In this article
- Review of API endpoints required to create an IriusRisk library
- Demonstration of how to input spreadsheet data into those API endpoints
Permissions required
As with any API function, the permissions required to perform the action in the API are the same required from within the UI.
LIBRARY_UPDATE - Allows for managing libraries - creating, editing, viewing, and deleting libraries.
Instructions
1. Required API Endpoints
The following API endpoints and calls are required to create a library. These endpoints and supporting documentation can be found here.
Creates the library - POST {{baseUrl}}/api/v1/libraries
Example using Python -
#import different dependencies that will be needed for this project.
import requests
import json
import pandas as pd
# used to create the data frame to load the variables from excel into the library_creation function
import config
# config is used to import the API key from a separate file
library_endpoint = api_endpoint + "/libraries"
library_ref = library.replace(" ","-")
library_data = json.dumps({
"ref" : f"{library_ref}",
"name" : f"{library}",
"desc" : ""
})
headers = {
"Content-Type": "application/json",
"Accept": "application/json",
"API-token": f"{api_token}"
}
response = requests.post(library_endpoint, headers=headers, data=library_data)
print(response, "Library")
#print(response.text)
Create the risk pattern in a library - POST {{baseUrl}}/api/v1/libraries/:library-id/riskpatterns
Example using Python -
riskpattern_endpoint = api_endpoint + f"/libraries/{library_ref}/riskpatterns"
riskpattern_ref = riskpattern.replace(" ", "")
payload = json.dumps({
"ref": f"{riskpattern_ref}",
"name": f"{riskpattern}",
"desc": "",
#"tags": [
#"string",
#"string"
#]
})
#these headers are going to be reused for many of the following API calls.
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'API-token': f'{api_token}'
}
response = requests.request("POST", riskpattern_endpoint, headers=headers, data=payload)
print(response, "Risk Pattern")
#print(response.text)
Creates the use case in a risk pattern - POST {{baseUrl}}/api/v1/libraries/:library-id/riskpatterns/:risk-pattern-id/usecases
Example using Python -
usecase_endpoint = api_endpoint + f"/libraries/{library_ref}/riskpatterns/{riskpattern_ref}/usecases"
usecase_ref = usecase.replace(" ", "-")
usecase_data = json.dumps({
"ref": f"{usecase_ref}",
"name": f"{usecase}",
"desc": ""
})
response = requests.post(usecase_endpoint, headers=headers, data=usecase_data)
print(response, "Use Case")
Creates a threat within a use case - POST {{baseUrl}}/api/v1/libraries/:library-id/riskpatterns/:risk-pattern-id/usecases/:use-case-id/threats
Example using Python -
threat_endpoint = api_endpoint + f"/libraries/{library_ref}/riskpatterns/{riskpattern_ref}/usecases/{usecase_ref}/threats"
#print(threat_endpoint)
threat_ref = threat.replace(" ", "-")
#the only values accepted for riskRating are "[The only risk rating acceptable values are: none, low, medium, high, very-high]"
threat_data = json.dumps({
"ref": f"{threat_ref}",
"name": f"{threat}",
"desc": f"{threat_desc}",
"riskRating": {
"confidentiality": "high",
"integrity": "high",
"availability": "high",
"easeOfExploitation": "low"
}
})
response = requests.post(threat_endpoint, headers=headers, data=threat_data)
print(response, "Threat")
#print(response.text, "Threat Response")
Creates a weakness within a risk pattern - POST {{baseUrl}}/api/v1/libraries/:library-id/riskpatterns/:risk-pattern-id/weaknesses
Example using Python -
weakness_ref = weakness.replace(" ","-")
weakness_creation_endpoint = api_endpoint + f"/libraries/{library_ref}/riskpatterns/{riskpattern_ref}/weaknesses"
weakness_data = json.dumps({
"ref": f"{weakness_ref}",
"name": f"{weakness}",
"desc": "",
"impact": "medium",
"test": {
"steps": "",
"notes": ""
}
})
response = requests.post(weakness_creation_endpoint, headers=headers, data=weakness_data)
print(response, "Weakness")
Associates the previously created weakness with a specific threat - PUT {{baseUrl}}/api/v1/libraries/:library-id/riskpatterns/:risk-pattern-id/usecases/:use-case-id/threats/:threat-id/weaknesses
Example using Python -
associate_weakness_endpoint = api_endpoint + f"/libraries/{library_ref}/riskpatterns/{riskpattern_ref}/usecases/{usecase_ref}/threats/{threat_ref}/weaknesses"
data = json.dumps({
"ref": f"{weakness_ref}"
})
response = requests.put(associate_weakness_endpoint, headers=headers, data=data)
print(response, "Weakness Associated")
Creates a countermeasure within a risk pattern - POST {{baseUrl}}/api/v1/libraries/:library-id/riskpatterns/:risk-pattern-id/countermeasures
Example using Python -
countermeasure_creation_endpoint = api_endpoint + f"/libraries/{library_ref}/riskpatterns/{riskpattern_ref}/countermeasures"
countermeasure_ref = countermeasure.replace(" ","_")
countermeasure_data = json.dumps({
"ref": f"{countermeasure_ref}",
"name": f"{countermeasure}",
"desc": f"{countermeasure_desc}",
#"mitigation": "",
"test": {
"steps": "",
"notes": ""
},
"state": "required",
"costRating": "medium",
"standards": [
{
"ref": f"{standardref}",
"name": f"{standardname}",
"supportedStandardRef": f"{suppstandref}"
},
]
})
response = requests.post(countermeasure_creation_endpoint,headers=headers, data=countermeasure_data)
print(response, "Countermeasure")
#print(response.text)
Associates a countermeasure with a specific weakness - PUT {{baseUrl}}/api/v1/libraries/:library-id/riskpatterns/:risk-pattern-id/usecases/:use-case-id/threats/:threat-id/weaknesses/:weakness-id/countermeasures
Example using Python -
associate_cm_endpoint = api_endpoint + f"/libraries/{library_ref}/riskpatterns/{riskpattern_ref}/usecases/{usecase_ref}/threats/{threat_ref}/weaknesses/{weakness_ref}/countermeasures"
data = json.dumps({
"ref": f"{countermeasure_ref}"
})
response = requests.put(associate_cm_endpoint, headers=headers, data=data)
print(response, "CM Associated")
#print(response.text)
2. Populate the different variables listed in the f strings above from a spreadsheet.
Create a spreadsheet with the following columns. These columns will correspond to the different variables being called in the library_creation function below.
Column names - library, riskpattern, usecase, threat, threat_desc, weakness, cm, cm_desc, standardref, standardname, supported standardref
Each row in this spreadsheet will be used to input those variables. Additional variables could be added to the above API calls by adding additional f strings and variables the below defined library_creation function.
for index, row in data.iterrows():
counter += 1
#create a spreadsheet with column headers and match those the variables in this script.
library = str(row['Library'])
riskpattern = str(row['Risk Pattern'])
usecase = str(row['Use Case'])
threat = str(row['threat'])
threat_desc = str(row['threat_desc'])
weakness = str(row['weakness'])
countermeasure = str(row['cm'])
countermeasure_desc = str(row['cm_desc'])
standardref = str(row['standardref'])
standardname = str(row['standardname'])
suppstandref = str(row['supported standardref'])
#calls the above example set of API calls using the variable in each row of the spreadsheet and then adds those variables to the following function.
library_creation(library, riskpattern, usecase, threat, threat_desc, weakness, countermeasure, countermeasure_desc, standardref, standardname,suppstandref)
3. Execute this for loop
Executing this for loop adds the variables from the spreadsheet and then using those variables, it will call the library_creation function which executes the API calls mentioned throughout the examples on this page.
If a particular library element already exists, a 400 error will be returned and then the script will continue on to the next API call. This for loop will iterate through the spreadsheet and use each row to run through all of the API calls to create a library.
Comments
0 comments
Article is closed for comments.