Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added sample POST calls for 2.8.5+ versions

/rest/{version}/applications/{appId}/policy/eval?policyId={policyId}

Descriptor

Value

HTTP Method

GET

POST

Description

Gets the status of a policy even

Updates the evaluation’s results if the

policy is not attached to the application

status is out of date. If there are no status changes requiring an update, the current status will be returned.

Required Permission

Read Access (Any Role)

Version Introduced

2.6

Changes in 2.8

Added additional request parameter "type".

Changes in 2.8.5

GET method changed to POST.

Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request GET Parameters

Parameter

Value

Required

Description

policyId

String

No*

Evaluate the status of the policy with this id.

policyName

String

No*

Evaluate the status of the policy with this name. Parameter "type" is needed when using policyName.

type

String

No*

The type of the policy being evaluated. Accepted values are "filter" or "remediation".

*Required when using parameter policyName.

*Either 'policyId' or 'policyName' parameter must be provided.

As of 2.8.5:

Sample Call (using policyId):

Eclipse
Code Block
theme
curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apikey}' -X POST --data 'policyId=1' http://localhost:8080/threadfix/rest/latest/applications/1/policy/eval

Sample Call (using policyName):

Code Block
curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apikey}' -X POST --data 'policyName=MyPolicy&type=remediation' http://localhost:8080/threadfix/rest/latest/applications/1/policy/eval

Pre-2.8.5:

Sample Call (using policyId):

Code Block
curl -X GET 'http://localhost:8080/threadfix/rest/Latest/applications/1/policy/eval?policyId=1' -H 'Authorization: APIKEY {apiKey}'

Sample Call (using policyName):

Code Block
curl -X GET 'http://localhost:8080/threadfix/rest/Latest/applications/1/policy/eval?policyName=TTR-Policy-1&type=remediation' -H 'Authorization: APIKEY {apiKey}'

Sample Output:

Sample return for application having a scan.

Values for lastEvaluated are returned as Epoch time in milliseconds.

Eclipse
Code Block
theme
{
    "message": "",
    "success": true,
    "responseCode": -1,
    "object": {
        "id": null,
        "currentStatus": "FAILING",
        "statusLastChanged": null,
        "name": "ThreadFix Scan",
        "lastEvaluated": 1524505539031,
        "policy": {
            "name": "Low Policy",
            "filterName": "Low Filter",
            "id": 3
        }
    }
}

Sample return for an application with no scan.

...

Values for lastEvaluated are returned as Epoch time in milliseconds.

Code Block
{
    "message": "",
    "success": true,
    "responseCode": -1,
    "object": {
        "id": null,
        "currentStatus": "NO SCANS FOUND",
        "statusLastChanged": null,
        "name": "ThreadFix No Scan",
        "lastEvaluated": 1524505897127,
        "policy": {
            "name": "Low Policy",
            "filterName": "Low Filter",
            "id": 3
        }
    }
}

...