APIs
General Info¶
Hdiv web console exposes a REST API to help integrate vulnerability detection and attack protection into the organization’s standard stack and dashboards.
The REST API requires an authenticated user. This is done by sending a header that includes the console connection token. Find the proper token value in your console environment configuration page.
Accessing REST API
- Url: http://x.x.x.x:8089/hdiv-console-services/public/api
- X-hdiv-console-services-token header: i.e. 04db250da579302ca273a958
- Content-Type header: application/json
API Info¶
The following URLs are exposed in the API.
Mappings
Response Format
[ {
"name" : "",
"status" : "",
"hdivVersion" : ""
} ]
Response Details
| Name | Description |
|---|---|
|
String
name
|
Application name |
|
String
status
|
RUNNING, MONITORING, STOPPED |
|
String
hdivVersion
|
Version of Hdiv being used |
Path Variables
| Type | Description |
|---|---|
|
String
name
|
Application name |
Response Format
{
"name" : "",
"status" : "",
"hdivVersion" : ""
}
Response Details
| Name | Description |
|---|---|
|
String
name
|
Application name |
|
String
status
|
RUNNING, DEBUGGING, STOPPED |
|
String
hdivVersion
|
Version of Hdiv being used |
Path Variables
| Type | Description |
|---|---|
|
String
status
|
ALLOWED/BANNED |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
List of ips in that status |
|
400
BAD REQUEST
|
If the path variable is not correct |
Response Format
[ "x.x.x.x", "y.y.y.y" ]
Response Details
| Name | Description |
|---|---|
|
Arrays
ips
|
List of IP Addresses |
Path Variables
| Type | Description |
|---|---|
|
String
status
|
ALLOWED/BANNED |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
List of ips in that status |
|
400
BAD REQUEST
|
If the path variable is not correct |
Request Format
[ "x.x.x.x", "y.y.y.y" ]
Requests Details
| Name | Description |
|---|---|
|
Array
ip
|
List of IP Addresses |
Response Format
2
Response Details
| Name | Description |
|---|---|
|
int
count
|
Count of updated ips |
Path Variables
| Type | Description |
|---|---|
|
String
ip
|
IP to delete |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
IP was properly deleted |
|
400
BAD REQUEST
|
IP could not be deleted |
Response Format
[ {
"name" : "",
"status" : "",
"lastActivity" : "",
"hdivVersion" : ""
} ]
Response Details
| Name | Description |
|---|---|
|
String
name
|
Server name |
|
String
status
|
RUNNING, STOPPED |
|
String
lastActivity
|
Server last activity date yyyy/MM/dd |
|
String
hdivVersion
|
Version of Hdiv being used |
Path Variables
| Type | Description |
|---|---|
|
String
name
|
Server name |
Response Format
{
"name" : "",
"status" : "",
"lastActivity" : "",
"hdivVersion" : ""
}
Response Details
| Name | Description |
|---|---|
|
String
name
|
Server name |
|
String
status
|
RUNNING, STOPPED |
|
String
lastActivity
|
Server last activity date yyyy/MM/dd |
|
String
hdivVersion
|
Version of Hdiv being used |
Parameters
| Type | Description |
|---|---|
|
String
application
|
Application name |
|
String
applicationVersion
|
Name of one version of the Application. The application field must have a value |
|
String
startDate
|
Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates. |
|
String
endDate
|
End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates. |
|
String
rule
|
Comma separated rules |
|
String
state
|
UNRESOLVED, RESOLVED, IGNORED |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
Vulnerabilities have been found and processed, full information will be sent |
|
202
ACCEPTED
|
Vulnerabilities have been found but the information is still being processed |
|
400
BAD REQUEST
|
Application name or application version not found |
Response Format
[ {
"hash" : 0,
"id" : 0,
"type" : "",
"level" : "",
"score" : 0.0,
"url" : "",
"parameterName" : "",
"parameterType" : "",
"taintedValue" : :"",
"className" : :"",
"lineNumber" : 0,
"application": "",
"firstAppVersion": "",
"lastAppVersion": "",
"firstOccurrence": 0,
"lastOccurrence": 0,
"state": "",
"servers": "",
"environments": ""
"origin": ""
} ]
Response Details
| Name | Description |
|---|---|
|
long
hash
|
Vulnerability hash id |
|
long
id
|
Vulnerability id |
|
String
type
|
Vulnerability type |
|
String
level
|
MINOR, LOW, MEDIUM, HIGH |
|
double
score
|
Vulnerability score |
|
String
url
|
Vulnerability url |
|
String
parameterName
|
Input name |
|
String
parameterType
|
Type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY |
|
String
taintedValue
|
Final input value |
|
String
className
|
Class name where the vulnerability is present |
|
int
lineNumber
|
Line number where the vulnerability is present |
|
String
application
|
Application name |
|
String
firstAppVersion
|
First application version where the vulnerability is present |
|
String
lastAppVersion
|
Last application version where the vulnerability is present |
|
int
firstOccurrence
|
First vulnerability detection timestamp |
|
int
lastOccurrence
|
Last vulnerability detection timestamp |
|
String
state
|
Vulnerability state |
|
String
servers
|
Server list where the vulnerability is detected |
|
String
environments
|
Environments list where the vulnerability is detected |
|
String
origin
|
Type: DATABASE, REQUEST, STORED, REFLECTED, CONFIGURATION |
Path variables
| Type | Description |
|---|---|
|
long
id
|
Vulnerability id |
Response Format
{
"hash" : 0,
"id" : 0,
"type" : "",
"level" : "",
"score" : 0.0,
"url" : "",
"parameterName" : "",
"parameterType" : "",
"taintedValue" : :"",
"className" : :"",
"lineNumber" : 0,
"application": "",
"firstAppVersion": "",
"lastAppVersion": "",
"firstOccurrence": 0,
"lastOccurrence": 0,
"state": "",
"servers": "",
"environments": ""
}
Response Details
| Name | Description |
|---|---|
|
long
hash
|
Vulnerability hash id |
|
long
id
|
Vulnerability id |
|
String
type
|
Vulnerability type |
|
String
level
|
MINOR, LOW, MEDIUM, HIGH |
|
double
score
|
Vulnerability score |
|
String
url
|
Vulnerability url |
|
String
parameterName
|
Input name |
|
String
parameterType
|
Input type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY |
|
String
taintedValue
|
Final input value |
|
String
className
|
Class name where the vulnerability is present |
|
int
lineNumber
|
Line number where the vulnerability is present |
|
String
application
|
Application name |
|
String
firstAppVersion
|
First application version where the vulnerability is present |
|
String
lastAppVersion
|
Last application version where the vulnerability is present |
|
int
firstOccurrence
|
First vulnerability detection timestamp |
|
int
lastOccurrence
|
Last vulnerability detection timestamp |
|
String
state
|
Vulnerability state |
|
String
servers
|
Server list where the vulnerability is detected |
|
String
environments
|
Environments list where the vulnerability is detected |
Parameters
| Type | Description |
|---|---|
|
String
artifact
|
Artifact identifier in group:artifact:version format. Mandatory. |
|
String
application
|
Application name. Optional. |
|
String
applicationVersion
|
Name of one version of the Application. The application field must have a value |
|
String
startDate
|
Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates. |
|
String
endDate
|
End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format. You can also use yyyy/MM/dd HH:mm:ssZ format for UTC dates. |
|
String
state
|
UNRESOLVED, RESOLVED, IGNORED |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
Vulnerable dependency is present and is processed, full information will be sent |
|
202
ACCEPTED
|
Vulnerable dependency is present but it is still being processed |
|
404
NOT FOUND
|
Vulnerable dependency was not sent by any application |
|
400
BAD REQUEST
|
Application name or application version not found |
Response Format
[ {
"hash" : 0,
"id" : 0,
"type" : "",
"score" : 0.0,
"cveNumber" : "",
"dependency" : "group:artifact:version",
"description" : "",
} ]
Response Details
| Name | Description |
|---|---|
|
long
hash
|
Vulnerability hash id |
|
long
id
|
Vulnerability id |
|
String
type
|
Vulnerability type |
|
double
score
|
Vulnerability score |
|
String
cveNumber
|
CVE Number |
|
String
dependency
|
Vulnerable library identifier in group:artifact:version format |
|
String
description
|
Vulnerability description |
Parameters
| Type | Description |
|---|---|
|
String
application
|
Application name. Optional. |
|
String
applicationVersion
|
Name of one version of the Application. The application field must have a value |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
Vulnerable dependency is present and is processed, full information will be sent |
|
202
ACCEPTED
|
Vulnerable dependency is present but it is still being processed |
|
404
NOT FOUND
|
Vulnerable dependency was not sent by any application |
|
400
BAD REQUEST
|
Application name or application version not found |
Response Format
[ {
"library" : "",
"version" : "",
"idString" : "",
"applicationString" : "",
"cveString" : "",
"ids" : "",
"applications" : "",
"cves" : "",
"numberOfApplications" : "",
"numberOfCVEs" : ""
} ]
Response Details
| Name | Description |
|---|---|
|
String
library
|
Library name |
|
String
version
|
Library version name |
|
String
applicationString
|
Main application uses this library |
|
String
cveString
|
CVE reference as text |
|
long[]
ids
|
Identifiers associated with this library |
|
String[]
applications
|
Applications that use this library |
|
String[]
cves
|
CVEs associated with this library |
|
int
numberOfApplications
|
Number of applications that use this library |
|
int
numberOfCVEs
|
Number of CVEs associated with this library |
Parameters
| Type | Description |
|---|---|
|
String
startDate
|
Start date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format |
|
String
endDate
|
End date for the filter using yyyy/MM/dd, yyyy/MM/dd HH:mm:ss or number of milliseconds format |
|
String
status
|
Status of the issue |
|
String
application
|
Name of the application associated with the issues |
|
String
issueManagerType
|
Name of the issue manager that has processed the issues: ASANA, EASYVISTA, GITLAB, JIRA, MANTIS or WEBHOOK |
|
String
rule
|
Name of the vulnerability associated with the issue |
|
Long
pageNum
|
Number of the page of results to be obtained |
|
Long
pageSize
|
Number of elements per page |
Response Format
[
{
"externalRef": "",
"managerType": "",
"rule": "",
"application": "",
"servers": "",
"environments": "",
"status": "",
"creationDate": 0,
"id": 0
}]
Response Details
| Name | Description |
|---|---|
|
String
externalRef
|
External reference of the issue in the issue manager |
|
String
managerType
|
Name of the issue manager that has processed the issue: ASANA, EASYVISTA, GITLAB, JIRA, MANTIS or WEBHOOK |
|
String
rule
|
Name of the vulnerability associated with the issue |
|
String
application
|
Name of application associated with the issue |
|
String
servers
|
Server list where the vulnerability is detected |
|
String
environments
|
Environments list where the vulnerability is detected |
|
String
status
|
Current status of the issue |
|
Long
creationDate
|
Cretion date of the issue in milliseconds |
|
Long
id
|
Internal identifier of the issue |
Path Variables
| Type | Description |
|---|---|
|
String
id
|
Identifier of the issue to delete |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
IP was properly deleted |
|
400
BAD REQUEST
|
Issue could not be deleted |