vcodeapi

package module
v0.0.0-...-e763dc6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 28, 2019 License: MIT Imports: 14 Imported by: 0

README

Veracode API Package

GoDoc Go Report Card

Package Documentation

See here: https://godoc.org/github.com/brian1917/vcodeapi

Description

Go package that provides easy access to the Veracode APIs. Each API typically has two files: one for making the http request and one for parsing the response. For example, detailedreport.go calls the Veracode API and returns a [byte] and detailedreportparser.go parses the XML response and returns usable objects such as flaws.

Credentials File

Must be structured like the following:

veracode_api_key_id = ID HERE
veracode_api_key_secret = SECRET HERE

Included APIs

  1. Get App List (/api/5.0/getapplist.do)
  2. Get Build List (/api/5.0/getbuildlist.do)
  3. Get Sandbox List (/api/5.0/getsandboxlist.do)
  4. Get Detailed Report (/api/5.0/detailedreport.do)
  5. Get Team Info (api/3.0/getteaminfo.do)
  6. Updated Mitigation Info (api/updatemitigationinfo.do)
  7. Upload File (api/5.0/uploadfile.do)
  8. Begin Prescan (api/5.0/beginprescan.do)

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseBeginPreScan

func ParseBeginPreScan(credsFile, appID, sandboxID string, autoScan bool) error

ParseBeginPreScan process an begin prescan request and returns an error if applicable

func ParseDetailedReport

func ParseDetailedReport(credsFile, buildID string) (DetReport, []Flaw, []CustomField, error)

ParseDetailedReport parses the detailedreport.do API and returns an DetailedReport struct, an array of Flaws, and an array of Custom Fields.

func ParseUpdateMitigation

func ParseUpdateMitigation(credsFile, buildID, action, comment, flawList string) error

ParseUpdateMitigation process an update mitigation request and returns an error if applicable

func ParseUploadFile

func ParseUploadFile(credsFile, appID, sandboxID, path string) error

ParseUploadFile processes a file upload request and returns an error if applicable

Types

type Annotation

type Annotation struct {
	Action      string `xml:"action,attr"`
	Description string `xml:"description,attr"`
	User        string `xml:"user,attr"`
	Date        string `xml:"date,attr"`
}

Annotation is a comment on a flaw (separate from comments attached to mitigation actions)

type Annotations

type Annotations struct {
	Annotation []Annotation `xml:"annotation"`
}

Annotations are an array of individual annotations (comments)

type App

type App struct {
	AppID   string `xml:"app_id,attr"`
	AppName string `xml:"app_name,attr"`
}

App represents a Veracode Application Profile

func ParseAppList

func ParseAppList(credsFile string) ([]App, error)

ParseAppList calls the Veracode getapplist.do API and returns an array of Apps

type Build

type Build struct {
	BuildID           string `xml:"build_id,attr"`
	Version           string `xml:"version,attr"`
	PolicyUpdatedDate string `xml:"policy_updated_date,attr"`
}

A Build represents a Veracode Build within an application.

func ParseBuildList

func ParseBuildList(credsFile, appID string) ([]Build, error)

ParseBuildList calls the Veracode getbuildlist.do API and returns an array of Builds

type Component

type Component struct {
	AddedDate                        string              `xml:"added_date,attr"`
	ComponentAffectsPolicyCompliance string              `xml:"component_affects_policy_compliance,attr"`
	Description                      string              `xml:"description,attr"`
	FileName                         string              `xml:"file_name,attr"`
	Library                          string              `xml:"library,attr"`
	MaxCvssScore                     string              `xml:"max_cvss_score,attr"`
	New                              string              `xml:"new,attr"`
	Sha1                             string              `xml:"sha1,attr"`
	Vendor                           string              `xml:"vendor,attr"`
	Version                          string              `xml:"version,attr"`
	FilePaths                        FilePaths           `xml:"file_paths"`
	Licenses                         Licenses            `xml:"licenses"`
	ViolatedPolicyRules              ViolatedPolicyRules `xml:"violated_policy_rules"`
	Vulnerabilities                  Vulnerabilities     `xml:"vulnerabilities"`
}

Component is a third-party library identifed by SCA

type CustomField

type CustomField struct {
	Name  string `xml:"name,attr"`
	Value string `xml:"value,attr"`
}

CustomField is metadata for an application profile (extracted from detailed report API)

type DetReport

type DetReport struct {
	AppName                string          `xml:"app_name,attr"`
	AppID                  string          `xml:"app_id,attr"`
	PolicyName             string          `xml:"policy_name,attr"`
	PolicyComplianceStatus string          `xml:"policy_compliance_status,attr"`
	PolicyRulesStatus      string          `xml:"policy_rules_status,attr"`
	GracePeriodExpired     string          `xml:"grace_period_expired,attr"`
	BusinessUnit           string          `xml:"business_unit,attr"`
	StaticAnalysis         StaticAnalysis  `xml:"static-analysis"`
	DynamicAnalysis        DynamicAnalysis `xml:"dynamic-analysis"`
	ManualAnalysis         ManualAnalysis  `xml:"manual-analysis"`
}

DetReport represents the detailed report returned for a build

type DetReportMeta

type DetReportMeta struct {
	AppName                string `xml:"app_name,attr"`
	AppID                  string `xml:"app_id,attr"`
	PolicyName             string `xml:"policy_name,attr"`
	PolicyComplianceStatus string `xml:"policy_compliance_status,attr"`
	PolicyRulesStatus      string `xml:"policy_rules_status,attr"`
	GracePeriodExpired     string `xml:"grace_period_expired,attr"`
	BusinessUnit           string `xml:"business_unit,attr"`
}

DetReportMeta represents metadata in the detailed report XML

func ParseBuildMetaData

func ParseBuildMetaData(credsFile, buildID string) (DetReportMeta, error)

ParseBuildMetaData parses the detailedreport.do API and returns a detailed report meta data struct.

type DynamicAnalysis

type DynamicAnalysis struct {
	DynamicScanType    string  `xml:"dynamic_scan_type,attr"`
	PublishedDate      string  `xml:"published_date,attr"`
	Rating             string  `xml:"rating,attr"`
	ScanExitStatusDesc string  `xml:"scan_exit_status_desc,attr"`
	ScanExitStatusID   string  `xml:"scan_exit_status_id,attr"`
	Score              string  `xml:"score,attr"`
	SubmittedDate      string  `xml:"submitted_date,attr"`
	Version            string  `xml:"version,attr"`
	Modules            Modules `xml:"modules"`
}

DynamicAnalysis represents a dynamic scan from Veracode

type FilePath

type FilePath struct {
	Value string `xml:"value,attr"`
}

FilePath is the filepath of the third-party component

type FilePaths

type FilePaths struct {
	FilePath []FilePath `xml:"file_path"`
}

FilePaths is an array of filepaths

type Flaw

type Flaw struct {
	Issueid                 string `xml:"issueid,attr"`
	CweName                 string `xml:"categoryname,attr"`
	CategoryID              string `xml:"categoryid,attr"`
	CategoryName            string
	Cweid                   string `xml:"cweid,attr"`
	RemediationStatus       string `xml:"remediation_status,attr"`
	MitigationStatus        string `xml:"mitigation_status,attr"`
	AffectsPolicyCompliance string `xml:"affects_policy_compliance,attr"`
	PolicyName              string
	DateFirstOccurrence     string      `xml:"date_first_occurrence,attr"`
	Severity                string      `xml:"severity,attr"`
	ExploitLevel            string      `xml:"exploitLevel,attr"`
	Module                  string      `xml:"module,attr"`
	SourcefilePath          string      `xml:"sourcefilepath,attr"`
	Sourcefile              string      `xml:"sourcefile,attr"`
	Line                    string      `xml:"line,attr"`
	Description             string      `xml:"description,attr"`
	FlawURL                 string      `xml:"url,attr"`
	VulnParameter           string      `xml:"vuln_parameter,attr"`
	Mitigations             Mitigations `xml:"mitigations"`
	Annotations             Annotations `xml:"annotations"`
}

Flaw represents a finding from a Veracode test (static, dynamic, or MPT)

type License

type License struct {
	LicenseURL string `xml:"license_url,attr"`
	Name       string `xml:"name,attr"`
	RiskRating string `xml:"risk_rating,attr"`
	SpdxID     string `xml:"spdx_id,attr"`
}

License is the license associated with a third-party component identified by SCA

type Licenses

type Licenses struct {
	License []License `xml:"license"`
}

Licenses is an array of licenses

type ManualAnalysis

type ManualAnalysis struct {
	PublishedDate string  `xml:"published_date,attr"`
	Rating        string  `xml:"rating,attr"`
	Score         string  `xml:"score,attr"`
	SubmittedDate string  `xml:"submitted_date,attr"`
	Version       string  `xml:"version,attr"`
	Modules       Modules `xml:"modules"`
}

ManualAnalysis represents a manual assessment from Veracode

type Mitigation

type Mitigation struct {
	Action      string `xml:"action,attr"`
	Description string `xml:"description,attr"`
	User        string `xml:"user,attr"`
	Date        string `xml:"date,attr"`
}

Mitigation is an individual documentation of a compensating control or reason a policy-violating flaw will not be addressed.

type Mitigations

type Mitigations struct {
	Mitigation []Mitigation `xml:"mitigation"`
}

Mitigations are an array individual mitigations

type Module

type Module struct {
	Architecture string `xml:"architecture,attr"`
	Compiler     string `xml:"compiler,attr"`
	Domain       string `xml:"domain,attr"`
	Loc          string `xml:"loc,attr"`
	Name         string `xml:"name,attr"`
	Numflawssev0 string `xml:"numflawssev0,attr"`
	Numflawssev1 string `xml:"numflawssev1,attr"`
	Numflawssev2 string `xml:"numflawssev2,attr"`
	Numflawssev3 string `xml:"numflawssev3,attr"`
	Numflawssev4 string `xml:"numflawssev4,attr"`
	Numflawssev5 string `xml:"numflawssev5,attr"`
	Os           string `xml:"os,attr"`
	Score        string `xml:"score,attr"`
	TargetURL    string `xml:"target_url,attr"`
}

Module represents a scannable module in Veracode

type Modules

type Modules struct {
	Module []Module `xml:"module"`
}

Modules is an array of module

type PolicyRule

type PolicyRule struct {
	Desc  string `xml:" desc,attr"`
	Type  string `xml:" type,attr"`
	Value string `xml:" value,attr" `
}

PolicyRule is a rule violated by a third-party component identifed by SCA

type Sandbox

type Sandbox struct {
	SandboxID   string `xml:"sandbox_id,attr"`
	SandboxName string `xml:"sandbox_name,attr"`
	Owner       string `xml:"owner,attr"`
}

Sandbox is a an individual sandbox with an application profile

func ParseSandboxList

func ParseSandboxList(credsFile, appID string) ([]Sandbox, error)

ParseSandboxList parses the getsandboxlist.do API and returns an array of Sandboxes

type SoftwareCompositionAnalysis

type SoftwareCompositionAnalysis struct {
	ComponentsViolatedPolicy string      `xml:"components_violated_policy,attr"`
	ThirdPartyComponents     string      `xml:"third_party_components,attr"`
	ViolatePolicy            string      `xml:"violate_policy,attr"`
	VulnerableComponents     []Component `xml:"vulnerable_components"`
	PublishedDate            string
	AppName                  string
}

SoftwareCompositionAnalysis represents the SCA section of the detailed report

func ParseSCAReport

func ParseSCAReport(credsFile, buildID string) (SoftwareCompositionAnalysis, error)

ParseSCAReport parses the detailedreport.do API and returns a SoftwareCompositionAnalysis struct

type StaticAnalysis

type StaticAnalysis struct {
	AnalysisSize  string  `xml:"analysis_size_bytes,attr"`
	EngineVersion string  `xml:"engine_version,attr"`
	PublishedDate string  `xml:"published_date,attr"`
	Rating        string  `xml:"rating,attr"`
	Score         string  `xml:"score,attr"`
	SubmittedDate string  `xml:"submitted_date,attr"`
	Version       string  `xml:"version,attr"`
	Modules       Modules `xml:"modules"`
}

StaticAnalysis represents a static scan from Veracode

type Team

type Team struct {
	TeamID       string `xml:"team_id,attr"`
	TeamName     string `xml:"team_name,attr"`
	CreationDate string `xml:"creation_date,attr"`
}

Team represents a Veracode team of users

func ParseTeamList

func ParseTeamList(credsFile string) ([]Team, error)

ParseTeamList calls the getteamlist.do API and returns an array of teams

type TeamInfo

type TeamInfo struct {
	TeamName string `xml:"team_name,attr"`
	Users    []User `xml:"user"`
	Apps     []App  `xml:"application"`
}

TeamInfo represents the Team Information for a Veracode Team

func ParseTeamInfo

func ParseTeamInfo(credsFile, teamID string, includeUsers, includeApplications bool) (TeamInfo, error)

ParseTeamInfo calls the Veracode getteaminfo.do API and returns a TeamInfo struct

type User

type User struct {
	Username  string `xml:"username,attr"`
	FirstName string `xml:"first_name,attr"`
	LastName  string `xml:"last_name,attr"`
	Email     string `xml:"email_address,attr"`
}

User represents a User in the Veracode Platform

type ViolatedPolicyRules

type ViolatedPolicyRules struct {
	PolicyRule []PolicyRule `xml:"Policy_rule"`
}

ViolatedPolicyRules is an array of rules violating by the third-party component identifed by SCA

type Vulnerabilities

type Vulnerabilities struct {
	Vulnerability []Vulnerability `xml:"vulnerability"`
}

Vulnerabilities is an array of vulnerabilities

type Vulnerability

type Vulnerability struct {
	CveID                                string `xml:"cve_id,attr"`
	CveSummary                           string `xml:"cve_summary,attr"`
	CvssScore                            string `xml:"cvss_score,attr"`
	CweID                                string `xml:"cwe_id,attr"`
	Mitigation                           string `xml:"mitigation,attr"`
	Severity                             string `xml:"severity,attr"`
	SeverityDesc                         string `xml:"severity_desc,attr"`
	VulnerabilityAffectsPolicyCompliance string `xml:"vulnerability_affects_policy_compliance,attr"`
}

Vulnerability is a CVE associated with a third-party component identified by SCA

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL