I am trying to implement REST API for Fortify Software Security Center using Java. I am able to obtain
1)使用以下网址进行 token
对上述网址的响应如下
{
"data": {
"token": "NDIxMjE0NjUtOGIwNy00ZjFiLWEzMTUtZjZkYTg0MWY1Zjgz",
"creationDate": "2016-09-14T05:49:34.000+0000",
"terminalDate": "2016-09-15T05:49:34.000+0000"
},
"responseCode": 200
}
和 2) 使用以下 URL 获取报告列表
对上述网址的响应如下
{
"data": [
{
"note": "",
"_href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/17",
"formatDefaultText": "PDF",
"projects": [
{
"id": 16,
"name": "Project 1",
"versions": [
{
"id": 30,
"name": "1.0",
"developmentPhase": "New"
}
]
}
],
"authEntity": {
"id": 2,
"userName": "AAA",
"firstName": "AAA",
"lastName": "AAA"
},
"isPublished": false,
"format": "PDF",
"generationDate": "2016-08-03T10:56:46.000+0000",
"statusDefaultText": "Processing Complete",
"reportDefinitionId": null,
"type": "ISSUE",
"typeDefaultText": "Issue Reports",
"inputReportParameters": null,
"name": "Project 1",
"id": 17,
"status": "PROCESS_COMPLETE"
},
{
"note": "",
"_href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/22",
"formatDefaultText": "PDF",
"projects": [
{
"id": 16,
"name": "Project 2",
"versions": [
{
"id": 30,
"name": "1.0",
"developmentPhase": "New"
}
]
}
],
"authEntity": {
"id": 10,
"userName": "BBB",
"firstName": "BBB",
"lastName": "BBB"
},
"isPublished": false,
"format": "PDF",
"generationDate": "2016-08-24T13:45:30.000+0000",
"statusDefaultText": "Processing Complete",
"reportDefinitionId": null,
"type": "ISSUE",
"typeDefaultText": "Issue Reports",
"inputReportParameters": null,
"name": "Project 2",
"id": 22,
"status": "PROCESS_COMPLETE"
},
{
"note": "",
"_href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/41",
"formatDefaultText": "PDF",
"projects": [
{
"id": 2,
"name": "Project 3",
"versions": [
{
"id": 3,
"name": "1.0",
"developmentPhase": "Active Development"
}
]
}
],
"authEntity": {
"id": 10,
"userName": "CCC",
"firstName": "CCC",
"lastName": "CCC"
},
"isPublished": false,
"format": "PDF",
"generationDate": "2016-08-25T16:56:22.000+0000",
"statusDefaultText": "Processing Complete",
"reportDefinitionId": null,
"type": "ISSUE",
"typeDefaultText": "Issue Reports",
"inputReportParameters": null,
"name": "Project 3",
"id": 41,
"status": "PROCESS_COMPLETE"
},
{
"note": "",
"_href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/57",
"formatDefaultText": "XLS",
"projects": [
{
"id": 2,
"name": "Project 4",
"versions": [
{
"id": 3,
"name": "1.0",
"developmentPhase": "Active Development"
}
]
}
],
"authEntity": {
"id": 11,
"userName": "DDD",
"firstName": "DDD",
"lastName": "DDD"
},
"isPublished": false,
"format": "XLS",
"generationDate": "2016-09-09T15:46:22.000+0000",
"statusDefaultText": "Processing Complete",
"reportDefinitionId": null,
"type": "ISSUE",
"typeDefaultText": "Issue Reports",
"inputReportParameters": null,
"name": "Project 4",
"id": 57,
"status": "PROCESS_COMPLETE"
}
],
"count": 4,
"responseCode": 200,
"links": {
"last": {
"href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/?start=0"
},
"first": {
"href": "http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/reports/?start=0"
}
}
}
但我没有找到任何端点 URL 来下载已保存的报告。您能否帮我获取端点 URL 或提供 HP fortify 软件安全中心的引用 API 文档。
最佳答案
我知道这是一篇旧帖子,但我自己也遇到了这个问题并找到了解决方案。
首先,您必须请求一个文件 token 作为 HTTPPost:
http://xxx.xxx.xxx.xxx:8080/ssc/api/v1/fileTokens
与:
{"fileTokenType": "REPORT_FILE"}
在请求正文中。
这将返回一个唯一的 ID,您将用它来获取报告。
接下来,您将发出另一个 get 请求,如下所示:
http://xxx.xxx.xxx.xxx:8080/ssc/transfer/reportDownload.html?mat=[file_token]&id=[project_id]
您将 [file_token] 替换为从上述帖子返回的 token ,将 [project_id] 替换为您要下载其报告的项目。
例如:
http://xxx.xxx.xxx.xxx:8080/ssc/transfer/reportDownload.html?mat=7e8d912e-2432-6496-3232-709b05513bf2&id=1
这将返回二进制数据,然后您可以将其保存到文件中。文件类型在报告数据中指定为“格式”
关于java - 如何使用 Fortify 软件安全中心 REST API 下载保存的报告?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39483637/