Library Countermeasures
Get All Library Countermeasures
This endpoint retrieves a list of Library Countermeasure resources.
GET /api/v2/library/tasks/
Query Parameters
The following parameters may be used to filter the Library Countermeasure resources in the response.
| Parameter | Description |
|---|---|
| absolute_urls | Whether to use absolute or relative urls (default is false). |
| active | Filter Library Countermeasures based on whether they are active or not. Valid values: true, false. |
| id__in | Given a list of Library Countermeasure ids separated by ,s, returns all Library Countermeasures with the specified ids. |
| last_updated_by | Given a specific User id, returns all Library Countermeasures updated by the User matching the specified id. |
| last_updated_by__in | Given a list of User ids separated by ,s, returns all Library Countermeasures updated by any of the Users matching the specified ids. |
| last_updated_date_from | Returns all Library Countermeasures updated at or after the specified date. Note that if you would like to filter the date by UTC time, add a 'Z' to the end of the time. Otherwise, it is assumed you are filtering using local time. This is consistent with the ISO format, which we use for our dates. An example of the format can be found here: https://www.w3.org/TR/NOTE-datetime. |
| last_updated_date_to | Returns all Library Countermeasures updated at or before the specified date. Note that if you would like to filter the date by UTC time, add a 'Z' to the end of the time. Otherwise, it is assumed you are filtering using local time. This is consistent with the ISO format, which we use for our dates. An example of the format can be found here: https://www.w3.org/TR/NOTE-datetime. |
| ordering | Orders Library Countermeasures by the specified fields. Prefix field name with minus to sort descending. This endpoint supports ordering by id, title, active, last_update_date and last_updated_by. |
| phase | Given a Phase id, returns all Library Countermeasures in specified Phase. |
| phase__in | Given a list of Phase ids separated by ,s, returns all Library Countermeasures in the specified Phases. |
| priority | Given a priority 1-10, returns all Library Countermeasures matching the specified priority. |
| priority__in | Given a list of priorities 1-10 separated by ,s, returns all Library Countermeasures matching the specified priorities. |
| problem | Given a Weakness id, returns all Library Countermeasures with specified Weakness id. |
| regulation | Given a Compliance Regulation id, returns all Library Countermeasures with Compliance Regulations matching specified id. |
| regulation__in | Given a list of Compliance Regulation ids separated by ,s, returns all Library Countermeasures with Compliance Regulations matching specified ids. |
| regulation__isnull | Whether to return Library Countermeasures with empty or non-empty regulation sections (default is false). |
| search | Filter Library Countermeasures by performing a textual search on its db_id, id or title. |
| show_original | Whether to return the original content for Built-in Modified Library Countermeasures (default is false). |
| tag | Given a tag, returns all Library Countermeasures with the specified tag (multiple tags can be provided, e.g. ?tag=tag1&tag=tag2). |
| to_html | Whether to convert markdown to HTML (default is false). |
| type__in | Returns all Library Countermeasures which are either Built-in, Built-in Modified or Custom. |
GET /api/v2/library/tasks/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"id": "T2",
"title": "Secure the password reset mechanism",
"text": "If the application has a password reset function, use the following sequence...",
"created_by": {
"id": 4,
"email": "no-reply+content_admin@localhost",
"first_name": "SD",
"last_name": "Elements"
},
"created_date": "2010-10-20T13:46:50-04:00",
"last_updated_date": "2024-12-03T21:22:43.374000-05:00",
"last_updated_by": {
"id": 4,
"email": "no-reply+content_admin@localhost",
"first_name": "SD",
"last_name": "Elements"
},
"url": "http://example.com/library/tasks/T2/",
"problem": "P526",
"priority": 9,
"phase": "X1",
"db_id": 2,
"active": true,
"type": "Built-in"
}
]
}
Expand Parameters
See the Expand Parameters section for more details.
| Parameter | Description |
|---|---|
| answers | Expands the required and excluded answers for the match monditions that apply to each Library Countermeasure. Must be used with the match_conditions include parameter. |
| phase | Expands the phase fields. |
| problem | Expands the problem fields. |
GET /api/v2/library/tasks/?include=match_conditions&expand=answers,problem,phase HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"id": "T2",
"title": "Secure the password reset mechanism",
"text": "If the application has a password reset function, use the following sequence...",
"created_by": {
"id": 4,
"email": "no-reply+content_admin@localhost",
"first_name": "SD",
"last_name": "Elements"
},
"created_date": "2010-10-20T13:46:50-04:00",
"last_updated_date": "2025-06-02T10:46:55.450410-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"url": "http://example.com/library/tasks/T2/",
"problem": {
"id": "P526",
"risk_rating": 9,
"title": "Weak Password Reset Mechanism for Forgotten Passwords",
"text": "The application's password reset features are not secure and can allow attackers to access accounts...",
"cwe": [
{
"id": 640,
"title": "Weak Password Recovery Mechanism for Forgotten Password [Base]",
"url": "http://cwe.mitre.org/data/definitions/640"
},
{
"id": 930,
"title": "OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management [Category]",
"url": "http://cwe.mitre.org/data/definitions/930"
}
],
"db_id": 526,
"match_conditions": [
{
"db_id": 72,
"id": "MC72",
"required": [
"A182",
"A734"
],
"excluded": []
}
]
},
"priority": 9,
"phase": {
"id": "X1",
"name": "Requirements",
"slug": "requirements",
"description": "Application security requirements that are generally used to assist requirements analysts.",
"tip": "One-time countermeasure that you can verify. These are similar to traditional functional requirements, or user stories.",
"ordinal": 2,
"active": true,
"is_custom": false,
"retain": false,
"db_id": 1
},
"db_id": 2,
"active": true,
"type": "Built-in Modified",
"match_conditions": [
{
"db_id": -3,
"id": "CMC3",
"required": [
{
"id": "A19",
"text": "Uses passwords",
"description": "The application authenticates users with a password. This does not include Single Sign On.",
"display_text": "Authentication Method - Uses passwords",
"is_active": true
}
],
"excluded": []
}
]
}
]
}
Include Parameters
See the Include Parameters section for more details.
| Parameter | Description |
|---|---|
| amendments | Includes a list of Library Countermeasure Additional Requirements for each Library Countermeasure. |
| categories | Includes a list of categories that apply to each Library Countermeasure. |
| how_tos | Includes a list of Library Countermeasure How-tos for each Library Countermeasure. These are language specific examples of how to implement the Library Countermeasure. |
| match_conditions | Includes the set of the match conditions that apply to each Library Countermeasure. These are used to determine relevancy to a Project. If combined with the expand problem parameter, it will also show the match conditions for the problem. |
| tags | Includes the list of tags attached to each Library Countermeasure. |
| verification_coverage | Includes the list of verification coverages for each Library Countermeasure. |
GET /api/v2/library/tasks/?include=amendments,categories,how_tos,match_conditions,tags,verification_coverage HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"id": "T2",
"title": "Secure the password reset mechanism",
"text": "If the application has a password reset function, use the following sequence...",
"created_by": {
"id": 4,
"email": "no-reply+content_admin@localhost",
"first_name": "SD",
"last_name": "Elements"
},
"created_date": "2010-10-20T13:46:50-04:00",
"last_updated_date": "2025-06-02T10:46:55.450410-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"url": "http://example.com/library/tasks/T2/",
"problem": "P526",
"priority": 9,
"tags": [
"tag1",
"tag2"
],
"phase": "X1",
"categories": [
"Inadequate Authentication"
],
"verification_coverage": [
"No Automated Static Analysis Coverage",
"No Automated Dynamic Analysis Coverage"
],
"db_id": 2,
"active": true,
"type": "Built-in Modified",
"how_tos": [
{
"id": "I762",
"title": "ASP.NET Core / C#: Generic forget password request messages",
"text": "## Description\n\nDisplaying generic error messages applies to recovering passwords...",
"slug": "aspnet-core-c-generic-forget-password-request-messages",
"url": "http://localhost:3000/library/tasks/T2/aspnet-core-c-generic-forget-password-request-messages/"
}
],
"amendments": [
{
"id": "TA47",
"title": "MDS2 Notes",
"text": "The following MDS2-2013 question(s) relate to this task:\n\n__3-1.__ Can the device prevent access to unauthorized users through user login requirements or other mechanisms?",
"ordinal": 0
}
],
"match_conditions": [
{
"db_id": -3,
"id": "CMC3",
"required": [
"A19"
],
"excluded": []
}
]
}
]
}
Get a specific Library Countermeasure
This endpoint retrieves a single Library Countermeasure resource, as specified by the id parameter.
GET /api/v2/library/tasks/{task_id}/
URL Parameters
| Parameter | Description |
|---|---|
| task_id | The id of the Library Countermeasure to retrieve. |
Query Parameters
| Parameter | Description |
|---|---|
| show_original | Whether to return the original content for a Built-in Modified Library Countermeasure (default is false). |
All of the expand and include parameters for the 'Get All Library Countermeasures' endpoint apply here as well.
GET /api/v2/library/tasks/T2/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "T2",
"title": "Secure the password reset mechanism",
"text": "If the application has a password reset function, use the following sequence...",
"created_by": {
"id": 4,
"email": "no-reply+content_admin@localhost",
"first_name": "SD",
"last_name": "Elements"
},
"created_date": "2010-10-20T13:46:50-04:00",
"last_updated_date": "2025-06-02T11:02:13.055412-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"url": "http://example.com/library/tasks/T2/",
"problem": "P526",
"priority": 9,
"phase": "X1",
"db_id": 2,
"active": true,
"type": "Built-in"
}
Create a Library Countermeasure
This endpoint creates a new Library Countermeasure resource.
POST /api/v2/library/tasks/
Payload
| Fields | Required | Description |
|---|---|---|
| title | Yes | The title of the Library Countermeasure. |
| text | Yes | The description text of the Library Countermeasure. |
| problem | Yes | The Weakness the Library Countermeasure is trying to solve. |
| priority | Yes | The priority of the Library Countermeasure. |
| phase | Yes | The Phase in which the Library Countermeasure will appear in a project. |
| match_conditions | No | A list of dictionaries representing the set of match conditions belonging to the Library Countermeasure. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, the Library Countermeasure will be included in projects that include the answer. When an answer is in the excluded array, the Library Countermeasure will not be included in projects that include this answer. |
| tags | No | The list of tags associated with the Library Countermeasure. |
| active | No | The active status of the Library Countermeasure (defaults to true). |
POST /api/v2/library/tasks/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"title": "A New Countermeasure",
"text": "Countermeasure Description",
"problem": "P12",
"priority": 9,
"phase": "X1",
"match_conditions": [{
"required": ["A19"],
"excluded": ["A713"]
}],
"tags": ["tag1", "tag2"],
"active": false
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "CT1",
"title": "A New Countermeasure",
"text": "Countermeasure Description",
"created_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"created_date": "2025-06-02T11:22:21.291619-04:00",
"last_updated_date": "2025-06-02T11:22:21.291667-04:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"url": "http://example.com/library/tasks/CT1/",
"problem": "P12",
"priority": 9,
"tags": [
"tag1",
"tag2"
],
"phase": "X1",
"db_id": -2,
"active": false,
"type": "Custom",
"match_conditions": [
{
"db_id": -4,
"id": "CMC4",
"required": [
"A19"
],
"excluded": [
"A713"
]
}
]
}
Update a Library Countermeasure
This endpoint updates a specific Library Countermeasure resource, as specified by the id parameter.
PATCH /api/v2/library/tasks/{task_id}/
URL Parameters
| Parameter | Description |
|---|---|
| task_id | The id of the Library Countermeasure to update. |
Payload
| Fields | Required | Description |
|---|---|---|
| title | No | The title of the Library Countermeasure. |
| text | No | The description text of the Library Countermeasure. |
| problem | No | The Weakness the Library Countermeasure is trying to solve. |
| priority | No | The priority of the Library Countermeasure. |
| phase | No | The Phase in which the Library Countermeasure will appear in a project. |
| match_conditions | No | A list of dictionaries representing the set of match conditions belonging to the Library Countermeasure. Each dictionary has required and excluded fields which are arrays of answer IDs. When an answer is in the required array, the Library Countermeasure will be included in projects that include the answer. When an answer is in the excluded array, the Library Countermeasure will not be included in projects that include this answer. |
| tags | No | The list of tags associated with the Library Countermeasure. |
| active | No | Library Weaknesses can be activated or deactivated. |
PATCH /api/v2/library/tasks/T3/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"title": "Updated Countermeasure",
"text": "Updated Countermeasure Description",
"problem": "P2",
"priority": 4,
"phase": "X2",
"active": false,
"match_conditions": [{
"required": ["A19"],
"excluded": ["A713"]
}],
"tags": ["tag1", "tag2"]
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "T3",
"title": "Updated Countermeasure",
"text": "Updated Countermeasure Description",
"created_by": {
"id": 4,
"email": "no-reply+content_admin@localhost",
"first_name": "SD",
"last_name": "Elements"
},
"created_date": "2010-10-20T13:46:50-04:00",
"last_updated_date": "2024-12-03T21:22:43.436000-05:00",
"last_updated_by": {
"id": 1,
"email": "admin@example.com",
"first_name": "Admin",
"last_name": "Testerton"
},
"url": "http://example.com/library/tasks/T3/",
"problem": "P21",
"priority": 4,
"tags": [
"tag1",
"tag2"
],
"phase": "X2",
"db_id": 3,
"active": false,
"type": "Built-in Modified",
"match_conditions": [
{
"db_id": -5,
"id": "CMC5",
"required": [
"A19"
],
"excluded": [
"A713"
]
}
]
}
Delete a Library Countermeasure
This endpoint deletes a specific Library Countermeasure resource, as specified by the id parameter.
DELETE /api/v2/library/tasks/{task_id}/
URL Parameters
| Parameter | Description |
|---|---|
| task_id | The id of the Library Countermeasure to delete. |
DELETE /api/v2/library/tasks/CT1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 204 NO CONTENT
Content-Type: application/json
{}