to update.

Payload

Fields Required Description
title No The title of the Library Countermeasure.
text No The description text of the Library Countermeasure.
problem No The Weakness the Library Countermeasure is trying to solve.
priority No The priority of the Library Countermeasure.
phase No The phase in which the Library Countermeasure will appear in a project.
match_conditions No The match conditions for the Library Countermeasure.
active No The active status of the Library Countermeasure.
tags No The tags associated with the Library Countermeasure.
PATCH /api/v2/library/tasks/CT1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "title": "Updated Countermeasure",
    "text": "Updated Countermeasure Description",
    "problem": "P2",
    "priority": 4,
    "phase": "X2",
    "active": false,
    "match_conditions": [{
        "required": ["A19"],
        "excluded": ["A713"]
    }],
    "tags": ["tag1", "tag2"]
}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": "CT16",
    "title": "Updated Countermeasure",
    "text": "Updated Countermeasure Description",
    "created_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "created_date_time": "2024-07-11T12:28:35.779232-04:00",
    "last_updated_date": "2024-07-11T12:39:37.250027-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "url": "http://localhost:3000/library/tasks/CT1/",
    "problem": "P2",
    "priority": 4,
    "phase": "X2",
    "db_id": -1,
    "type": "Custom",
    "active": false,
    "match_conditions": [{
        "required": ["A19"],
        "excluded": ["A713"]
    }],
    "tags": ["tag1", "tag2"]
}

Delete a Library Countermeasure

This endpoint deletes a specific Library Countermeasure resource, as specified by the id parameter.

DELETE /api/v2/library/tasks/{task_id}/

URL Parameters

Parameter Description
task_id The id of the Library Countermeasure to delete.
DELETE /api/v2/library/tasks/CT1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 204 NO CONTENT
Content-Type: application/json

{}

results matching ""

    No results matching ""