APIs
General Info¶
Hdiv web console exposes a REST API to help integrate vulnerability detection and attack protection into the organization’s standard stack and dashboards.
The REST API requires an authenticated user. This is done by sending a header that includes the console connection token. Find the proper token value in your console environment configuration page.
Accessing REST API
- Url: http://x.x.x.x:8089/hdiv-console-services/public/api
- X-hdiv-console-services-token header: i.e. 04db250da579302ca273a958
- Content-Type header: application/json
API Info¶
The following URLs are exposed in the API.
Mappings
Response Format
[ { "name" : "", "status" : "", "hdivVersion" : "" } ]
Response Details
Name | Description |
---|---|
String
name
|
Application name |
String
status
|
RUNNING, MONITORING, STOPPED |
String
hdivVersion
|
Version of Hdiv being used |
Path Variables
Type | Description |
---|---|
String
name
|
Application name |
Response Format
{ "name" : "", "status" : "", "hdivVersion" : "", "appVersionName" : "", "platform" : "" }
Response Details
Name | Description |
---|---|
String
name
|
Application name |
String
status
|
RUNNING, DEBUGGING, STOPPED |
String
hdivVersion
|
Version of Hdiv being used |
String
appVersionName
|
Application version name |
String
platform
|
Agent platform |
Path Variables
Type | Description |
---|---|
String
status
|
ALLOWED/BANNED |
Response Status Codes
Code | Description |
---|---|
200
OK
|
List of ips in that status |
400
BAD REQUEST
|
If the path variable is not correct |
Response Format
[ "x.x.x.x", "y.y.y.y" ]
Response Details
Name | Description |
---|---|
Arrays
ips
|
List of IP Addresses |
Path Variables
Type | Description |
---|---|
String
status
|
ALLOWED/BANNED |
Response Status Codes
Code | Description |
---|---|
200
OK
|
List of ips in that status |
400
BAD REQUEST
|
If the path variable is not correct |
Request Format
[ "x.x.x.x", "y.y.y.y" ]
Requests Details
Name | Description |
---|---|
Array
ip
|
List of IP Addresses |
Response Format
2
Response Details
Name | Description |
---|---|
int
count
|
Count of updated ips |
Path Variables
Type | Description |
---|---|
String
ip
|
IP to delete |
Response Status Codes
Code | Description |
---|---|
200
OK
|
IP was properly deleted |
400
BAD REQUEST
|
IP could not be deleted |
Response Format
[ { "name" : "", "status" : "", "lastActivity" : "", "hdivVersion" : "" } ]
Response Details
Name | Description |
---|---|
String
name
|
Server name |
String
status
|
RUNNING, STOPPED |
String
lastActivity
|
Server last activity date yyyy/MM/dd |
String
hdivVersion
|
Version of Hdiv being used |
Path Variables
Type | Description |
---|---|
String
name
|
Server name |
Response Format
{ "name" : "", "status" : "", "lastActivity" : "", "hdivVersion" : "", "serverInfo" : { "serverName" : "", "startTime" : "", "jvmName" : "", "spec" : "", "impl" : "", "inputArguments" : "", "systemProperties" : "", "osName" : "", "osVersion" : "", "osArch" : "", "availableProcessors" : "", "initHeap" : "", "maxHeap" : "", "address" : "", "macAddress" : "" } }
Response Details
Name | Description |
---|---|
String
name
|
Server name |
String
status
|
RUNNING, STOPPED |
String
lastActivity
|
Server last activity date yyyy/MM/dd |
String
hdivVersion
|
Version of Hdiv being used |
ServerInfo
serverInfo
|
Additional server information SeverInfo object details:
|
Parameters
Type | Description |
---|---|
String
application
|
Application name |
String
applicationVersion
|
Name of one version of the Application. The application field must have a value |
String
startDate
|
Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates. |
String
endDate
|
End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates. |
String
rule
|
Comma separated rules |
String
state
|
UNRESOLVED, RESOLVED, IGNORED |
Response Status Codes
Code | Description |
---|---|
200
OK
|
Vulnerabilities have been found and processed, full information will be sent |
202
ACCEPTED
|
Vulnerabilities have been found but the information is still being processed |
400
BAD REQUEST
|
Application name or application version not found |
Response Format
[ { "hash" : 0, "id" : 0, "type" : "", "level" : "", "score" : 0.0, "url" : "", "parameterName" : "", "parameterType" : "", "taintedValue" : :"", "className" : :"", "lineNumber" : 0, "application": "", "firstAppVersion": "", "lastAppVersion": "", "firstOccurrence": 0, "lastOccurrence": 0, "state": "", "servers": "", "environments": "" "origin": "" } ]
Response Details
Name | Description |
---|---|
long
hash
|
Vulnerability hash id |
long
id
|
Vulnerability id |
String
type
|
Vulnerability type |
String
level
|
MINOR, LOW, MEDIUM, HIGH |
double
score
|
Vulnerability score |
String
url
|
Vulnerability url |
String
parameterName
|
Input name |
String
parameterType
|
Type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY |
String
taintedValue
|
Final input value |
String
className
|
Class name where the vulnerability is present |
int
lineNumber
|
Line number where the vulnerability is present |
String
application
|
Application name |
String
firstAppVersion
|
First application version where the vulnerability is present |
String
lastAppVersion
|
Last application version where the vulnerability is present |
int
firstOccurrence
|
First vulnerability detection timestamp |
int
lastOccurrence
|
Last vulnerability detection timestamp |
String
state
|
Vulnerability state |
String
servers
|
Server list where the vulnerability is detected |
String
environments
|
Environments list where the vulnerability is detected |
String
origin
|
Type: DATABASE, REQUEST, STORED, REFLECTED, CONFIGURATION |
Path variables
Type | Description |
---|---|
long
id
|
Vulnerability id |
Response Format
{ "hash" : 0, "id" : 0, "type" : "", "level" : "", "score" : 0.0, "url" : "", "parameterName" : "", "parameterType" : "", "taintedValue" : :"", "className" : :"", "lineNumber" : 0, "application": "", "firstAppVersion": "", "lastAppVersion": "", "firstOccurrence": 0, "lastOccurrence": 0, "state": "", "servers": "", "environments": "" }
Response Details
Name | Description |
---|---|
long
hash
|
Vulnerability hash id |
long
id
|
Vulnerability id |
String
type
|
Vulnerability type |
String
level
|
MINOR, LOW, MEDIUM, HIGH |
double
score
|
Vulnerability score |
String
url
|
Vulnerability url |
String
parameterName
|
Input name |
String
parameterType
|
Input type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY |
String
taintedValue
|
Final input value |
String
className
|
Class name where the vulnerability is present |
int
lineNumber
|
Line number where the vulnerability is present |
String
application
|
Application name |
String
firstAppVersion
|
First application version where the vulnerability is present |
String
lastAppVersion
|
Last application version where the vulnerability is present |
int
firstOccurrence
|
First vulnerability detection timestamp |
int
lastOccurrence
|
Last vulnerability detection timestamp |
String
state
|
Vulnerability state |
String
servers
|
Server list where the vulnerability is detected |
String
environments
|
Environments list where the vulnerability is detected |
Parameters
Type | Description |
---|---|
String
artifact
|
Artifact identifier in group:artifact:version format. Mandatory. |
String
application
|
Application name. Optional. |
String
applicationVersion
|
Name of one version of the Application. The application field must have a value |
String
startDate
|
Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates. |
String
endDate
|
End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates. |
String
state
|
UNRESOLVED, RESOLVED, IGNORED |
Response Status Codes
Code | Description |
---|---|
200
OK
|
Vulnerable dependency is present and is processed, full information will be sent |
202
ACCEPTED
|
Vulnerable dependency is present but it is still being processed |
404
NOT FOUND
|
Vulnerable dependency was not sent by any application |
400
BAD REQUEST
|
Application name or application version not found |
Response Format
[ { "hash" : 0, "id" : 0, "type" : "", "score" : 0.0, "cveNumber" : "", "dependency" : "group:artifact:version", "description" : "", } ]
Response Details
Name | Description |
---|---|
long
hash
|
Vulnerability hash id |
long
id
|
Vulnerability id |
String
type
|
Vulnerability type |
double
score
|
Vulnerability score |
String
cveNumber
|
CVE Number |
String
dependency
|
Vulnerable library identifier in group:artifact:version format |
String
description
|
Vulnerability description |
Parameters
Type | Description |
---|---|
String
application
|
Application name. Optional. |
String
applicationVersion
|
Name of one version of the Application. The application field must have a value |
Response Status Codes
Code | Description |
---|---|
200
OK
|
Vulnerable dependency is present and is processed, full information will be sent |
202
ACCEPTED
|
Vulnerable dependency is present but it is still being processed |
404
NOT FOUND
|
Vulnerable dependency was not sent by any application |
400
BAD REQUEST
|
Application name or application version not found |
Response Format
[ { "library" : "", "version" : "", "idString" : "", "applicationString" : "", "cveString" : "", "ids" : "", "applications" : "", "cves" : "", "numberOfApplications" : "", "numberOfCVEs" : "" } ]
Response Details
Name | Description |
---|---|
String
library
|
Library name |
String
version
|
Library version name |
String
applicationString
|
Main application uses this library |
String
cveString
|
CVE reference as text |
long[]
ids
|
Identifiers associated with this library |
String[]
applications
|
Applications that use this library |
String[]
cves
|
CVEs associated with this library |
int
numberOfApplications
|
Number of applications that use this library |
int
numberOfCVEs
|
Number of CVEs associated with this library |
Parameters
Type | Description |
---|---|
String
startDate
|
Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format |
String
endDate
|
End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format |
String
status
|
Status of the issue |
String
application
|
Name of the application associated with the issues |
String
issueManagerType
|
Name of the issue manager that has processed the issues: ASANA, EASYVISTA, GITLAB, JIRA, MANTIS or WEBHOOK |
String
rule
|
Name of the vulnerability associated with the issue |
Long
pageNum
|
Number of the page of results to be obtained |
Long
pageSize
|
Number of elements per page |
Response Format
[ { "externalRef": "", "managerType": "", "rule": "", "application": "", "servers": "", "environments": "", "status": "", "creationDate": 0, "id": 0 }]
Response Details
Name | Description |
---|---|
String
externalRef
|
External reference of the issue in the issue manager |
String
managerType
|
Name of the issue manager that has processed the issue: ASANA, EASYVISTA, GITLAB, JIRA, MANTIS or WEBHOOK |
String
rule
|
Name of the vulnerability associated with the issue |
String
application
|
Name of application associated with the issue |
String
servers
|
Server list where the vulnerability is detected |
String
environments
|
Environments list where the vulnerability is detected |
String
status
|
Current status of the issue |
Long
creationDate
|
Cretion date of the issue in milliseconds |
Long
id
|
Internal identifier of the issue |
Path Variables
Type | Description |
---|---|
String
id
|
Identifier of the issue to delete |
Response Status Codes
Code | Description |
---|---|
200
OK
|
IP was properly deleted |
400
BAD REQUEST
|
Issue could not be deleted |