Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Warning |
---|
Deprecated as of version 2.8. For all manual vulnerability submissions in ThreadFix 2.8 or later please refer to the Pen Test feature. |
/rest/{version}/applications/{appId}/addFinding
Descriptor | Value |
---|---|
HTTP Method | POST |
Description | Creates a manual finding with the given properties. |
Required Permission | Modify Vulnerabilities |
Version Introduced | 2.3.0 |
Request Header Parameters
Parameter | Value | Required | Description |
---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Request POST Data Parameters
Parameter | Value | Required | Description |
---|---|---|---|
isStatic | Boolean | No | Whether the finding is static or dynamic. Defaults to false (Dynamic). |
vulnType | String | Yes | Name of the CWE vulnerability. Enter None if the finding is not associated with a CWE. |
longDescription | String | Yes | General description of the issue. |
severity | Integer | Yes | Severity level from 1-5. |
nativeId | String | No | Identifier for the vulnerability. |
parameter | String | No* | Request parameter for vulnerability. |
filePath | String | No* | (Static only) Location of source file. |
column | Integer | No | (Static only) Column number for finding vulnerability source. |
lineText | String | No | (Static only) Line text for finding vulnerability source. |
lineNumber | Integer | No | (Static only) Line number for finding vulnerability source. |
fullUrl | String | No | (Dynamic only) Absolute URL to the page with the vulnerability. |
path | String | No | (Dynamic only) Relative path to the page with the vulnerability. |
*Static manual findings require either parameter or filePath to be present
Sample Call:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'isStatic=true&vulnType=Location&longDescription=This should be addressed.&severity=3&nativeId=24¶meter=store&filePath=C:\sampleCode\home&column=2&lineText=findStore()&lineNumber=234' http://localhost:8080/threadfix/rest/latest/applications/1/addFinding?apiKey={apiKey} |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'isStatic=false&vulnType=Location&longDescription=This should be addressed.&severity=3&nativeId=24¶meter=store&fullUrl=www.samplewebsite.com/store/3&path=/store/3' http://localhost:8080/threadfix/rest/latest/applications/1/addFinding?apiKey={apiKey} |
Sample Output:
Code Block | ||||
---|---|---|---|---|
| ||||
{ "message": "", "success": true, "responseCode": -1, "object": { "id": 39, "longDescription": "This should be addressed.", "attackString": null, "attackRequest": null, "attackResponse": null, "nativeId": "24", "displayId": null, "surfaceLocation": { "id": 39, "parameter": "store", "path": null }, "sourceFileLocation": null, "dataFlowElements": [ { "id": 1, "sourceFileName": "C:\\sampleCode\\home", "lineNumber": 234, "columnNumber": 2, "lineText": "findStore()" } ], "calculatedUrlPath": "", "calculatedFilePath": "C:\\sampleCode\\home", "dependency": null, "severity": "Medium", "vulnerabilityType": "Location" } } |
Code Block | ||||
---|---|---|---|---|
| ||||
{ "message": "", "success": true, "responseCode": -1, "object": { "id": 40, "longDescription": "This should be addressed.", "attackString": null, "attackRequest": null, "attackResponse": null, "nativeId": "24", "displayId": null, "surfaceLocation": { "id": 40, "parameter": "store", "path": "/store/3" }, "sourceFileLocation": null, "dataFlowElements": null, "calculatedUrlPath": "/store/3", "calculatedFilePath": "", "dependency": null, "severity": "Medium", "vulnerabilityType": "Location" } } |
Page Tree | ||
---|---|---|
|