WI REST API using webproxy

Hello Everyone,
We are using WebInspect 19.1.0. and working on automation for WI scans.
For few projects we are using webproxy macro to run WebInspect scan.
Inorder to automate the scan we are thinking to use WI REST apis.
How ever we didn't find any parameter for webproxy  macro, only found login macro and workflow macro like below examples

#start a scan using the Default scan settings, use a TruClient based login macro named tclogin.webmacro, set the macro parameter named "username" to "myusername" and the parameter named "password" to "mypassword" (these parameters must exist in the macro)
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "settingsName": "Default", "overrides": { "loginMacro": "tclogin", "tcMacroParameters": { "tclogin": { "username":"myusername", "password":"mypassword" } } } }'

#start a scan using the Default scan settings, change the scan type to a workflow macro scan, use the workflow macro named MyWorkflow, and set the scan mode to audit only
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "settingsName": "Default", "overrides": { "startOption": "macro", "workflowMacros": ["MyWorkflow"], "crawlAuditMode": "auditOnly"} }'

Can anyone please help us how we can use webproxy macro to initiate scan using WebInspect REST APIs?



  • To support automated scanning, we have included the Web Proxy endpoint within the WebInspect API.

    • http://localhost:8083/webinspect/api  >>  http://localhost:8083/webinspect/swagger/ui/index#/Proxy


    If you instead produced your Workflow macro in any other way, there are endponts to check the Macros available to the WebInspect machine prior to runningyour scan.


    Or you can upload your Macro prior to running that API-driven scan.




    The basic process you might be considering for an automated Workflow-driven scan with Macro Creation is shown below.  I think it would be a good practice to assign a Name Variable for your script/job/build, and then use that name throughout the actions so all the artifacts trace to the script run.  For example, if you set the value to today's date and time, or the build#, then you could use that name for the Proxy Instance, the Macro recorded, the scan, the scan export file, the selected report(s), and so you will know the precise proxy instance or scan name for when you want to check their status.


    1.Call the WebInspect API URL to verify the service is operational and running.  The "is it alive" check.



    2. Call the WebInspect API to spawn a Web Proxy listener.  Set the name of the Instance as well as the port.  The WebInspect machine can run numerous Instances, so long as each uses a separate, available port number.



    3. Run your functional testing script through that Proxy Instance.  This will depend on the network proxy settings allowed for your testing software.  You could simply use WGET or cURL to make HTTP traffic, but Micro Focus UFT, Selenium, and Jenkins all work as well.


    4. Call the WebInspect API to save the captured Proxy data as a Workflow Macro.

    Saving it on the WebInspect machine may be preferable to downloading it:  http://localhost:8083/webinspect/swagger/ui/index#!/Proxy/Proxy_UpdateProxy


    5. Call the WebInspect API and kill the Proxy Instance.



    6. Start a new Workflow-driven scan, using the Macro you just created.



    #start a scan using the Default scan settings, change the scan type to a workflow macro scan, use the workflow macro named MyQuickDankWorkflow, and set the scan mode to audit-only.

    curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "settingsName": "Default", "overrides": { "startOption": "macro", "workflowMacros": ["MyQuickDankWorkflow"], "crawlAuditMode": "auditOnly"} }' localhost:8083/.../scans


    7. Monitor the status of the running scan.



    8A. Dump the WebInspect scan to FPR format, then script an upload of it to your SSC Server.



    8B.  OR FOR THAT FINAL STEP, use the WIE endpoints to upload the WebInspect scan to your WebInspect Enterprise server.

    (login)  http://localhost:8083/webinspect/swagger/ui/index#!/WIE/WIE_WIEConnect

    (Publish scan)  http://localhost:8083/webinspect/swagger/ui/index#!/WIE/WIE_PublishScan



    I hope that helps.  These URLs were copied from WebInspect 19.20 (Fall 2019), so it always possible I have overlooked differences with your 19.10 (Spring 2019).