From fb4a2490cc42f891013d666d268d4e5fd9184861 Mon Sep 17 00:00:00 2001 From: Tim Jarrett Date: Wed, 11 Sep 2024 09:33:51 +0200 Subject: [PATCH] add API calls for manual scan info --- docs/api.md | 9 +++++++++ docs/findings.md | 7 +++++++ veracode_api_py/__init__.py | 2 +- veracode_api_py/api.py | 13 ++++++++++++- veracode_api_py/findings.py | 20 +++++++++++++++++++- 5 files changed, 48 insertions(+), 3 deletions(-) diff --git a/docs/api.md b/docs/api.md index dc0a68c..dfa2745 100644 --- a/docs/api.md +++ b/docs/api.md @@ -61,6 +61,15 @@ As an alternative to importing individual objects into your library, you can acc - `approved_findings_only`: limits matches to findings with approved mitigations. - `allow_fuzzy_match`: look for matches within a range of source lines around the origin finding. This allows for code movement but can result in flaws being mismatched; use sparingly. +### MPT Scans and Findings + +*See also*: You can also access these methods from the [ManualScans class](findings.md#manual-testing). + +- `get_manual_scans_for_app(appid)`: get the manual scans for `appid` (guid). +- `get_manual_scan(scanid)`: get the manual scan information for `scanid` (int), returned by `get_manual_scans_for_app()`. +- `get_manual_findings(scanid,include_artifacts(opt))`: get the manual findings detail for `scanid` (int). + - `include_artifacts`: if `True`, includes screenshots and code samples associated with the findings. + ### Summary Report *See also*: You can also access this method from the [SummaryReport class](findings.md#summary-report). diff --git a/docs/findings.md b/docs/findings.md index 0e51311..b6f6d09 100644 --- a/docs/findings.md +++ b/docs/findings.md @@ -22,4 +22,11 @@ The following methods call Veracode REST APIs and return JSON. - `SummaryReport().get_summary_report(app,sandbox(opt))`: get the summary report for `app` (guid) or its `sandbox` (guid). +## Manual Testing + +- `ManualScans().get_for_app(appid)`: get the manual scans for `appid` (guid). +- `ManualScans().get(scanid)`: get the manual scan information for `scanid` (int), returned by `get_for_app()`. +- `ManualScans().get_findings(scanid,include_artifacts(opt))`: get the manual findings detail for `scanid` (int). + - `include_artifacts`: if `True`, includes screenshots and code samples associated with the findings. + [All docs](docs.md) diff --git a/veracode_api_py/__init__.py b/veracode_api_py/__init__.py index c20b309..741a0df 100644 --- a/veracode_api_py/__init__.py +++ b/veracode_api_py/__init__.py @@ -3,7 +3,7 @@ from veracode_api_py.applications import Applications, Sandboxes, CustomFields from veracode_api_py.collections import Collections from veracode_api_py.dynamic import Analyses, Scans, CodeGroups, Configuration, ScannerVariables, ScanCapacitySummary, Occurrences, DynUtils -from veracode_api_py.findings import Findings, SummaryReport +from veracode_api_py.findings import Findings, SummaryReport, ManualScans from veracode_api_py.healthcheck import Healthcheck from veracode_api_py.identity import Users, Teams, BusinessUnits, APICredentials, Roles from veracode_api_py.sca import Workspaces, ComponentActivity, SBOM, SCAApplications diff --git a/veracode_api_py/api.py b/veracode_api_py/api.py index 530a57d..b2473a4 100644 --- a/veracode_api_py/api.py +++ b/veracode_api_py/api.py @@ -20,7 +20,7 @@ from .constants import Constants from .exceptions import VeracodeAPIError from .applications import Applications, Sandboxes, CustomFields -from .findings import Findings, SummaryReport +from .findings import Findings, SummaryReport, ManualScans from .policy import Policies from .sca import ComponentActivity, Workspaces, SBOM, SCAApplications from .collections import Collections @@ -184,6 +184,17 @@ def add_annotation(self, app: UUID, issue_list, comment, action, sandbox: UUID = def match_findings(self, origin_finding, potential_matches, approved_findings_only=True): return Findings().match(origin_finding, potential_matches, approved_findings_only) + + ## MPT scans and findings + + def get_mpt_scans(self, appid: UUID): + return ManualScans().get_for_app(appid=appid) + + def get_mpt_scan(self, scanid: int): + return ManualScans().get(scanid=scanid) + + def get_mpt_findings(self, scanid: int, include_artifacts=False): + return ManualScans().get_findings(scanid=scanid, include_artifacts=include_artifacts) ## Collections APIs diff --git a/veracode_api_py/findings.py b/veracode_api_py/findings.py index 3e49ae3..e46dec6 100644 --- a/veracode_api_py/findings.py +++ b/veracode_api_py/findings.py @@ -167,4 +167,22 @@ def get_summary_report(self,app: UUID,sandbox: UUID=None): else: uri = "appsec/v2/applications/{}/summary_report".format(app) - return APIHelper()._rest_request(uri,"GET") \ No newline at end of file + return APIHelper()._rest_request(uri,"GET") + +class ManualScans(): + def get_for_app(self,appid: UUID): + params = {} + params['application'] = appid + uri = 'mpt/v1/scans' + return APIHelper()._rest_paged_request(uri,"GET","scans",params=params) + + def get(self,scanid: int): + uri = "mpt/v1/scans/{}".format(scanid) + return APIHelper()._rest_request(uri,"GET") + + def get_findings(self,scanid: int, include_artifacts=False): + uri = "mpt/v1/scans/{}/findings".format(scanid) + params = {} + params['include_artifacts'] = include_artifacts + return APIHelper()._rest_paged_request(uri,"GET","findings",params=params) + \ No newline at end of file