-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FX-4815] Document new available DAST endpoints #263
Conversation
✅ Deploy Preview for cobalt-public-api ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
## Update Finding State | ||
|
||
```sh | ||
curl -X PATCH "https://api.us.cobalt.io/dast/findings/YOUR-DAST-FINDING-IDENTIFIER" \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this endpoint exist already?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a pending update to change that.
(Note that this repo is public)
Co-authored-by: Wolfgang Becker <5240716+wolfgangbecker@users.noreply.github.com>
Co-authored-by: Wolfgang Becker <5240716+wolfgangbecker@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Already approving, but I noticed this comment might have gone unnoticed.
I had already applied the suggestion 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
1ab7ce4
to
33b932b
Compare
33b932b
to
da46dd4
Compare
| `proof_of_concept` | Evidence of the vulnerability finding. | | ||
| `suggested_fix` | Description of how to fix the vulnerability. | | ||
| `http_exchanges` | Pairs of `request` and `response` of the vulnerability finding. | | ||
See [Finding response fields](#finding-response-fields) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since these docs are manually curated, I think it makes more sense to link to avoid duplication and that some parts get outdated
|
||
```sh | ||
curl -X POST "https://api.us.cobalt.io/dast/targets/YOUR-DAST-TARGET-IDENTIFIER/scheduled_scans" \ | ||
-H "Accept: application/vnd.cobalt.v2+json" \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
versions/v2/content/dast-findings.md
Outdated
|
||
| Field | Description | | ||
|---------|-------------------------------------------------------------------------------------------| | ||
| `state` | The desired next state of the finding. Should be one of [`notfixed`, `invalid`, `accepted`] | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found during acceptance testing that not all of the states listed here work. I tried to use accepted
.
I found the correct values here: https://github.com/cobalthq/cobalt-api/blob/main/src/main/kotlin/io/cobalt/api/dast/finding/v2/dto/DastFindingTransitionWrapper.kt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, good catch. These were not "our" states, I have corrected that.
Co-authored-by: Grayson Kuhns <101134339+grayson-cobalt@users.noreply.github.com>
Co-authored-by: Grayson Kuhns <101134339+grayson-cobalt@users.noreply.github.com>
@@ -135,9 +128,70 @@ This endpoint retrieves a specific DAST finding that belongs to the organization | |||
| `title` | Name of the vulnerability | | |||
| `last_found_at` | Date and time of when the vulnerability was last found, in ISO 8601 UTC format. | | |||
| `severity` | Severity of the vulnerability finding: `10` is low. `20` is medium. `30` is high. | | |||
| `state` | State of the vulnerability finding: [`notfixed`, `invalid`, `accepted`, `fixed`] | | |||
| `state` | State of the vulnerability finding: [`invalid`, `need_fix`, `wont_fix`, `valid_fix`, `check_fix`] | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These were not correct. "our" states are correctly listed now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
There are a few adjustment pending before the API exactly matches what is described. These will be merged before this PR gets merged.