[FX-4815] Document new available DAST endpoints #263
Conversation
✅ Deploy Preview for cobalt-public-api ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| ## Update Finding State | ||
|
|
||
| ```sh | ||
| curl -X PATCH "https://api.us.cobalt.io/dast/findings/YOUR-DAST-FINDING-IDENTIFIER" \ |
There was a problem hiding this comment.
Does this endpoint exist already?
There was a problem hiding this comment.
There's a pending update to change that.
(Note that this repo is public)
Co-authored-by: Wolfgang Becker <[email protected]>
Co-authored-by: Wolfgang Becker <[email protected]>
There was a problem hiding this comment.
Already approving, but I noticed this comment might have gone unnoticed.
I had already applied the suggestion 👍 |
davidgm0
force-pushed
the
chore/FX-4815/update-dast-docs
branch
3 times, most recently
from
1ab7ce4
to
33b932b
Compare
davidgm0
force-pushed
the
chore/FX-4815/update-dast-docs
branch
from
33b932b
to
da46dd4
Compare
| | `proof_of_concept` | Evidence of the vulnerability finding. | | ||
| | `suggested_fix` | Description of how to fix the vulnerability. | | ||
| | `http_exchanges` | Pairs of `request` and `response` of the vulnerability finding. | | ||
| See [Finding response fields](#finding-response-fields) |
There was a problem hiding this comment.
Since these docs are manually curated, I think it makes more sense to link to avoid duplication and that some parts get outdated
|
|
||
| ```sh | ||
| curl -X POST "https://api.us.cobalt.io/dast/targets/YOUR-DAST-TARGET-IDENTIFIER/scheduled_scans" \ | ||
| -H "Accept: application/vnd.cobalt.v2+json" \ |
There was a problem hiding this comment.
needs content-type header
versions/v2/content/dast-findings.md
Outdated
|
|
||
| | Field | Description | | ||
| |---------|-------------------------------------------------------------------------------------------| | ||
| | `state` | The desired next state of the finding. Should be one of [`notfixed`, `invalid`, `accepted`] | |
There was a problem hiding this comment.
I found during acceptance testing that not all of the states listed here work. I tried to use accepted.
I found the correct values here: https://github.com/cobalthq/cobalt-api/blob/main/src/main/kotlin/io/cobalt/api/dast/finding/v2/dto/DastFindingTransitionWrapper.kt
There was a problem hiding this comment.
Ah, good catch. These were not "our" states, I have corrected that.
Co-authored-by: Grayson Kuhns <[email protected]>
Co-authored-by: Grayson Kuhns <[email protected]>
| @@ -135,9 +128,70 @@ This endpoint retrieves a specific DAST finding that belongs to the organization | |||
| | `title` | Name of the vulnerability | | |||
| | `last_found_at` | Date and time of when the vulnerability was last found, in ISO 8601 UTC format. | | |||
| | `severity` | Severity of the vulnerability finding: `10` is low. `20` is medium. `30` is high. | | |||
| | `state` | State of the vulnerability finding: [`notfixed`, `invalid`, `accepted`, `fixed`] | | |||
| | `state` | State of the vulnerability finding: [`invalid`, `need_fix`, `wont_fix`, `valid_fix`, `check_fix`] | | |||
There was a problem hiding this comment.
These were not correct. "our" states are correctly listed now.
There are a few adjustment pending before the API exactly matches what is described. These will be merged before this PR gets merged.