In this article
This article provides a worked example on how to update the Test result associated to a countermeasure from a command line session.
The following API endpoint is used to fetch the the project details:
GET {{baseUrl}}/api/v1/products/:product-id
The following API endpoint is used to update the Test result of a component's associated countermeasure:
PUT {{baseUrl}}/api/v1/products/:product-id/components/:component-id/tests/:cwe
To update Test result via Postman, see following article: How to update a single test result via Postman
Permissions required
- TEST_UPDATE
Setup
For illustration purposes, we use the following Threat Model:
The Project details are as follows:
Project Name: Demo Project
Project Reference (product-id): demo-project
Component: Browser
As an example, we will update the Test result of the Countermeasure "Encrypt data between the client and server/service" to Passed on the Browser component.
Currently, the status is the default "Not Tested":
The Reference ID of this countermeasure (cwe) is shown in the Countermeasure Details pane:
Instructions
1. From a command line session use the following curl command to fetch the details of your project:
curl --location--request GET '{{baseUrl}}' \
--header 'Accept: application/json' \
--header 'Accept: application/json' \
2. From the output, note the component-id ("ref") is preceded by the component name ("name"):
...."components":[{"uuid":"ebcdcae8-713a-4941-aff9-247c66d2b2b3","ref":"c31696ff-e650-489b-803f-d5482a74689d","name":"Browser",....
3. From a command line session use the following curl command to update the Test result of the Countermeasure to "Passed":
curl --location --request PUT '{{baseUrl}}/api/v1/products/demo-project/components/c31696ff-e650-489b-803f-d5482a74689d/tests/CWE-319-TRANSPORT' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'api-token: ********* ' \
--data '{
"state": "passed",
"output": "string"
}'
Note 1:
{{baseUrl}} - this is the url of your IriusRisk instance
********* - this is api token equivalent of your login password.
4. Note the output verifies the update":
5. Note the update in the UI (you may need to refresh the page):
Note 1: Test results status include the following:
failed
error
not-tested
passed
not-applicable
partially-tested
Comments
0 comments
Article is closed for comments.