add API calls for manual scan info

veracode · Sep 11, 2024 · fb4a249 · fb4a249
1 parent 7b9acbf
commit fb4a249
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 3 deletions.
diff --git a/docs/api.md b/docs/api.md
@@ -61,6 +61,15 @@ As an alternative to importing individual objects into your library, you can acc
   - `approved_findings_only`: limits matches to findings with approved mitigations.
   - `allow_fuzzy_match`: look for matches within a range of source lines around the origin finding. This allows for code movement but can result in flaws being mismatched; use sparingly.
 
+### MPT Scans and Findings
+
+*See also*: You can also access these methods from the [ManualScans class](findings.md#manual-testing).
+
+- `get_manual_scans_for_app(appid)`: get the manual scans for `appid` (guid).
+- `get_manual_scan(scanid)`: get the manual scan information for `scanid` (int), returned by `get_manual_scans_for_app()`.
+- `get_manual_findings(scanid,include_artifacts(opt))`: get the manual findings detail for `scanid` (int). 
+  - `include_artifacts`: if `True`, includes screenshots and code samples associated with the findings. 
+
 ### Summary Report
 
 *See also*: You can also access this method from the [SummaryReport class](findings.md#summary-report).

diff --git a/docs/findings.md b/docs/findings.md
@@ -22,4 +22,11 @@ The following methods call Veracode REST APIs and return JSON.
 
 - `SummaryReport().get_summary_report(app,sandbox(opt))`: get the summary report for `app` (guid) or its `sandbox` (guid).
 
+## Manual Testing
+
+- `ManualScans().get_for_app(appid)`: get the manual scans for `appid` (guid).
+- `ManualScans().get(scanid)`: get the manual scan information for `scanid` (int), returned by `get_for_app()`.
+- `ManualScans().get_findings(scanid,include_artifacts(opt))`: get the manual findings detail for `scanid` (int). 
+  - `include_artifacts`: if `True`, includes screenshots and code samples associated with the findings. 
+
 [All docs](docs.md)
diff --git a/veracode_api_py/__init__.py b/veracode_api_py/__init__.py
@@ -3,7 +3,7 @@
 from veracode_api_py.applications import Applications, Sandboxes, CustomFields
 from veracode_api_py.collections import Collections
 from veracode_api_py.dynamic import Analyses, Scans, CodeGroups, Configuration, ScannerVariables, ScanCapacitySummary, Occurrences, DynUtils
-from veracode_api_py.findings import Findings, SummaryReport
+from veracode_api_py.findings import Findings, SummaryReport, ManualScans
 from veracode_api_py.healthcheck import Healthcheck
 from veracode_api_py.identity import Users, Teams, BusinessUnits, APICredentials, Roles
 from veracode_api_py.sca import Workspaces, ComponentActivity, SBOM, SCAApplications

diff --git a/veracode_api_py/api.py b/veracode_api_py/api.py
@@ -20,7 +20,7 @@
 from .constants import Constants
 from .exceptions import VeracodeAPIError
 from .applications import Applications, Sandboxes, CustomFields
-from .findings import Findings, SummaryReport
+from .findings import Findings, SummaryReport, ManualScans
 from .policy import Policies
 from .sca import ComponentActivity, Workspaces, SBOM, SCAApplications
 from .collections import Collections
@@ -184,6 +184,17 @@ def add_annotation(self, app: UUID, issue_list, comment, action, sandbox: UUID =
 
     def match_findings(self, origin_finding, potential_matches, approved_findings_only=True):
         return Findings().match(origin_finding, potential_matches, approved_findings_only)
+
+    ## MPT scans and findings
+
+    def get_mpt_scans(self, appid: UUID):
+        return ManualScans().get_for_app(appid=appid)
+
+    def get_mpt_scan(self, scanid: int):
+        return ManualScans().get(scanid=scanid)
+
+    def get_mpt_findings(self, scanid: int, include_artifacts=False):
+        return ManualScans().get_findings(scanid=scanid, include_artifacts=include_artifacts)
 
     ## Collections APIs
 

diff --git a/veracode_api_py/findings.py b/veracode_api_py/findings.py
@@ -167,4 +167,22 @@ def get_summary_report(self,app: UUID,sandbox: UUID=None):
         else:
             uri = "appsec/v2/applications/{}/summary_report".format(app)
 
-        return APIHelper()._rest_request(uri,"GET")
+        return APIHelper()._rest_request(uri,"GET")
+
+class ManualScans():
+    def get_for_app(self,appid: UUID):
+        params = {}
+        params['application'] = appid
+        uri = 'mpt/v1/scans'
+        return APIHelper()._rest_paged_request(uri,"GET","scans",params=params)
+
+    def get(self,scanid: int):
+        uri = "mpt/v1/scans/{}".format(scanid)
+        return APIHelper()._rest_request(uri,"GET")
+
+    def get_findings(self,scanid: int, include_artifacts=False):
+        uri = "mpt/v1/scans/{}/findings".format(scanid)
+        params = {}
+        params['include_artifacts'] = include_artifacts
+        return APIHelper()._rest_paged_request(uri,"GET","findings",params=params)
+