ThreadFix REST Interface Responses
This page is dedicated to displaying the possible responses to the ThreadFix REST Interface.
You should get an authentication error like the following for incorrect or missing API keys.
{
"message": "Authentication failed, check your API Key.",
"success": false,
"responseCode": -1,
"object": null
}Any of the calls that have the ability to write to the ThreadFix database can be restricted by editing the API Key accessing those calls to be a 'Restricted API Key'. You should get the following error if you make a restricted API call with a 'Restricted API Key'.
{
"message": "The requested URL is restricted for your API Key.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 1,
"infoVulnCount": 0,
"lowVulnCount": 0,
"mediumVulnCount": 0,
"highVulnCount": 0,
"criticalVulnCount": 0,
"totalVulnCount": 0,
"name": "TEST123",
"applications": null
}
}{
"message": "\"name\" parameter was not present, new Team creation failed.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 2,
"infoVulnCount": 0,
"lowVulnCount": 0,
"mediumVulnCount": 0,
"highVulnCount": 0,
"criticalVulnCount": 0,
"totalVulnCount": 0,
"name": "TEST 123",
"applications": []
}
}{
"message": "Team Lookup failed.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "No team found with name 'TET123'",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": [
{
"id": 11,
"infoVulnCount": 0,
"lowVulnCount": 0,
"mediumVulnCount": 0,
"highVulnCount": 0,
"criticalVulnCount": 0,
"totalVulnCount": 0,
"name": "Team 1",
"applications": [
]
},
{
"id": 4,
"infoVulnCount": 16,
"lowVulnCount": 60,
"mediumVulnCount": 2,
"highVulnCount": 6,
"criticalVulnCount": 0,
"totalVulnCount": 84,
"name": "Team 2",
"applications": [
{
"id": 4,
"name": "Test 1"
}
]
}
]
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 1,
"name": "Test App 1",
"url": "http://example.com",
"uniqueId": null,
"applicationCriticality": {
"id": 1,
"name": "Low"
},
"grcApplication": null,
"scans": null,
"infoVulnCount": 0,
"lowVulnCount": 0,
"mediumVulnCount": 0,
"highVulnCount": 0,
"criticalVulnCount": 0,
"totalVulnCount": 0,
"waf": null,
"organization": {
"id": 1,
"name": "TEST 123"
}
}
}{
"message": "New Team creation failed.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 1,
"name": "Test App 1",
"url": "http://example.com",
"uniqueId": null,
"applicationCriticality": {
"id": 1,
"name": "Low"
},
"grcApplication": null,
"scans": null,
"infoVulnCount": 0,
"lowVulnCount": 0,
"mediumVulnCount": 0,
"highVulnCount": 0,
"criticalVulnCount": 0,
"totalVulnCount": 0,
"waf": null,
"organization": {
"id": 1,
"name": "TEST 123"
}
}
}{
"message": "Application lookup failed. Check your ID.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 1,
"name": "Test App 1",
"url": "http://example.com",
"uniqueId": null,
"applicationCriticality": {
"id": 1,
"name": "Low"
},
"grcApplication": null,
"scans": null,
"infoVulnCount": 0,
"lowVulnCount": 0,
"mediumVulnCount": 0,
"highVulnCount": 0,
"criticalVulnCount": 0,
"totalVulnCount": 0,
"waf": null,
"organization": {
"id": 1,
"name": "TEST 123"
}
}
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 4,
"name": "Test Name 1",
"url": null,
"uniqueId": null,
"applicationCriticality": {
"id": 1,
"name": "Low"
},
"grcApplication": null,
"scans": [],
"infoVulnCount": 0,
"lowVulnCount": 0,
"mediumVulnCount": 0,
"highVulnCount": 0,
"criticalVulnCount": 0,
"totalVulnCount": 0,
"waf": {
"id": 1,
"name": "DG mod_security"
},
"organization": {
"id": 2,
"name": "TEST 123"
}
}
}{
"message": "WAF lookup failed. Check your ID.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "Application lookup failed. Check your ID.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 4,
"name": "Test App 1",
"url": "http://www.example-url.com",
"uniqueId": null,
"applicationCriticality": {
"id": 1,
"name": "Low"
},
"grcApplication": null,
"scans": [],
"infoVulnCount": 0,
"lowVulnCount": 0,
"mediumVulnCount": 0,
"highVulnCount": 0,
"criticalVulnCount": 0,
"totalVulnCount": 0,
"waf": {
"id": 1,
"name": "DG mod_security"
},
"organization": {
"id": 2,
"name": "TEST 123"
}
}
}{
"message": "Application lookup failed. Check your ID.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 56,
"importTime": 1401977632000,
"numberClosedVulnerabilities": 0,
"numberNewVulnerabilities": 84,
"numberOldVulnerabilities": 0,
"numberResurfacedVulnerabilities": 0,
"numberTotalVulnerabilities": 84,
"numberRepeatResults": 0,
"numberRepeatFindings": 0,
"numberInfoVulnerabilities": 16,
"numberLowVulnerabilities": 60,
"numberMediumVulnerabilities": 2,
"numberHighVulnerabilities": 6,
"numberCriticalVulnerabilities": 0,
"findings": [
{
"id": 4702,
"longDescription": null,
"attackString": "\"><script>alert(1);</script>",
"attackRequest": null,
"attackResponse": null,
"nativeId": "e66d13c89218d65c07a6ae237a4e37ff",
"displayId": null,
"surfaceLocation": {
"id": 4702,
"parameter": "uid",
"path": "/bank/login.aspx"
},
"sourceFileLocation": null,
"dataFlowElements": null,
"calculatedUrlPath": "/bank/login.aspx",
"calculatedFilePath": "",
"dependency": null,
"severity": "3",
"vulnerabilityType": "Cross Site Scripting (Reflected)"
},
{
"id": 4703,
"longDescription": null,
"attackString": "",
"attackRequest": null,
"attackResponse": null,
"nativeId": "413d050c830daf7ccb4248efb369da36",
"displayId": null,
"surfaceLocation": {
"id": 4703,
"parameter": null,
"path": "/images/icon_top.gif"
},
"sourceFileLocation": null,
"dataFlowElements": null,
"calculatedUrlPath": "/images/icon_top.gif",
"calculatedFilePath": "",
"dependency": null,
"severity": "1",
"vulnerabilityType": "X-Content-Type-Options header missing"
} // the rest omitted for brevity
],
"scannerName": "OWASP Zed Attack Proxy"
}
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 2,
"name": "Example WAF",
"wafTypeName": "mod_security",
"applications": []
}
}{
"message": "New WAF creation failed.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 2,
"name": "Example WAF",
"wafTypeName": "mod_security",
"applications": []
}
}{
"message": "WAF Lookup failed.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": [
{
"id": 24,
"name": "Sample WAF 1",
"applications": [
{
"id": 75,
"name": "App 2"
}
],
"wafTypeName": "Snort"
},
{
"id": 25,
"name": "Sample WAF 2",
"applications": [
{
"id": 76,
"name": "App 6"
}
],
"wafTypeName": "Snort"
}
]
}{
"message": "No Rules generated for WAF.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": "SecRule REQUEST_URI \"^\\/demo\\/OSCommandInjection2\\.php\"\"phase:2,chain,deny,msg:'Path Traversal attempt: /demo/OSCommandInjection2.php [fileName]',id:'100018',severity:'2'\"\nSecRule ARGS:fileName \".|\\%2e\"\n\nSecRule REQUEST_URI \"^\\/demo\\/OSCommandInjection2\\.php\"\"phase:2,chain,deny,msg:'OS Command Injection attempt: /demo/OSCommandInjection2.php [fileName]',id:'100019',severity:'2'\"\nSecRule ARGS:fileName \"&|\\||;|%7C|%26|%3B\"\n\nSecRule REQUEST_URI \"^\\/demo\\/OSCommandInjection2\\.php\"\"phase:2,chain,deny,msg:'OS Command Injection attempt: /demo/OSCommandInjection2.php [fileName]',id:'100020',severity:'2'\"\nSecRule ARGS:fileName \"&|\\||;|%7C|%26|%3B\"\n\nSecRule REQUEST_URI \"^\\/demo\\/XSS-reflected2\\.php\"\"phase:2,chain,deny,msg:'Cross-site Scripting attempt: /demo/XSS-reflected2.php [username]',id:'100021',severity:'2'\"\nSecRule ARGS:username \"<|\\%3C|>|\\%3E\"\n\nSecRule REQUEST_URI \"^\\/demo\\/XSS-cookie\\.php\"\"phase:2,chain,deny,msg:'Cross-site Scripting attempt: /demo/XSS-cookie.php [cookie]',id:'100022',severity:'2'\"\nSecRule ARGS:cookie \"<|\\%3C|>|\\%3E\"\n\nSecRule REQUEST_URI \"^\\/demo\\/EvalInjection2\\.php\"\"phase:2,chain,deny,msg:'Cross-site Scripting attempt: /demo/EvalInjection2.php [command]',id:'100023',severity:'2'\"\nSecRule ARGS:command \"<|\\%3C|>|\\%3E\"\n\nSecRule REQUEST_URI \"^\\/demo\\/XPathInjection2\\.php\"\"phase:2,chain,deny,msg:'Cross-site Scripting attempt: /demo/XPathInjection2.php [password]',id:'100024',severity:'2'\"\nSecRule ARGS:password \"<|\\%3C|>|\\%3E\"\n\nSecRule REQUEST_URI \"^\\/demo\\/XPathInjection2\\.php\"\"phase:2,chain,deny,msg:'Cross-site Scripting attempt: /demo/XPathInjection2.php [username]',id:'100025',severity:'2'\"\nSecRule ARGS:username \"<|\\%3C|>|\\%3E\"\n\nSecRule REQUEST_URI \"^\\/demo\\/XPathInjection2\\.php[^?]*(<|\\%3C|>|\\%3E)\"\"phase:2,deny,msg:'Cross-site Scripting attempt: /demo/XPathInjection2.php',id:'100026',severity:'2'\"\n\n"
}{
"message": "Application lookup failed. Check your ID.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "WAF Lookup failed.",
"success": false,
"responseCode": -1,
"object": null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": [
{
"id": 295
},
{
"id": 296,
},
//removed for brevity
{
"id": 588,
},
]
}{
"message": "WAF Lookup failed.",
"success": false,
"responseCode": -1,
"object": null
}{
"message":"",
"success":true,
"responseCode":-1,
"object":{
"id":12,
"longDescription":"This should be addressed.",
"attackString":null,
"attackRequest":null,
"attackResponse":null,
"nativeId":"24",
"displayId":null,
"surfaceLocation":{
"id":12,
"parameter":"store",
"path":null
},
"sourceFileLocation":null,
"dataFlowElements":[
{
"id":9,
"sourceFileName":"C:\\sampleCode\\home",
"lineNumber":234,
"columnNumber":2,
"lineText":"findStore()"
}
],
"calculatedUrlPath":"",
"calculatedFilePath":"C:\\sampleCode\\home",
"dependency":null,
"severity":"Info",
"vulnerabilityType":"Location"
}
}{
"message":"The longDescription parameter needs to be set to a String between 1 and 2047 characters long.",
"success":false,
"responseCode":-1,
"object":null
}{
"message":"",
"success":true,
"responseCode":-1,
"object":{
"id":11,
"longDescription":"This should be addressed.",
"attackString":null,
"attackRequest":null,
"attackResponse":null,
"nativeId":"24",
"displayId":null,
"surfaceLocation":{
"id":11,
"parameter":"store",
"path":"/store/3"
},
"sourceFileLocation":null,
"dataFlowElements":null,
"calculatedUrlPath":"/store/3",
"calculatedFilePath":"",
"dependency":null,
"severity":"Info",
"vulnerabilityType":"Location"
}
}{
"message":"The vulnType parameter needs to be set to a valid CWE vulnerability name.",
"success":false,
"responseCode":-1,
"object":null
}{
"message": "",
"success": true,
"responseCode": -1,
"object": [
{
"id": 5360,
"defect": null,
"genericVulnerability": {
"id": 16,
"name": "Configuration",
"displayId": 16
},
"genericSeverity": {
"id": 4,
"intValue": 2
},
"active": true,
"isFalsePositive": false,
"hidden": false,
"findings": [
{
"id": 5491,
"longDescription": null,
"attackString": "",
"attackRequest": null,
"attackResponse": null,
"nativeId": "15883f05b959ce38702bd5492d8709ff",
"displayId": null,
"surfaceLocation": {
"id": 5491,
"parameter": null,
"path": "/bank/login.aspx"
},
"sourceFileLocation": null,
"dataFlowElements": [
],
"calculatedUrlPath": "/bank/login.aspx",
"calculatedFilePath": "",
"dependency": null,
"severity": "1",
"vulnerabilityType": "X-Content-Type-Options header missing"
}
],
"documents": [
],
"path": "/bank/login.aspx",
"parameter": null,
"vulnerabilityComments": [
],
"vulnId": "5360",
"channelNames": [
"OWASP Zed Attack Proxy"
],
"team": {
"id": 117,
"name": "qzrvSkivgE"
},
"dependency": null,
"app": {
"id": 85,
"name": "WVkZPFwUrL"
}
},
{
"id": 5345,
"defect": null,
"genericVulnerability": {
"id": 79,
"name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"displayId": 79
},
"genericSeverity": {
"id": 2,
"intValue": 4
},
"active": true,
"isFalsePositive": false,
"hidden": false,
"findings": [
{
"id": 5476,
"longDescription": null,
"attackString": "\"><script>alert(1);</script>",
"attackRequest": null,
"attackResponse": null,
"nativeId": "e66d13c89218d65c07a6ae237a4e37ff",
"displayId": null,
"surfaceLocation": {
"id": 5476,
"parameter": "uid",
"path": "/bank/login.aspx"
},
"sourceFileLocation": null,
"dataFlowElements": [
],
"calculatedUrlPath": "/bank/login.aspx",
"calculatedFilePath": "",
"dependency": null,
"severity": "3",
"vulnerabilityType": "Cross Site Scripting (Reflected)"
}
],
"documents": [
],
"path": "/bank/login.aspx",
"parameter": "uid",
"vulnerabilityComments": [
],
"vulnId": "5345",
"channelNames": [
"OWASP Zed Attack Proxy"
],
"team": {
"id": 117,
"name": "qzrvSkivgE"
},
"dependency": null,
"app": {
"id": 85,
"name": "WVkZPFwUrL"
}
}
]
}