APIs
General Info¶
Hdiv web console exposes a REST API to help integrate vulnerability detection and attack protection into the organization’s standard stack and dashboards.
The REST API requires an authenticated user. This is done by sending a header that includes the console connection token.
Accessing REST API
- Url: http://x.x.x.x:8089/hdiv-console-services/public/api
- X-hdiv-console-services-token header: i.e. 04db250da579302ca273a958
API Info¶
The following URLs are exposed in the API
Mappings
Response Format
[ {
"name" : "",
"status" : "",
"hdivVersion" : ""
} ]
Response Details
| Name | Description |
|---|---|
|
String
name
|
Application name |
|
String
status
|
RUNNING, MONITORING, STOPPED |
|
String
hdivVersion
|
Version of Hdiv being used |
Path Variables
| Type | Description |
|---|---|
|
String
name
|
Application name |
Response Format
{
"name" : "",
"status" : "",
"hdivVersion" : ""
}
Response Details
| Name | Description |
|---|---|
|
String
name
|
Application name |
|
String
status
|
RUNNING, DEBUGGING, STOPPED |
|
String
hdivVersion
|
Version of Hdiv being used |
Path Variables
| Type | Description |
|---|---|
|
String
status
|
ALLOWED/BANNED |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
List of ips in that status |
|
400
BAD REQUEST
|
If the path variable is not correct |
Response Format
[ "x.x.x.x", "y.y.y.y" ]
Response Details
| Name | Description |
|---|---|
|
Arrays
ips
|
List of IP Addresses |
Path Variables
| Type | Description |
|---|---|
|
String
status
|
ALLOWED/BANNED |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
List of ips in that status |
|
400
BAD REQUEST
|
If the path variable is not correct |
Request Format
[ "x.x.x.x", "y.y.y.y" ]
Requests Details
| Name | Description |
|---|---|
|
Array
ip
|
List of IP Addresses |
Response Format
[ "x.x.x.x", "y.y.y.y" ]
Response Details
| Name | Description |
|---|---|
|
Arrays
ips
|
List of IP Addresses |
Path Variables
| Type | Description |
|---|---|
|
String
ip
|
IP to delete |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
IP was properly deleted |
|
400
BAD REQUEST
|
IP could not be deleted |
Response Format
[ {
"name" : "",
"status" : "",
"lastActivity" : "",
"hdivVersion" : ""
} ]
Response Details
| Name | Description |
|---|---|
|
String
name
|
Server name |
|
String
status
|
RUNNING, STOPPED |
|
String
lastActivity
|
yyyy/MM/dd |
|
String
hdivVersion
|
Version of Hdiv being used |
Path Variables
| Type | Description |
|---|---|
|
String
name
|
Server name |
Response Format
{
"name" : "",
"status" : "",
"lastActivity" : "",
"hdivVersion" : ""
}
Response Details
| Name | Description |
|---|---|
|
String
name
|
Server name |
|
String
status
|
RUNNING, STOPPED |
|
String
lastActivity
|
yyyy/MM/dd |
|
String
hdivVersion
|
Version of Hdiv being used |
Parameters
| Type | Description |
|---|---|
|
String
startDate
|
Start date for the filter using yyyy/MM/dd format |
|
String
endDate
|
End date for the filter using yyyy/MM/dd format |
|
String
rule
|
Comma separated rules |
|
String
state
|
UNRESOLVED, RESOLVED, IGNORED |
Response Format
[ {
"hash" : 0,
"id" : 0,
"type" : "",
"level" : "",
"score" : 0.0,
"url" : "",
"parameterName" : "",
"parameterValue" : "",
"parameterType" : "",
"taintedValue" : :"",
"className" : :"",
"lineNumber" : 0
} ]
Response Details
| Name | Description |
|---|---|
|
long
hash
|
Vulnerability hash id |
|
long
id
|
Vulnerability id |
|
String
type
|
Vulnerability type |
|
String
level
|
MINOR, LOW, MEDIUM, HIGH |
|
double
score
|
Vulnerability score |
|
String
url
|
Vulnerability url |
|
String
parameterName
|
Input name |
|
String
parameterValue
|
Input value |
|
String
parameterType
|
Input type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY |
|
String
taintedValue
|
Final input value |
|
String
className
|
Class name where the vulnerability is present |
|
int
lineNumber
|
Line number where the vulnerability is present |
Path variables
| Type | Description |
|---|---|
|
long
id
|
Vulnerability id |
Response Format
{
"hash" : 0,
"id" : 0,
"type" : "",
"level" : "",
"score" : 0.0,
"url" : "",
"parameterName" : "",
"parameterValue" : "",
"parameterType" : "",
"taintedValue" : :"",
"className" : :"",
"lineNumber" : 0
}
Response Details
| Name | Description |
|---|---|
|
long
hash
|
Vulnerability hash id |
|
long
id
|
Vulnerability id |
|
String
type
|
Vulnerability type |
|
String
level
|
MINOR, LOW, MEDIUM, HIGH |
|
double
score
|
Vulnerability score |
|
String
url
|
Vulnerability url |
|
String
parameterName
|
Input name |
|
String
parameterValue
|
Input value |
|
String
parameterType
|
Input type: DATABASE, PARAMETER, MULTIPART_PARAMETER, HEADER, PATH_VARIABLE, REQUEST_BODY |
|
String
taintedValue
|
Final input value |
|
String
className
|
Class name where the vulnerability is present |
|
int
lineNumber
|
Line number where the vulnerability is present |
Parameters
| Type | Description |
|---|---|
|
String
artifact
|
Artifact identifier in group:artifact:version format. Mandatory. |
|
String
application
|
Application name. Optional. |
Response Status Codes
| Code | Description |
|---|---|
|
200
OK
|
Vulnerable dependency is present and is processed, full information will be sent |
|
202
ACCEPTED
|
Vulnerable dependency is present but it is still being processed |
|
404
NOT FOUND
|
Vulnerable dependency was not sent by any application |
Response Format
[ {
"hash" : 0,
"id" : 0,
"type" : "",
"score" : 0.0,
"cveNumber" : "",
"dependency" : "group:artifact:version",
"description" : "",
} ]
Response Details
| Name | Description |
|---|---|
|
long
hash
|
Vulnerability hash id |
|
long
id
|
Vulnerability id |
|
String
type
|
Vulnerability type |
|
double
score
|
Vulnerability score |
|
String
cveNumber
|
CVE Number |
|
String
dependency
|
Vulnerable library identifier in group:artifact:version format |
|
String
description
|
Vulnerability description |