Project Weaknesses
Get All Project Weaknesses
This endpoint retrieves a list of Library Weakness resources that are applicable to a particular Project.
GET /api/v2/projects/{project_id}/problems/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the Project to retrieve Weaknesses for. |
Query Parameters
The following parameters may be used to filter the Library Weakness resources in the response.
| Parameter | Description |
|---|---|
| risk_rating | Given a risk rating 0-10, returns all Weaknesses with specified rating. |
| absolute_urls | Whether to use absolute or relative urls (default is False). |
| to_html | Whether to convert markdown to html (default is False). |
| search | Filter Weaknesses by performing a textual search on title, description, and Countermeasure titles. |
| risk_relevant_tasks_count | Limits the Countermeasures counted for task_count to those relevant for the project's risk policy if True and non-relevant for False. Requires task_count in included fields. |
GET /api/v2/projects/1936/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "1936-P257",
"problem_id": "P257",
"title": "Privacy Violation",
"text": "This is some example description.",
"risk_rating": 5,
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"manually_added_from_library": false,
"project_specific": false
}]
}
Include Parameters
See the Include Parameters section for more details.
| Parameter | Description |
|---|---|
| category | Includes the category that applies to each Weakness. |
| cwe | Includes the list of CWEs that apply to each Weakness. |
| tasks_count | Includes the number of Tasks related to each Weakness that are accepted into the particular Project. This is the same count of Weaknesses that would be returned by the Project Weakness Countermeasures endpoint. |
GET /api/v2/projects/1936/problems/?include=category,cwe,tasks_count HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "1936-P257",
"problem_id": "P257",
"title": "Privacy Violation",
"text": "This is some example description.",
"risk_rating": 5,
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"manually_added_from_library": false,
"project_specific": false,
"category": "XML and Web Services",
"cwe": [{
"url": "http://cwe.mitre.org/data/definitions/359",
"title": "Exposure of Private Information ('Privacy Violation')",
"id": 359
}],
"tasks_count": 1
}]
}
Filter Parameters
Weaknesses can be filtered by their various properties, or by properties of their related Countermeasures. If a related Countermeasure filter is passed, we return only Weaknesses that have at least one related Countermeasure that matches the filter condition. If no filters are passed, we default to returning all applicable Weaknesses of the particular Project.
| Parameter | Expected values | Description | Custom Field Lookup support |
|---|---|---|---|
| risk_rating | 1-10 | Filter by Weakness risk rating | Yes |
| source | default, custom, manual, project | Filter by Weakness source (builtin problem, custom problem, manually added library Weakness, project specific Weakness) | supports __in only |
| task_priority | 1-10 | Filter by related Countermeasure priority | Yes |
| task_status | status item id (TS1) | Filter by related Countermeasure status | Yes |
| task_assigned_to | Filter by related Countermeasure assigned user's email/username | Yes | |
| tasks_count | integer (>0) | Filter by number of Countermeasures | Yes |
Get a Specific Project Weakness
This endpoint retrieves a single Library Weakness resource of a particular Project, as specified by the problem_id parameter.
GET /api/v2/projects/{project_id}/problems/{problem_id}/
All the parameters for the 'Get All Project Weaknesses ' endpoint apply here as well.
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the Project the Weakness is associated with. |
| problem_id | The id of the Weakness to retrieve. |
GET /api/v2/projects/1936/problems/1936-P3/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "1936-P3",
"problem_id": "P3",
"title": "Example Library Weakness",
"text": "This is some example description.",
"risk_rating": 5,
"created": "2010-10-20T13:46:08-04:00",
"updated": "2019-08-28T16:55:57.214000-04:00",
"manually_added_from_library": false,
"project_specific": false
}
Create a new project-specific Weakness
Creates a new Weakness resource that is project-specific.
POST /api/v2/projects/{project_id}/problems/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the project the new Weakness belongs to. |
Payload
| Fields | Required | Description |
|---|---|---|
| cwe | No | A list of CWE IDs that apply to the new Weakness. |
| risk_rating | Yes | The risk rating value from 0-10. |
| text | Yes | The description of the new Weakness. |
| title | Yes | The title of the new Weakness. |
POST /api/v2/projects/1/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"cwe": [7, 10],
"risk_rating": 9,
"text": "Weakness Description",
"title": "Project-specific Weakness"
}
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": "1-PP1",
"problem_id": "PP1",
"title": "Project-specific Weakness",
"text": "Weakness Description",
"cwe": [
{
"id": 7,
"title": "J2EE Misconfiguration: Missing Custom Error Page [Variant]",
"url": "http://cwe.mitre.org/data/definitions/7"
},
{
"id": 10,
"title": "ASP.NET Environment Issues [Category]",
"url": "http://cwe.mitre.org/data/definitions/10"
}
],
"created": "2020-08-31T10:41:37.026216-04:00",
"updated": "2020-08-31T10:41:36.995456-04:00",
"risk_rating": 9,
"manually_added_from_library": false,
"project_specific": true
}
Create a new Weakness from an existing Library Weakness
Add a Library Weakness to a project. Only Library Weaknesses that aren't applicable to a Project can be added.
POST /api/v2/projects/{project_id}/problems/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the Project the new Weakness belongs to. |
Payload
| Fields | Required | Description |
|---|---|---|
| problem_id | Yes | The id of the Library Weakness to add to the Project. |
POST /api/v2/projects/1/problems/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"problem_id": "P123"
}
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": "2-P123",
"problem_id": "P123",
"title": "Sensitive information uncleared before release",
"text": "If the memory and storage devices of a system or application are not cleared when an operation is finished, its data can become accessible to unauthorized people. In one of the possible scenarios, this may happen when memory is reallocated, or when a resource is released and is no longer in service.",
"created": "2010-10-20T13:46:09-04:00",
"updated": "2019-08-28T16:55:58.362000-04:00",
"risk_rating": 3,
"manually_added_from_library": true
}
Delete a Weakness
Delete a single Weakness resource, as specified by the Project and Weakness id parameters.
Only manually added Library Weaknesses and project specific Weaknesses may be deleted.
DELETE /api/v2/projects/{project_id}/problems/{id}/
URL Parameters
| Parameter | Description |
|---|---|
| project_id | The id of the Project this Weakness belongs to. |
| id | The id of the Weakness to delete. |
DELETE /api/v2/projects/2/problems/2-P123/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 204 NO CONTENT