/rest/{version}/applications/{appId}/upload
Descriptor | Value |
---|---|
HTTP Method | POST |
Description | Uploads and processes the scan. |
Required Permission | Upload Scans |
Version Introduced | 2.3.0 |
Changes in 2.4.5 | Starting with Version 2.4.5, this call adds the scan to the Scan Upload Queue, and returns an entirely different response. The scan has not finished importing into an application at the time the call returns; if you have automation using this call, make sure to use the legacy version or adjust your automation accordingly. |
Changes in 2.5 | The new Links section includes a link to the endpoint you can hit to check the status of the scan after it’s been added to the queue. |
Changes in 2.8.8 | Returned pending scan status is now versioned. |
Parameter | Value | Required | Description |
---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Parameter | Value | Required | Description |
---|---|---|---|
file | File | yes | The scan you want to upload to the application in ThreadFix. Format: file=
|
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --form file=@path/to/file/www_example_url_com_webinspect_scan.xml http://localhost:8080/threadfix/rest/latest/applications/2/upload |
{ "message": "", "success": true, "responseCode": -1, "object": "Scan upload process started.", "links": [ { "method": "GET", "rel": "related", "href": "http://10.150.1.155:8080/threadfix/rest/latest/applications/1295/pendingScan/716/status" } ] } |
{ "message": "", "success": true, "responseCode": -1, "object": "Scan upload process started.", "links": [ { "method": "GET", "rel": "related", "href": "http://localhost:8080/threadfix/rest/applications/2/pendingScan/39/status" } ] } |
Values for importTime are returned as Epoch time in milliseconds. |
{ "message": "", "success": true, "responseCode": -1, "object": { "id": 2, "importTime": 1320440009000, "numberClosedVulnerabilities": 0, "numberNewVulnerabilities": 29, "numberOldVulnerabilities": 0, "numberResurfacedVulnerabilities": 0, "numberTotalVulnerabilities": 29, "numberRepeatResults": 0, "numberRepeatFindings": 0, "numberInfoVulnerabilities": 1, "numberLowVulnerabilities": 14, "numberMediumVulnerabilities": 6, "numberHighVulnerabilities": 2, "numberCriticalVulnerabilities": 6, "findings": [ { "id": 3, "longDescription": null, "attackString": "", "attackRequest": "GET /demo/XSS-reflected2.php HTTP...", //SHORTENED FOR BREVITY "attackResponse": "HTTP/1.1 200 OK\nDate: Fri, 04 Nov 201...", //SHORTENED FOR BREVITY "nativeId": "c9522bf8c67a646f5979cc2212710195", "displayId": null, "surfaceLocation": { "id": 3, "parameter": null, "path": "/demo/XSS-reflected2.php" }, "sourceFileLocation": null, "dataFlowElements": null, "calculatedUrlPath": "/demo/XSS-reflected2.php", "calculatedFilePath": "", "dependency": null, "severity": "1", "vulnerabilityType": "Possible Server Path Disclosure (win32)" }, { "id": 4, "longDescription": null, "attackString": "", "attackRequest": "GET /demo/LDAPInjection2.php HTTP/1.1\nRe...", //SHORTENED FOR BREVITY "attackResponse": "HTTP/1.1 200 OK\nDate: Fri, 04 Nov 2011 20:...", //SHORTENED FOR BREVITY "nativeId": "6d5dc848529d28f8ab89cc20e6ca413d", "displayId": null, "surfaceLocation": { "id": 4, "parameter": null, "path": "/demo/LDAPInjection2.php" }, "sourceFileLocation": null, "dataFlowElements": null, "calculatedUrlPath": "/demo/LDAPInjection2.php", "calculatedFilePath": "", "dependency": null, "severity": "1", "vulnerabilityType": "Possible Server Path Disclosure (win32)" }, //THE REST OMITTED FOR BREVITY ], "scannerName": "WebInspect" } } |