I am trying to implement REST API for Fortify Software Security Center using Java. I am able to obtain
1)使用以下URL表示令牌
http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/auth/obtain_token
对以上网址的回复如下
{
"data": {
"token": "NDIxMjE0NjUtOGIwNy00ZjFiLWEzMTUtZjZkYTg0MWY1Zjgz",
"creationDate": "2016-09-14T05:49:34.000+0000",
"terminalDate": "2016-09-15T05:49:34.000+0000"
},
"responseCode": 200
}
2)使用以下URL获取报告列表
http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports
对以上网址的回复如下
{
"data": [
{
"note": "",
"_href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/17",
"formatDefaultText": "PDF",
"projects": [
{
"id": 16,
"name": "Project 1",
"versions": [
{
"id": 30,
"name": "1.0",
"developmentPhase": "New"
}
]
}
],
"authEntity": {
"id": 2,
"userName": "AAA",
"firstName": "AAA",
"lastName": "AAA"
},
"isPublished": false,
"format": "PDF",
"generationDate": "2016-08-03T10:56:46.000+0000",
"statusDefaultText": "Processing Complete",
"reportDefinitionId": null,
"type": "ISSUE",
"typeDefaultText": "Issue Reports",
"inputReportParameters": null,
"name": "Project 1",
"id": 17,
"status": "PROCESS_COMPLETE"
},
{
"note": "",
"_href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/22",
"formatDefaultText": "PDF",
"projects": [
{
"id": 16,
"name": "Project 2",
"versions": [
{
"id": 30,
"name": "1.0",
"developmentPhase": "New"
}
]
}
],
"authEntity": {
"id": 10,
"userName": "BBB",
"firstName": "BBB",
"lastName": "BBB"
},
"isPublished": false,
"format": "PDF",
"generationDate": "2016-08-24T13:45:30.000+0000",
"statusDefaultText": "Processing Complete",
"reportDefinitionId": null,
"type": "ISSUE",
"typeDefaultText": "Issue Reports",
"inputReportParameters": null,
"name": "Project 2",
"id": 22,
"status": "PROCESS_COMPLETE"
},
{
"note": "",
"_href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/41",
"formatDefaultText": "PDF",
"projects": [
{
"id": 2,
"name": "Project 3",
"versions": [
{
"id": 3,
"name": "1.0",
"developmentPhase": "Active Development"
}
]
}
],
"authEntity": {
"id": 10,
"userName": "CCC",
"firstName": "CCC",
"lastName": "CCC"
},
"isPublished": false,
"format": "PDF",
"generationDate": "2016-08-25T16:56:22.000+0000",
"statusDefaultText": "Processing Complete",
"reportDefinitionId": null,
"type": "ISSUE",
"typeDefaultText": "Issue Reports",
"inputReportParameters": null,
"name": "Project 3",
"id": 41,
"status": "PROCESS_COMPLETE"
},
{
"note": "",
"_href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/57",
"formatDefaultText": "XLS",
"projects": [
{
"id": 2,
"name": "Project 4",
"versions": [
{
"id": 3,
"name": "1.0",
"developmentPhase": "Active Development"
}
]
}
],
"authEntity": {
"id": 11,
"userName": "DDD",
"firstName": "DDD",
"lastName": "DDD"
},
"isPublished": false,
"format": "XLS",
"generationDate": "2016-09-09T15:46:22.000+0000",
"statusDefaultText": "Processing Complete",
"reportDefinitionId": null,
"type": "ISSUE",
"typeDefaultText": "Issue Reports",
"inputReportParameters": null,
"name": "Project 4",
"id": 57,
"status": "PROCESS_COMPLETE"
}
],
"count": 4,
"responseCode": 200,
"links": {
"last": {
"href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/?start=0"
},
"first": {
"href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/?start=0"
}
}
}
但我没有找到任何 endpoints URL来下载保存的报告 . 您能否帮我获取终端URL或为HP fortify软件安全中心提供参考API文档 .
1 回答
我知道这是一个老帖子,但我自己遇到了问题并找到了解决方案 .
首先,您必须将文件令牌请求为HTTPPost:
http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/fileTokens有:
在请求正文中 .
这将返回您将用于获取报告的唯一ID .
接下来,您将发出另一个get请求,如下所示:
http://xxx.xxx.xxx.xxx:8080/ssc/transfer/reportDownload.html?mat=[file_token]&id=[project_id]您将使用上述帖子返回的令牌替换[file_token],并将[project_id]替换为要为其下载报告的项目 .
例如:
这将返回二进制数据,然后您可以将其保存到文件中 . 文件类型在报告数据中指定为“格式”