Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
tarveen Absent Member.
Absent Member.
4112 views

WebInspect Rest API - Stopping a scan

I am trying to consume the webinspect rest api using c#.net application. I can successfully start a scan. But when I try to stop a scan (using  PUT request and specifying "action=stop"), I keep getting error message, "An error has occured".

 

My questions are:

1. Is there any pre requisites (like a valid StartURL for e.g. ) that a scan must fulfil so that it can be successfully stopped?

2. Is there any debug information that the api logs that I can look to debug it?

 

Any help is appreciated.

 

Thanks,

Tarveen

Labels (1)
0 Likes
2 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: WebInspect Rest API - Stopping a scan

tarveen;

 

I will assume you already reviewed the Help file in WebInspect regarding the API commands and sample, as well as the live web page http://127.0.0.1:8083/webinspect/api/ that exists when you have the API operational.

 

 

  • There are no prerequisites to Stop a scan, only to get one running successfully.  The Targeted Host (from the Starting URL) must be in the Allowed IP Range of the WebInspect license (Activation Token).  If the first URL listed results in a 404 response, the scan halts immediately, assuming you targeted the wrong site.

 

  • How does your command compare with the samples shown in the Help guide?

 

  • Have you tried checking the scan's status prior to issuing the Stop command?

 

  • When starting the scan, are you depending on the Default Scan Settings of that remote WebInspect machine, or are you specifying a pre-defined scan setting file (optimal)?

 

 

  • The WebInspect API log data is written to the Windows Application Logs, per the Help guide.  I would also inspect the WebInspect (UI) logs, either directly in the text files or using the Log Viewer tool found inside WebInspect.

WebInspect Logs:  C:\Users\%CURRENTUSER%\AppData\Local\HP\HP WebInspect\Logs\00000000-0000-0000-0000-000000000000\

 

Log Level

Choose the level of log information you want to collect.

Note: You can view the API log files using the Windows Event Viewer. The log files are located under Applications and Services Logs > WebInspect API.

 

 

  • You might want to ask Fortify Support (support.fortify.com) to review your command script, or repost this and dialogue with other customers at the customer-only forums of protect724.hp.com.

 

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 

Samples from the Help guide on using the API via bash/curl:

 

#get status of a specific scan (returns one of Running/NotRunning/Complete/Interrupted)
curl $API_ENDPOINT/<scan_id>?action=getcurrentstatus

 

#stop a running scan
curl -X PUT -d "" $API_ENDPOINT/<scan_id>?action=stop

 

 

Command Descriptions from the Help guide:


GET /webinspect/scanner/<scanId>

  action WaitForStatusChange will block until the status of the scan changes.

  action GetCurrentStatus will immediately return the current scan status.

 

PUT /webinspect/scanner/<scanId>

  action: The action to take on a particular scan.

  Currently supported actions:

      Stop: Stops currently running scan.

      Continue: Continues a previiously paused or interrupted scan.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
tarveen Absent Member.
Absent Member.

Re: WebInspect Rest API - Stopping a scan

Thanks for the response. 

 

I checked the help guide and my request matches with that shown in the guide.

 

And yes, I did checked the scan status before stopping it. The response I got is that the scan is currently running.

 

Also, I tried with both the default and predefined settings file. WIth both of them, I get the same error.

 

I enabled the debug log on the webinspect api and I see this error.

 

-------------------------------------------------------------------------------------------------------------------------------

Critical] Value cannot be null.
Parameter name: s
at System.Convert.FromBase64String(String s)
at HP.WebInspect.RemoteControl.Scanner.ScanTools.CreateCrawlSession(IScan scan, ExternalSession externalSession)
at HP.WebInspect.RemoteControl.Scanner.ScannerController.<>c__DisplayClass1d.<AddSessionToScan>b__1c()

-------------------------------------------------------------------------------------------------------------------------------

 

Any ideas what am I missing here?

 

Thanks,

Tarveen

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.