Library Countermeasures

Get All Library Countermeasures

This endpoint retrieves a list of Library Countermeasure resources.

GET /api/v2/library/tasks/

Query Parameters

The following parameters may be used to filter the Library Countermeasure resources in the response.

Parameter Description
absolute_urls Whether to use absolute or relative urls (default is false).
active Filter Library Countermeasures based on whether they are active or not. Valid values: true, false.
id__in Given a list of Library Countermeasure ids separated by ,s, returns all Library Countermeasures with the specified ids.
last_updated_by Given a specific User id, returns all Library Countermeasures updated by the User matching the specified id.
last_updated_by__in Given a list of User ids separated by ,s, returns all Library Countermeasures updated by any of the Users matching the specified ids.
last_updated_date_from Returns all Library Countermeasures updated at or after the specified date. Note that if you would like to filter the date by UTC time, add a 'Z' to the end of the time. Otherwise, it is assumed you are filtering using local time. This is consistent with the ISO format, which we use for our dates. An example of the format can be found here: https://www.w3.org/TR/NOTE-datetime.
last_updated_date_to Returns all Library Countermeasures updated at or before the specified date. Note that if you would like to filter the date by UTC time, add a 'Z' to the end of the time. Otherwise, it is assumed you are filtering using local time. This is consistent with the ISO format, which we use for our dates. An example of the format can be found here: https://www.w3.org/TR/NOTE-datetime.
ordering Orders Library Countermeasures by the specified fields. Prefix field name with minus to sort descending. This endpoint supports ordering by id, title, active, last_update_date and last_updated_by.
phase Given a Phase id, returns all Library Countermeasures in specified Phase.
phase__in Given a list of Phase ids separated by ,s, returns all Library Countermeasures in the specified Phases.
priority Given a priority 1-10, returns all Library Countermeasures matching the specified priority.
priority__in Given a list of priorities 1-10 separated by ,s, returns all Library Countermeasures matching the specified priorities.
problem Given a Weakness id, returns all Library Countermeasures with specified Weakness id.
regulation Given a Compliance Regulation id, returns all Library Countermeasures with Compliance Regulations matching specified id.
regulation__in Given a list of Compliance Regulation ids separated by ,s, returns all Library Countermeasures with Compliance Regulations matching specified ids.
regulation__isnull Whether to return Library Countermeasures with empty or non-empty regulation sections (default is false).
search Filter Library Countermeasures by performing a textual search on its db_id, id or title.
show_original Whether to return the original content for Built-in Modified Library Countermeasures (default is false).
tag Given a tag, returns all Library Countermeasures with the specified tag (multiple tags can be provided, e.g. ?tag=tag1&tag=tag2).
to_html Whether to convert markdown to HTML (default is false).
type__in Returns all Library Countermeasures which are either Built-in, Built-in Modified or Custom.
GET /api/v2/library/tasks/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [
        {
            "id": "T2",
            "title": "Secure the password reset mechanism",
            "text": "If the application has a password reset function, use the following sequence...",
            "created_by": {
                "id": 4,
                "email": "no-reply+content_admin@localhost",
                "first_name": "SD",
                "last_name": "Elements"
            },
            "created_date": "2010-10-20T13:46:50-04:00",
            "last_updated_date": "2024-12-03T21:22:43.374000-05:00",
            "last_updated_by": {
                "id": 4,
                "email": "no-reply+content_admin@localhost",
                "first_name": "SD",
                "last_name": "Elements"
            },
            "url": "http://example.com/library/tasks/T2/",
            "problem": "P526",
            "priority": 9,
            "phase": "X1",
            "db_id": 2,
            "active": true,
            "type": "Built-in"
        }
    ]
}

Expand Parameters

See the Expand Parameters section for more details.

Parameter Description
answers Expands the required and excluded answers for the match monditions that apply to each Library Countermeasure. Must be used with the match_conditions include parameter.
phase Expands the phase fields.
problem Expands the problem fields.
GET /api/v2/library/tasks/?include=match_conditions&expand=answers,problem,phase HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [
        {
            "id": "T2",
            "title": "Secure the password reset mechanism",
            "text": "If the application has a password reset function, use the following sequence...",
            "created_by": {
                "id": 4,
                "email": "no-reply+content_admin@localhost",
                "first_name": "SD",
                "last_name": "Elements"
            },
            "created_date": "2010-10-20T13:46:50-04:00",
            "last_updated_date": "2025-06-02T10:46:55.450410-04:00",
            "last_updated_by": {
                "id": 1,
                "email": "admin@example.com",
                "first_name": "Admin",
                "last_name": "Testerton"
            },
            "url": "http://example.com/library/tasks/T2/",
            "problem": {
                "id": "P526",
                "risk_rating": 9,
                "title": "Weak Password Reset Mechanism for Forgotten Passwords",
                "text": "The application's password reset features are not secure and can allow attackers to access accounts...",
                "cwe": [
                    {
                        "id": 640,
                        "title": "Weak Password Recovery Mechanism for Forgotten Password [Base]",
                        "url": "http://cwe.mitre.org/data/definitions/640"
                    },
                    {
                        "id": 930,
                        "title": "OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management [Category]",
                        "url": "http://cwe.mitre.org/data/definitions/930"
                    }
                ],
                "db_id": 526,
                "match_conditions": [
                    {
                        "db_id": 72,
                        "id": "MC72",
                        "required": [
                            "A182",
                            "A734"
                        ],
                        "excluded": []
                    }
                ]
            },
            "priority": 9,
            "phase": {
                "id": "X1",
                "name": "Requirements",
                "slug": "requirements",
                "description": "Application security requirements that are generally used to assist requirements analysts.",
                "tip": "One-time countermeasure that you can verify. These are similar to traditional functional requirements, or user stories.",
                "ordinal": 2,
                "active": true,
                "is_custom": false,
                "retain": false,
                "db_id": 1
            },
            "db_id": 2,
            "active": true,
            "type": "Built-in Modified",
            "match_conditions": [
                {
                    "db_id": -3,
                    "id": "CMC3",
                    "required": [
                        {
                            "id": "A19",
                            "text": "Uses passwords",
                            "description": "The application authenticates users with a password. This does not include Single Sign On.",
                            "display_text": "Authentication Method - Uses passwords",
                            "is_active": true
                        }
                    ],
                    "excluded": []
                }
            ]
        }
    ]
}

Include Parameters

See the Include Parameters section for more details.

Parameter Description
amendments Includes a list of Library Countermeasure Additional Requirements for each Library Countermeasure.
categories Includes a list of categories that apply to each Library Countermeasure.
how_tos Includes a list of Library Countermeasure How-tos for each Library Countermeasure. These are language specific examples of how to implement the Library Countermeasure.
match_conditions Includes the set of the match conditions that apply to each Library Countermeasure. These are used to determine relevancy to a Project. If combined with the expand problem parameter, it will also show the match conditions for the problem.
tags Includes the list of tags attached to each Library Countermeasure.
verification_coverage Includes the list of verification coverages for each Library Countermeasure.
GET /api/v2/library/tasks/?include=amendments,categories,how_tos,match_conditions,tags,verification_coverage HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "results": [
        {
            "id": "T2",
            "title": "Secure the password reset mechanism",
            "text": "If the application has a password reset function, use the following sequence...",
            "created_by": {
                "id": 4,
                "email": "no-reply+content_admin@localhost",
                "first_name": "SD",
                "last_name": "Elements"
            },
            "created_date": "2010-10-20T13:46:50-04:00",
            "last_updated_date": "2025-06-02T10:46:55.450410-04:00",
            "last_updated_by": {
                "id": 1,
                "email": "admin@example.com",
                "first_name": "Admin",
                "last_name": "Testerton"
            },
            "url": "http://example.com/library/tasks/T2/",
            "problem": "P526",
            "priority": 9,
            "tags": [
                "tag1",
                "tag2"
            ],
            "phase": "X1",
            "categories": [
                "Inadequate Authentication"
            ],
            "verification_coverage": [
                "No Automated Static Analysis Coverage",
                "No Automated Dynamic Analysis Coverage"
            ],
            "db_id": 2,
            "active": true,
            "type": "Built-in Modified",
            "how_tos": [
                {
                    "id": "I762",
                    "title": "ASP.NET Core / C#: Generic forget password request messages",
                    "text": "## Description\n\nDisplaying generic error messages applies to recovering passwords...",
                    "slug": "aspnet-core-c-generic-forget-password-request-messages",
                    "url": "http://localhost:3000/library/tasks/T2/aspnet-core-c-generic-forget-password-request-messages/"
                }
            ],
            "amendments": [
                {
                    "id": "TA47",
                    "title": "MDS2 Notes",
                    "text": "The following MDS2-2013 question(s) relate to this task:\n\n__3-1.__ Can the device prevent access to unauthorized users through user login requirements or other mechanisms?",
                    "ordinal": 0
                }
            ],
            "match_conditions": [
                {
                    "db_id": -3,
                    "id": "CMC3",
                    "required": [
                        "A19"
                    ],
                    "excluded": []
                }
            ]
        }
    ]
}

Get a specific Library Countermeasure

This endpoint retrieves a single Library Countermeasure resource, as specified by the id parameter.

GET /api/v2/library/tasks/{task_id}/

URL Parameters

Parameter Description
task_id The id of the Library Countermeasure to retrieve.

Query Parameters

Parameter Description
show_original Whether to return the original content for a Built-in Modified Library Countermeasure (default is false).

All of the expand and include parameters for the 'Get All Library Countermeasures' endpoint apply here as well.

GET /api/v2/library/tasks/T2/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": "T2",
    "title": "Secure the password reset mechanism",
    "text": "If the application has a password reset function, use the following sequence...",
    "created_by": {
        "id": 4,
        "email": "no-reply+content_admin@localhost",
        "first_name": "SD",
        "last_name": "Elements"
    },
    "created_date": "2010-10-20T13:46:50-04:00",
    "last_updated_date": "2025-06-02T11:02:13.055412-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "url": "http://example.com/library/tasks/T2/",
    "problem": "P526",
    "priority": 9,
    "phase": "X1",
    "db_id": 2,
    "active": true,
    "type": "Built-in"
}

Create a Library Countermeasure

This endpoint creates a new Library Countermeasure resource.

POST /api/v2/library/tasks/

Payload

Fields Required Description
title Yes The title of the Library Countermeasure.
text Yes The description text of the Library Countermeasure.
problem Yes The Weakness the Library Countermeasure is trying to solve.
priority Yes The priority of the Library Countermeasure.
phase Yes The Phase in which the Library Countermeasure will appear in a project.
match_conditions No A list of dictionaries representing the set of match conditions belonging to the Library Countermeasure. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, the Library Countermeasure will be included in projects that include the answer. When an answer is in the excluded array, the Library Countermeasure will not be included in projects that include this answer.
tags No The list of tags associated with the Library Countermeasure.
active No The active status of the Library Countermeasure (defaults to true).
POST /api/v2/library/tasks/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "title": "A New Countermeasure",
    "text": "Countermeasure Description",
    "problem": "P12",
    "priority": 9,
    "phase": "X1",
    "match_conditions": [{
        "required": ["A19"],
        "excluded": ["A713"]
    }],
    "tags": ["tag1", "tag2"],
    "active": false
}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": "CT1",
    "title": "A New Countermeasure",
    "text": "Countermeasure Description",
    "created_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "created_date": "2025-06-02T11:22:21.291619-04:00",
    "last_updated_date": "2025-06-02T11:22:21.291667-04:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "url": "http://example.com/library/tasks/CT1/",
    "problem": "P12",
    "priority": 9,
    "tags": [
        "tag1",
        "tag2"
    ],
    "phase": "X1",
    "db_id": -2,
    "active": false,
    "type": "Custom",
    "match_conditions": [
        {
            "db_id": -4,
            "id": "CMC4",
            "required": [
                "A19"
            ],
            "excluded": [
                "A713"
            ]
        }
    ]
}

Update a Library Countermeasure

This endpoint updates a specific Library Countermeasure resource, as specified by the id parameter.

PATCH /api/v2/library/tasks/{task_id}/

URL Parameters

Parameter Description
task_id The id of the Library Countermeasure to update.

Payload

Fields Required Description
title No The title of the Library Countermeasure.
text No The description text of the Library Countermeasure.
problem No The Weakness the Library Countermeasure is trying to solve.
priority No The priority of the Library Countermeasure.
phase No The Phase in which the Library Countermeasure will appear in a project.
match_conditions No A list of dictionaries representing the set of match conditions belonging to the Library Countermeasure. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, the Library Countermeasure will be included in projects that include the answer. When an answer is in the excluded array, the Library Countermeasure will not be included in projects that include this answer.
tags No The list of tags associated with the Library Countermeasure.
active No Library Weaknesses can be activated or deactivated.
PATCH /api/v2/library/tasks/T3/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"

{
    "title": "Updated Countermeasure",
    "text": "Updated Countermeasure Description",
    "problem": "P2",
    "priority": 4,
    "phase": "X2",
    "active": false,
    "match_conditions": [{
        "required": ["A19"],
        "excluded": ["A713"]
    }],
    "tags": ["tag1", "tag2"]
}
HTTP/1.1 200 OK
Content-Type: application/json

{
    "id": "T3",
    "title": "Updated Countermeasure",
    "text": "Updated Countermeasure Description",
    "created_by": {
        "id": 4,
        "email": "no-reply+content_admin@localhost",
        "first_name": "SD",
        "last_name": "Elements"
    },
    "created_date": "2010-10-20T13:46:50-04:00",
    "last_updated_date": "2024-12-03T21:22:43.436000-05:00",
    "last_updated_by": {
        "id": 1,
        "email": "admin@example.com",
        "first_name": "Admin",
        "last_name": "Testerton"
    },
    "url": "http://example.com/library/tasks/T3/",
    "problem": "P21",
    "priority": 4,
    "tags": [
        "tag1",
        "tag2"
    ],
    "phase": "X2",
    "db_id": 3,
    "active": false,
    "type": "Built-in Modified",
    "match_conditions": [
        {
            "db_id": -5,
            "id": "CMC5",
            "required": [
                "A19"
            ],
            "excluded": [
                "A713"
            ]
        }
    ]
}

Delete a Library Countermeasure

This endpoint deletes a specific Library Countermeasure resource, as specified by the id parameter.

DELETE /api/v2/library/tasks/{task_id}/

URL Parameters

Parameter Description
task_id The id of the Library Countermeasure to delete.
DELETE /api/v2/library/tasks/CT1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 204 NO CONTENT
Content-Type: application/json

{}

results matching ""

    No results matching ""