Highlighted
Respected Contributor.. Amrityam_Rout Respected Contributor..
Respected Contributor..
185 views

WI REST API using webproxy

Hello Everyone,
We are using WebInspect 19.1.0. and working on automation for WI scans.
For few projects we are using webproxy macro to run WebInspect scan.
Inorder to automate the scan we are thinking to use WI REST apis.
How ever we didn't find any parameter for webproxy  macro, only found login macro and workflow macro like below examples

#start a scan using the Default scan settings, use a TruClient based login macro named tclogin.webmacro, set the macro parameter named "username" to "myusername" and the parameter named "password" to "mypassword" (these parameters must exist in the macro)
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "settingsName": "Default", "overrides": { "loginMacro": "tclogin", "tcMacroParameters": { "tclogin": { "username":"myusername", "password":"mypassword" } } } }' http://127.0.0.1:8083/webinspect/scanner/scans

#start a scan using the Default scan settings, change the scan type to a workflow macro scan, use the workflow macro named MyWorkflow, and set the scan mode to audit only
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "settingsName": "Default", "overrides": { "startOption": "macro", "workflowMacros": ["MyWorkflow"], "crawlAuditMode": "auditOnly"} }' http://127.0.0.1:8083/webinspect/scanner/scans


Can anyone please help us how we can use webproxy macro to initiate scan using WebInspect REST APIs?

@ebell @HansEnders 

 

0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: WI REST API using webproxy

To support automated scanning, we have included the Web Proxy endpoint within the WebInspect API.

 

If you instead produced your Workflow macro in any other way, there are endponts to check the Macros available to the WebInspect machine prior to runningyour scan.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_GetAllAvailableMacros

Or you can upload your Macro prior to running that API-driven scan.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_UploadMacro

 

 

The basic process you might be considering for an automated Workflow-driven scan with Macro Creation is shown below.  I think it would be a good practice to assign a Name Variable for your script/job/build, and then use that name throughout the actions so all the artifacts trace to the script run.  For example, if you set the value to today's date and time, or the build#, then you could use that name for the Proxy Instance, the Macro recorded, the scan, the scan export file, the selected report(s), and so you will know the precise proxy instance or scan name for when you want to check their status.

 

1.Call the WebInspect API URL to verify the service is operational and running.  The "is it alive" check.

http://localhost:8083/webinspect/api

 

2. Call the WebInspect API to spawn a Web Proxy listener.  Set the name of the Instance as well as the port.  The WebInspect machine can run numerous Instances, so long as each uses a separate, available port number.

http://localhost:8083/webinspect/swagger/ui/index#!/Proxy/Proxy_CreateProxy

 

3. Run your functional testing script through that Proxy Instance.  This will depend on the network proxy settings allowed for your testing software.  You could simply use WGET or cURL to make HTTP traffic, but Micro Focus UFT, Selenium, and Jenkins all work as well.

 

4. Call the WebInspect API to save the captured Proxy data as a Workflow Macro.

Saving it on the WebInspect machine may be preferable to downloading it:  http://localhost:8083/webinspect/swagger/ui/index#!/Proxy/Proxy_UpdateProxy

 

5. Call the WebInspect API and kill the Proxy Instance.

http://localhost:8083/webinspect/swagger/ui/index#!/Proxy/Proxy_DeleteProxy

 

6. Start a new Workflow-driven scan, using the Macro you just created.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_StartScan

Example:

#start a scan using the Default scan settings, change the scan type to a workflow macro scan, use the workflow macro named MyQuickDankWorkflow, and set the scan mode to audit-only.

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "settingsName": "Default", "overrides": { "startOption": "macro", "workflowMacros": ["MyQuickDankWorkflow"], "crawlAuditMode": "auditOnly"} }' http://localhost:8083/webinspect/scanner/scans

 

7. Monitor the status of the running scan.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_GetScanStatus

 

8A. Dump the WebInspect scan to FPR format, then script an upload of it to your SSC Server.

http://localhost:8083/webinspect/swagger/ui/index#!/Scanner/Scanner_ExportScan

 

8B.  OR FOR THAT FINAL STEP, use the WIE endpoints to upload the WebInspect scan to your WebInspect Enterprise server.

(login)  http://localhost:8083/webinspect/swagger/ui/index#!/WIE/WIE_WIEConnect

(Publish scan)  http://localhost:8083/webinspect/swagger/ui/index#!/WIE/WIE_PublishScan

 

 

I hope that helps.  These URLs were copied from WebInspect 19.20 (Fall 2019), so it always possible I have overlooked differences with your 19.10 (Spring 2019).

 


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.