├── .github └── ISSUE_TEMPLATE │ ├── api-bug-report.md │ ├── api-feature-request.md │ ├── client--openvulnquery--feature-request.md │ └── client-code-bug-report.md ├── .gitignore ├── LICENSE.md ├── README.md ├── SECURITY.md ├── error_codes.md ├── example_code ├── curl_examples │ ├── README.md │ └── fetch-cvss-psirt.sh ├── go_examples │ ├── README.md │ ├── api │ │ └── swagger.yaml │ ├── api_client.go │ ├── api_response.go │ ├── configuration.go │ ├── default_api.go │ └── docs │ │ └── DefaultApi.md ├── javascript_examples │ ├── README.md │ ├── docs │ │ └── DefaultApi.md │ ├── mocha.opts │ ├── package.json │ ├── src │ │ ├── ApiClient.js │ │ ├── api │ │ │ └── DefaultApi.js │ │ └── index.js │ └── test │ │ └── api │ │ └── DefaultApi.spec.js ├── php_examples │ ├── README.md │ ├── composer.json │ └── vulnapicm.php └── ruby_examples │ ├── Gemfile │ ├── README.md │ ├── Rakefile │ ├── docs │ └── DefaultApi.md │ ├── lib │ ├── swagger_client.rb │ └── swagger_client │ │ ├── api │ │ └── default_api.rb │ │ ├── api_client.rb │ │ ├── api_error.rb │ │ ├── configuration.rb │ │ └── version.rb │ ├── spec │ ├── api │ │ └── default_api_spec.rb │ ├── api_client_spec.rb │ ├── configuration_spec.rb │ └── spec_helper.rb │ └── swagger_client.gemspec ├── openVulnQuery └── README.md └── swagger ├── openVulnAPIOAS_3_0_3.yaml └── openVulnAPISwagger_0_0_5.yaml /.github/ISSUE_TEMPLATE/api-bug-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: API Bug report 3 | about: Create a report to help us improve the actual openVuln API (not the client) 4 | 5 | --- 6 | 7 | **Describe the bug** 8 | A clear and concise description of what the bug is. 9 | 10 | **To Reproduce** 11 | Steps to reproduce the behavior: 12 | 1. Go to '...' 13 | 2. Click on '....' 14 | 3. Scroll down to '....' 15 | 4. See error 16 | 17 | **Expected behavior** 18 | A clear and concise description of what you expected to happen. 19 | 20 | **Screenshots** 21 | If applicable, add screenshots to help explain your problem. 22 | 23 | **Desktop (please complete the following information):** 24 | - OS: [e.g. iOS] 25 | - Browser [e.g. chrome, safari] 26 | - Version [e.g. 22] 27 | 28 | **Smartphone (please complete the following information):** 29 | - Device: [e.g. iPhone6] 30 | - OS: [e.g. iOS8.1] 31 | - Browser [e.g. stock browser, safari] 32 | - Version [e.g. 22] 33 | 34 | **Additional context** 35 | Add any other context about the problem here. 36 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/api-feature-request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: API Feature Request 3 | about: Suggest an enhancement request for the openVuln API 4 | 5 | --- 6 | 7 | **Is your feature request related to a problem? Please describe.** 8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 9 | 10 | **Describe the solution you'd like** 11 | A clear and concise description of what you want to happen. 12 | 13 | **Describe alternatives you've considered** 14 | A clear and concise description of any alternative solutions or features you've considered. 15 | 16 | **Additional context** 17 | Add any other context or screenshots about the feature request here. 18 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/client--openvulnquery--feature-request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Client (openVulnQuery) Feature request 3 | about: Suggest an enhancement request for the openVulnQuery Python client 4 | 5 | --- 6 | 7 | **Is your feature request related to a problem? Please describe.** 8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 9 | 10 | **Describe the solution you'd like** 11 | A clear and concise description of what you want to happen. 12 | 13 | **Describe alternatives you've considered** 14 | A clear and concise description of any alternative solutions or features you've considered. 15 | 16 | **Additional context** 17 | Add any other context or screenshots about the feature request here. 18 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/client-code-bug-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Client Code Bug Report 3 | about: Create a report to help us improve the openVulnQuery Python client 4 | 5 | --- 6 | 7 | **Describe the bug** 8 | A clear and concise description of what the bug is. 9 | 10 | **To Reproduce** 11 | Steps to reproduce the behavior: 12 | 1. Go to '...' 13 | 2. Click on '....' 14 | 3. Scroll down to '....' 15 | 4. See error 16 | 17 | **Expected behavior** 18 | A clear and concise description of what you expected to happen. 19 | 20 | **Screenshots** 21 | If applicable, add screenshots to help explain your problem. 22 | 23 | **Desktop (please complete the following information):** 24 | - OS: [e.g. iOS] 25 | - Browser [e.g. chrome, safari] 26 | - Version [e.g. 22] 27 | 28 | **Smartphone (please complete the following information):** 29 | - Device: [e.g. iPhone6] 30 | - OS: [e.g. iOS8.1] 31 | - Browser [e.g. stock browser, safari] 32 | - Version [e.g. 22] 33 | 34 | **Additional context** 35 | Add any other context about the problem here. 36 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | # Cisco APIs License Terms and Conditions 2 | 3 | The Cisco APIs License Terms and Conditions can be accessed at: 4 | https://developer.cisco.com/site/license/cisco-api-license 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Cisco PSIRT openVuln API 2 | 3 | ## Overview 4 | The [Cisco PSIRT openVuln API](https://developer.cisco.com/psirt/) is a RESTful API that allows customers to obtain Cisco security vulnerability information in different machine-consumable formats. It supports industrywide security standards such as: 5 | * OASIS Common Security Advisory Framework (CSAF) 6 | * Common Vulnerability and Exposure (CVE) identifiers 7 | * Common Weakness Enumerator (CWE) 8 | * Common Vulnerability Scoring System (CVSS) 9 | 10 | **NOTE**: [CSAF](https://csaf.io) is a specification for structured machine-readable vulnerability-related advisories and further refine those standards over time. 11 | 12 | 13 | ## API Documentation 14 | Please refer to the openVuln API documentation and learn how to access it at: 15 | https://developer.cisco.com/psirt 16 | 17 | **NOTE**: The openVuln API is open to registered Cisco customers and partners. 18 | 19 | ## Community-Supported Python-based Client : openVulnQuery 20 | 21 | The open-source community-supported [Python-based API client (openVulnQuery)](https://github.com/CiscoPSIRT/openVulnQuery) can be obtained from: https://github.com/CiscoPSIRT/openVulnQuery 22 | 23 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | To learn about Cisco security vulnerability disclosure policies and publications, access the [Cisco Security Vulnerability Policy](https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html). This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. 4 | 5 | All Cisco Security Advisories are published at: https://www.cisco.com/go/psirt 6 | 7 | ## Reporting a Vulnerability 8 | 9 | Individuals or organizations that are experiencing a product security issue are strongly encouraged to contact the Cisco PSIRT. Cisco welcomes reports from independent researchers, industry organizations, vendors, customers, and other sources concerned with product or network security. The minimal data needed for reporting a security issue is a description of the potential vulnerability. 10 | 11 | Please contact the Cisco PSIRT using one of the following methods. 12 | 13 | ### Emergency Support 14 | - Phone +1 877 228 7302 (toll-free within North America) 15 | - +1 408 525 6532 (International direct-dial) 16 | - Hours 24 hours a day, 7 days a week 17 | 18 | ## Nonemergency Support 19 | - Email psirt@cisco.com 20 | - Hours Support requests that are received via email are typically acknowledged within 48 hours. Ongoing status on reported issues will be determined as needed. 21 | 22 | Cisco encourages the encryption of sensitive information that is sent to Cisco in email messages. The Cisco PSIRT supports encrypted messages via PGP/GNU Privacy Guard (GPG). The Cisco PSIRT public key is available at the following link: https://tools.cisco.com/security/center/resources/security_vulnerability_policy.html#cpsir 23 | 24 | 25 | -------------------------------------------------------------------------------- /error_codes.md: -------------------------------------------------------------------------------- 1 | # Error Codes 2 | ---- 3 | **Resource URIs:** cvrf/advisory/{advisoryId} or /oval/advisory/{advisoryId} 4 | 5 | **Scenario:** If advisoryId is not found 6 | 7 | 8 | 9 | ADVISORYID_NOT_FOUND 10 | Advisory-id not found 11 | 12 | 13 | ---- 14 | **Resource URI:** all 15 | 16 | Scenario: If the extension entered is not a valid extension 17 | 18 | **Note:** This will be common for all resource URIs. 19 | 20 | 21 | 22 | 23 | INVALID_EXTENSION 24 | Not supported extension type. Supported extension types are .json and .xml 25 | 26 | 27 | ---- 28 | **Resource URIs:** all 29 | 30 | **Scenario:** Page index is not a valid index 31 | 32 | Note: This will be common for all resource URIs. 33 | 34 | 35 | 36 | 37 | INVALID_PAGEINDEX 38 | Incorrect page index value 39 | 40 | 41 | ---- 42 | **Resource URIs:** all 43 | 44 | **Scenario:** Page size is not a valid 45 | 46 | **Note:** This will be common for all resource URIs. 47 | 48 | 49 | 50 | 51 | MIN_PAGESIZE , MAX_PAGESIZE 52 | Incorrect page size. Minimum page size value = 1 and Maximum page size = 100 53 | 54 | 55 | ---- 56 | **Resource URIs:** /cvrf/severity/{severity} or /oval/severity/{severity} 57 | 58 | **Scenario:** If the severity (security impact rating) is not found. 59 | 60 | 61 | 62 | NO_DATA_FOUND 63 | No data found 64 | 65 | 66 | ---- 67 | **Resource URIs:** /cvrf/cve/{cveId} or /oval/cve/{cveId} 68 | 69 | **Scenario:** If cve id is not found in database 70 | 71 | 72 | 73 | NO_DATA_FOUND 74 | CVE_ID not found 75 | 76 | 77 | ---- 78 | **Resource URIs:** /cvrf/year/{year} or /oval/year/{year} 79 | 80 | **Scenario:** Year must be between 1995 and current year 81 | 82 | 83 | 84 | INVALID_YEAR 85 | Year should be in range 1995 to current year 86 | 87 | 88 | If no advisory found for given year. 89 | 90 | 91 | 92 | 93 | NO_DATA_FOUND 94 | No data found 95 | 96 | 97 | ---- 98 | **Resource URIs:** /cvrf/latest/{advCount} or /oval/latest/{advCount} 99 | 100 | **Scenario:** If latest count is invalid, it should be between 1 and 100 101 | 102 | 103 | 104 | MIN_ADV_COUNT,MAX_ADV_COUNT 105 | Minimum latest advisories count is 1,Maximum latest advisories count is 100 106 | 107 | 108 | **Scenario:** If latest count is invalid, it should be between 1 and 100 109 | 110 | 111 | 112 | 113 | MIN_ADV_COUNT,MAX_ADV_COUNT 114 | Minimum latest advisories count is 1,Maximum latest advisories count is 100 115 | 116 | -------------------------------------------------------------------------------- /example_code/curl_examples/README.md: -------------------------------------------------------------------------------- 1 | # Example Using curl 2 | The following are step-by-step instructions on how to access the Cisco PSIRT openVuln API. 3 | 4 | ## Step 1 5 | Access the Cisco API console at: https://apiconsole.cisco.com 6 | 7 | ## Step 2 8 | Login with your CCO credentials (login is only available to registered Cisco customers and partners). 9 | 10 | ## Step 3 11 | Register your application and obtain your client credentials. 12 | 13 | ## Step 4 14 | 15 | Once you register your application and obtain your client ID and client secret, the next step is to obtain an authorization token. Authorization tokens in the Cisco PSIRT openVuln API are valid for one (1) hour. The following example demonstrates how to get the token using the curl utility. 16 | 17 | ``` 18 | curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=" -d "client_secret=" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2 19 | ``` 20 | 21 | For example: 22 | ``` 23 | omar@omar:~$ curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=XXXXXXXXXXXXXXXX>" -d "client_secret=XXXXXXXXXXXXXXXX" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2 24 | 25 | {"access_token":"ytuopLCGZxBFN5O0hnL1M2QX2QVp","token_type":"Bearer","expires_in":3599} 26 | ``` 27 | 28 | ## Step 5: 29 | Make API calls to https://api.cisco.com/security/... The following example uses the curl command to retrieve CVRF files for all Cisco Security Advisories. 30 | ``` 31 | curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer ytuopLCGZxBFN5O0hnL1M2QX2QVp" https://api.cisco.com/security/advisories/all 32 | ``` 33 | The following example demonstrates how to obtain the latest 10 advisories: 34 | ``` 35 | curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer ytuopLCGZxBFN5O0hnL1M2QX2QVp" https://api.cisco.com/security/advisories/latest/10 36 | ``` 37 | For more information about the available RESTful resource URIs and the Cisco PSIRT openVuln API visit: https://developer.cisco.com/psirt 38 | -------------------------------------------------------------------------------- /example_code/curl_examples/fetch-cvss-psirt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | CLIENTID="${1}" 4 | CLIENTSECRET="${2}" 5 | 6 | bearertoken="$(curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=${CLIENTID}" -d "client_secret=${CLIENTSECRET}" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2 | cut -f 4 -d "\"")" 7 | printf "bearer token: ${bearertoken}\n" 8 | curl -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer ${bearertoken}" https://api.cisco.com/security/advisories/all | tr "," "\n" | grep -i "cvrf" | cut -f 4 -d "\"" | while read advisoryurl 9 | do 10 | curl "${advisoryurl}" | grep -i "cvss" 11 | done 12 | -------------------------------------------------------------------------------- /example_code/go_examples/README.md: -------------------------------------------------------------------------------- 1 | # Go API client for Cisco PSIRT openVuln API 2 | 3 | The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). 4 | 5 | For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/psirt For detail steps on how to use the API go to: https://developer.cisco.com/psirt This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to receive a client_id and a client_secret. 6 | 7 | To obtain client ID and client secret: 8 | 9 | 1. Visit 10 | 2. Sign In 11 | 3. Select My Applications Tab 12 | 4. Register a New Application by: 13 | 14 | - Entering Application Name 15 | - Under OAuth2.0 Credentials check Client Credentials 16 | - Under Select APIs choose Cisco PSIRT openVuln API 17 | - Agree to the terms and service and click Register 18 | 19 | 5. Take note of the "rate contract" presented like e.g.: 20 | 21 | ``` 22 | Rate Limits 23 | 10 Calls per second 24 | 5,000 Calls per day 25 | ``` 26 | 27 | 6. Note the value of "Client ID" (a string like e.g. 'abc12abcd13abcdefabcde1a') 28 | 7. Note the value of "Client Secret" (a string like e.g. '1a2abcDEfaBcDefAbcDeFA3b') 29 | 30 | 31 | ## Documentation for API Endpoints 32 | 33 | For more information about the openVuln API and how to access it visit: https://developer.cisco.com/psirt 34 | 35 | 36 | ## Documentation For Authorization 37 | 38 | ## psirt_openvuln_api_auth 39 | - **Type**: OAuth 40 | - **Flow**: implicit 41 | - **Authorization URL**: https://cloudsso.cisco.com/as/token.oauth2 42 | - **Scopes**: 43 | - **read:advisories**: read advisories 44 | 45 | Example 46 | ``` 47 | auth := context.WithValue(context.Background(), sw.ContextAccessToken, "ACCESSTOKENSTRING") 48 | r, err := client.Service.Operation(auth, args) 49 | ``` 50 | 51 | Or via OAuth2 module to automatically refresh tokens and perform user authentication. 52 | ``` 53 | import "golang.org/x/oauth2" 54 | 55 | / .. Perform OAuth2 round trip request and obtain a token .. // 56 | 57 | tokenSource := oauth2cfg.TokenSource(createContext(httpClient), &token) 58 | auth := context.WithValue(oauth2.NoContext, sw.ContextOAuth2, tokenSource) 59 | r, err := client.Service.Operation(auth, args) 60 | ``` 61 | -------------------------------------------------------------------------------- /example_code/go_examples/api/swagger.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | swagger: "2.0" 3 | info: 4 | description: "The Cisco Product Security Incident Response Team (PSIRT) openVuln\ 5 | \ API is a RESTful API that allows customers to obtain Cisco Security Vulnerability\ 6 | \ information in different machine-consumable formats. APIs are important for\ 7 | \ customers because they allow their technical staff and programmers to build\ 8 | \ tools that help them do their job more effectively (in this case, to keep up\ 9 | \ with security vulnerability information).\nFor more information about the Cisco\ 10 | \ PSIRT openVuln API visit https://developer.cisco.com/site/PSIRT/discover/overview\n\ 11 | \nFor detail steps on how to use the API go to: https://developer.cisco.com/site/PSIRT/get-started/getting-started.gsp\n\ 12 | \nThis is a beta release of a swagger YAML for the Cisco PSIRT openVuln API\n\n\ 13 | To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com\ 14 | \ and register an application\nto recieve a client_id and a client_secret\n\n\ 15 | You can then get your token using curl or any other method you prefer.\n\n'curl\ 16 | \ -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\"\ 17 | \ -d \"client_secret=\" -d \"grant_type=client_credentials\"\ 18 | \ https://cloudsso.cisco.com/as/token.oauth2'\n\nYou will receive an access token\ 19 | \ as demonstrated in the following example:\n '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\"\ 20 | ,\"token_type\":\"Bearer\",\"expires_in\":3599}'\n\nIn Swagger, click on Change\ 21 | \ Authentication\n\nenter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is\ 22 | \ the token you received)\n\nthen click on \"Try this operation\"\n" 23 | version: "0.0.4" 24 | title: "Cisco PSIRT openVuln API" 25 | contact: 26 | name: "Omar Santos" 27 | email: "os@cisco.com" 28 | host: "api.cisco.com" 29 | schemes: 30 | - "https" 31 | produces: 32 | - "application/json" 33 | paths: 34 | /security/advisories/all: 35 | get: 36 | description: "Used to obtain information about all published security advisories.\ 37 | \ By default the output is in JSON. To obtain the output in XML use the .xml\ 38 | \ extension. For example, /advisories/all.xml\n" 39 | parameters: [] 40 | responses: 41 | 200: 42 | description: "Successful response" 43 | security: 44 | - psirt_openvuln_api_auth: 45 | - "read:advisories" 46 | /security/advisories/cve/{cve_id}: 47 | get: 48 | description: "Used to obtain an advisory using a given Common Vulnerability\ 49 | \ Enumerator (CVE). The `cve_id` format is CVE-YYYY-NNNN. For more information\ 50 | \ about CVE visit http://cve.mitre.org/\n" 51 | parameters: 52 | - name: "cve_id" 53 | in: "path" 54 | description: "CVE Identifier (i.e., CVE-YYYY-NNNN)" 55 | required: true 56 | type: "string" 57 | format: "CVE-YYYY-NNNN" 58 | x-exportParamName: "CveId" 59 | responses: 60 | 200: 61 | description: "Successful response" 62 | security: 63 | - psirt_openvuln_api_auth: 64 | - "read:advisories" 65 | /security/advisories/advisory/{advisory_id}: 66 | get: 67 | description: "Used to obtain an advisory given its advisory ID `advisory_id`\ 68 | \ (i.e., cisco-sa-20180221-ucdm)\n" 69 | parameters: 70 | - name: "advisory_id" 71 | in: "path" 72 | description: "advisory ID" 73 | required: true 74 | type: "string" 75 | format: "cisco-sa-XXX" 76 | x-exportParamName: "AdvisoryId" 77 | responses: 78 | 200: 79 | description: "Successful response" 80 | security: 81 | - psirt_openvuln_api_auth: 82 | - "read:advisories" 83 | /security/advisories/severity/{severity}: 84 | get: 85 | description: "Used to obtain all security advisories for a given security impact\ 86 | \ rating (critical, high, medium, or low).\n" 87 | parameters: 88 | - name: "severity" 89 | in: "path" 90 | description: "Critical, High, Medium, Low" 91 | required: true 92 | type: "string" 93 | format: "enum" 94 | enum: 95 | - "critical" 96 | - "high" 97 | - "medium" 98 | - "low" 99 | x-exportParamName: "Severity" 100 | responses: 101 | 200: 102 | description: "Successful response" 103 | security: 104 | - psirt_openvuln_api_auth: 105 | - "read:advisories" 106 | /security/advisories/severity/{severity}/lastpublished: 107 | get: 108 | description: "Used to obtain all security advisories for a given security impact\ 109 | \ rating (critical, high, medium, or low).\n" 110 | parameters: 111 | - name: "severity" 112 | in: "path" 113 | description: "Used to obtain all advisories that have a security impact rating\ 114 | \ of critical" 115 | required: true 116 | type: "string" 117 | format: "enum" 118 | enum: 119 | - "critical" 120 | - "high" 121 | - "medium" 122 | - "low" 123 | x-exportParamName: "Severity" 124 | - name: "startDate" 125 | in: "query" 126 | required: true 127 | type: "string" 128 | format: "date" 129 | x-exportParamName: "StartDate" 130 | - name: "endDate" 131 | in: "query" 132 | required: true 133 | type: "string" 134 | format: "date" 135 | x-exportParamName: "EndDate" 136 | responses: 137 | 200: 138 | description: "Successful response" 139 | security: 140 | - psirt_openvuln_api_auth: 141 | - "read:advisories" 142 | /security/advisories/severity/{severity}/firstpublished: 143 | get: 144 | description: "Used to obtain all security advisories for a given security impact\ 145 | \ rating (critical, high, medium, or low) and additionally filter based of\ 146 | \ firstpublished start date and enddate.\n" 147 | parameters: 148 | - name: "severity" 149 | in: "path" 150 | description: "Used to obtain all advisories that have a security impact rating\ 151 | \ of critical" 152 | required: true 153 | type: "string" 154 | format: "enum" 155 | enum: 156 | - "critical" 157 | - "high" 158 | - "medium" 159 | - "low" 160 | x-exportParamName: "Severity" 161 | - name: "startDate" 162 | in: "query" 163 | required: true 164 | type: "string" 165 | format: "date" 166 | x-exportParamName: "StartDate" 167 | - name: "endDate" 168 | in: "query" 169 | required: true 170 | type: "string" 171 | format: "date" 172 | x-exportParamName: "EndDate" 173 | responses: 174 | 200: 175 | description: "Successful response" 176 | security: 177 | - psirt_openvuln_api_auth: 178 | - "read:advisories" 179 | /security/advisories/year/{year}: 180 | get: 181 | description: "Used to obtain all security advisories that have were orginally\ 182 | \ published in a specific year `YYYY`.\n" 183 | parameters: 184 | - name: "year" 185 | in: "path" 186 | description: "The four digit year." 187 | required: true 188 | type: "string" 189 | format: "YYYY" 190 | x-exportParamName: "Year" 191 | responses: 192 | 200: 193 | description: "Successful response" 194 | security: 195 | - psirt_openvuln_api_auth: 196 | - "read:advisories" 197 | /security/advisories/latest/{number}: 198 | get: 199 | description: "Used to obtain all the latest security advisories given an absolute\ 200 | \ number. For instance, the latest 10 or latest 5.\n" 201 | parameters: 202 | - name: "number" 203 | in: "path" 204 | description: "An absolute number to obtain the latest security advisories." 205 | required: true 206 | type: "integer" 207 | format: "number" 208 | x-exportParamName: "Number" 209 | responses: 210 | 200: 211 | description: "Successful response" 212 | security: 213 | - psirt_openvuln_api_auth: 214 | - "read:advisories" 215 | /security/advisories/product: 216 | get: 217 | description: "Used to obtain all the advisories that affects the given product\ 218 | \ name.\n" 219 | parameters: 220 | - name: "product" 221 | in: "query" 222 | description: "An product name to obtain security advisories that matches given\ 223 | \ product name." 224 | required: true 225 | type: "string" 226 | format: "string" 227 | x-exportParamName: "Product" 228 | responses: 229 | 200: 230 | description: "Successful response" 231 | security: 232 | - psirt_openvuln_api_auth: 233 | - "read:advisories" 234 | /security/advisories/ios: 235 | get: 236 | description: "Used to obtain all advisories that affects the given ios version\n" 237 | parameters: 238 | - name: "version" 239 | in: "query" 240 | description: "IOS version to obtain security advisories" 241 | required: true 242 | type: "string" 243 | format: "string" 244 | x-exportParamName: "Version" 245 | responses: 246 | 200: 247 | description: "Successful response" 248 | security: 249 | - psirt_openvuln_api_auth: 250 | - "read:advisories" 251 | /security/advisories/iosxe: 252 | get: 253 | description: "Used to obtain all advisories that affects the given ios version\n" 254 | parameters: 255 | - name: "version" 256 | in: "query" 257 | description: "IOS version to obtain security advisories" 258 | required: true 259 | type: "string" 260 | format: "string" 261 | x-exportParamName: "Version" 262 | responses: 263 | 200: 264 | description: "Successful response" 265 | security: 266 | - psirt_openvuln_api_auth: 267 | - "read:advisories" 268 | securityDefinitions: 269 | psirt_openvuln_api_auth: 270 | type: "oauth2" 271 | authorizationUrl: "https://cloudsso.cisco.com/as/token.oauth2" 272 | flow: "implicit" 273 | scopes: 274 | read:advisories: "read advisories" 275 | definitions: {} 276 | -------------------------------------------------------------------------------- /example_code/go_examples/api_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | * Cisco PSIRT openVuln API 3 | * 4 | * The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/site/PSIRT/discover/overview For detail steps on how to use the API go to: https://developer.cisco.com/site/PSIRT/get-started/getting-started.gsp This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to recieve a client_id and a client_secret You can then get your token using curl or any other method you prefer. 'curl -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\" -d \"client_secret=\" -d \"grant_type=client_credentials\" https://cloudsso.cisco.com/as/token.oauth2' You will receive an access token as demonstrated in the following example: '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\",\"token_type\":\"Bearer\",\"expires_in\":3599}' In Swagger, click on Change Authentication enter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is the token you received) then click on \"Try this operation\" 5 | * 6 | * API version: 0.0.4 7 | * Contact: os@cisco.com 8 | */ 9 | 10 | package swagger 11 | 12 | import ( 13 | "bytes" 14 | "encoding/json" 15 | "encoding/xml" 16 | "fmt" 17 | "errors" 18 | "io" 19 | "mime/multipart" 20 | "golang.org/x/oauth2" 21 | "golang.org/x/net/context" 22 | "net/http" 23 | "net/url" 24 | "time" 25 | "os" 26 | "path/filepath" 27 | "reflect" 28 | "regexp" 29 | "strings" 30 | "unicode/utf8" 31 | "strconv" 32 | ) 33 | 34 | var ( 35 | jsonCheck = regexp.MustCompile("(?i:[application|text]/json)") 36 | xmlCheck = regexp.MustCompile("(?i:[application|text]/xml)") 37 | ) 38 | 39 | // APIClient manages communication with the Cisco PSIRT openVuln API API v0.0.4 40 | // In most cases there should be only one, shared, APIClient. 41 | type APIClient struct { 42 | cfg *Configuration 43 | common service // Reuse a single struct instead of allocating one for each service on the heap. 44 | 45 | // API Services 46 | DefaultApi *DefaultApiService 47 | } 48 | 49 | type service struct { 50 | client *APIClient 51 | } 52 | 53 | // NewAPIClient creates a new API client. Requires a userAgent string describing your application. 54 | // optionally a custom http.Client to allow for advanced features such as caching. 55 | func NewAPIClient(cfg *Configuration) *APIClient { 56 | if cfg.HTTPClient == nil { 57 | cfg.HTTPClient = http.DefaultClient 58 | } 59 | 60 | c := &APIClient{} 61 | c.cfg = cfg 62 | c.common.client = c 63 | 64 | // API Services 65 | c.DefaultApi = (*DefaultApiService)(&c.common) 66 | 67 | return c 68 | } 69 | 70 | func atoi(in string) (int, error) { 71 | return strconv.Atoi(in) 72 | } 73 | 74 | 75 | // selectHeaderContentType select a content type from the available list. 76 | func selectHeaderContentType(contentTypes []string) string { 77 | if len(contentTypes) == 0 { 78 | return "" 79 | } 80 | if contains(contentTypes, "application/json") { 81 | return "application/json" 82 | } 83 | return contentTypes[0] // use the first content type specified in 'consumes' 84 | } 85 | 86 | // selectHeaderAccept join all accept types and return 87 | func selectHeaderAccept(accepts []string) string { 88 | if len(accepts) == 0 { 89 | return "" 90 | } 91 | 92 | if contains(accepts, "application/json") { 93 | return "application/json" 94 | } 95 | 96 | return strings.Join(accepts, ",") 97 | } 98 | 99 | // contains is a case insenstive match, finding needle in a haystack 100 | func contains(haystack []string, needle string) bool { 101 | for _, a := range haystack { 102 | if strings.ToLower(a) == strings.ToLower(needle) { 103 | return true 104 | } 105 | } 106 | return false 107 | } 108 | 109 | // Verify optional parameters are of the correct type. 110 | func typeCheckParameter(obj interface{}, expected string, name string) error { 111 | // Make sure there is an object. 112 | if obj == nil { 113 | return nil 114 | } 115 | 116 | // Check the type is as expected. 117 | if reflect.TypeOf(obj).String() != expected { 118 | return fmt.Errorf("Expected %s to be of type %s but received %s.", name, expected, reflect.TypeOf(obj).String()) 119 | } 120 | return nil 121 | } 122 | 123 | // parameterToString convert interface{} parameters to string, using a delimiter if format is provided. 124 | func parameterToString(obj interface{}, collectionFormat string) string { 125 | var delimiter string 126 | 127 | switch collectionFormat { 128 | case "pipes": 129 | delimiter = "|" 130 | case "ssv": 131 | delimiter = " " 132 | case "tsv": 133 | delimiter = "\t" 134 | case "csv": 135 | delimiter = "," 136 | } 137 | 138 | if reflect.TypeOf(obj).Kind() == reflect.Slice { 139 | return strings.Trim(strings.Replace(fmt.Sprint(obj), " ", delimiter, -1), "[]") 140 | } 141 | 142 | return fmt.Sprintf("%v", obj) 143 | } 144 | 145 | // callAPI do the request. 146 | func (c *APIClient) callAPI(request *http.Request) (*http.Response, error) { 147 | return c.cfg.HTTPClient.Do(request) 148 | } 149 | 150 | // Change base path to allow switching to mocks 151 | func (c *APIClient) ChangeBasePath (path string) { 152 | c.cfg.BasePath = path 153 | } 154 | 155 | // prepareRequest build the request 156 | func (c *APIClient) prepareRequest ( 157 | ctx context.Context, 158 | path string, method string, 159 | postBody interface{}, 160 | headerParams map[string]string, 161 | queryParams url.Values, 162 | formParams url.Values, 163 | fileName string, 164 | fileBytes []byte) (localVarRequest *http.Request, err error) { 165 | 166 | var body *bytes.Buffer 167 | 168 | // Detect postBody type and post. 169 | if postBody != nil { 170 | contentType := headerParams["Content-Type"] 171 | if contentType == "" { 172 | contentType = detectContentType(postBody) 173 | headerParams["Content-Type"] = contentType 174 | } 175 | 176 | body, err = setBody(postBody, contentType) 177 | if err != nil { 178 | return nil, err 179 | } 180 | } 181 | 182 | // add form parameters and file if available. 183 | if len(formParams) > 0 || (len(fileBytes) > 0 && fileName != "") { 184 | if body != nil { 185 | return nil, errors.New("Cannot specify postBody and multipart form at the same time.") 186 | } 187 | body = &bytes.Buffer{} 188 | w := multipart.NewWriter(body) 189 | 190 | for k, v := range formParams { 191 | for _, iv := range v { 192 | if strings.HasPrefix(k, "@") { // file 193 | err = addFile(w, k[1:], iv) 194 | if err != nil { 195 | return nil, err 196 | } 197 | } else { // form value 198 | w.WriteField(k, iv) 199 | } 200 | } 201 | } 202 | if len(fileBytes) > 0 && fileName != "" { 203 | w.Boundary() 204 | //_, fileNm := filepath.Split(fileName) 205 | part, err := w.CreateFormFile("file", filepath.Base(fileName)) 206 | if err != nil { 207 | return nil, err 208 | } 209 | _, err = part.Write(fileBytes) 210 | if err != nil { 211 | return nil, err 212 | } 213 | // Set the Boundary in the Content-Type 214 | headerParams["Content-Type"] = w.FormDataContentType() 215 | } 216 | 217 | // Set Content-Length 218 | headerParams["Content-Length"] = fmt.Sprintf("%d", body.Len()) 219 | w.Close() 220 | } 221 | 222 | // Setup path and query parameters 223 | url, err := url.Parse(path) 224 | if err != nil { 225 | return nil, err 226 | } 227 | 228 | // Adding Query Param 229 | query := url.Query() 230 | for k, v := range queryParams { 231 | for _, iv := range v { 232 | query.Add(k, iv) 233 | } 234 | } 235 | 236 | // Encode the parameters. 237 | url.RawQuery = query.Encode() 238 | 239 | // Generate a new request 240 | if body != nil { 241 | localVarRequest, err = http.NewRequest(method, url.String(), body) 242 | } else { 243 | localVarRequest, err = http.NewRequest(method, url.String(), nil) 244 | } 245 | if err != nil { 246 | return nil, err 247 | } 248 | 249 | // add header parameters, if any 250 | if len(headerParams) > 0 { 251 | headers := http.Header{} 252 | for h, v := range headerParams { 253 | headers.Set(h, v) 254 | } 255 | localVarRequest.Header = headers 256 | } 257 | 258 | // Override request host, if applicable 259 | if c.cfg.Host != "" { 260 | localVarRequest.Host = c.cfg.Host 261 | } 262 | 263 | // Add the user agent to the request. 264 | localVarRequest.Header.Add("User-Agent", c.cfg.UserAgent) 265 | 266 | 267 | if ctx != nil { 268 | // add context to the request 269 | localVarRequest = localVarRequest.WithContext(ctx) 270 | 271 | // Walk through any authentication. 272 | 273 | // OAuth2 authentication 274 | if tok, ok := ctx.Value(ContextOAuth2).(oauth2.TokenSource); ok { 275 | // We were able to grab an oauth2 token from the context 276 | var latestToken *oauth2.Token 277 | if latestToken, err = tok.Token(); err != nil { 278 | return nil, err 279 | } 280 | 281 | latestToken.SetAuthHeader(localVarRequest) 282 | } 283 | 284 | // Basic HTTP Authentication 285 | if auth, ok := ctx.Value(ContextBasicAuth).(BasicAuth); ok { 286 | localVarRequest.SetBasicAuth(auth.UserName, auth.Password) 287 | } 288 | 289 | // AccessToken Authentication 290 | if auth, ok := ctx.Value(ContextAccessToken).(string); ok { 291 | localVarRequest.Header.Add("Authorization", "Bearer " + auth) 292 | } 293 | } 294 | 295 | for header, value := range c.cfg.DefaultHeader { 296 | localVarRequest.Header.Add(header, value) 297 | } 298 | 299 | return localVarRequest, nil 300 | } 301 | 302 | 303 | // Add a file to the multipart request 304 | func addFile(w *multipart.Writer, fieldName, path string) error { 305 | file, err := os.Open(path) 306 | if err != nil { 307 | return err 308 | } 309 | defer file.Close() 310 | 311 | part, err := w.CreateFormFile(fieldName, filepath.Base(path)) 312 | if err != nil { 313 | return err 314 | } 315 | _, err = io.Copy(part, file) 316 | 317 | return err 318 | } 319 | 320 | // Prevent trying to import "fmt" 321 | func reportError(format string, a ...interface{}) (error) { 322 | return fmt.Errorf(format, a...) 323 | } 324 | 325 | // Set request body from an interface{} 326 | func setBody(body interface{}, contentType string) (bodyBuf *bytes.Buffer, err error) { 327 | if bodyBuf == nil { 328 | bodyBuf = &bytes.Buffer{} 329 | } 330 | 331 | if reader, ok := body.(io.Reader); ok { 332 | _, err = bodyBuf.ReadFrom(reader) 333 | } else if b, ok := body.([]byte); ok { 334 | _, err = bodyBuf.Write(b) 335 | } else if s, ok := body.(string); ok { 336 | _, err = bodyBuf.WriteString(s) 337 | } else if jsonCheck.MatchString(contentType) { 338 | err = json.NewEncoder(bodyBuf).Encode(body) 339 | } else if xmlCheck.MatchString(contentType) { 340 | xml.NewEncoder(bodyBuf).Encode(body) 341 | } 342 | 343 | if err != nil { 344 | return nil, err 345 | } 346 | 347 | if bodyBuf.Len() == 0 { 348 | err = fmt.Errorf("Invalid body type %s\n", contentType) 349 | return nil, err 350 | } 351 | return bodyBuf, nil 352 | } 353 | 354 | // detectContentType method is used to figure out `Request.Body` content type for request header 355 | func detectContentType(body interface{}) string { 356 | contentType := "text/plain; charset=utf-8" 357 | kind := reflect.TypeOf(body).Kind() 358 | 359 | switch kind { 360 | case reflect.Struct, reflect.Map, reflect.Ptr: 361 | contentType = "application/json; charset=utf-8" 362 | case reflect.String: 363 | contentType = "text/plain; charset=utf-8" 364 | default: 365 | if b, ok := body.([]byte); ok { 366 | contentType = http.DetectContentType(b) 367 | } else if kind == reflect.Slice { 368 | contentType = "application/json; charset=utf-8" 369 | } 370 | } 371 | 372 | return contentType 373 | } 374 | 375 | 376 | // Ripped from https://github.com/gregjones/httpcache/blob/master/httpcache.go 377 | type cacheControl map[string]string 378 | 379 | func parseCacheControl(headers http.Header) cacheControl { 380 | cc := cacheControl{} 381 | ccHeader := headers.Get("Cache-Control") 382 | for _, part := range strings.Split(ccHeader, ",") { 383 | part = strings.Trim(part, " ") 384 | if part == "" { 385 | continue 386 | } 387 | if strings.ContainsRune(part, '=') { 388 | keyval := strings.Split(part, "=") 389 | cc[strings.Trim(keyval[0], " ")] = strings.Trim(keyval[1], ",") 390 | } else { 391 | cc[part] = "" 392 | } 393 | } 394 | return cc 395 | } 396 | 397 | // CacheExpires helper function to determine remaining time before repeating a request. 398 | func CacheExpires(r *http.Response) (time.Time) { 399 | // Figure out when the cache expires. 400 | var expires time.Time 401 | now, err := time.Parse(time.RFC1123, r.Header.Get("date")) 402 | if err != nil { 403 | return time.Now() 404 | } 405 | respCacheControl := parseCacheControl(r.Header) 406 | 407 | if maxAge, ok := respCacheControl["max-age"]; ok { 408 | lifetime, err := time.ParseDuration(maxAge + "s") 409 | if err != nil { 410 | expires = now 411 | } 412 | expires = now.Add(lifetime) 413 | } else { 414 | expiresHeader := r.Header.Get("Expires") 415 | if expiresHeader != "" { 416 | expires, err = time.Parse(time.RFC1123, expiresHeader) 417 | if err != nil { 418 | expires = now 419 | } 420 | } 421 | } 422 | return expires 423 | } 424 | 425 | func strlen(s string) (int) { 426 | return utf8.RuneCountInString(s) 427 | } 428 | -------------------------------------------------------------------------------- /example_code/go_examples/api_response.go: -------------------------------------------------------------------------------- 1 | /* 2 | * Cisco PSIRT openVuln API 3 | * 4 | * The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/site/PSIRT/discover/overview For detail steps on how to use the API go to: https://developer.cisco.com/site/PSIRT/get-started/getting-started.gsp This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to recieve a client_id and a client_secret You can then get your token using curl or any other method you prefer. 'curl -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\" -d \"client_secret=\" -d \"grant_type=client_credentials\" https://cloudsso.cisco.com/as/token.oauth2' You will receive an access token as demonstrated in the following example: '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\",\"token_type\":\"Bearer\",\"expires_in\":3599}' In Swagger, click on Change Authentication enter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is the token you received) then click on \"Try this operation\" 5 | * 6 | * API version: 0.0.4 7 | * Contact: os@cisco.com 8 | */ 9 | 10 | package swagger 11 | 12 | import ( 13 | "net/http" 14 | ) 15 | 16 | type APIResponse struct { 17 | *http.Response `json:"-"` 18 | Message string `json:"message,omitempty"` 19 | // Operation is the name of the swagger operation. 20 | Operation string `json:"operation,omitempty"` 21 | // RequestURL is the request URL. This value is always available, even if the 22 | // embedded *http.Response is nil. 23 | RequestURL string `json:"url,omitempty"` 24 | // Method is the HTTP method used for the request. This value is always 25 | // available, even if the embedded *http.Response is nil. 26 | Method string `json:"method,omitempty"` 27 | // Payload holds the contents of the response body (which may be nil or empty). 28 | // This is provided here as the raw response.Body() reader will have already 29 | // been drained. 30 | Payload []byte `json:"-"` 31 | } 32 | 33 | func NewAPIResponse(r *http.Response) *APIResponse { 34 | 35 | response := &APIResponse{Response: r} 36 | return response 37 | } 38 | 39 | func NewAPIResponseWithError(errorMessage string) *APIResponse { 40 | 41 | response := &APIResponse{Message: errorMessage} 42 | return response 43 | } 44 | -------------------------------------------------------------------------------- /example_code/go_examples/configuration.go: -------------------------------------------------------------------------------- 1 | /* 2 | * Cisco PSIRT openVuln API 3 | * 4 | * The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/site/PSIRT/discover/overview For detail steps on how to use the API go to: https://developer.cisco.com/site/PSIRT/get-started/getting-started.gsp This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to recieve a client_id and a client_secret You can then get your token using curl or any other method you prefer. 'curl -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\" -d \"client_secret=\" -d \"grant_type=client_credentials\" https://cloudsso.cisco.com/as/token.oauth2' You will receive an access token as demonstrated in the following example: '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\",\"token_type\":\"Bearer\",\"expires_in\":3599}' In Swagger, click on Change Authentication enter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is the token you received) then click on \"Try this operation\" 5 | * 6 | * API version: 0.0.4 7 | * Contact: os@cisco.com 8 | */ 9 | 10 | package swagger 11 | 12 | import ( 13 | "net/http" 14 | ) 15 | 16 | // contextKeys are used to identify the type of value in the context. 17 | // Since these are string, it is possible to get a short description of the 18 | // context key for logging and debugging using key.String(). 19 | 20 | type contextKey string 21 | 22 | func (c contextKey) String() string { 23 | return "auth " + string(c) 24 | } 25 | 26 | var ( 27 | // ContextOAuth2 takes a oauth2.TokenSource as authentication for the request. 28 | ContextOAuth2 = contextKey("token") 29 | 30 | // ContextBasicAuth takes BasicAuth as authentication for the request. 31 | ContextBasicAuth = contextKey("basic") 32 | 33 | // ContextAccessToken takes a string oauth2 access token as authentication for the request. 34 | ContextAccessToken = contextKey("accesstoken") 35 | 36 | // ContextAPIKey takes an APIKey as authentication for the request 37 | ContextAPIKey = contextKey("apikey") 38 | ) 39 | 40 | // BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth 41 | type BasicAuth struct { 42 | UserName string `json:"userName,omitempty"` 43 | Password string `json:"password,omitempty"` 44 | } 45 | 46 | // APIKey provides API key based authentication to a request passed via context using ContextAPIKey 47 | type APIKey struct { 48 | Key string 49 | Prefix string 50 | } 51 | 52 | type Configuration struct { 53 | BasePath string `json:"basePath,omitempty"` 54 | Host string `json:"host,omitempty"` 55 | Scheme string `json:"scheme,omitempty"` 56 | DefaultHeader map[string]string `json:"defaultHeader,omitempty"` 57 | UserAgent string `json:"userAgent,omitempty"` 58 | HTTPClient *http.Client 59 | } 60 | 61 | func NewConfiguration() *Configuration { 62 | cfg := &Configuration{ 63 | BasePath: "https://api.cisco.com", 64 | DefaultHeader: make(map[string]string), 65 | UserAgent: "Swagger-Codegen/1.0.0/go", 66 | } 67 | return cfg 68 | } 69 | 70 | func (c *Configuration) AddDefaultHeader(key string, value string) { 71 | c.DefaultHeader[key] = value 72 | } 73 | -------------------------------------------------------------------------------- /example_code/go_examples/docs/DefaultApi.md: -------------------------------------------------------------------------------- 1 | # \DefaultApi 2 | 3 | All URIs are relative to *https://api.cisco.com* 4 | 5 | Method | HTTP request | Description 6 | ------------- | ------------- | ------------- 7 | [**SecurityAdvisoriesAdvisoryAdvisoryIdGet**](DefaultApi.md#SecurityAdvisoriesAdvisoryAdvisoryIdGet) | **Get** /security/advisories/advisory/{advisory_id} | 8 | [**SecurityAdvisoriesAllGet**](DefaultApi.md#SecurityAdvisoriesAllGet) | **Get** /security/advisories/all | 9 | [**SecurityAdvisoriesCveCveIdGet**](DefaultApi.md#SecurityAdvisoriesCveCveIdGet) | **Get** /security/advisories/cve/{cve_id} | 10 | [**SecurityAdvisoriesIosGet**](DefaultApi.md#SecurityAdvisoriesIosGet) | **Get** /security/advisories/ios | 11 | [**SecurityAdvisoriesIosxeGet**](DefaultApi.md#SecurityAdvisoriesIosxeGet) | **Get** /security/advisories/iosxe | 12 | [**SecurityAdvisoriesLatestNumberGet**](DefaultApi.md#SecurityAdvisoriesLatestNumberGet) | **Get** /security/advisories/latest/{number} | 13 | [**SecurityAdvisoriesProductGet**](DefaultApi.md#SecurityAdvisoriesProductGet) | **Get** /security/advisories/product | 14 | [**SecurityAdvisoriesSeveritySeverityFirstpublishedGet**](DefaultApi.md#SecurityAdvisoriesSeveritySeverityFirstpublishedGet) | **Get** /security/advisories/severity/{severity}/firstpublished | 15 | [**SecurityAdvisoriesSeveritySeverityGet**](DefaultApi.md#SecurityAdvisoriesSeveritySeverityGet) | **Get** /security/advisories/severity/{severity} | 16 | [**SecurityAdvisoriesSeveritySeverityLastpublishedGet**](DefaultApi.md#SecurityAdvisoriesSeveritySeverityLastpublishedGet) | **Get** /security/advisories/severity/{severity}/lastpublished | 17 | [**SecurityAdvisoriesYearYearGet**](DefaultApi.md#SecurityAdvisoriesYearYearGet) | **Get** /security/advisories/year/{year} | 18 | 19 | 20 | # **SecurityAdvisoriesAdvisoryAdvisoryIdGet** 21 | > SecurityAdvisoriesAdvisoryAdvisoryIdGet(ctx, advisoryId) 22 | 23 | 24 | Used to obtain an advisory given its advisory ID `advisory_id` (i.e., cisco-sa-20180221-ucdm) 25 | 26 | ### Required Parameters 27 | 28 | Name | Type | Description | Notes 29 | ------------- | ------------- | ------------- | ------------- 30 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 31 | **advisoryId** | **string**| advisory ID | 32 | 33 | ### Return type 34 | 35 | (empty response body) 36 | 37 | ### Authorization 38 | 39 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 40 | 41 | ### HTTP request headers 42 | 43 | - **Content-Type**: Not defined 44 | - **Accept**: application/json 45 | 46 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 47 | 48 | # **SecurityAdvisoriesAllGet** 49 | > SecurityAdvisoriesAllGet(ctx, ) 50 | 51 | 52 | Used to obtain information about all published security advisories. By default the output is in JSON. To obtain the output in XML use the .xml extension. For example, /advisories/all.xml 53 | 54 | ### Required Parameters 55 | This endpoint does not need any parameter. 56 | 57 | ### Return type 58 | 59 | (empty response body) 60 | 61 | ### Authorization 62 | 63 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 64 | 65 | ### HTTP request headers 66 | 67 | - **Content-Type**: Not defined 68 | - **Accept**: application/json 69 | 70 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 71 | 72 | # **SecurityAdvisoriesCveCveIdGet** 73 | > SecurityAdvisoriesCveCveIdGet(ctx, cveId) 74 | 75 | 76 | Used to obtain an advisory using a given Common Vulnerability Enumerator (CVE). The `cve_id` format is CVE-YYYY-NNNN. For more information about CVE visit http://cve.mitre.org/ 77 | 78 | ### Required Parameters 79 | 80 | Name | Type | Description | Notes 81 | ------------- | ------------- | ------------- | ------------- 82 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 83 | **cveId** | **string**| CVE Identifier (i.e., CVE-YYYY-NNNN) | 84 | 85 | ### Return type 86 | 87 | (empty response body) 88 | 89 | ### Authorization 90 | 91 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 92 | 93 | ### HTTP request headers 94 | 95 | - **Content-Type**: Not defined 96 | - **Accept**: application/json 97 | 98 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 99 | 100 | # **SecurityAdvisoriesIosGet** 101 | > SecurityAdvisoriesIosGet(ctx, version) 102 | 103 | 104 | Used to obtain all advisories that affects the given ios version 105 | 106 | ### Required Parameters 107 | 108 | Name | Type | Description | Notes 109 | ------------- | ------------- | ------------- | ------------- 110 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 111 | **version** | **string**| IOS version to obtain security advisories | 112 | 113 | ### Return type 114 | 115 | (empty response body) 116 | 117 | ### Authorization 118 | 119 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 120 | 121 | ### HTTP request headers 122 | 123 | - **Content-Type**: Not defined 124 | - **Accept**: application/json 125 | 126 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 127 | 128 | # **SecurityAdvisoriesIosxeGet** 129 | > SecurityAdvisoriesIosxeGet(ctx, version) 130 | 131 | 132 | Used to obtain all advisories that affects the given ios version 133 | 134 | ### Required Parameters 135 | 136 | Name | Type | Description | Notes 137 | ------------- | ------------- | ------------- | ------------- 138 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 139 | **version** | **string**| IOS version to obtain security advisories | 140 | 141 | ### Return type 142 | 143 | (empty response body) 144 | 145 | ### Authorization 146 | 147 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 148 | 149 | ### HTTP request headers 150 | 151 | - **Content-Type**: Not defined 152 | - **Accept**: application/json 153 | 154 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 155 | 156 | # **SecurityAdvisoriesLatestNumberGet** 157 | > SecurityAdvisoriesLatestNumberGet(ctx, number) 158 | 159 | 160 | Used to obtain all the latest security advisories given an absolute number. For instance, the latest 10 or latest 5. 161 | 162 | ### Required Parameters 163 | 164 | Name | Type | Description | Notes 165 | ------------- | ------------- | ------------- | ------------- 166 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 167 | **number** | **int32**| An absolute number to obtain the latest security advisories. | 168 | 169 | ### Return type 170 | 171 | (empty response body) 172 | 173 | ### Authorization 174 | 175 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 176 | 177 | ### HTTP request headers 178 | 179 | - **Content-Type**: Not defined 180 | - **Accept**: application/json 181 | 182 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 183 | 184 | # **SecurityAdvisoriesProductGet** 185 | > SecurityAdvisoriesProductGet(ctx, product) 186 | 187 | 188 | Used to obtain all the advisories that affects the given product name. 189 | 190 | ### Required Parameters 191 | 192 | Name | Type | Description | Notes 193 | ------------- | ------------- | ------------- | ------------- 194 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 195 | **product** | **string**| An product name to obtain security advisories that matches given product name. | 196 | 197 | ### Return type 198 | 199 | (empty response body) 200 | 201 | ### Authorization 202 | 203 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 204 | 205 | ### HTTP request headers 206 | 207 | - **Content-Type**: Not defined 208 | - **Accept**: application/json 209 | 210 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 211 | 212 | # **SecurityAdvisoriesSeveritySeverityFirstpublishedGet** 213 | > SecurityAdvisoriesSeveritySeverityFirstpublishedGet(ctx, severity, startDate, endDate) 214 | 215 | 216 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low) and additionally filter based of firstpublished start date and enddate. 217 | 218 | ### Required Parameters 219 | 220 | Name | Type | Description | Notes 221 | ------------- | ------------- | ------------- | ------------- 222 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 223 | **severity** | **string**| Used to obtain all advisories that have a security impact rating of critical | 224 | **startDate** | **string**| | 225 | **endDate** | **string**| | 226 | 227 | ### Return type 228 | 229 | (empty response body) 230 | 231 | ### Authorization 232 | 233 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 234 | 235 | ### HTTP request headers 236 | 237 | - **Content-Type**: Not defined 238 | - **Accept**: application/json 239 | 240 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 241 | 242 | # **SecurityAdvisoriesSeveritySeverityGet** 243 | > SecurityAdvisoriesSeveritySeverityGet(ctx, severity) 244 | 245 | 246 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low). 247 | 248 | ### Required Parameters 249 | 250 | Name | Type | Description | Notes 251 | ------------- | ------------- | ------------- | ------------- 252 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 253 | **severity** | **string**| Critical, High, Medium, Low | 254 | 255 | ### Return type 256 | 257 | (empty response body) 258 | 259 | ### Authorization 260 | 261 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 262 | 263 | ### HTTP request headers 264 | 265 | - **Content-Type**: Not defined 266 | - **Accept**: application/json 267 | 268 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 269 | 270 | # **SecurityAdvisoriesSeveritySeverityLastpublishedGet** 271 | > SecurityAdvisoriesSeveritySeverityLastpublishedGet(ctx, severity, startDate, endDate) 272 | 273 | 274 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low). 275 | 276 | ### Required Parameters 277 | 278 | Name | Type | Description | Notes 279 | ------------- | ------------- | ------------- | ------------- 280 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 281 | **severity** | **string**| Used to obtain all advisories that have a security impact rating of critical | 282 | **startDate** | **string**| | 283 | **endDate** | **string**| | 284 | 285 | ### Return type 286 | 287 | (empty response body) 288 | 289 | ### Authorization 290 | 291 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 292 | 293 | ### HTTP request headers 294 | 295 | - **Content-Type**: Not defined 296 | - **Accept**: application/json 297 | 298 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 299 | 300 | # **SecurityAdvisoriesYearYearGet** 301 | > SecurityAdvisoriesYearYearGet(ctx, year) 302 | 303 | 304 | Used to obtain all security advisories that have were orginally published in a specific year `YYYY`. 305 | 306 | ### Required Parameters 307 | 308 | Name | Type | Description | Notes 309 | ------------- | ------------- | ------------- | ------------- 310 | **ctx** | **context.Context** | context for logging, tracing, authentication, etc. 311 | **year** | **string**| The four digit year. | 312 | 313 | ### Return type 314 | 315 | (empty response body) 316 | 317 | ### Authorization 318 | 319 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 320 | 321 | ### HTTP request headers 322 | 323 | - **Content-Type**: Not defined 324 | - **Accept**: application/json 325 | 326 | [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) 327 | -------------------------------------------------------------------------------- /example_code/javascript_examples/README.md: -------------------------------------------------------------------------------- 1 | # cisco_psirt_open_vuln_api 2 | 3 | CiscoPsirtOpenVulnApi - JavaScript client for cisco_psirt_open_vuln_api 4 | The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/psirt 5 | 6 | For detail steps on how to use the API go to: https://developer.cisco.com/psirt This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to receive a client_id and a client_secret . 7 | 8 | 9 | ## Installation 10 | 11 | ### For [Node.js](https://nodejs.org/) 12 | 13 | #### npm 14 | 15 | To publish the library as a [npm](https://www.npmjs.com/), 16 | please follow the procedure in ["Publishing npm packages"](https://docs.npmjs.com/getting-started/publishing-npm-packages). 17 | 18 | Then install it via: 19 | 20 | ```shell 21 | npm install cisco_psirt_open_vuln_api --save 22 | ``` 23 | 24 | ##### Local development 25 | 26 | To use the library locally without publishing to a remote npm registry, first install the dependencies by changing 27 | into the directory containing `package.json` (and this README). Let's call this `JAVASCRIPT_CLIENT_DIR`. Then run: 28 | 29 | ```shell 30 | npm install 31 | ``` 32 | 33 | Next, [link](https://docs.npmjs.com/cli/link) it globally in npm with the following, also from `JAVASCRIPT_CLIENT_DIR`: 34 | 35 | ```shell 36 | npm link 37 | ``` 38 | 39 | Finally, switch to the directory you want to use your cisco_psirt_open_vuln_api from, and run: 40 | 41 | ```shell 42 | npm link /path/to/ 43 | ``` 44 | 45 | You should now be able to `require('cisco_psirt_open_vuln_api')` in javascript files from the directory you ran the last 46 | command above from. 47 | 48 | #### git 49 | # 50 | If the library is hosted at a git repository, e.g. 51 | https://github.com/YOUR_USERNAME/cisco_psirt_open_vuln_api 52 | then install it via: 53 | 54 | ```shell 55 | npm install YOUR_USERNAME/cisco_psirt_open_vuln_api --save 56 | ``` 57 | 58 | ### For browser 59 | 60 | The library also works in the browser environment via npm and [browserify](http://browserify.org/). After following 61 | the above steps with Node.js and installing browserify with `npm install -g browserify`, 62 | perform the following (assuming *main.js* is your entry file, that's to say your javascript file where you actually 63 | use this library): 64 | 65 | ```shell 66 | browserify main.js > bundle.js 67 | ``` 68 | 69 | Then include *bundle.js* in the HTML pages. 70 | 71 | ### Webpack Configuration 72 | 73 | Using Webpack you may encounter the following error: "Module not found: Error: 74 | Cannot resolve module", most certainly you should disable AMD loader. Add/merge 75 | the following section to your webpack config: 76 | 77 | ```javascript 78 | module: { 79 | rules: [ 80 | { 81 | parser: { 82 | amd: false 83 | } 84 | } 85 | ] 86 | } 87 | ``` 88 | 89 | ## Getting Started 90 | 91 | Please follow the [installation](#installation) instruction and execute the following JS code: 92 | 93 | ```javascript 94 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 95 | 96 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 97 | 98 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 99 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 100 | psirt_openvuln_api_auth.accessToken = "YOUR ACCESS TOKEN" 101 | 102 | var api = new CiscoPsirtOpenVulnApi.DefaultApi() 103 | 104 | var advisoryId = "advisoryId_example"; // {String} advisory ID 105 | 106 | 107 | var callback = function(error, data, response) { 108 | if (error) { 109 | console.error(error); 110 | } else { 111 | console.log('API called successfully.'); 112 | } 113 | }; 114 | api.securityAdvisoriesAdvisoryAdvisoryIdGet(advisoryId, callback); 115 | 116 | ``` 117 | 118 | ## Documentation for API Endpoints 119 | 120 | All URIs are relative to *https://api.cisco.com* 121 | 122 | Class | Method | HTTP request | Description 123 | ------------ | ------------- | ------------- | ------------- 124 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesAdvisoryAdvisoryIdGet**](docs/DefaultApi.md#securityAdvisoriesAdvisoryAdvisoryIdGet) | **GET** /security/advisories/advisory/{advisory_id} | 125 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesAllGet**](docs/DefaultApi.md#securityAdvisoriesAllGet) | **GET** /security/advisories/all | 126 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesCveCveIdGet**](docs/DefaultApi.md#securityAdvisoriesCveCveIdGet) | **GET** /security/advisories/cve/{cve_id} | 127 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesIosGet**](docs/DefaultApi.md#securityAdvisoriesIosGet) | **GET** /security/advisories/ios | 128 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesIosxeGet**](docs/DefaultApi.md#securityAdvisoriesIosxeGet) | **GET** /security/advisories/iosxe | 129 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesLatestNumberGet**](docs/DefaultApi.md#securityAdvisoriesLatestNumberGet) | **GET** /security/advisories/latest/{number} | 130 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesProductGet**](docs/DefaultApi.md#securityAdvisoriesProductGet) | **GET** /security/advisories/product | 131 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesSeveritySeverityFirstpublishedGet**](docs/DefaultApi.md#securityAdvisoriesSeveritySeverityFirstpublishedGet) | **GET** /security/advisories/severity/{severity}/firstpublished | 132 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesSeveritySeverityGet**](docs/DefaultApi.md#securityAdvisoriesSeveritySeverityGet) | **GET** /security/advisories/severity/{severity} | 133 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesSeveritySeverityLastpublishedGet**](docs/DefaultApi.md#securityAdvisoriesSeveritySeverityLastpublishedGet) | **GET** /security/advisories/severity/{severity}/lastpublished | 134 | *CiscoPsirtOpenVulnApi.DefaultApi* | [**securityAdvisoriesYearYearGet**](docs/DefaultApi.md#securityAdvisoriesYearYearGet) | **GET** /security/advisories/year/{year} | 135 | 136 | 137 | ## Documentation for Models 138 | 139 | 140 | 141 | ## Documentation for Authorization 142 | 143 | 144 | ### psirt_openvuln_api_auth 145 | 146 | - **Type**: OAuth 147 | - **Flow**: implicit 148 | - **Authorization URL**: https://cloudsso.cisco.com/as/token.oauth2 149 | - **Scopes**: 150 | - read:advisories: read advisories 151 | -------------------------------------------------------------------------------- /example_code/javascript_examples/docs/DefaultApi.md: -------------------------------------------------------------------------------- 1 | # CiscoPsirtOpenVulnApi.DefaultApi 2 | 3 | All URIs are relative to *https://api.cisco.com* 4 | 5 | Method | HTTP request | Description 6 | ------------- | ------------- | ------------- 7 | [**securityAdvisoriesAdvisoryAdvisoryIdGet**](DefaultApi.md#securityAdvisoriesAdvisoryAdvisoryIdGet) | **GET** /security/advisories/advisory/{advisory_id} | 8 | [**securityAdvisoriesAllGet**](DefaultApi.md#securityAdvisoriesAllGet) | **GET** /security/advisories/all | 9 | [**securityAdvisoriesCveCveIdGet**](DefaultApi.md#securityAdvisoriesCveCveIdGet) | **GET** /security/advisories/cve/{cve_id} | 10 | [**securityAdvisoriesIosGet**](DefaultApi.md#securityAdvisoriesIosGet) | **GET** /security/advisories/ios | 11 | [**securityAdvisoriesIosxeGet**](DefaultApi.md#securityAdvisoriesIosxeGet) | **GET** /security/advisories/iosxe | 12 | [**securityAdvisoriesLatestNumberGet**](DefaultApi.md#securityAdvisoriesLatestNumberGet) | **GET** /security/advisories/latest/{number} | 13 | [**securityAdvisoriesProductGet**](DefaultApi.md#securityAdvisoriesProductGet) | **GET** /security/advisories/product | 14 | [**securityAdvisoriesSeveritySeverityFirstpublishedGet**](DefaultApi.md#securityAdvisoriesSeveritySeverityFirstpublishedGet) | **GET** /security/advisories/severity/{severity}/firstpublished | 15 | [**securityAdvisoriesSeveritySeverityGet**](DefaultApi.md#securityAdvisoriesSeveritySeverityGet) | **GET** /security/advisories/severity/{severity} | 16 | [**securityAdvisoriesSeveritySeverityLastpublishedGet**](DefaultApi.md#securityAdvisoriesSeveritySeverityLastpublishedGet) | **GET** /security/advisories/severity/{severity}/lastpublished | 17 | [**securityAdvisoriesYearYearGet**](DefaultApi.md#securityAdvisoriesYearYearGet) | **GET** /security/advisories/year/{year} | 18 | 19 | 20 | 21 | # **securityAdvisoriesAdvisoryAdvisoryIdGet** 22 | > securityAdvisoriesAdvisoryAdvisoryIdGet(advisoryId) 23 | 24 | 25 | 26 | Used to obtain an advisory given its advisory ID `advisory_id` (i.e., cisco-sa-20180221-ucdm) 27 | 28 | ### Example 29 | ```javascript 30 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 31 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 32 | 33 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 34 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 35 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 36 | 37 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 38 | 39 | var advisoryId = "advisoryId_example"; // String | advisory ID 40 | 41 | 42 | var callback = function(error, data, response) { 43 | if (error) { 44 | console.error(error); 45 | } else { 46 | console.log('API called successfully.'); 47 | } 48 | }; 49 | apiInstance.securityAdvisoriesAdvisoryAdvisoryIdGet(advisoryId, callback); 50 | ``` 51 | 52 | ### Parameters 53 | 54 | Name | Type | Description | Notes 55 | ------------- | ------------- | ------------- | ------------- 56 | **advisoryId** | **String**| advisory ID | 57 | 58 | ### Return type 59 | 60 | null (empty response body) 61 | 62 | ### Authorization 63 | 64 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 65 | 66 | ### HTTP request headers 67 | 68 | - **Content-Type**: Not defined 69 | - **Accept**: application/json 70 | 71 | 72 | # **securityAdvisoriesAllGet** 73 | > securityAdvisoriesAllGet() 74 | 75 | 76 | 77 | Used to obtain information about all published security advisories. By default the output is in JSON. To obtain the output in XML use the .xml extension. For example, /advisories/all.xml 78 | 79 | ### Example 80 | ```javascript 81 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 82 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 83 | 84 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 85 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 86 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 87 | 88 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 89 | 90 | var callback = function(error, data, response) { 91 | if (error) { 92 | console.error(error); 93 | } else { 94 | console.log('API called successfully.'); 95 | } 96 | }; 97 | apiInstance.securityAdvisoriesAllGet(callback); 98 | ``` 99 | 100 | ### Parameters 101 | This endpoint does not need any parameter. 102 | 103 | ### Return type 104 | 105 | null (empty response body) 106 | 107 | ### Authorization 108 | 109 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 110 | 111 | ### HTTP request headers 112 | 113 | - **Content-Type**: Not defined 114 | - **Accept**: application/json 115 | 116 | 117 | # **securityAdvisoriesCveCveIdGet** 118 | > securityAdvisoriesCveCveIdGet(cveId) 119 | 120 | 121 | 122 | Used to obtain an advisory using a given Common Vulnerability Enumerator (CVE). The `cve_id` format is CVE-YYYY-NNNN. For more information about CVE visit http://cve.mitre.org/ 123 | 124 | ### Example 125 | ```javascript 126 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 127 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 128 | 129 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 130 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 131 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 132 | 133 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 134 | 135 | var cveId = "cveId_example"; // String | CVE Identifier (i.e., CVE-YYYY-NNNN) 136 | 137 | 138 | var callback = function(error, data, response) { 139 | if (error) { 140 | console.error(error); 141 | } else { 142 | console.log('API called successfully.'); 143 | } 144 | }; 145 | apiInstance.securityAdvisoriesCveCveIdGet(cveId, callback); 146 | ``` 147 | 148 | ### Parameters 149 | 150 | Name | Type | Description | Notes 151 | ------------- | ------------- | ------------- | ------------- 152 | **cveId** | **String**| CVE Identifier (i.e., CVE-YYYY-NNNN) | 153 | 154 | ### Return type 155 | 156 | null (empty response body) 157 | 158 | ### Authorization 159 | 160 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 161 | 162 | ### HTTP request headers 163 | 164 | - **Content-Type**: Not defined 165 | - **Accept**: application/json 166 | 167 | 168 | # **securityAdvisoriesIosGet** 169 | > securityAdvisoriesIosGet(version) 170 | 171 | 172 | 173 | Used to obtain all advisories that affects the given ios version 174 | 175 | ### Example 176 | ```javascript 177 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 178 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 179 | 180 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 181 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 182 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 183 | 184 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 185 | 186 | var version = "version_example"; // String | IOS version to obtain security advisories 187 | 188 | 189 | var callback = function(error, data, response) { 190 | if (error) { 191 | console.error(error); 192 | } else { 193 | console.log('API called successfully.'); 194 | } 195 | }; 196 | apiInstance.securityAdvisoriesIosGet(version, callback); 197 | ``` 198 | 199 | ### Parameters 200 | 201 | Name | Type | Description | Notes 202 | ------------- | ------------- | ------------- | ------------- 203 | **version** | **String**| IOS version to obtain security advisories | 204 | 205 | ### Return type 206 | 207 | null (empty response body) 208 | 209 | ### Authorization 210 | 211 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 212 | 213 | ### HTTP request headers 214 | 215 | - **Content-Type**: Not defined 216 | - **Accept**: application/json 217 | 218 | 219 | # **securityAdvisoriesIosxeGet** 220 | > securityAdvisoriesIosxeGet(version) 221 | 222 | 223 | 224 | Used to obtain all advisories that affects the given ios version 225 | 226 | ### Example 227 | ```javascript 228 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 229 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 230 | 231 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 232 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 233 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 234 | 235 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 236 | 237 | var version = "version_example"; // String | IOS version to obtain security advisories 238 | 239 | 240 | var callback = function(error, data, response) { 241 | if (error) { 242 | console.error(error); 243 | } else { 244 | console.log('API called successfully.'); 245 | } 246 | }; 247 | apiInstance.securityAdvisoriesIosxeGet(version, callback); 248 | ``` 249 | 250 | ### Parameters 251 | 252 | Name | Type | Description | Notes 253 | ------------- | ------------- | ------------- | ------------- 254 | **version** | **String**| IOS version to obtain security advisories | 255 | 256 | ### Return type 257 | 258 | null (empty response body) 259 | 260 | ### Authorization 261 | 262 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 263 | 264 | ### HTTP request headers 265 | 266 | - **Content-Type**: Not defined 267 | - **Accept**: application/json 268 | 269 | 270 | # **securityAdvisoriesLatestNumberGet** 271 | > securityAdvisoriesLatestNumberGet(_number) 272 | 273 | 274 | 275 | Used to obtain all the latest security advisories given an absolute number. For instance, the latest 10 or latest 5. 276 | 277 | ### Example 278 | ```javascript 279 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 280 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 281 | 282 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 283 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 284 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 285 | 286 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 287 | 288 | var _number = 56; // Number | An absolute number to obtain the latest security advisories. 289 | 290 | 291 | var callback = function(error, data, response) { 292 | if (error) { 293 | console.error(error); 294 | } else { 295 | console.log('API called successfully.'); 296 | } 297 | }; 298 | apiInstance.securityAdvisoriesLatestNumberGet(_number, callback); 299 | ``` 300 | 301 | ### Parameters 302 | 303 | Name | Type | Description | Notes 304 | ------------- | ------------- | ------------- | ------------- 305 | **_number** | **Number**| An absolute number to obtain the latest security advisories. | 306 | 307 | ### Return type 308 | 309 | null (empty response body) 310 | 311 | ### Authorization 312 | 313 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 314 | 315 | ### HTTP request headers 316 | 317 | - **Content-Type**: Not defined 318 | - **Accept**: application/json 319 | 320 | 321 | # **securityAdvisoriesProductGet** 322 | > securityAdvisoriesProductGet(product) 323 | 324 | 325 | 326 | Used to obtain all the advisories that affects the given product name. 327 | 328 | ### Example 329 | ```javascript 330 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 331 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 332 | 333 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 334 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 335 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 336 | 337 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 338 | 339 | var product = "product_example"; // String | An product name to obtain security advisories that matches given product name. 340 | 341 | 342 | var callback = function(error, data, response) { 343 | if (error) { 344 | console.error(error); 345 | } else { 346 | console.log('API called successfully.'); 347 | } 348 | }; 349 | apiInstance.securityAdvisoriesProductGet(product, callback); 350 | ``` 351 | 352 | ### Parameters 353 | 354 | Name | Type | Description | Notes 355 | ------------- | ------------- | ------------- | ------------- 356 | **product** | **String**| An product name to obtain security advisories that matches given product name. | 357 | 358 | ### Return type 359 | 360 | null (empty response body) 361 | 362 | ### Authorization 363 | 364 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 365 | 366 | ### HTTP request headers 367 | 368 | - **Content-Type**: Not defined 369 | - **Accept**: application/json 370 | 371 | 372 | # **securityAdvisoriesSeveritySeverityFirstpublishedGet** 373 | > securityAdvisoriesSeveritySeverityFirstpublishedGet(severity, startDate, endDate) 374 | 375 | 376 | 377 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low) and additionally filter based of firstpublished start date and enddate. 378 | 379 | ### Example 380 | ```javascript 381 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 382 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 383 | 384 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 385 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 386 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 387 | 388 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 389 | 390 | var severity = "severity_example"; // String | Used to obtain all advisories that have a security impact rating of critical 391 | 392 | var startDate = new Date("2013-10-20"); // Date | 393 | 394 | var endDate = new Date("2013-10-20"); // Date | 395 | 396 | 397 | var callback = function(error, data, response) { 398 | if (error) { 399 | console.error(error); 400 | } else { 401 | console.log('API called successfully.'); 402 | } 403 | }; 404 | apiInstance.securityAdvisoriesSeveritySeverityFirstpublishedGet(severity, startDate, endDate, callback); 405 | ``` 406 | 407 | ### Parameters 408 | 409 | Name | Type | Description | Notes 410 | ------------- | ------------- | ------------- | ------------- 411 | **severity** | **String**| Used to obtain all advisories that have a security impact rating of critical | 412 | **startDate** | **Date**| | 413 | **endDate** | **Date**| | 414 | 415 | ### Return type 416 | 417 | null (empty response body) 418 | 419 | ### Authorization 420 | 421 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 422 | 423 | ### HTTP request headers 424 | 425 | - **Content-Type**: Not defined 426 | - **Accept**: application/json 427 | 428 | 429 | # **securityAdvisoriesSeveritySeverityGet** 430 | > securityAdvisoriesSeveritySeverityGet(severity) 431 | 432 | 433 | 434 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low). 435 | 436 | ### Example 437 | ```javascript 438 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 439 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 440 | 441 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 442 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 443 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 444 | 445 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 446 | 447 | var severity = "severity_example"; // String | Critical, High, Medium, Low 448 | 449 | 450 | var callback = function(error, data, response) { 451 | if (error) { 452 | console.error(error); 453 | } else { 454 | console.log('API called successfully.'); 455 | } 456 | }; 457 | apiInstance.securityAdvisoriesSeveritySeverityGet(severity, callback); 458 | ``` 459 | 460 | ### Parameters 461 | 462 | Name | Type | Description | Notes 463 | ------------- | ------------- | ------------- | ------------- 464 | **severity** | **String**| Critical, High, Medium, Low | 465 | 466 | ### Return type 467 | 468 | null (empty response body) 469 | 470 | ### Authorization 471 | 472 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 473 | 474 | ### HTTP request headers 475 | 476 | - **Content-Type**: Not defined 477 | - **Accept**: application/json 478 | 479 | 480 | # **securityAdvisoriesSeveritySeverityLastpublishedGet** 481 | > securityAdvisoriesSeveritySeverityLastpublishedGet(severity, startDate, endDate) 482 | 483 | 484 | 485 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low). 486 | 487 | ### Example 488 | ```javascript 489 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 490 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 491 | 492 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 493 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 494 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 495 | 496 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 497 | 498 | var severity = "severity_example"; // String | Used to obtain all advisories that have a security impact rating of critical 499 | 500 | var startDate = new Date("2013-10-20"); // Date | 501 | 502 | var endDate = new Date("2013-10-20"); // Date | 503 | 504 | 505 | var callback = function(error, data, response) { 506 | if (error) { 507 | console.error(error); 508 | } else { 509 | console.log('API called successfully.'); 510 | } 511 | }; 512 | apiInstance.securityAdvisoriesSeveritySeverityLastpublishedGet(severity, startDate, endDate, callback); 513 | ``` 514 | 515 | ### Parameters 516 | 517 | Name | Type | Description | Notes 518 | ------------- | ------------- | ------------- | ------------- 519 | **severity** | **String**| Used to obtain all advisories that have a security impact rating of critical | 520 | **startDate** | **Date**| | 521 | **endDate** | **Date**| | 522 | 523 | ### Return type 524 | 525 | null (empty response body) 526 | 527 | ### Authorization 528 | 529 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 530 | 531 | ### HTTP request headers 532 | 533 | - **Content-Type**: Not defined 534 | - **Accept**: application/json 535 | 536 | 537 | # **securityAdvisoriesYearYearGet** 538 | > securityAdvisoriesYearYearGet(year) 539 | 540 | 541 | 542 | Used to obtain all security advisories that have were orginally published in a specific year `YYYY`. 543 | 544 | ### Example 545 | ```javascript 546 | var CiscoPsirtOpenVulnApi = require('cisco_psirt_open_vuln_api'); 547 | var defaultClient = CiscoPsirtOpenVulnApi.ApiClient.instance; 548 | 549 | // Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 550 | var psirt_openvuln_api_auth = defaultClient.authentications['psirt_openvuln_api_auth']; 551 | psirt_openvuln_api_auth.accessToken = 'YOUR ACCESS TOKEN'; 552 | 553 | var apiInstance = new CiscoPsirtOpenVulnApi.DefaultApi(); 554 | 555 | var year = "year_example"; // String | The four digit year. 556 | 557 | 558 | var callback = function(error, data, response) { 559 | if (error) { 560 | console.error(error); 561 | } else { 562 | console.log('API called successfully.'); 563 | } 564 | }; 565 | apiInstance.securityAdvisoriesYearYearGet(year, callback); 566 | ``` 567 | 568 | ### Parameters 569 | 570 | Name | Type | Description | Notes 571 | ------------- | ------------- | ------------- | ------------- 572 | **year** | **String**| The four digit year. | 573 | 574 | ### Return type 575 | 576 | null (empty response body) 577 | 578 | ### Authorization 579 | 580 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 581 | 582 | ### HTTP request headers 583 | 584 | - **Content-Type**: Not defined 585 | - **Accept**: application/json 586 | 587 | -------------------------------------------------------------------------------- /example_code/javascript_examples/mocha.opts: -------------------------------------------------------------------------------- 1 | --timeout 10000 2 | -------------------------------------------------------------------------------- /example_code/javascript_examples/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cisco_psirt_open_vuln_api", 3 | "version": "0.0.4", 4 | "description": "The_Cisco_Product_Security_Incident_Response_Team__PSIRT_openVuln_API_is_a_RESTful_API_that_allows_customers_to_obtain_Cisco_Security_Vulnerability_information_in_different_machine_consumable_formats__APIs_are_important_for_customers_because_they_allow_their_technical_staff_and_programmers_to_build_tools_that_help_them_do_their_job_more_effectively__in_this_case_to_keep_up_with_security_vulnerability_information_For_more_information_about_the_Cisco_PSIRT_openVuln_API_visit_httpsdeveloper_cisco_compsirtFor_detail_steps_on_how_to_use_the_API_go_to_httpsdeveloper_cisco_compsirtThis_is_a_beta_release_of_a_swagger_YAML_for_the_Cisco_PSIRT_openVuln_APITo_access_the_API_sign_in_with_your_Cisco_CCO_account_at_httpapiconsole_cisco_com_and_register_an_applicationto_recieve_a_client_id_and_a_client_secretYou_can_then_get_your_token_using_curl_or_any_other_method_you_prefer_curl__s__k__H_Content_Type_applicationx_www_form_urlencoded__X_POST__d_client_idyour_client_id__d_client_secretyour_client_secret__d_grant_typeclient_credentials_httpscloudsso_cisco_comastoken_oauth2You_will_receive_an_access_token_as_demonstrated_in_the_following_example_access_tokenI7omWtBDAieSiUX3shOxNJfuy4J6token_typeBearerexpires_in3599In_Swagger_click_on_Change_Authenticationenter_the_text_I7omWtBDAieSiUX3shOxNJfuy4J6__which_is_the_token_you_receivedthen_click_on_Try_this_operation", 5 | "license": "Unlicense", 6 | "main": "src/index.js", 7 | "scripts": { 8 | "test": "./node_modules/mocha/bin/mocha --recursive" 9 | }, 10 | "browser": { 11 | "fs": false 12 | }, 13 | "dependencies": { 14 | "superagent": "~> 3.7.0" 15 | }, 16 | "devDependencies": { 17 | "mocha": "~2.3.4", 18 | "sinon": "1.17.3", 19 | "expect.js": "~0.3.1" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /example_code/javascript_examples/src/ApiClient.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Cisco PSIRT openVuln API 3 | * The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/psirt For detail steps on how to use the API go to: https://developer.cisco.com/psirt This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to recieve a client_id and a client_secret You can then get your token using curl or any other method you prefer. 'curl -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\" -d \"client_secret=\" -d \"grant_type=client_credentials\" https://cloudsso.cisco.com/as/token.oauth2' You will receive an access token as demonstrated in the following example: '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\",\"token_type\":\"Bearer\",\"expires_in\":3599}' In Swagger, click on Change Authentication enter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is the token you received) then click on \"Try this operation\" 4 | * 5 | * OpenAPI spec version: 0.0.4 6 | * Contact: os@cisco.com 7 | * 8 | * NOTE: This class is auto generated by the swagger code generator program. 9 | * https://github.com/swagger-api/swagger-codegen.git 10 | * 11 | * Swagger Codegen version: 2.3.1 12 | * 13 | * Do not edit the class manually. 14 | * 15 | */ 16 | 17 | (function(root, factory) { 18 | if (typeof define === 'function' && define.amd) { 19 | // AMD. Register as an anonymous module. 20 | define(['superagent', 'querystring'], factory); 21 | } else if (typeof module === 'object' && module.exports) { 22 | // CommonJS-like environments that support module.exports, like Node. 23 | module.exports = factory(require('superagent'), require('querystring')); 24 | } else { 25 | // Browser globals (root is window) 26 | if (!root.CiscoPsirtOpenVulnApi) { 27 | root.CiscoPsirtOpenVulnApi = {}; 28 | } 29 | root.CiscoPsirtOpenVulnApi.ApiClient = factory(root.superagent, root.querystring); 30 | } 31 | }(this, function(superagent, querystring) { 32 | 'use strict'; 33 | 34 | /** 35 | * @module ApiClient 36 | * @version 0.0.4 37 | */ 38 | 39 | /** 40 | * Manages low level client-server communications, parameter marshalling, etc. There should not be any need for an 41 | * application to use this class directly - the *Api and model classes provide the public API for the service. The 42 | * contents of this file should be regarded as internal but are documented for completeness. 43 | * @alias module:ApiClient 44 | * @class 45 | */ 46 | var exports = function() { 47 | /** 48 | * The base URL against which to resolve every API call's (relative) path. 49 | * @type {String} 50 | * @default https://api.cisco.com 51 | */ 52 | this.basePath = 'https://api.cisco.com'.replace(/\/+$/, ''); 53 | 54 | /** 55 | * The authentication methods to be included for all API calls. 56 | * @type {Array.} 57 | */ 58 | this.authentications = { 59 | 'psirt_openvuln_api_auth': {type: 'oauth2'} 60 | }; 61 | /** 62 | * The default HTTP headers to be included for all API calls. 63 | * @type {Array.} 64 | * @default {} 65 | */ 66 | this.defaultHeaders = {}; 67 | 68 | /** 69 | * The default HTTP timeout for all API calls. 70 | * @type {Number} 71 | * @default 60000 72 | */ 73 | this.timeout = 60000; 74 | 75 | /** 76 | * If set to false an additional timestamp parameter is added to all API GET calls to 77 | * prevent browser caching 78 | * @type {Boolean} 79 | * @default true 80 | */ 81 | this.cache = true; 82 | 83 | /** 84 | * If set to true, the client will save the cookies from each server 85 | * response, and return them in the next request. 86 | * @default false 87 | */ 88 | this.enableCookies = false; 89 | 90 | /* 91 | * Used to save and return cookies in a node.js (non-browser) setting, 92 | * if this.enableCookies is set to true. 93 | */ 94 | if (typeof window === 'undefined') { 95 | this.agent = new superagent.agent(); 96 | } 97 | 98 | /* 99 | * Allow user to override superagent agent 100 | */ 101 | this.requestAgent = null; 102 | }; 103 | 104 | /** 105 | * Returns a string representation for an actual parameter. 106 | * @param param The actual parameter. 107 | * @returns {String} The string representation of param. 108 | */ 109 | exports.prototype.paramToString = function(param) { 110 | if (param == undefined || param == null) { 111 | return ''; 112 | } 113 | if (param instanceof Date) { 114 | return param.toJSON(); 115 | } 116 | return param.toString(); 117 | }; 118 | 119 | /** 120 | * Builds full URL by appending the given path to the base URL and replacing path parameter place-holders with parameter values. 121 | * NOTE: query parameters are not handled here. 122 | * @param {String} path The path to append to the base URL. 123 | * @param {Object} pathParams The parameter values to append. 124 | * @returns {String} The encoded path with parameter values substituted. 125 | */ 126 | exports.prototype.buildUrl = function(path, pathParams) { 127 | if (!path.match(/^\//)) { 128 | path = '/' + path; 129 | } 130 | var url = this.basePath + path; 131 | var _this = this; 132 | url = url.replace(/\{([\w-]+)\}/g, function(fullMatch, key) { 133 | var value; 134 | if (pathParams.hasOwnProperty(key)) { 135 | value = _this.paramToString(pathParams[key]); 136 | } else { 137 | value = fullMatch; 138 | } 139 | return encodeURIComponent(value); 140 | }); 141 | return url; 142 | }; 143 | 144 | /** 145 | * Checks whether the given content type represents JSON.
146 | * JSON content type examples:
147 | *
    148 | *
  • application/json
    • 149 | *
  • application/json; charset=UTF8
    • 150 | *
  • APPLICATION/JSON
    • 151 | *
152 | * @param {String} contentType The MIME content type to check. 153 | * @returns {Boolean} true if contentType represents JSON, otherwise false. 154 | */ 155 | exports.prototype.isJsonMime = function(contentType) { 156 | return Boolean(contentType != null && contentType.match(/^application\/json(;.*)?$/i)); 157 | }; 158 | 159 | /** 160 | * Chooses a content type from the given array, with JSON preferred; i.e. return JSON if included, otherwise return the first. 161 | * @param {Array.} contentTypes 162 | * @returns {String} The chosen content type, preferring JSON. 163 | */ 164 | exports.prototype.jsonPreferredMime = function(contentTypes) { 165 | for (var i = 0; i < contentTypes.length; i++) { 166 | if (this.isJsonMime(contentTypes[i])) { 167 | return contentTypes[i]; 168 | } 169 | } 170 | return contentTypes[0]; 171 | }; 172 | 173 | /** 174 | * Checks whether the given parameter value represents file-like content. 175 | * @param param The parameter to check. 176 | * @returns {Boolean} true if param represents a file. 177 | */ 178 | exports.prototype.isFileParam = function(param) { 179 | // fs.ReadStream in Node.js and Electron (but not in runtime like browserify) 180 | if (typeof require === 'function') { 181 | var fs; 182 | try { 183 | fs = require('fs'); 184 | } catch (err) {} 185 | if (fs && fs.ReadStream && param instanceof fs.ReadStream) { 186 | return true; 187 | } 188 | } 189 | // Buffer in Node.js 190 | if (typeof Buffer === 'function' && param instanceof Buffer) { 191 | return true; 192 | } 193 | // Blob in browser 194 | if (typeof Blob === 'function' && param instanceof Blob) { 195 | return true; 196 | } 197 | // File in browser (it seems File object is also instance of Blob, but keep this for safe) 198 | if (typeof File === 'function' && param instanceof File) { 199 | return true; 200 | } 201 | return false; 202 | }; 203 | 204 | /** 205 | * Normalizes parameter values: 206 | *
    207 | *
  • remove nils
    • 208 | *
  • keep files and arrays
    • 209 | *
  • format to string with `paramToString` for other cases
    • 210 | *
211 | * @param {Object.} params The parameters as object properties. 212 | * @returns {Object.} normalized parameters. 213 | */ 214 | exports.prototype.normalizeParams = function(params) { 215 | var newParams = {}; 216 | for (var key in params) { 217 | if (params.hasOwnProperty(key) && params[key] != undefined && params[key] != null) { 218 | var value = params[key]; 219 | if (this.isFileParam(value) || Array.isArray(value)) { 220 | newParams[key] = value; 221 | } else { 222 | newParams[key] = this.paramToString(value); 223 | } 224 | } 225 | } 226 | return newParams; 227 | }; 228 | 229 | /** 230 | * Enumeration of collection format separator strategies. 231 | * @enum {String} 232 | * @readonly 233 | */ 234 | exports.CollectionFormatEnum = { 235 | /** 236 | * Comma-separated values. Value: csv 237 | * @const 238 | */ 239 | CSV: ',', 240 | /** 241 | * Space-separated values. Value: ssv 242 | * @const 243 | */ 244 | SSV: ' ', 245 | /** 246 | * Tab-separated values. Value: tsv 247 | * @const 248 | */ 249 | TSV: '\t', 250 | /** 251 | * Pipe(|)-separated values. Value: pipes 252 | * @const 253 | */ 254 | PIPES: '|', 255 | /** 256 | * Native array. Value: multi 257 | * @const 258 | */ 259 | MULTI: 'multi' 260 | }; 261 | 262 | /** 263 | * Builds a string representation of an array-type actual parameter, according to the given collection format. 264 | * @param {Array} param An array parameter. 265 | * @param {module:ApiClient.CollectionFormatEnum} collectionFormat The array element separator strategy. 266 | * @returns {String|Array} A string representation of the supplied collection, using the specified delimiter. Returns 267 | * param as is if collectionFormat is multi. 268 | */ 269 | exports.prototype.buildCollectionParam = function buildCollectionParam(param, collectionFormat) { 270 | if (param == null) { 271 | return null; 272 | } 273 | switch (collectionFormat) { 274 | case 'csv': 275 | return param.map(this.paramToString).join(','); 276 | case 'ssv': 277 | return param.map(this.paramToString).join(' '); 278 | case 'tsv': 279 | return param.map(this.paramToString).join('\t'); 280 | case 'pipes': 281 | return param.map(this.paramToString).join('|'); 282 | case 'multi': 283 | // return the array directly as SuperAgent will handle it as expected 284 | return param.map(this.paramToString); 285 | default: 286 | throw new Error('Unknown collection format: ' + collectionFormat); 287 | } 288 | }; 289 | 290 | /** 291 | * Applies authentication headers to the request. 292 | * @param {Object} request The request object created by a superagent() call. 293 | * @param {Array.} authNames An array of authentication method names. 294 | */ 295 | exports.prototype.applyAuthToRequest = function(request, authNames) { 296 | var _this = this; 297 | authNames.forEach(function(authName) { 298 | var auth = _this.authentications[authName]; 299 | switch (auth.type) { 300 | case 'basic': 301 | if (auth.username || auth.password) { 302 | request.auth(auth.username || '', auth.password || ''); 303 | } 304 | break; 305 | case 'apiKey': 306 | if (auth.apiKey) { 307 | var data = {}; 308 | if (auth.apiKeyPrefix) { 309 | data[auth.name] = auth.apiKeyPrefix + ' ' + auth.apiKey; 310 | } else { 311 | data[auth.name] = auth.apiKey; 312 | } 313 | if (auth['in'] === 'header') { 314 | request.set(data); 315 | } else { 316 | request.query(data); 317 | } 318 | } 319 | break; 320 | case 'oauth2': 321 | if (auth.accessToken) { 322 | request.set({'Authorization': 'Bearer ' + auth.accessToken}); 323 | } 324 | break; 325 | default: 326 | throw new Error('Unknown authentication type: ' + auth.type); 327 | } 328 | }); 329 | }; 330 | 331 | /** 332 | * Deserializes an HTTP response body into a value of the specified type. 333 | * @param {Object} response A SuperAgent response object. 334 | * @param {(String|Array.|Object.|Function)} returnType The type to return. Pass a string for simple types 335 | * or the constructor function for a complex type. Pass an array containing the type name to return an array of that type. To 336 | * return an object, pass an object with one property whose name is the key type and whose value is the corresponding value type: 337 | * all properties on data will be converted to this type. 338 | * @returns A value of the specified type. 339 | */ 340 | exports.prototype.deserialize = function deserialize(response, returnType) { 341 | if (response == null || returnType == null || response.status == 204) { 342 | return null; 343 | } 344 | // Rely on SuperAgent for parsing response body. 345 | // See http://visionmedia.github.io/superagent/#parsing-response-bodies 346 | var data = response.body; 347 | if (data == null || (typeof data === 'object' && typeof data.length === 'undefined' && !Object.keys(data).length)) { 348 | // SuperAgent does not always produce a body; use the unparsed response as a fallback 349 | data = response.text; 350 | } 351 | return exports.convertToType(data, returnType); 352 | }; 353 | 354 | /** 355 | * Callback function to receive the result of the operation. 356 | * @callback module:ApiClient~callApiCallback 357 | * @param {String} error Error message, if any. 358 | * @param data The data returned by the service call. 359 | * @param {String} response The complete HTTP response. 360 | */ 361 | 362 | /** 363 | * Invokes the REST service using the supplied settings and parameters. 364 | * @param {String} path The base URL to invoke. 365 | * @param {String} httpMethod The HTTP method to use. 366 | * @param {Object.} pathParams A map of path parameters and their values. 367 | * @param {Object.} queryParams A map of query parameters and their values. 368 | * @param {Object.} collectionQueryParams A map of collection query parameters and their values. 369 | * @param {Object.} headerParams A map of header parameters and their values. 370 | * @param {Object.} formParams A map of form parameters and their values. 371 | * @param {Object} bodyParam The value to pass as the request body. 372 | * @param {Array.} authNames An array of authentication type names. 373 | * @param {Array.} contentTypes An array of request MIME types. 374 | * @param {Array.} accepts An array of acceptable response MIME types. 375 | * @param {(String|Array|ObjectFunction)} returnType The required type to return; can be a string for simple types or the 376 | * constructor for a complex type. 377 | * @param {module:ApiClient~callApiCallback} callback The callback function. 378 | * @returns {Object} The SuperAgent request object. 379 | */ 380 | exports.prototype.callApi = function callApi(path, httpMethod, pathParams, 381 | queryParams, collectionQueryParams, headerParams, formParams, bodyParam, authNames, contentTypes, accepts, 382 | returnType, callback) { 383 | 384 | var _this = this; 385 | var url = this.buildUrl(path, pathParams); 386 | var request = superagent(httpMethod, url); 387 | 388 | // apply authentications 389 | this.applyAuthToRequest(request, authNames); 390 | 391 | // set collection query parameters 392 | for (var key in collectionQueryParams) { 393 | if (collectionQueryParams.hasOwnProperty(key)) { 394 | var param = collectionQueryParams[key]; 395 | if (param.collectionFormat === 'csv') { 396 | // SuperAgent normally percent-encodes all reserved characters in a query parameter. However, 397 | // commas are used as delimiters for the 'csv' collectionFormat so they must not be encoded. We 398 | // must therefore construct and encode 'csv' collection query parameters manually. 399 | if (param.value != null) { 400 | var value = param.value.map(this.paramToString).map(encodeURIComponent).join(','); 401 | request.query(encodeURIComponent(key) + "=" + value); 402 | } 403 | } else { 404 | // All other collection query parameters should be treated as ordinary query parameters. 405 | queryParams[key] = this.buildCollectionParam(param.value, param.collectionFormat); 406 | } 407 | } 408 | } 409 | 410 | // set query parameters 411 | if (httpMethod.toUpperCase() === 'GET' && this.cache === false) { 412 | queryParams['_'] = new Date().getTime(); 413 | } 414 | request.query(this.normalizeParams(queryParams)); 415 | 416 | // set header parameters 417 | request.set(this.defaultHeaders).set(this.normalizeParams(headerParams)); 418 | 419 | 420 | // set requestAgent if it is set by user 421 | if (this.requestAgent) { 422 | request.agent(this.requestAgent); 423 | } 424 | 425 | // set request timeout 426 | request.timeout(this.timeout); 427 | 428 | var contentType = this.jsonPreferredMime(contentTypes); 429 | if (contentType) { 430 | // Issue with superagent and multipart/form-data (https://github.com/visionmedia/superagent/issues/746) 431 | if(contentType != 'multipart/form-data') { 432 | request.type(contentType); 433 | } 434 | } else if (!request.header['Content-Type']) { 435 | request.type('application/json'); 436 | } 437 | 438 | if (contentType === 'application/x-www-form-urlencoded') { 439 | request.send(querystring.stringify(this.normalizeParams(formParams))); 440 | } else if (contentType == 'multipart/form-data') { 441 | var _formParams = this.normalizeParams(formParams); 442 | for (var key in _formParams) { 443 | if (_formParams.hasOwnProperty(key)) { 444 | if (this.isFileParam(_formParams[key])) { 445 | // file field 446 | request.attach(key, _formParams[key]); 447 | } else { 448 | request.field(key, _formParams[key]); 449 | } 450 | } 451 | } 452 | } else if (bodyParam) { 453 | request.send(bodyParam); 454 | } 455 | 456 | var accept = this.jsonPreferredMime(accepts); 457 | if (accept) { 458 | request.accept(accept); 459 | } 460 | 461 | if (returnType === 'Blob') { 462 | request.responseType('blob'); 463 | } else if (returnType === 'String') { 464 | request.responseType('string'); 465 | } 466 | 467 | // Attach previously saved cookies, if enabled 468 | if (this.enableCookies){ 469 | if (typeof window === 'undefined') { 470 | this.agent.attachCookies(request); 471 | } 472 | else { 473 | request.withCredentials(); 474 | } 475 | } 476 | 477 | 478 | request.end(function(error, response) { 479 | if (callback) { 480 | var data = null; 481 | if (!error) { 482 | try { 483 | data = _this.deserialize(response, returnType); 484 | if (_this.enableCookies && typeof window === 'undefined'){ 485 | _this.agent.saveCookies(response); 486 | } 487 | } catch (err) { 488 | error = err; 489 | } 490 | } 491 | callback(error, data, response); 492 | } 493 | }); 494 | 495 | return request; 496 | }; 497 | 498 | /** 499 | * Parses an ISO-8601 string representation of a date value. 500 | * @param {String} str The date value as a string. 501 | * @returns {Date} The parsed date object. 502 | */ 503 | exports.parseDate = function(str) { 504 | return new Date(str.replace(/T/i, ' ')); 505 | }; 506 | 507 | /** 508 | * Converts a value to the specified type. 509 | * @param {(String|Object)} data The data to convert, as a string or object. 510 | * @param {(String|Array.|Object.|Function)} type The type to return. Pass a string for simple types 511 | * or the constructor function for a complex type. Pass an array containing the type name to return an array of that type. To 512 | * return an object, pass an object with one property whose name is the key type and whose value is the corresponding value type: 513 | * all properties on data will be converted to this type. 514 | * @returns An instance of the specified type or null or undefined if data is null or undefined. 515 | */ 516 | exports.convertToType = function(data, type) { 517 | if (data === null || data === undefined) 518 | return data 519 | 520 | switch (type) { 521 | case 'Boolean': 522 | return Boolean(data); 523 | case 'Integer': 524 | return parseInt(data, 10); 525 | case 'Number': 526 | return parseFloat(data); 527 | case 'String': 528 | return String(data); 529 | case 'Date': 530 | return this.parseDate(String(data)); 531 | case 'Blob': 532 | return data; 533 | default: 534 | if (type === Object) { 535 | // generic object, return directly 536 | return data; 537 | } else if (typeof type === 'function') { 538 | // for model type like: User 539 | return type.constructFromObject(data); 540 | } else if (Array.isArray(type)) { 541 | // for array type like: ['String'] 542 | var itemType = type[0]; 543 | return data.map(function(item) { 544 | return exports.convertToType(item, itemType); 545 | }); 546 | } else if (typeof type === 'object') { 547 | // for plain object type like: {'String': 'Integer'} 548 | var keyType, valueType; 549 | for (var k in type) { 550 | if (type.hasOwnProperty(k)) { 551 | keyType = k; 552 | valueType = type[k]; 553 | break; 554 | } 555 | } 556 | var result = {}; 557 | for (var k in data) { 558 | if (data.hasOwnProperty(k)) { 559 | var key = exports.convertToType(k, keyType); 560 | var value = exports.convertToType(data[k], valueType); 561 | result[key] = value; 562 | } 563 | } 564 | return result; 565 | } else { 566 | // for unknown type, return the data directly 567 | return data; 568 | } 569 | } 570 | }; 571 | 572 | /** 573 | * Constructs a new map or array model from REST data. 574 | * @param data {Object|Array} The REST data. 575 | * @param obj {Object|Array} The target object or array. 576 | */ 577 | exports.constructFromObject = function(data, obj, itemType) { 578 | if (Array.isArray(data)) { 579 | for (var i = 0; i < data.length; i++) { 580 | if (data.hasOwnProperty(i)) 581 | obj[i] = exports.convertToType(data[i], itemType); 582 | } 583 | } else { 584 | for (var k in data) { 585 | if (data.hasOwnProperty(k)) 586 | obj[k] = exports.convertToType(data[k], itemType); 587 | } 588 | } 589 | }; 590 | 591 | /** 592 | * The default API client implementation. 593 | * @type {module:ApiClient} 594 | */ 595 | exports.instance = new exports(); 596 | 597 | return exports; 598 | })); 599 | -------------------------------------------------------------------------------- /example_code/javascript_examples/src/index.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Cisco PSIRT openVuln API 3 | * The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/psirt For detail steps on how to use the API go to: https://developer.cisco.com/psirt This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to recieve a client_id and a client_secret You can then get your token using curl or any other method you prefer. 'curl -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\" -d \"client_secret=\" -d \"grant_type=client_credentials\" https://cloudsso.cisco.com/as/token.oauth2' You will receive an access token as demonstrated in the following example: '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\",\"token_type\":\"Bearer\",\"expires_in\":3599}' In Swagger, click on Change Authentication enter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is the token you received) then click on \"Try this operation\" 4 | * 5 | * OpenAPI spec version: 0.0.4 6 | * Contact: os@cisco.com 7 | * 8 | * NOTE: This class is auto generated by the swagger code generator program. 9 | * https://github.com/swagger-api/swagger-codegen.git 10 | * 11 | * Swagger Codegen version: 2.3.1 12 | * 13 | * Do not edit the class manually. 14 | * 15 | */ 16 | 17 | (function(factory) { 18 | if (typeof define === 'function' && define.amd) { 19 | // AMD. Register as an anonymous module. 20 | define(['ApiClient', 'api/DefaultApi'], factory); 21 | } else if (typeof module === 'object' && module.exports) { 22 | // CommonJS-like environments that support module.exports, like Node. 23 | module.exports = factory(require('./ApiClient'), require('./api/DefaultApi')); 24 | } 25 | }(function(ApiClient, DefaultApi) { 26 | 'use strict'; 27 | 28 | /** 29 | * The_Cisco_Product_Security_Incident_Response_Team__PSIRT_openVuln_API_is_a_RESTful_API_that_allows_customers_to_obtain_Cisco_Security_Vulnerability_information_in_different_machine_consumable_formats__APIs_are_important_for_customers_because_they_allow_their_technical_staff_and_programmers_to_build_tools_that_help_them_do_their_job_more_effectively__in_this_case_to_keep_up_with_security_vulnerability_information_For_more_information_about_the_Cisco_PSIRT_openVuln_API_visit_httpsdeveloper_cisco_compsirtFor_detail_steps_on_how_to_use_the_API_go_to_httpsdeveloper_cisco_compsirtThis_is_a_beta_release_of_a_swagger_YAML_for_the_Cisco_PSIRT_openVuln_APITo_access_the_API_sign_in_with_your_Cisco_CCO_account_at_httpapiconsole_cisco_com_and_register_an_applicationto_recieve_a_client_id_and_a_client_secretYou_can_then_get_your_token_using_curl_or_any_other_method_you_prefer_curl__s__k__H_Content_Type_applicationx_www_form_urlencoded__X_POST__d_client_idyour_client_id__d_client_secretyour_client_secret__d_grant_typeclient_credentials_httpscloudsso_cisco_comastoken_oauth2You_will_receive_an_access_token_as_demonstrated_in_the_following_example_access_tokenI7omWtBDAieSiUX3shOxNJfuy4J6token_typeBearerexpires_in3599In_Swagger_click_on_Change_Authenticationenter_the_text_I7omWtBDAieSiUX3shOxNJfuy4J6__which_is_the_token_you_receivedthen_click_on_Try_this_operation.
30 | * The index module provides access to constructors for all the classes which comprise the public API. 31 | *

32 | * An AMD (recommended!) or CommonJS application will generally do something equivalent to the following: 33 | * 

34 |    * var CiscoPsirtOpenVulnApi = require('index'); // See note below*.
35 |    * var xxxSvc = new CiscoPsirtOpenVulnApi.XxxApi(); // Allocate the API class we're going to use.
36 |    * var yyyModel = new CiscoPsirtOpenVulnApi.Yyy(); // Construct a model instance.
37 |    * yyyModel.someProperty = 'someValue';
38 |    * ...
39 |    * var zzz = xxxSvc.doSomething(yyyModel); // Invoke the service.
40 |    * ...
41 |    *
42 | * *NOTE: For a top-level AMD script, use require(['index'], function(){...}) 43 | * and put the application logic within the callback function. 44 | *

45 | *

46 | * A non-AMD browser application (discouraged) might do something like this: 47 | * 

48 |    * var xxxSvc = new CiscoPsirtOpenVulnApi.XxxApi(); // Allocate the API class we're going to use.
49 |    * var yyy = new CiscoPsirtOpenVulnApi.Yyy(); // Construct a model instance.
50 |    * yyyModel.someProperty = 'someValue';
51 |    * ...
52 |    * var zzz = xxxSvc.doSomething(yyyModel); // Invoke the service.
53 |    * ...
54 |    *
55 | *

56 | * @module index 57 | * @version 0.0.4 58 | */ 59 | var exports = { 60 | /** 61 | * The ApiClient constructor. 62 | * @property {module:ApiClient} 63 | */ 64 | ApiClient: ApiClient, 65 | /** 66 | * The DefaultApi service constructor. 67 | * @property {module:api/DefaultApi} 68 | */ 69 | DefaultApi: DefaultApi 70 | }; 71 | 72 | return exports; 73 | })); 74 | -------------------------------------------------------------------------------- /example_code/javascript_examples/test/api/DefaultApi.spec.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Cisco PSIRT openVuln API 3 | * The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/psirt For detail steps on how to use the API go to: https://developer.cisco.com/psirt This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to recieve a client_id and a client_secret You can then get your token using curl or any other method you prefer. 'curl -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\" -d \"client_secret=\" -d \"grant_type=client_credentials\" https://cloudsso.cisco.com/as/token.oauth2' You will receive an access token as demonstrated in the following example: '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\",\"token_type\":\"Bearer\",\"expires_in\":3599}' In Swagger, click on Change Authentication enter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is the token you received) then click on \"Try this operation\" 4 | * 5 | * OpenAPI spec version: 0.0.4 6 | * Contact: os@cisco.com 7 | * 8 | * NOTE: This class is auto generated by the swagger code generator program. 9 | * https://github.com/swagger-api/swagger-codegen.git 10 | * 11 | * Swagger Codegen version: 2.3.1 12 | * 13 | * Do not edit the class manually. 14 | * 15 | */ 16 | 17 | (function(root, factory) { 18 | if (typeof define === 'function' && define.amd) { 19 | // AMD. 20 | define(['expect.js', '../../src/index'], factory); 21 | } else if (typeof module === 'object' && module.exports) { 22 | // CommonJS-like environments that support module.exports, like Node. 23 | factory(require('expect.js'), require('../../src/index')); 24 | } else { 25 | // Browser globals (root is window) 26 | factory(root.expect, root.CiscoPsirtOpenVulnApi); 27 | } 28 | }(this, function(expect, CiscoPsirtOpenVulnApi) { 29 | 'use strict'; 30 | 31 | var instance; 32 | 33 | beforeEach(function() { 34 | instance = new CiscoPsirtOpenVulnApi.DefaultApi(); 35 | }); 36 | 37 | var getProperty = function(object, getter, property) { 38 | // Use getter method if present; otherwise, get the property directly. 39 | if (typeof object[getter] === 'function') 40 | return object[getter](); 41 | else 42 | return object[property]; 43 | } 44 | 45 | var setProperty = function(object, setter, property, value) { 46 | // Use setter method if present; otherwise, set the property directly. 47 | if (typeof object[setter] === 'function') 48 | object[setter](value); 49 | else 50 | object[property] = value; 51 | } 52 | 53 | describe('DefaultApi', function() { 54 | describe('securityAdvisoriesAdvisoryAdvisoryIdGet', function() { 55 | it('should call securityAdvisoriesAdvisoryAdvisoryIdGet successfully', function(done) { 56 | //uncomment below and update the code to test securityAdvisoriesAdvisoryAdvisoryIdGet 57 | //instance.securityAdvisoriesAdvisoryAdvisoryIdGet(function(error) { 58 | // if (error) throw error; 59 | //expect().to.be(); 60 | //}); 61 | done(); 62 | }); 63 | }); 64 | describe('securityAdvisoriesAllGet', function() { 65 | it('should call securityAdvisoriesAllGet successfully', function(done) { 66 | //uncomment below and update the code to test securityAdvisoriesAllGet 67 | //instance.securityAdvisoriesAllGet(function(error) { 68 | // if (error) throw error; 69 | //expect().to.be(); 70 | //}); 71 | done(); 72 | }); 73 | }); 74 | describe('securityAdvisoriesCveCveIdGet', function() { 75 | it('should call securityAdvisoriesCveCveIdGet successfully', function(done) { 76 | //uncomment below and update the code to test securityAdvisoriesCveCveIdGet 77 | //instance.securityAdvisoriesCveCveIdGet(function(error) { 78 | // if (error) throw error; 79 | //expect().to.be(); 80 | //}); 81 | done(); 82 | }); 83 | }); 84 | describe('securityAdvisoriesIosGet', function() { 85 | it('should call securityAdvisoriesIosGet successfully', function(done) { 86 | //uncomment below and update the code to test securityAdvisoriesIosGet 87 | //instance.securityAdvisoriesIosGet(function(error) { 88 | // if (error) throw error; 89 | //expect().to.be(); 90 | //}); 91 | done(); 92 | }); 93 | }); 94 | describe('securityAdvisoriesIosxeGet', function() { 95 | it('should call securityAdvisoriesIosxeGet successfully', function(done) { 96 | //uncomment below and update the code to test securityAdvisoriesIosxeGet 97 | //instance.securityAdvisoriesIosxeGet(function(error) { 98 | // if (error) throw error; 99 | //expect().to.be(); 100 | //}); 101 | done(); 102 | }); 103 | }); 104 | describe('securityAdvisoriesLatestNumberGet', function() { 105 | it('should call securityAdvisoriesLatestNumberGet successfully', function(done) { 106 | //uncomment below and update the code to test securityAdvisoriesLatestNumberGet 107 | //instance.securityAdvisoriesLatestNumberGet(function(error) { 108 | // if (error) throw error; 109 | //expect().to.be(); 110 | //}); 111 | done(); 112 | }); 113 | }); 114 | describe('securityAdvisoriesProductGet', function() { 115 | it('should call securityAdvisoriesProductGet successfully', function(done) { 116 | //uncomment below and update the code to test securityAdvisoriesProductGet 117 | //instance.securityAdvisoriesProductGet(function(error) { 118 | // if (error) throw error; 119 | //expect().to.be(); 120 | //}); 121 | done(); 122 | }); 123 | }); 124 | describe('securityAdvisoriesSeveritySeverityFirstpublishedGet', function() { 125 | it('should call securityAdvisoriesSeveritySeverityFirstpublishedGet successfully', function(done) { 126 | //uncomment below and update the code to test securityAdvisoriesSeveritySeverityFirstpublishedGet 127 | //instance.securityAdvisoriesSeveritySeverityFirstpublishedGet(function(error) { 128 | // if (error) throw error; 129 | //expect().to.be(); 130 | //}); 131 | done(); 132 | }); 133 | }); 134 | describe('securityAdvisoriesSeveritySeverityGet', function() { 135 | it('should call securityAdvisoriesSeveritySeverityGet successfully', function(done) { 136 | //uncomment below and update the code to test securityAdvisoriesSeveritySeverityGet 137 | //instance.securityAdvisoriesSeveritySeverityGet(function(error) { 138 | // if (error) throw error; 139 | //expect().to.be(); 140 | //}); 141 | done(); 142 | }); 143 | }); 144 | describe('securityAdvisoriesSeveritySeverityLastpublishedGet', function() { 145 | it('should call securityAdvisoriesSeveritySeverityLastpublishedGet successfully', function(done) { 146 | //uncomment below and update the code to test securityAdvisoriesSeveritySeverityLastpublishedGet 147 | //instance.securityAdvisoriesSeveritySeverityLastpublishedGet(function(error) { 148 | // if (error) throw error; 149 | //expect().to.be(); 150 | //}); 151 | done(); 152 | }); 153 | }); 154 | describe('securityAdvisoriesYearYearGet', function() { 155 | it('should call securityAdvisoriesYearYearGet successfully', function(done) { 156 | //uncomment below and update the code to test securityAdvisoriesYearYearGet 157 | //instance.securityAdvisoriesYearYearGet(function(error) { 158 | // if (error) throw error; 159 | //expect().to.be(); 160 | //}); 161 | done(); 162 | }); 163 | }); 164 | }); 165 | 166 | })); 167 | -------------------------------------------------------------------------------- /example_code/php_examples/README.md: -------------------------------------------------------------------------------- 1 | # PHP-based sample clients. 2 | ## vulnapicm.php 3 | vulnapicm.php is a brief example about how to get an access token via Oauth2 and perform a request to one of the APIs from serverside PHP code. A couple of clientside Javascript lines are also used to beautify the json response, but those are not essential to the example. 4 | 5 | vulnapicm.php relies on the thephpleague/[oauth2-client](https://github.com/thephpleague/oauth2-client) library for performing the OAuth2 operations. 6 | In order to deploy thephpleague/oauth2-client in your repository you will have to satisfy all of its dependencies, eg: GuzzleHttp, random-lib, security-lib, etc.. the easiest way to achieve this is to use the [composer](https://getcomposer.org) dependency manager. 7 | 8 | For composer installation instructions please see: 9 | * [Introduction and installation](https://getcomposer.org/doc/00-intro.md) 10 | 11 | and for operation: 12 | * [Basic usage](https://getcomposer.org/doc/01-basic-usage.md) 13 | 14 | in practice once you donwload this folder, thanks to the composer.json file, you will be able to invoke: 15 | ``` 16 | php composer.phar install 17 | ``` 18 | and that should download and install recursively all the dependencies. 19 | 20 | After that please edit vulnapicm.php to setup your 21 | 1. client ID 22 | 2. client secret 23 | 3. your redirect URL 24 | as displayed on the Cisco API Console, and you should be good to go. 25 | 26 | 27 | -------------------------------------------------------------------------------- /example_code/php_examples/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "require": { 3 | "league/oauth2-client": "1.1.*" 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /example_code/php_examples/vulnapicm.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Cisco PSIRT VulnAPI PHP Serverside Access Example 6 | 16 | 17 | 18 |

Cisco PSIRT VulnAPI PHP Serverside Access Example

19 | '', // The client ID assigned to you by the provider 31 | 'clientSecret' => '', // The client password assigned to you by the provider 32 | 'redirectUri' => 'http://myserver.example.com.com/vulnapi/vulnapicm.php', 33 | 'urlAuthorize' => 'https://cloudsso.cisco.com/as/authorization.oauth2', 34 | 'urlAccessToken' => 'https://cloudsso.cisco.com/as/token.oauth2', 35 | 'urlResourceOwnerDetails' => '' 36 | ]); 37 | 38 | // If we don't have an authorization code then get one 39 | if (!isset($_GET['code'])) { 40 | 41 | // Fetch the authorization URL from the provider; this returns the 42 | // urlAuthorize option and generates and applies any necessary parameters 43 | // (e.g. state). 44 | $authorizationUrl = $provider->getAuthorizationUrl(); 45 | 46 | // Get the state generated for you and store it to the session. 47 | $_SESSION['oauth2state'] = $provider->getState(); 48 | 49 | // Redirect the user to the authorization URL. 50 | header('Location: ' . $authorizationUrl); 51 | exit; 52 | 53 | // Check given state against previously stored one to mitigate CSRF attack 54 | } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { 55 | var_dump($_GET['state']); 56 | var_dump($_SESSION['oauth2state']); 57 | unset($_SESSION['oauth2state']); 58 | exit('Invalid state'); 59 | 60 | } else { 61 | 62 | try { 63 | 64 | // Try to get an access token using the authorization code grant. 65 | $accessToken = $provider->getAccessToken('authorization_code', [ 66 | 'code' => $_GET['code'] 67 | ]); 68 | 69 | // We have an access token, which we may use in authenticated 70 | // requests against the service provider's API. 71 | echo "Access Token: ".$accessToken->getToken()."
"; 72 | echo "Refresh Token: ".$accessToken->getRefreshToken()."
"; 73 | echo "Expires: ".$accessToken->getExpires() ."
"; 74 | echo "Has expired: ".($accessToken->hasExpired() ? 'expired' : 'not expired')."
"; 75 | 76 | 77 | // The provider provides a way to get an authenticated API request for 78 | // the service, using the access token; it returns an object conforming 79 | // to Psr\Http\Message\RequestInterface. 80 | $request = $provider->getAuthenticatedRequest( 81 | 'GET', 82 | 'https://api.cisco.com/security/advisories/cvrf/cve/CVE-2012-2486', 83 | $accessToken 84 | ); 85 | 86 | //print var_export($request,true); 87 | 88 | $client = new Client([ 89 | // Base URI is used with relative requests 90 | 'base_uri' => 'https://api.cisco.com', 91 | // You can set any number of default request options. 92 | 'timeout' => 2.0, 93 | ]); 94 | 95 | $response = $client->send($request, ['timeout' => 2]); 96 | 97 | print("

"); 98 | //var_dump($response); 99 | 100 | if( $response->getStatusCode() == 200){ 101 | print("

REQUEST SUCCESSFUL

"); 102 | 103 | print('
'.$response->getBody().'
'); 104 | 105 | } 106 | 107 | 108 | 109 | 110 | } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) { 111 | 112 | // Failed to get the access token or user details. 113 | exit($e->getMessage()); 114 | 115 | } 116 | 117 | } 118 | 119 | ?> 120 | 121 | 122 | 123 | 124 | -------------------------------------------------------------------------------- /example_code/ruby_examples/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gemspec 4 | 5 | group :development, :test do 6 | gem "rake", ">= 12.3.3" 7 | end 8 | -------------------------------------------------------------------------------- /example_code/ruby_examples/README.md: -------------------------------------------------------------------------------- 1 | # swagger_client 2 | 3 | SwaggerClient - the Ruby gem for the Cisco PSIRT openVuln API 4 | 5 | The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/psirt For detail steps on how to use the API go to: https://developer.cisco.com/psirt This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to recieve a client_id and a client_secret You can then get your token using curl or any other method you prefer. 'curl -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\" -d \"client_secret=\" -d \"grant_type=client_credentials\" https://cloudsso.cisco.com/as/token.oauth2' You will receive an access token as demonstrated in the following example: '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\",\"token_type\":\"Bearer\",\"expires_in\":3599}' In Swagger, click on Change Authentication enter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is the token you received) then click on \"Try this operation\" 6 | 7 | This SDK is automatically generated by the [Swagger Codegen](https://github.com/swagger-api/swagger-codegen) project: 8 | 9 | - API version: 0.0.4 10 | - Package version: 1.0.0 11 | - Build package: io.swagger.codegen.languages.RubyClientCodegen 12 | 13 | ## Installation 14 | 15 | ### Build a gem 16 | 17 | To build the Ruby code into a gem: 18 | 19 | ```shell 20 | gem build swagger_client.gemspec 21 | ``` 22 | 23 | Then either install the gem locally: 24 | 25 | ```shell 26 | gem install ./swagger_client-1.0.0.gem 27 | ``` 28 | (for development, run `gem install --dev ./swagger_client-1.0.0.gem` to install the development dependencies) 29 | 30 | or publish the gem to a gem hosting service, e.g. [RubyGems](https://rubygems.org/). 31 | 32 | Finally add this to the Gemfile: 33 | 34 | gem 'swagger_client', '~> 1.0.0' 35 | 36 | ### Install from Git 37 | 38 | If the Ruby gem is hosted at a git repository: https://github.com/YOUR_GIT_USERNAME/YOUR_GIT_REPO, then add the following in the Gemfile: 39 | 40 | gem 'swagger_client', :git => 'https://github.com/YOUR_GIT_USERNAME/YOUR_GIT_REPO.git' 41 | 42 | ### Include the Ruby code directly 43 | 44 | Include the Ruby code directly using `-I` as follows: 45 | 46 | ```shell 47 | ruby -Ilib script.rb 48 | ``` 49 | 50 | ## Getting Started 51 | 52 | Please follow the [installation](#installation) procedure and then run the following code: 53 | ```ruby 54 | # Load the gem 55 | require 'swagger_client' 56 | 57 | # Setup authorization 58 | SwaggerClient.configure do |config| 59 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 60 | config.access_token = 'YOUR ACCESS TOKEN' 61 | end 62 | 63 | api_instance = SwaggerClient::DefaultApi.new 64 | 65 | advisory_id = "advisory_id_example" # String | advisory ID 66 | 67 | 68 | begin 69 | api_instance.security_advisories_advisory_advisory_id_get(advisory_id) 70 | rescue SwaggerClient::ApiError => e 71 | puts "Exception when calling DefaultApi->security_advisories_advisory_advisory_id_get: #{e}" 72 | end 73 | 74 | ``` 75 | 76 | ## Documentation for API Endpoints 77 | 78 | All URIs are relative to *https://api.cisco.com* 79 | 80 | Class | Method | HTTP request | Description 81 | ------------ | ------------- | ------------- | ------------- 82 | *SwaggerClient::DefaultApi* | [**security_advisories_advisory_advisory_id_get**](docs/DefaultApi.md#security_advisories_advisory_advisory_id_get) | **GET** /security/advisories/advisory/{advisory_id} | 83 | *SwaggerClient::DefaultApi* | [**security_advisories_all_get**](docs/DefaultApi.md#security_advisories_all_get) | **GET** /security/advisories/all | 84 | *SwaggerClient::DefaultApi* | [**security_advisories_cve_cve_id_get**](docs/DefaultApi.md#security_advisories_cve_cve_id_get) | **GET** /security/advisories/cve/{cve_id} | 85 | *SwaggerClient::DefaultApi* | [**security_advisories_ios_get**](docs/DefaultApi.md#security_advisories_ios_get) | **GET** /security/advisories/ios | 86 | *SwaggerClient::DefaultApi* | [**security_advisories_iosxe_get**](docs/DefaultApi.md#security_advisories_iosxe_get) | **GET** /security/advisories/iosxe | 87 | *SwaggerClient::DefaultApi* | [**security_advisories_latest_number_get**](docs/DefaultApi.md#security_advisories_latest_number_get) | **GET** /security/advisories/latest/{number} | 88 | *SwaggerClient::DefaultApi* | [**security_advisories_product_get**](docs/DefaultApi.md#security_advisories_product_get) | **GET** /security/advisories/product | 89 | *SwaggerClient::DefaultApi* | [**security_advisories_severity_severity_firstpublished_get**](docs/DefaultApi.md#security_advisories_severity_severity_firstpublished_get) | **GET** /security/advisories/severity/{severity}/firstpublished | 90 | *SwaggerClient::DefaultApi* | [**security_advisories_severity_severity_get**](docs/DefaultApi.md#security_advisories_severity_severity_get) | **GET** /security/advisories/severity/{severity} | 91 | *SwaggerClient::DefaultApi* | [**security_advisories_severity_severity_lastpublished_get**](docs/DefaultApi.md#security_advisories_severity_severity_lastpublished_get) | **GET** /security/advisories/severity/{severity}/lastpublished | 92 | *SwaggerClient::DefaultApi* | [**security_advisories_year_year_get**](docs/DefaultApi.md#security_advisories_year_year_get) | **GET** /security/advisories/year/{year} | 93 | 94 | 95 | ## Documentation for Models 96 | 97 | 98 | 99 | ## Documentation for Authorization 100 | 101 | 102 | ### psirt_openvuln_api_auth 103 | 104 | - **Type**: OAuth 105 | - **Flow**: implicit 106 | - **Authorization URL**: https://cloudsso.cisco.com/as/token.oauth2 107 | - **Scopes**: 108 | - read:advisories: read advisories 109 | 110 | -------------------------------------------------------------------------------- /example_code/ruby_examples/Rakefile: -------------------------------------------------------------------------------- 1 | begin 2 | require 'rspec/core/rake_task' 3 | 4 | RSpec::Core::RakeTask.new(:spec) 5 | task default: :spec 6 | rescue LoadError 7 | # no rspec available 8 | end 9 | -------------------------------------------------------------------------------- /example_code/ruby_examples/docs/DefaultApi.md: -------------------------------------------------------------------------------- 1 | # SwaggerClient::DefaultApi 2 | 3 | All URIs are relative to *https://api.cisco.com* 4 | 5 | Method | HTTP request | Description 6 | ------------- | ------------- | ------------- 7 | [**security_advisories_advisory_advisory_id_get**](DefaultApi.md#security_advisories_advisory_advisory_id_get) | **GET** /security/advisories/advisory/{advisory_id} | 8 | [**security_advisories_all_get**](DefaultApi.md#security_advisories_all_get) | **GET** /security/advisories/all | 9 | [**security_advisories_cve_cve_id_get**](DefaultApi.md#security_advisories_cve_cve_id_get) | **GET** /security/advisories/cve/{cve_id} | 10 | [**security_advisories_ios_get**](DefaultApi.md#security_advisories_ios_get) | **GET** /security/advisories/ios | 11 | [**security_advisories_iosxe_get**](DefaultApi.md#security_advisories_iosxe_get) | **GET** /security/advisories/iosxe | 12 | [**security_advisories_latest_number_get**](DefaultApi.md#security_advisories_latest_number_get) | **GET** /security/advisories/latest/{number} | 13 | [**security_advisories_product_get**](DefaultApi.md#security_advisories_product_get) | **GET** /security/advisories/product | 14 | [**security_advisories_severity_severity_firstpublished_get**](DefaultApi.md#security_advisories_severity_severity_firstpublished_get) | **GET** /security/advisories/severity/{severity}/firstpublished | 15 | [**security_advisories_severity_severity_get**](DefaultApi.md#security_advisories_severity_severity_get) | **GET** /security/advisories/severity/{severity} | 16 | [**security_advisories_severity_severity_lastpublished_get**](DefaultApi.md#security_advisories_severity_severity_lastpublished_get) | **GET** /security/advisories/severity/{severity}/lastpublished | 17 | [**security_advisories_year_year_get**](DefaultApi.md#security_advisories_year_year_get) | **GET** /security/advisories/year/{year} | 18 | 19 | 20 | # **security_advisories_advisory_advisory_id_get** 21 | > security_advisories_advisory_advisory_id_get(advisory_id) 22 | 23 | 24 | 25 | Used to obtain an advisory given its advisory ID `advisory_id` (i.e., cisco-sa-20180221-ucdm) 26 | 27 | ### Example 28 | ```ruby 29 | # load the gem 30 | require 'swagger_client' 31 | # setup authorization 32 | SwaggerClient.configure do |config| 33 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 34 | config.access_token = 'YOUR ACCESS TOKEN' 35 | end 36 | 37 | api_instance = SwaggerClient::DefaultApi.new 38 | 39 | advisory_id = "advisory_id_example" # String | advisory ID 40 | 41 | 42 | begin 43 | api_instance.security_advisories_advisory_advisory_id_get(advisory_id) 44 | rescue SwaggerClient::ApiError => e 45 | puts "Exception when calling DefaultApi->security_advisories_advisory_advisory_id_get: #{e}" 46 | end 47 | ``` 48 | 49 | ### Parameters 50 | 51 | Name | Type | Description | Notes 52 | ------------- | ------------- | ------------- | ------------- 53 | **advisory_id** | **String**| advisory ID | 54 | 55 | ### Return type 56 | 57 | nil (empty response body) 58 | 59 | ### Authorization 60 | 61 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 62 | 63 | ### HTTP request headers 64 | 65 | - **Content-Type**: Not defined 66 | - **Accept**: application/json 67 | 68 | 69 | 70 | # **security_advisories_all_get** 71 | > security_advisories_all_get 72 | 73 | 74 | 75 | Used to obtain information about all published security advisories. By default the output is in JSON. To obtain the output in XML use the .xml extension. For example, /advisories/all.xml 76 | 77 | ### Example 78 | ```ruby 79 | # load the gem 80 | require 'swagger_client' 81 | # setup authorization 82 | SwaggerClient.configure do |config| 83 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 84 | config.access_token = 'YOUR ACCESS TOKEN' 85 | end 86 | 87 | api_instance = SwaggerClient::DefaultApi.new 88 | 89 | begin 90 | api_instance.security_advisories_all_get 91 | rescue SwaggerClient::ApiError => e 92 | puts "Exception when calling DefaultApi->security_advisories_all_get: #{e}" 93 | end 94 | ``` 95 | 96 | ### Parameters 97 | This endpoint does not need any parameter. 98 | 99 | ### Return type 100 | 101 | nil (empty response body) 102 | 103 | ### Authorization 104 | 105 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 106 | 107 | ### HTTP request headers 108 | 109 | - **Content-Type**: Not defined 110 | - **Accept**: application/json 111 | 112 | 113 | 114 | # **security_advisories_cve_cve_id_get** 115 | > security_advisories_cve_cve_id_get(cve_id) 116 | 117 | 118 | 119 | Used to obtain an advisory using a given Common Vulnerability Enumerator (CVE). The `cve_id` format is CVE-YYYY-NNNN. For more information about CVE visit http://cve.mitre.org/ 120 | 121 | ### Example 122 | ```ruby 123 | # load the gem 124 | require 'swagger_client' 125 | # setup authorization 126 | SwaggerClient.configure do |config| 127 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 128 | config.access_token = 'YOUR ACCESS TOKEN' 129 | end 130 | 131 | api_instance = SwaggerClient::DefaultApi.new 132 | 133 | cve_id = "cve_id_example" # String | CVE Identifier (i.e., CVE-YYYY-NNNN) 134 | 135 | 136 | begin 137 | api_instance.security_advisories_cve_cve_id_get(cve_id) 138 | rescue SwaggerClient::ApiError => e 139 | puts "Exception when calling DefaultApi->security_advisories_cve_cve_id_get: #{e}" 140 | end 141 | ``` 142 | 143 | ### Parameters 144 | 145 | Name | Type | Description | Notes 146 | ------------- | ------------- | ------------- | ------------- 147 | **cve_id** | **String**| CVE Identifier (i.e., CVE-YYYY-NNNN) | 148 | 149 | ### Return type 150 | 151 | nil (empty response body) 152 | 153 | ### Authorization 154 | 155 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 156 | 157 | ### HTTP request headers 158 | 159 | - **Content-Type**: Not defined 160 | - **Accept**: application/json 161 | 162 | 163 | 164 | # **security_advisories_ios_get** 165 | > security_advisories_ios_get(version) 166 | 167 | 168 | 169 | Used to obtain all advisories that affects the given ios version 170 | 171 | ### Example 172 | ```ruby 173 | # load the gem 174 | require 'swagger_client' 175 | # setup authorization 176 | SwaggerClient.configure do |config| 177 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 178 | config.access_token = 'YOUR ACCESS TOKEN' 179 | end 180 | 181 | api_instance = SwaggerClient::DefaultApi.new 182 | 183 | version = "version_example" # String | IOS version to obtain security advisories 184 | 185 | 186 | begin 187 | api_instance.security_advisories_ios_get(version) 188 | rescue SwaggerClient::ApiError => e 189 | puts "Exception when calling DefaultApi->security_advisories_ios_get: #{e}" 190 | end 191 | ``` 192 | 193 | ### Parameters 194 | 195 | Name | Type | Description | Notes 196 | ------------- | ------------- | ------------- | ------------- 197 | **version** | **String**| IOS version to obtain security advisories | 198 | 199 | ### Return type 200 | 201 | nil (empty response body) 202 | 203 | ### Authorization 204 | 205 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 206 | 207 | ### HTTP request headers 208 | 209 | - **Content-Type**: Not defined 210 | - **Accept**: application/json 211 | 212 | 213 | 214 | # **security_advisories_iosxe_get** 215 | > security_advisories_iosxe_get(version) 216 | 217 | 218 | 219 | Used to obtain all advisories that affects the given ios version 220 | 221 | ### Example 222 | ```ruby 223 | # load the gem 224 | require 'swagger_client' 225 | # setup authorization 226 | SwaggerClient.configure do |config| 227 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 228 | config.access_token = 'YOUR ACCESS TOKEN' 229 | end 230 | 231 | api_instance = SwaggerClient::DefaultApi.new 232 | 233 | version = "version_example" # String | IOS version to obtain security advisories 234 | 235 | 236 | begin 237 | api_instance.security_advisories_iosxe_get(version) 238 | rescue SwaggerClient::ApiError => e 239 | puts "Exception when calling DefaultApi->security_advisories_iosxe_get: #{e}" 240 | end 241 | ``` 242 | 243 | ### Parameters 244 | 245 | Name | Type | Description | Notes 246 | ------------- | ------------- | ------------- | ------------- 247 | **version** | **String**| IOS version to obtain security advisories | 248 | 249 | ### Return type 250 | 251 | nil (empty response body) 252 | 253 | ### Authorization 254 | 255 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 256 | 257 | ### HTTP request headers 258 | 259 | - **Content-Type**: Not defined 260 | - **Accept**: application/json 261 | 262 | 263 | 264 | # **security_advisories_latest_number_get** 265 | > security_advisories_latest_number_get(number) 266 | 267 | 268 | 269 | Used to obtain all the latest security advisories given an absolute number. For instance, the latest 10 or latest 5. 270 | 271 | ### Example 272 | ```ruby 273 | # load the gem 274 | require 'swagger_client' 275 | # setup authorization 276 | SwaggerClient.configure do |config| 277 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 278 | config.access_token = 'YOUR ACCESS TOKEN' 279 | end 280 | 281 | api_instance = SwaggerClient::DefaultApi.new 282 | 283 | number = 56 # Integer | An absolute number to obtain the latest security advisories. 284 | 285 | 286 | begin 287 | api_instance.security_advisories_latest_number_get(number) 288 | rescue SwaggerClient::ApiError => e 289 | puts "Exception when calling DefaultApi->security_advisories_latest_number_get: #{e}" 290 | end 291 | ``` 292 | 293 | ### Parameters 294 | 295 | Name | Type | Description | Notes 296 | ------------- | ------------- | ------------- | ------------- 297 | **number** | **Integer**| An absolute number to obtain the latest security advisories. | 298 | 299 | ### Return type 300 | 301 | nil (empty response body) 302 | 303 | ### Authorization 304 | 305 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 306 | 307 | ### HTTP request headers 308 | 309 | - **Content-Type**: Not defined 310 | - **Accept**: application/json 311 | 312 | 313 | 314 | # **security_advisories_product_get** 315 | > security_advisories_product_get(product) 316 | 317 | 318 | 319 | Used to obtain all the advisories that affects the given product name. 320 | 321 | ### Example 322 | ```ruby 323 | # load the gem 324 | require 'swagger_client' 325 | # setup authorization 326 | SwaggerClient.configure do |config| 327 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 328 | config.access_token = 'YOUR ACCESS TOKEN' 329 | end 330 | 331 | api_instance = SwaggerClient::DefaultApi.new 332 | 333 | product = "product_example" # String | An product name to obtain security advisories that matches given product name. 334 | 335 | 336 | begin 337 | api_instance.security_advisories_product_get(product) 338 | rescue SwaggerClient::ApiError => e 339 | puts "Exception when calling DefaultApi->security_advisories_product_get: #{e}" 340 | end 341 | ``` 342 | 343 | ### Parameters 344 | 345 | Name | Type | Description | Notes 346 | ------------- | ------------- | ------------- | ------------- 347 | **product** | **String**| An product name to obtain security advisories that matches given product name. | 348 | 349 | ### Return type 350 | 351 | nil (empty response body) 352 | 353 | ### Authorization 354 | 355 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 356 | 357 | ### HTTP request headers 358 | 359 | - **Content-Type**: Not defined 360 | - **Accept**: application/json 361 | 362 | 363 | 364 | # **security_advisories_severity_severity_firstpublished_get** 365 | > security_advisories_severity_severity_firstpublished_get(severity, start_date, end_date) 366 | 367 | 368 | 369 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low) and additionally filter based of firstpublished start date and enddate. 370 | 371 | ### Example 372 | ```ruby 373 | # load the gem 374 | require 'swagger_client' 375 | # setup authorization 376 | SwaggerClient.configure do |config| 377 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 378 | config.access_token = 'YOUR ACCESS TOKEN' 379 | end 380 | 381 | api_instance = SwaggerClient::DefaultApi.new 382 | 383 | severity = "severity_example" # String | Used to obtain all advisories that have a security impact rating of critical 384 | 385 | start_date = Date.parse("2013-10-20") # Date | 386 | 387 | end_date = Date.parse("2013-10-20") # Date | 388 | 389 | 390 | begin 391 | api_instance.security_advisories_severity_severity_firstpublished_get(severity, start_date, end_date) 392 | rescue SwaggerClient::ApiError => e 393 | puts "Exception when calling DefaultApi->security_advisories_severity_severity_firstpublished_get: #{e}" 394 | end 395 | ``` 396 | 397 | ### Parameters 398 | 399 | Name | Type | Description | Notes 400 | ------------- | ------------- | ------------- | ------------- 401 | **severity** | **String**| Used to obtain all advisories that have a security impact rating of critical | 402 | **start_date** | **Date**| | 403 | **end_date** | **Date**| | 404 | 405 | ### Return type 406 | 407 | nil (empty response body) 408 | 409 | ### Authorization 410 | 411 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 412 | 413 | ### HTTP request headers 414 | 415 | - **Content-Type**: Not defined 416 | - **Accept**: application/json 417 | 418 | 419 | 420 | # **security_advisories_severity_severity_get** 421 | > security_advisories_severity_severity_get(severity) 422 | 423 | 424 | 425 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low). 426 | 427 | ### Example 428 | ```ruby 429 | # load the gem 430 | require 'swagger_client' 431 | # setup authorization 432 | SwaggerClient.configure do |config| 433 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 434 | config.access_token = 'YOUR ACCESS TOKEN' 435 | end 436 | 437 | api_instance = SwaggerClient::DefaultApi.new 438 | 439 | severity = "severity_example" # String | Critical, High, Medium, Low 440 | 441 | 442 | begin 443 | api_instance.security_advisories_severity_severity_get(severity) 444 | rescue SwaggerClient::ApiError => e 445 | puts "Exception when calling DefaultApi->security_advisories_severity_severity_get: #{e}" 446 | end 447 | ``` 448 | 449 | ### Parameters 450 | 451 | Name | Type | Description | Notes 452 | ------------- | ------------- | ------------- | ------------- 453 | **severity** | **String**| Critical, High, Medium, Low | 454 | 455 | ### Return type 456 | 457 | nil (empty response body) 458 | 459 | ### Authorization 460 | 461 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 462 | 463 | ### HTTP request headers 464 | 465 | - **Content-Type**: Not defined 466 | - **Accept**: application/json 467 | 468 | 469 | 470 | # **security_advisories_severity_severity_lastpublished_get** 471 | > security_advisories_severity_severity_lastpublished_get(severity, start_date, end_date) 472 | 473 | 474 | 475 | Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low). 476 | 477 | ### Example 478 | ```ruby 479 | # load the gem 480 | require 'swagger_client' 481 | # setup authorization 482 | SwaggerClient.configure do |config| 483 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 484 | config.access_token = 'YOUR ACCESS TOKEN' 485 | end 486 | 487 | api_instance = SwaggerClient::DefaultApi.new 488 | 489 | severity = "severity_example" # String | Used to obtain all advisories that have a security impact rating of critical 490 | 491 | start_date = Date.parse("2013-10-20") # Date | 492 | 493 | end_date = Date.parse("2013-10-20") # Date | 494 | 495 | 496 | begin 497 | api_instance.security_advisories_severity_severity_lastpublished_get(severity, start_date, end_date) 498 | rescue SwaggerClient::ApiError => e 499 | puts "Exception when calling DefaultApi->security_advisories_severity_severity_lastpublished_get: #{e}" 500 | end 501 | ``` 502 | 503 | ### Parameters 504 | 505 | Name | Type | Description | Notes 506 | ------------- | ------------- | ------------- | ------------- 507 | **severity** | **String**| Used to obtain all advisories that have a security impact rating of critical | 508 | **start_date** | **Date**| | 509 | **end_date** | **Date**| | 510 | 511 | ### Return type 512 | 513 | nil (empty response body) 514 | 515 | ### Authorization 516 | 517 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 518 | 519 | ### HTTP request headers 520 | 521 | - **Content-Type**: Not defined 522 | - **Accept**: application/json 523 | 524 | 525 | 526 | # **security_advisories_year_year_get** 527 | > security_advisories_year_year_get(year) 528 | 529 | 530 | 531 | Used to obtain all security advisories that have were orginally published in a specific year `YYYY`. 532 | 533 | ### Example 534 | ```ruby 535 | # load the gem 536 | require 'swagger_client' 537 | # setup authorization 538 | SwaggerClient.configure do |config| 539 | # Configure OAuth2 access token for authorization: psirt_openvuln_api_auth 540 | config.access_token = 'YOUR ACCESS TOKEN' 541 | end 542 | 543 | api_instance = SwaggerClient::DefaultApi.new 544 | 545 | year = "year_example" # String | The four digit year. 546 | 547 | 548 | begin 549 | api_instance.security_advisories_year_year_get(year) 550 | rescue SwaggerClient::ApiError => e 551 | puts "Exception when calling DefaultApi->security_advisories_year_year_get: #{e}" 552 | end 553 | ``` 554 | 555 | ### Parameters 556 | 557 | Name | Type | Description | Notes 558 | ------------- | ------------- | ------------- | ------------- 559 | **year** | **String**| The four digit year. | 560 | 561 | ### Return type 562 | 563 | nil (empty response body) 564 | 565 | ### Authorization 566 | 567 | [psirt_openvuln_api_auth](../README.md#psirt_openvuln_api_auth) 568 | 569 | ### HTTP request headers 570 | 571 | - **Content-Type**: Not defined 572 | - **Accept**: application/json 573 | -------------------------------------------------------------------------------- /example_code/ruby_examples/lib/swagger_client.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | ############################################################################### 3 | # This is an example in Ruby of how you can create different functions 4 | # to query each of the Resource URIs of the openVuln API. 5 | # ** This is just a starting point, you will need to add your own authentication 6 | # information and Authorization tokens 7 | # 8 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 9 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 10 | # Contact: os@cisco.com 11 | 12 | =end 13 | 14 | # Common files 15 | require 'swagger_client/api_client' 16 | require 'swagger_client/api_error' 17 | require 'swagger_client/version' 18 | require 'swagger_client/configuration' 19 | 20 | # Models 21 | 22 | # APIs 23 | require 'swagger_client/api/default_api' 24 | 25 | module SwaggerClient 26 | class << self 27 | # Customize default settings for the SDK using block. 28 | # SwaggerClient.configure do |config| 29 | # config.username = "xxx" 30 | # config.password = "xxx" 31 | # end 32 | # If no block given, return the default Configuration object. 33 | def configure 34 | if block_given? 35 | yield(Configuration.default) 36 | else 37 | Configuration.default 38 | end 39 | end 40 | end 41 | end 42 | -------------------------------------------------------------------------------- /example_code/ruby_examples/lib/swagger_client/api_client.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | ############################################################################### 3 | # This is an example in Ruby of how you can create different functions 4 | # to query each of the Resource URIs of the openVuln API. 5 | # ** This is just a starting point, you will need to add your own authentication 6 | # information and Authorization tokens 7 | # 8 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 9 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 10 | ############################################################################### 11 | 12 | =end 13 | 14 | require 'date' 15 | require 'json' 16 | require 'logger' 17 | require 'tempfile' 18 | require 'typhoeus' 19 | require 'uri' 20 | 21 | module SwaggerClient 22 | class ApiClient 23 | # The Configuration object holding settings to be used in the API client. 24 | attr_accessor :config 25 | 26 | # Defines the headers to be used in HTTP requests of all API calls by default. 27 | # 28 | # @return [Hash] 29 | attr_accessor :default_headers 30 | 31 | # Initializes the ApiClient 32 | # @option config [Configuration] Configuration for initializing the object, default to Configuration.default 33 | def initialize(config = Configuration.default) 34 | @config = config 35 | @user_agent = "Swagger-Codegen/#{VERSION}/ruby" 36 | @default_headers = { 37 | 'Content-Type' => "application/json", 38 | 'User-Agent' => @user_agent 39 | } 40 | end 41 | 42 | def self.default 43 | @@default ||= ApiClient.new 44 | end 45 | 46 | # Call an API with given options. 47 | # 48 | # @return [Array<(Object, Fixnum, Hash)>] an array of 3 elements: 49 | # the data deserialized from response body (could be nil), response status code and response headers. 50 | def call_api(http_method, path, opts = {}) 51 | request = build_request(http_method, path, opts) 52 | response = request.run 53 | 54 | if @config.debugging 55 | @config.logger.debug "HTTP response body ~BEGIN~\n#{response.body}\n~END~\n" 56 | end 57 | 58 | unless response.success? 59 | if response.timed_out? 60 | fail ApiError.new('Connection timed out') 61 | elsif response.code == 0 62 | # Errors from libcurl will be made visible here 63 | fail ApiError.new(:code => 0, 64 | :message => response.return_message) 65 | else 66 | fail ApiError.new(:code => response.code, 67 | :response_headers => response.headers, 68 | :response_body => response.body), 69 | response.status_message 70 | end 71 | end 72 | 73 | if opts[:return_type] 74 | data = deserialize(response, opts[:return_type]) 75 | else 76 | data = nil 77 | end 78 | return data, response.code, response.headers 79 | end 80 | 81 | # Builds the HTTP request 82 | # 83 | # @param [String] http_method HTTP method/verb (e.g. POST) 84 | # @param [String] path URL path (e.g. /account/new) 85 | # @option opts [Hash] :header_params Header parameters 86 | # @option opts [Hash] :query_params Query parameters 87 | # @option opts [Hash] :form_params Query parameters 88 | # @option opts [Object] :body HTTP body (JSON/XML) 89 | # @return [Typhoeus::Request] A Typhoeus Request 90 | def build_request(http_method, path, opts = {}) 91 | url = build_request_url(path) 92 | http_method = http_method.to_sym.downcase 93 | 94 | header_params = @default_headers.merge(opts[:header_params] || {}) 95 | query_params = opts[:query_params] || {} 96 | form_params = opts[:form_params] || {} 97 | 98 | update_params_for_auth! header_params, query_params, opts[:auth_names] 99 | 100 | # set ssl_verifyhosts option based on @config.verify_ssl_host (true/false) 101 | _verify_ssl_host = @config.verify_ssl_host ? 2 : 0 102 | 103 | req_opts = { 104 | :method => http_method, 105 | :headers => header_params, 106 | :params => query_params, 107 | :params_encoding => @config.params_encoding, 108 | :timeout => @config.timeout, 109 | :ssl_verifypeer => @config.verify_ssl, 110 | :ssl_verifyhost => _verify_ssl_host, 111 | :sslcert => @config.cert_file, 112 | :sslkey => @config.key_file, 113 | :verbose => @config.debugging 114 | } 115 | 116 | # set custom cert, if provided 117 | req_opts[:cainfo] = @config.ssl_ca_cert if @config.ssl_ca_cert 118 | 119 | if [:post, :patch, :put, :delete].include?(http_method) 120 | req_body = build_request_body(header_params, form_params, opts[:body]) 121 | req_opts.update :body => req_body 122 | if @config.debugging 123 | @config.logger.debug "HTTP request body param ~BEGIN~\n#{req_body}\n~END~\n" 124 | end 125 | end 126 | 127 | request = Typhoeus::Request.new(url, req_opts) 128 | download_file(request) if opts[:return_type] == 'File' 129 | request 130 | end 131 | 132 | # Check if the given MIME is a JSON MIME. 133 | # JSON MIME examples: 134 | # application/json 135 | # application/json; charset=UTF8 136 | # APPLICATION/JSON 137 | # */* 138 | # @param [String] mime MIME 139 | # @return [Boolean] True if the MIME is application/json 140 | def json_mime?(mime) 141 | (mime == "*/*") || !(mime =~ /Application\/.*json(?!p)(;.*)?/i).nil? 142 | end 143 | 144 | # Deserialize the response to the given return type. 145 | # 146 | # @param [Response] response HTTP response 147 | # @param [String] return_type some examples: "User", "Array[User]", "Hash[String,Integer]" 148 | def deserialize(response, return_type) 149 | body = response.body 150 | 151 | # handle file downloading - return the File instance processed in request callbacks 152 | # note that response body is empty when the file is written in chunks in request on_body callback 153 | return @tempfile if return_type == 'File' 154 | 155 | return nil if body.nil? || body.empty? 156 | 157 | # return response body directly for String return type 158 | return body if return_type == 'String' 159 | 160 | # ensuring a default content type 161 | content_type = response.headers['Content-Type'] || 'application/json' 162 | 163 | fail "Content-Type is not supported: #{content_type}" unless json_mime?(content_type) 164 | 165 | begin 166 | data = JSON.parse("[#{body}]", :symbolize_names => true)[0] 167 | rescue JSON::ParserError => e 168 | if %w(String Date DateTime).include?(return_type) 169 | data = body 170 | else 171 | raise e 172 | end 173 | end 174 | 175 | convert_to_type data, return_type 176 | end 177 | 178 | # Convert data to the given return type. 179 | # @param [Object] data Data to be converted 180 | # @param [String] return_type Return type 181 | # @return [Mixed] Data in a particular type 182 | def convert_to_type(data, return_type) 183 | return nil if data.nil? 184 | case return_type 185 | when 'String' 186 | data.to_s 187 | when 'Integer' 188 | data.to_i 189 | when 'Float' 190 | data.to_f 191 | when 'BOOLEAN' 192 | data == true 193 | when 'DateTime' 194 | # parse date time (expecting ISO 8601 format) 195 | DateTime.parse data 196 | when 'Date' 197 | # parse date time (expecting ISO 8601 format) 198 | Date.parse data 199 | when 'Object' 200 | # generic object (usually a Hash), return directly 201 | data 202 | when /\AArray<(.+)>\z/ 203 | # e.g. Array 204 | sub_type = $1 205 | data.map {|item| convert_to_type(item, sub_type) } 206 | when /\AHash\\z/ 207 | # e.g. Hash 208 | sub_type = $1 209 | {}.tap do |hash| 210 | data.each {|k, v| hash[k] = convert_to_type(v, sub_type) } 211 | end 212 | else 213 | # models, e.g. Pet 214 | SwaggerClient.const_get(return_type).new.tap do |model| 215 | model.build_from_hash data 216 | end 217 | end 218 | end 219 | 220 | # Save response body into a file in (the defined) temporary folder, using the filename 221 | # from the "Content-Disposition" header if provided, otherwise a random filename. 222 | # The response body is written to the file in chunks in order to handle files which 223 | # size is larger than maximum Ruby String or even larger than the maximum memory a Ruby 224 | # process can use. 225 | # 226 | # @see Configuration#temp_folder_path 227 | def download_file(request) 228 | tempfile = nil 229 | encoding = nil 230 | request.on_headers do |response| 231 | content_disposition = response.headers['Content-Disposition'] 232 | if content_disposition and content_disposition =~ /filename=/i 233 | filename = content_disposition[/filename=['"]?([^'"\s]+)['"]?/, 1] 234 | prefix = sanitize_filename(filename) 235 | else 236 | prefix = 'download-' 237 | end 238 | prefix = prefix + '-' unless prefix.end_with?('-') 239 | encoding = response.body.encoding 240 | tempfile = Tempfile.open(prefix, @config.temp_folder_path, encoding: encoding) 241 | @tempfile = tempfile 242 | end 243 | request.on_body do |chunk| 244 | chunk.force_encoding(encoding) 245 | tempfile.write(chunk) 246 | end 247 | request.on_complete do |response| 248 | tempfile.close 249 | @config.logger.info "Temp file written to #{tempfile.path}, please copy the file to a proper folder "\ 250 | "with e.g. `FileUtils.cp(tempfile.path, '/new/file/path')` otherwise the temp file "\ 251 | "will be deleted automatically with GC. It's also recommended to delete the temp file "\ 252 | "explicitly with `tempfile.delete`" 253 | end 254 | end 255 | 256 | # Sanitize filename by removing path. 257 | # e.g. ../../sun.gif becomes sun.gif 258 | # 259 | # @param [String] filename the filename to be sanitized 260 | # @return [String] the sanitized filename 261 | def sanitize_filename(filename) 262 | filename.gsub(/.*[\/\\]/, '') 263 | end 264 | 265 | def build_request_url(path) 266 | # Add leading and trailing slashes to path 267 | path = "/#{path}".gsub(/\/+/, '/') 268 | URI.encode(@config.base_url + path) 269 | end 270 | 271 | # Builds the HTTP request body 272 | # 273 | # @param [Hash] header_params Header parameters 274 | # @param [Hash] form_params Query parameters 275 | # @param [Object] body HTTP body (JSON/XML) 276 | # @return [String] HTTP body data in the form of string 277 | def build_request_body(header_params, form_params, body) 278 | # http form 279 | if header_params['Content-Type'] == 'application/x-www-form-urlencoded' || 280 | header_params['Content-Type'] == 'multipart/form-data' 281 | data = {} 282 | form_params.each do |key, value| 283 | case value 284 | when ::File, ::Array, nil 285 | # let typhoeus handle File, Array and nil parameters 286 | data[key] = value 287 | else 288 | data[key] = value.to_s 289 | end 290 | end 291 | elsif body 292 | data = body.is_a?(String) ? body : body.to_json 293 | else 294 | data = nil 295 | end 296 | data 297 | end 298 | 299 | # Update hearder and query params based on authentication settings. 300 | # 301 | # @param [Hash] header_params Header parameters 302 | # @param [Hash] query_params Query parameters 303 | # @param [String] auth_names Authentication scheme name 304 | def update_params_for_auth!(header_params, query_params, auth_names) 305 | Array(auth_names).each do |auth_name| 306 | auth_setting = @config.auth_settings[auth_name] 307 | next unless auth_setting 308 | case auth_setting[:in] 309 | when 'header' then header_params[auth_setting[:key]] = auth_setting[:value] 310 | when 'query' then query_params[auth_setting[:key]] = auth_setting[:value] 311 | else fail ArgumentError, 'Authentication token must be in `query` of `header`' 312 | end 313 | end 314 | end 315 | 316 | # Sets user agent in HTTP header 317 | # 318 | # @param [String] user_agent User agent (e.g. swagger-codegen/ruby/1.0.0) 319 | def user_agent=(user_agent) 320 | @user_agent = user_agent 321 | @default_headers['User-Agent'] = @user_agent 322 | end 323 | 324 | # Return Accept header based on an array of accepts provided. 325 | # @param [Array] accepts array for Accept 326 | # @return [String] the Accept header (e.g. application/json) 327 | def select_header_accept(accepts) 328 | return nil if accepts.nil? || accepts.empty? 329 | # use JSON when present, otherwise use all of the provided 330 | json_accept = accepts.find { |s| json_mime?(s) } 331 | return json_accept || accepts.join(',') 332 | end 333 | 334 | # Return Content-Type header based on an array of content types provided. 335 | # @param [Array] content_types array for Content-Type 336 | # @return [String] the Content-Type header (e.g. application/json) 337 | def select_header_content_type(content_types) 338 | # use application/json by default 339 | return 'application/json' if content_types.nil? || content_types.empty? 340 | # use JSON when present, otherwise use the first one 341 | json_content_type = content_types.find { |s| json_mime?(s) } 342 | return json_content_type || content_types.first 343 | end 344 | 345 | # Convert object (array, hash, object, etc) to JSON string. 346 | # @param [Object] model object to be converted into JSON string 347 | # @return [String] JSON string representation of the object 348 | def object_to_http_body(model) 349 | return model if model.nil? || model.is_a?(String) 350 | local_body = nil 351 | if model.is_a?(Array) 352 | local_body = model.map{|m| object_to_hash(m) } 353 | else 354 | local_body = object_to_hash(model) 355 | end 356 | local_body.to_json 357 | end 358 | 359 | # Convert object(non-array) to hash. 360 | # @param [Object] obj object to be converted into JSON string 361 | # @return [String] JSON string representation of the object 362 | def object_to_hash(obj) 363 | if obj.respond_to?(:to_hash) 364 | obj.to_hash 365 | else 366 | obj 367 | end 368 | end 369 | 370 | # Build parameter value according to the given collection format. 371 | # @param [String] collection_format one of :csv, :ssv, :tsv, :pipes and :multi 372 | def build_collection_param(param, collection_format) 373 | case collection_format 374 | when :csv 375 | param.join(',') 376 | when :ssv 377 | param.join(' ') 378 | when :tsv 379 | param.join("\t") 380 | when :pipes 381 | param.join('|') 382 | when :multi 383 | # return the array directly as typhoeus will handle it as expected 384 | param 385 | else 386 | fail "unknown collection format: #{collection_format.inspect}" 387 | end 388 | end 389 | end 390 | end 391 | -------------------------------------------------------------------------------- /example_code/ruby_examples/lib/swagger_client/api_error.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | #Cisco PSIRT openVuln API 3 | 4 | ############################################################################### 5 | # This is an example in Ruby of how you can create different functions 6 | # to query each of the Resource URIs of the openVuln API. 7 | # ** This is just a starting point, you will need to add your own authentication 8 | # information and Authorization tokens 9 | # 10 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 11 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 12 | ############################################################################### 13 | 14 | =end 15 | 16 | module SwaggerClient 17 | class ApiError < StandardError 18 | attr_reader :code, :response_headers, :response_body 19 | 20 | # Usage examples: 21 | # ApiError.new 22 | # ApiError.new("message") 23 | # ApiError.new(:code => 500, :response_headers => {}, :response_body => "") 24 | # ApiError.new(:code => 404, :message => "Not Found") 25 | def initialize(arg = nil) 26 | if arg.is_a? Hash 27 | if arg.key?(:message) || arg.key?('message') 28 | super(arg[:message] || arg['message']) 29 | else 30 | super arg 31 | end 32 | 33 | arg.each do |k, v| 34 | instance_variable_set "@#{k}", v 35 | end 36 | else 37 | super arg 38 | end 39 | end 40 | end 41 | end 42 | -------------------------------------------------------------------------------- /example_code/ruby_examples/lib/swagger_client/configuration.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | #Cisco PSIRT openVuln API 3 | 4 | ############################################################################### 5 | # This is an example in Ruby of how you can create different functions 6 | # to query each of the Resource URIs of the openVuln API. 7 | # ** This is just a starting point, you will need to add your own authentication 8 | # information and Authorization tokens 9 | # 10 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 11 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 12 | ############################################################################### 13 | =end 14 | 15 | require 'uri' 16 | 17 | module SwaggerClient 18 | class Configuration 19 | # Defines url scheme 20 | attr_accessor :scheme 21 | 22 | # Defines url host 23 | attr_accessor :host 24 | 25 | # Defines url base path 26 | attr_accessor :base_path 27 | 28 | # Defines API keys used with API Key authentications. 29 | # 30 | # @return [Hash] key: parameter name, value: parameter value (API key) 31 | # 32 | # @example parameter name is "api_key", API key is "xxx" (e.g. "api_key=xxx" in query string) 33 | # config.api_key['api_key'] = 'xxx' 34 | attr_accessor :api_key 35 | 36 | # Defines API key prefixes used with API Key authentications. 37 | # 38 | # @return [Hash] key: parameter name, value: API key prefix 39 | # 40 | # @example parameter name is "Authorization", API key prefix is "Token" (e.g. "Authorization: Token xxx" in headers) 41 | # config.api_key_prefix['api_key'] = 'Token' 42 | attr_accessor :api_key_prefix 43 | 44 | # Defines the username used with HTTP basic authentication. 45 | # 46 | # @return [String] 47 | attr_accessor :username 48 | 49 | # Defines the password used with HTTP basic authentication. 50 | # 51 | # @return [String] 52 | attr_accessor :password 53 | 54 | # Defines the access token (Bearer) used with OAuth2. 55 | attr_accessor :access_token 56 | 57 | # Set this to enable/disable debugging. When enabled (set to true), HTTP request/response 58 | # details will be logged with `logger.debug` (see the `logger` attribute). 59 | # Default to false. 60 | # 61 | # @return [true, false] 62 | attr_accessor :debugging 63 | 64 | # Defines the logger used for debugging. 65 | # Default to `Rails.logger` (when in Rails) or logging to STDOUT. 66 | # 67 | # @return [#debug] 68 | attr_accessor :logger 69 | 70 | # Defines the temporary folder to store downloaded files 71 | # (for API endpoints that have file response). 72 | # Default to use `Tempfile`. 73 | # 74 | # @return [String] 75 | attr_accessor :temp_folder_path 76 | 77 | # The time limit for HTTP request in seconds. 78 | # Default to 0 (never times out). 79 | attr_accessor :timeout 80 | 81 | # Set this to false to skip client side validation in the operation. 82 | # Default to true. 83 | # @return [true, false] 84 | attr_accessor :client_side_validation 85 | 86 | ### TLS/SSL setting 87 | # Set this to false to skip verifying SSL certificate when calling API from https server. 88 | # Default to true. 89 | # 90 | # @note Do NOT set it to false in production code, otherwise you would face multiple types of cryptographic attacks. 91 | # 92 | # @return [true, false] 93 | attr_accessor :verify_ssl 94 | 95 | ### TLS/SSL setting 96 | # Set this to false to skip verifying SSL host name 97 | # Default to true. 98 | # 99 | # @note Do NOT set it to false in production code, otherwise you would face multiple types of cryptographic attacks. 100 | # 101 | # @return [true, false] 102 | attr_accessor :verify_ssl_host 103 | 104 | ### TLS/SSL setting 105 | # Set this to customize the certificate file to verify the peer. 106 | # 107 | # @return [String] the path to the certificate file 108 | # 109 | # @see The `cainfo` option of Typhoeus, `--cert` option of libcurl. Related source code: 110 | # https://github.com/typhoeus/typhoeus/blob/master/lib/typhoeus/easy_factory.rb#L145 111 | attr_accessor :ssl_ca_cert 112 | 113 | ### TLS/SSL setting 114 | # Client certificate file (for client certificate) 115 | attr_accessor :cert_file 116 | 117 | ### TLS/SSL setting 118 | # Client private key file (for client certificate) 119 | attr_accessor :key_file 120 | 121 | # Set this to customize parameters encoding of array parameter with multi collectionFormat. 122 | # Default to nil. 123 | # 124 | # @see The params_encoding option of Ethon. Related source code: 125 | # https://github.com/typhoeus/ethon/blob/master/lib/ethon/easy/queryable.rb#L96 126 | attr_accessor :params_encoding 127 | 128 | attr_accessor :inject_format 129 | 130 | attr_accessor :force_ending_format 131 | 132 | def initialize 133 | @scheme = 'https' 134 | @host = 'api.cisco.com' 135 | @base_path = '' 136 | @api_key = {} 137 | @api_key_prefix = {} 138 | @timeout = 0 139 | @client_side_validation = true 140 | @verify_ssl = true 141 | @verify_ssl_host = true 142 | @params_encoding = nil 143 | @cert_file = nil 144 | @key_file = nil 145 | @debugging = false 146 | @inject_format = false 147 | @force_ending_format = false 148 | @logger = defined?(Rails) ? Rails.logger : Logger.new(STDOUT) 149 | 150 | yield(self) if block_given? 151 | end 152 | 153 | # The default Configuration object. 154 | def self.default 155 | @@default ||= Configuration.new 156 | end 157 | 158 | def configure 159 | yield(self) if block_given? 160 | end 161 | 162 | def scheme=(scheme) 163 | # remove :// from scheme 164 | @scheme = scheme.sub(/:\/\//, '') 165 | end 166 | 167 | def host=(host) 168 | # remove http(s):// and anything after a slash 169 | @host = host.sub(/https?:\/\//, '').split('/').first 170 | end 171 | 172 | def base_path=(base_path) 173 | # Add leading and trailing slashes to base_path 174 | @base_path = "/#{base_path}".gsub(/\/+/, '/') 175 | @base_path = "" if @base_path == "/" 176 | end 177 | 178 | def base_url 179 | url = "#{scheme}://#{[host, base_path].join('/').gsub(/\/+/, '/')}".sub(/\/+\z/, '') 180 | URI.encode(url) 181 | end 182 | 183 | # Gets API key (with prefix if set). 184 | # @param [String] param_name the parameter name of API key auth 185 | def api_key_with_prefix(param_name) 186 | if @api_key_prefix[param_name] 187 | "#{@api_key_prefix[param_name]} #{@api_key[param_name]}" 188 | else 189 | @api_key[param_name] 190 | end 191 | end 192 | 193 | # Gets Basic Auth token string 194 | def basic_auth_token 195 | 'Basic ' + ["#{username}:#{password}"].pack('m').delete("\r\n") 196 | end 197 | 198 | # Returns Auth Settings hash for api client. 199 | def auth_settings 200 | { 201 | 'psirt_openvuln_api_auth' => 202 | { 203 | type: 'oauth2', 204 | in: 'header', 205 | key: 'Authorization', 206 | value: "Bearer #{access_token}" 207 | }, 208 | } 209 | end 210 | end 211 | end 212 | -------------------------------------------------------------------------------- /example_code/ruby_examples/lib/swagger_client/version.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | ############################################################################### 3 | # This is an example in Ruby of how you can create different functions 4 | # to query each of the Resource URIs of the openVuln API. 5 | # ** This is just a starting point, you will need to add your own authentication 6 | # information and Authorization tokens 7 | # 8 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 9 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 10 | ############################################################################### 11 | 12 | =end 13 | 14 | module SwaggerClient 15 | VERSION = "1.0.0" 16 | end 17 | -------------------------------------------------------------------------------- /example_code/ruby_examples/spec/api/default_api_spec.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | ############################################################################### 3 | # This is an example in Ruby of how you can create different functions 4 | # to query each of the Resource URIs of the openVuln API. 5 | # ** This is just a starting point, you will need to add your own authentication 6 | # information and Authorization tokens 7 | # 8 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 9 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 10 | ############################################################################### 11 | 12 | =end 13 | 14 | require 'spec_helper' 15 | require 'json' 16 | 17 | # Unit tests for SwaggerClient::DefaultApi 18 | # Automatically generated by swagger-codegen (github.com/swagger-api/swagger-codegen) 19 | # Please update as you see appropriate 20 | describe 'DefaultApi' do 21 | before do 22 | # run before each test 23 | @instance = SwaggerClient::DefaultApi.new 24 | end 25 | 26 | after do 27 | # run after each test 28 | end 29 | 30 | describe 'test an instance of DefaultApi' do 31 | it 'should create an instance of DefaultApi' do 32 | expect(@instance).to be_instance_of(SwaggerClient::DefaultApi) 33 | end 34 | end 35 | 36 | # unit tests for security_advisories_advisory_advisory_id_get 37 | # 38 | # Used to obtain an advisory given its advisory ID `advisory_id` (i.e., cisco-sa-20180221-ucdm) 39 | # @param advisory_id advisory ID 40 | # @param [Hash] opts the optional parameters 41 | # @return [nil] 42 | describe 'security_advisories_advisory_advisory_id_get test' do 43 | it "should work" do 44 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 45 | end 46 | end 47 | 48 | # unit tests for security_advisories_all_get 49 | # 50 | # Used to obtain information about all published security advisories. By default the output is in JSON. To obtain the output in XML use the .xml extension. For example, /advisories/all.xml 51 | # @param [Hash] opts the optional parameters 52 | # @return [nil] 53 | describe 'security_advisories_all_get test' do 54 | it "should work" do 55 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 56 | end 57 | end 58 | 59 | # unit tests for security_advisories_cve_cve_id_get 60 | # 61 | # Used to obtain an advisory using a given Common Vulnerability Enumerator (CVE). The `cve_id` format is CVE-YYYY-NNNN. For more information about CVE visit http://cve.mitre.org/ 62 | # @param cve_id CVE Identifier (i.e., CVE-YYYY-NNNN) 63 | # @param [Hash] opts the optional parameters 64 | # @return [nil] 65 | describe 'security_advisories_cve_cve_id_get test' do 66 | it "should work" do 67 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 68 | end 69 | end 70 | 71 | # unit tests for security_advisories_ios_get 72 | # 73 | # Used to obtain all advisories that affects the given ios version 74 | # @param version IOS version to obtain security advisories 75 | # @param [Hash] opts the optional parameters 76 | # @return [nil] 77 | describe 'security_advisories_ios_get test' do 78 | it "should work" do 79 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 80 | end 81 | end 82 | 83 | # unit tests for security_advisories_iosxe_get 84 | # 85 | # Used to obtain all advisories that affects the given ios version 86 | # @param version IOS version to obtain security advisories 87 | # @param [Hash] opts the optional parameters 88 | # @return [nil] 89 | describe 'security_advisories_iosxe_get test' do 90 | it "should work" do 91 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 92 | end 93 | end 94 | 95 | # unit tests for security_advisories_latest_number_get 96 | # 97 | # Used to obtain all the latest security advisories given an absolute number. For instance, the latest 10 or latest 5. 98 | # @param number An absolute number to obtain the latest security advisories. 99 | # @param [Hash] opts the optional parameters 100 | # @return [nil] 101 | describe 'security_advisories_latest_number_get test' do 102 | it "should work" do 103 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 104 | end 105 | end 106 | 107 | # unit tests for security_advisories_product_get 108 | # 109 | # Used to obtain all the advisories that affects the given product name. 110 | # @param product An product name to obtain security advisories that matches given product name. 111 | # @param [Hash] opts the optional parameters 112 | # @return [nil] 113 | describe 'security_advisories_product_get test' do 114 | it "should work" do 115 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 116 | end 117 | end 118 | 119 | # unit tests for security_advisories_severity_severity_firstpublished_get 120 | # 121 | # Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low) and additionally filter based of firstpublished start date and enddate. 122 | # @param severity Used to obtain all advisories that have a security impact rating of critical 123 | # @param start_date 124 | # @param end_date 125 | # @param [Hash] opts the optional parameters 126 | # @return [nil] 127 | describe 'security_advisories_severity_severity_firstpublished_get test' do 128 | it "should work" do 129 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 130 | end 131 | end 132 | 133 | # unit tests for security_advisories_severity_severity_get 134 | # 135 | # Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low). 136 | # @param severity Critical, High, Medium, Low 137 | # @param [Hash] opts the optional parameters 138 | # @return [nil] 139 | describe 'security_advisories_severity_severity_get test' do 140 | it "should work" do 141 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 142 | end 143 | end 144 | 145 | # unit tests for security_advisories_severity_severity_lastpublished_get 146 | # 147 | # Used to obtain all security advisories for a given security impact rating (critical, high, medium, or low). 148 | # @param severity Used to obtain all advisories that have a security impact rating of critical 149 | # @param start_date 150 | # @param end_date 151 | # @param [Hash] opts the optional parameters 152 | # @return [nil] 153 | describe 'security_advisories_severity_severity_lastpublished_get test' do 154 | it "should work" do 155 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 156 | end 157 | end 158 | 159 | # unit tests for security_advisories_year_year_get 160 | # 161 | # Used to obtain all security advisories that have were orginally published in a specific year `YYYY`. 162 | # @param year The four digit year. 163 | # @param [Hash] opts the optional parameters 164 | # @return [nil] 165 | describe 'security_advisories_year_year_get test' do 166 | it "should work" do 167 | # assertion here. ref: https://www.relishapp.com/rspec/rspec-expectations/docs/built-in-matchers 168 | end 169 | end 170 | 171 | end 172 | -------------------------------------------------------------------------------- /example_code/ruby_examples/spec/api_client_spec.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | ############################################################################### 3 | # This is an example in Ruby of how you can create different functions 4 | # to query each of the Resource URIs of the openVuln API. 5 | # ** This is just a starting point, you will need to add your own authentication 6 | # information and Authorization tokens 7 | # 8 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 9 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 10 | ############################################################################### 11 | 12 | =end 13 | 14 | require 'spec_helper' 15 | 16 | describe SwaggerClient::ApiClient do 17 | context 'initialization' do 18 | context 'URL stuff' do 19 | context 'host' do 20 | it 'removes http from host' do 21 | SwaggerClient.configure { |c| c.host = 'http://example.com' } 22 | expect(SwaggerClient::Configuration.default.host).to eq('example.com') 23 | end 24 | 25 | it 'removes https from host' do 26 | SwaggerClient.configure { |c| c.host = 'https://wookiee.com' } 27 | expect(SwaggerClient::ApiClient.default.config.host).to eq('wookiee.com') 28 | end 29 | 30 | it 'removes trailing path from host' do 31 | SwaggerClient.configure { |c| c.host = 'hobo.com/v4' } 32 | expect(SwaggerClient::Configuration.default.host).to eq('hobo.com') 33 | end 34 | end 35 | 36 | context 'base_path' do 37 | it "prepends a slash to base_path" do 38 | SwaggerClient.configure { |c| c.base_path = 'v4/dog' } 39 | expect(SwaggerClient::Configuration.default.base_path).to eq('/v4/dog') 40 | end 41 | 42 | it "doesn't prepend a slash if one is already there" do 43 | SwaggerClient.configure { |c| c.base_path = '/v4/dog' } 44 | expect(SwaggerClient::Configuration.default.base_path).to eq('/v4/dog') 45 | end 46 | 47 | it "ends up as a blank string if nil" do 48 | SwaggerClient.configure { |c| c.base_path = nil } 49 | expect(SwaggerClient::Configuration.default.base_path).to eq('') 50 | end 51 | end 52 | end 53 | end 54 | 55 | describe "params_encoding in #build_request" do 56 | let(:config) { SwaggerClient::Configuration.new } 57 | let(:api_client) { SwaggerClient::ApiClient.new(config) } 58 | 59 | it "defaults to nil" do 60 | expect(SwaggerClient::Configuration.default.params_encoding).to eq(nil) 61 | expect(config.params_encoding).to eq(nil) 62 | 63 | request = api_client.build_request(:get, '/test') 64 | expect(request.options[:params_encoding]).to eq(nil) 65 | end 66 | 67 | it "can be customized" do 68 | config.params_encoding = :multi 69 | request = api_client.build_request(:get, '/test') 70 | expect(request.options[:params_encoding]).to eq(:multi) 71 | end 72 | end 73 | 74 | describe "timeout in #build_request" do 75 | let(:config) { SwaggerClient::Configuration.new } 76 | let(:api_client) { SwaggerClient::ApiClient.new(config) } 77 | 78 | it "defaults to 0" do 79 | expect(SwaggerClient::Configuration.default.timeout).to eq(0) 80 | expect(config.timeout).to eq(0) 81 | 82 | request = api_client.build_request(:get, '/test') 83 | expect(request.options[:timeout]).to eq(0) 84 | end 85 | 86 | it "can be customized" do 87 | config.timeout = 100 88 | request = api_client.build_request(:get, '/test') 89 | expect(request.options[:timeout]).to eq(100) 90 | end 91 | end 92 | 93 | describe "#deserialize" do 94 | it "handles Array" do 95 | api_client = SwaggerClient::ApiClient.new 96 | headers = {'Content-Type' => 'application/json'} 97 | response = double('response', headers: headers, body: '[12, 34]') 98 | data = api_client.deserialize(response, 'Array') 99 | expect(data).to be_instance_of(Array) 100 | expect(data).to eq([12, 34]) 101 | end 102 | 103 | it "handles Array>" do 104 | api_client = SwaggerClient::ApiClient.new 105 | headers = {'Content-Type' => 'application/json'} 106 | response = double('response', headers: headers, body: '[[12, 34], [56]]') 107 | data = api_client.deserialize(response, 'Array>') 108 | expect(data).to be_instance_of(Array) 109 | expect(data).to eq([[12, 34], [56]]) 110 | end 111 | 112 | it "handles Hash" do 113 | api_client = SwaggerClient::ApiClient.new 114 | headers = {'Content-Type' => 'application/json'} 115 | response = double('response', headers: headers, body: '{"message": "Hello"}') 116 | data = api_client.deserialize(response, 'Hash') 117 | expect(data).to be_instance_of(Hash) 118 | expect(data).to eq({:message => 'Hello'}) 119 | end 120 | end 121 | 122 | describe "#object_to_hash" do 123 | it "ignores nils and includes empty arrays" do 124 | # uncomment below to test object_to_hash for model 125 | #api_client = SwaggerClient::ApiClient.new 126 | #_model = SwaggerClient::ModelName.new 127 | # update the model attribute below 128 | #_model.id = 1 129 | # update the expected value (hash) below 130 | #expected = {id: 1, name: '', tags: []} 131 | #expect(api_client.object_to_hash(_model)).to eq(expected) 132 | end 133 | end 134 | 135 | describe "#build_collection_param" do 136 | let(:param) { ['aa', 'bb', 'cc'] } 137 | let(:api_client) { SwaggerClient::ApiClient.new } 138 | 139 | it "works for csv" do 140 | expect(api_client.build_collection_param(param, :csv)).to eq('aa,bb,cc') 141 | end 142 | 143 | it "works for ssv" do 144 | expect(api_client.build_collection_param(param, :ssv)).to eq('aa bb cc') 145 | end 146 | 147 | it "works for tsv" do 148 | expect(api_client.build_collection_param(param, :tsv)).to eq("aa\tbb\tcc") 149 | end 150 | 151 | it "works for pipes" do 152 | expect(api_client.build_collection_param(param, :pipes)).to eq('aa|bb|cc') 153 | end 154 | 155 | it "works for multi" do 156 | expect(api_client.build_collection_param(param, :multi)).to eq(['aa', 'bb', 'cc']) 157 | end 158 | 159 | it "fails for invalid collection format" do 160 | expect(proc { api_client.build_collection_param(param, :INVALID) }).to raise_error(RuntimeError, 'unknown collection format: :INVALID') 161 | end 162 | end 163 | 164 | describe "#json_mime?" do 165 | let(:api_client) { SwaggerClient::ApiClient.new } 166 | 167 | it "works" do 168 | expect(api_client.json_mime?(nil)).to eq false 169 | expect(api_client.json_mime?('')).to eq false 170 | 171 | expect(api_client.json_mime?('application/json')).to eq true 172 | expect(api_client.json_mime?('application/json; charset=UTF8')).to eq true 173 | expect(api_client.json_mime?('APPLICATION/JSON')).to eq true 174 | 175 | expect(api_client.json_mime?('application/xml')).to eq false 176 | expect(api_client.json_mime?('text/plain')).to eq false 177 | expect(api_client.json_mime?('application/jsonp')).to eq false 178 | end 179 | end 180 | 181 | describe "#select_header_accept" do 182 | let(:api_client) { SwaggerClient::ApiClient.new } 183 | 184 | it "works" do 185 | expect(api_client.select_header_accept(nil)).to be_nil 186 | expect(api_client.select_header_accept([])).to be_nil 187 | 188 | expect(api_client.select_header_accept(['application/json'])).to eq('application/json') 189 | expect(api_client.select_header_accept(['application/xml', 'application/json; charset=UTF8'])).to eq('application/json; charset=UTF8') 190 | expect(api_client.select_header_accept(['APPLICATION/JSON', 'text/html'])).to eq('APPLICATION/JSON') 191 | 192 | expect(api_client.select_header_accept(['application/xml'])).to eq('application/xml') 193 | expect(api_client.select_header_accept(['text/html', 'application/xml'])).to eq('text/html,application/xml') 194 | end 195 | end 196 | 197 | describe "#select_header_content_type" do 198 | let(:api_client) { SwaggerClient::ApiClient.new } 199 | 200 | it "works" do 201 | expect(api_client.select_header_content_type(nil)).to eq('application/json') 202 | expect(api_client.select_header_content_type([])).to eq('application/json') 203 | 204 | expect(api_client.select_header_content_type(['application/json'])).to eq('application/json') 205 | expect(api_client.select_header_content_type(['application/xml', 'application/json; charset=UTF8'])).to eq('application/json; charset=UTF8') 206 | expect(api_client.select_header_content_type(['APPLICATION/JSON', 'text/html'])).to eq('APPLICATION/JSON') 207 | expect(api_client.select_header_content_type(['application/xml'])).to eq('application/xml') 208 | expect(api_client.select_header_content_type(['text/plain', 'application/xml'])).to eq('text/plain') 209 | end 210 | end 211 | 212 | describe "#sanitize_filename" do 213 | let(:api_client) { SwaggerClient::ApiClient.new } 214 | 215 | it "works" do 216 | expect(api_client.sanitize_filename('sun')).to eq('sun') 217 | expect(api_client.sanitize_filename('sun.gif')).to eq('sun.gif') 218 | expect(api_client.sanitize_filename('../sun.gif')).to eq('sun.gif') 219 | expect(api_client.sanitize_filename('/var/tmp/sun.gif')).to eq('sun.gif') 220 | expect(api_client.sanitize_filename('./sun.gif')).to eq('sun.gif') 221 | expect(api_client.sanitize_filename('..\sun.gif')).to eq('sun.gif') 222 | expect(api_client.sanitize_filename('\var\tmp\sun.gif')).to eq('sun.gif') 223 | expect(api_client.sanitize_filename('c:\var\tmp\sun.gif')).to eq('sun.gif') 224 | expect(api_client.sanitize_filename('.\sun.gif')).to eq('sun.gif') 225 | end 226 | end 227 | end 228 | -------------------------------------------------------------------------------- /example_code/ruby_examples/spec/configuration_spec.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | ############################################################################### 3 | # This is an example in Ruby of how you can create different functions 4 | # to query each of the Resource URIs of the openVuln API. 5 | # ** This is just a starting point, you will need to add your own authentication 6 | # information and Authorization tokens 7 | # 8 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 9 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 10 | ############################################################################### 11 | 12 | =end 13 | 14 | require 'spec_helper' 15 | 16 | describe SwaggerClient::Configuration do 17 | let(:config) { SwaggerClient::Configuration.default } 18 | 19 | before(:each) do 20 | # uncomment below to setup host and base_path 21 | #require 'URI' 22 | #uri = URI.parse("https://api.cisco.com") 23 | #SwaggerClient.configure do |c| 24 | # c.host = uri.host 25 | # c.base_path = uri.path 26 | #end 27 | end 28 | 29 | describe '#base_url' do 30 | it 'should have the default value' do 31 | # uncomment below to test default value of the base path 32 | #expect(config.base_url).to eq("https://api.cisco.com") 33 | end 34 | 35 | it 'should remove trailing slashes' do 36 | [nil, '', '/', '//'].each do |base_path| 37 | config.base_path = base_path 38 | # uncomment below to test trailing slashes 39 | #expect(config.base_url).to eq("https://api.cisco.com") 40 | end 41 | end 42 | end 43 | end 44 | -------------------------------------------------------------------------------- /example_code/ruby_examples/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | =begin 2 | ############################################################################### 3 | # This is an example in Ruby of how you can create different functions 4 | # to query each of the Resource URIs of the openVuln API. 5 | # ** This is just a starting point, you will need to add your own authentication 6 | # information and Authorization tokens 7 | # 8 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 9 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 10 | ############################################################################### 11 | 12 | =end 13 | 14 | # load the gem 15 | require 'swagger_client' 16 | 17 | # The following was generated by the `rspec --init` command. Conventionally, all 18 | # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`. 19 | # The generated `.rspec` file contains `--require spec_helper` which will cause 20 | # this file to always be loaded, without a need to explicitly require it in any 21 | # files. 22 | # 23 | # Given that it is always loaded, you are encouraged to keep this file as 24 | # light-weight as possible. Requiring heavyweight dependencies from this file 25 | # will add to the boot time of your test suite on EVERY test run, even for an 26 | # individual file that may not need all of that loaded. Instead, consider making 27 | # a separate helper file that requires the additional dependencies and performs 28 | # the additional setup, and require it from the spec files that actually need 29 | # it. 30 | # 31 | # The `.rspec` file also contains a few flags that are not defaults but that 32 | # users commonly want. 33 | # 34 | # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration 35 | RSpec.configure do |config| 36 | # rspec-expectations config goes here. You can use an alternate 37 | # assertion/expectation library such as wrong or the stdlib/minitest 38 | # assertions if you prefer. 39 | config.expect_with :rspec do |expectations| 40 | # This option will default to `true` in RSpec 4. It makes the `description` 41 | # and `failure_message` of custom matchers include text for helper methods 42 | # defined using `chain`, e.g.: 43 | # be_bigger_than(2).and_smaller_than(4).description 44 | # # => "be bigger than 2 and smaller than 4" 45 | # ...rather than: 46 | # # => "be bigger than 2" 47 | expectations.include_chain_clauses_in_custom_matcher_descriptions = true 48 | end 49 | 50 | # rspec-mocks config goes here. You can use an alternate test double 51 | # library (such as bogus or mocha) by changing the `mock_with` option here. 52 | config.mock_with :rspec do |mocks| 53 | # Prevents you from mocking or stubbing a method that does not exist on 54 | # a real object. This is generally recommended, and will default to 55 | # `true` in RSpec 4. 56 | mocks.verify_partial_doubles = true 57 | end 58 | 59 | # The settings below are suggested to provide a good initial experience 60 | # with RSpec, but feel free to customize to your heart's content. 61 | =begin 62 | # These two settings work together to allow you to limit a spec run 63 | # to individual examples or groups you care about by tagging them with 64 | # `:focus` metadata. When nothing is tagged with `:focus`, all examples 65 | # get run. 66 | config.filter_run :focus 67 | config.run_all_when_everything_filtered = true 68 | 69 | # Allows RSpec to persist some state between runs in order to support 70 | # the `--only-failures` and `--next-failure` CLI options. We recommend 71 | # you configure your source control system to ignore this file. 72 | config.example_status_persistence_file_path = "spec/examples.txt" 73 | 74 | # Limits the available syntax to the non-monkey patched syntax that is 75 | # recommended. For more details, see: 76 | # - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/ 77 | # - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/ 78 | # - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode 79 | config.disable_monkey_patching! 80 | 81 | # This setting enables warnings. It's recommended, but in some cases may 82 | # be too noisy due to issues in dependencies. 83 | config.warnings = true 84 | 85 | # Many RSpec users commonly either run the entire suite or an individual 86 | # file, and it's useful to allow more verbose output when running an 87 | # individual spec file. 88 | if config.files_to_run.one? 89 | # Use the documentation formatter for detailed output, 90 | # unless a formatter has already been configured 91 | # (e.g. via a command-line flag). 92 | config.default_formatter = 'doc' 93 | end 94 | 95 | # Print the 10 slowest examples and example groups at the 96 | # end of the spec run, to help surface which specs are running 97 | # particularly slow. 98 | config.profile_examples = 10 99 | 100 | # Run specs in random order to surface order dependencies. If you find an 101 | # order dependency and want to debug it, you can fix the order by providing 102 | # the seed, which is printed after each run. 103 | # --seed 1234 104 | config.order = :random 105 | 106 | # Seed global randomization in this process using the `--seed` CLI option. 107 | # Setting this allows you to use `--seed` to deterministically reproduce 108 | # test failures related to randomization by passing the same `--seed` value 109 | # as the one that triggered the failure. 110 | Kernel.srand config.seed 111 | =end 112 | end 113 | -------------------------------------------------------------------------------- /example_code/ruby_examples/swagger_client.gemspec: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | # 3 | =begin 4 | ############################################################################### 5 | # This is an example in Ruby of how you can create different functions 6 | # to query each of the Resource URIs of the openVuln API. 7 | # ** This is just a starting point, you will need to add your own authentication 8 | # information and Authorization tokens 9 | # 10 | # For a complete "turn-key" tool, check out the openVulnQuery python tool 11 | # https://github.com/CiscoPSIRT/openVulnAPI/tree/master/openVulnQuery 12 | ############################################################################### 13 | 14 | =end 15 | 16 | $:.push File.expand_path("../lib", __FILE__) 17 | require "swagger_client/version" 18 | 19 | Gem::Specification.new do |s| 20 | s.name = "swagger_client" 21 | s.version = SwaggerClient::VERSION 22 | s.platform = Gem::Platform::RUBY 23 | s.authors = ["Swagger-Codegen"] 24 | s.email = ["os@cisco.com"] 25 | s.homepage = "https://github.com/swagger-api/swagger-codegen" 26 | s.summary = "Cisco PSIRT openVuln API Ruby Gem" 27 | s.description = "The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/psirt For detail steps on how to use the API go to: https://developer.cisco.com/psirt This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application to recieve a client_id and a client_secret You can then get your token using curl or any other method you prefer. 'curl -s -k -H \"Content-Type: application/x-www-form-urlencoded\" -X POST -d \"client_id=\" -d \"client_secret=\" -d \"grant_type=client_credentials\" https://cloudsso.cisco.com/as/token.oauth2' You will receive an access token as demonstrated in the following example: '{\"access_token\":\"I7omWtBDAieSiUX3shOxNJfuy4J6\",\"token_type\":\"Bearer\",\"expires_in\":3599}' In Swagger, click on Change Authentication enter the text \"I7omWtBDAieSiUX3shOxNJfuy4J6\" (which is the token you received) then click on \"Try this operation\" " 28 | # TODO uncommnet and update below with a proper license 29 | #s.license = "Apache 2.0" 30 | s.required_ruby_version = ">= 1.9" 31 | 32 | s.add_runtime_dependency 'typhoeus', '~> 1.0', '>= 1.0.1' 33 | s.add_runtime_dependency 'json', '~> 2.1', '>= 2.1.0' 34 | 35 | s.add_development_dependency 'rspec', '~> 3.6', '>= 3.6.0' 36 | s.add_development_dependency 'vcr', '~> 3.0', '>= 3.0.1' 37 | s.add_development_dependency 'webmock', '~> 1.24', '>= 1.24.3' 38 | s.add_development_dependency 'autotest', '~> 4.4', '>= 4.4.6' 39 | s.add_development_dependency 'autotest-rails-pure', '~> 4.1', '>= 4.1.2' 40 | s.add_development_dependency 'autotest-growl', '~> 0.2', '>= 0.2.16' 41 | s.add_development_dependency 'autotest-fsevent', '~> 0.2', '>= 0.2.12' 42 | 43 | s.files = `find *`.split("\n").uniq.sort.select{|f| !f.empty? } 44 | s.test_files = `find spec/*`.split("\n") 45 | s.executables = [] 46 | s.require_paths = ["lib"] 47 | end 48 | -------------------------------------------------------------------------------- /openVulnQuery/README.md: -------------------------------------------------------------------------------- 1 | # openVulnQuery 2 | 3 | The openVulnQuery client is now hosted in its own repository: https://github.com/CiscoPSIRT/openVulnQuery 4 | 5 | ## What is openVulnQuery? 6 | 7 | A python-based module(s) to query the [Cisco PSIRT openVuln API](https://developer.cisco.com/psirt). 8 | 9 | ## What is the openVulnAPI? 10 | 11 | The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). More information about the API can be found at: 12 | 13 | -------------------------------------------------------------------------------- /swagger/openVulnAPISwagger_0_0_5.yaml: -------------------------------------------------------------------------------- 1 | swagger: '2.0' 2 | info: 3 | version: 0.0.4 4 | title: 'Cisco PSIRT openVuln API' 5 | description: | 6 | The Cisco Product Security Incident Response Team (PSIRT) openVuln API is a RESTful API that allows customers to obtain Cisco Security Vulnerability information in different machine-consumable formats. APIs are important for customers because they allow their technical staff and programmers to build tools that help them do their job more effectively (in this case, to keep up with security vulnerability information). 7 | For more information about the Cisco PSIRT openVuln API visit https://developer.cisco.com/site/PSIRT/discover/overview 8 | For detail steps on how to use the API go to: https://developer.cisco.com/site/PSIRT/get-started/getting-started.gsp 9 | This is a beta release of a swagger YAML for the Cisco PSIRT openVuln API 10 | To access the API sign in with your Cisco CCO account at http://apiconsole.cisco.com and register an application 11 | to recieve a client_id and a client_secret 12 | You can then get your token using curl or any other method you prefer. 13 | 'curl -s -k -H "Content-Type: application/x-www-form-urlencoded" -X POST -d "client_id=" -d "client_secret=" -d "grant_type=client_credentials" https://cloudsso.cisco.com/as/token.oauth2' 14 | You will receive an access token as demonstrated in the following example: 15 | '{"access_token":"I7omWtBDAieSiUX3shOxNJfuy4J6","token_type":"Bearer","expires_in":3599}' 16 | In Swagger, click on Change Authentication 17 | enter the text "I7omWtBDAieSiUX3shOxNJfuy4J6" (which is the token you received) 18 | then click on "Try this operation" 19 | contact: 20 | name: Omar Santos 21 | email: os@cisco.com 22 | schemes: 23 | - https 24 | host: api.cisco.com 25 | 26 | securityDefinitions: 27 | psirt_openvuln_api_auth: 28 | type: oauth2 29 | flow: implicit 30 | authorizationUrl: 'https://cloudsso.cisco.com/as/token.oauth2' 31 | scopes: 32 | 'read:advisories': read advisories 33 | 34 | produces: 35 | - application/json 36 | 37 | paths: 38 | /security/advisories/all: 39 | get: 40 | description: > 41 | Used to obtain information about all published security advisories. By default the output is in JSON. To obtain the output in XML use the .xml extension. For example, /advisories/all.xml 42 | security: 43 | - psirt_openvuln_api_auth: 44 | - 'read:advisories' 45 | responses: 46 | '200': 47 | description: Successful response 48 | 49 | /security/advisories/cve/{cve_id}: 50 | get: 51 | description: > 52 | Used to obtain an advisory using a given Common 53 | Vulnerability Enumerator (CVE). The `cve_id` format is CVE-YYYY-NNNN. For 54 | more information about CVE visit http://cve.mitre.org/ 55 | parameters: 56 | - name: cve_id 57 | in: path 58 | description: 'CVE Identifier (i.e., CVE-YYYY-NNNN)' 59 | required: true 60 | type: string 61 | format: CVE-YYYY-NNNN 62 | security: 63 | - psirt_openvuln_api_auth: 64 | - 'read:advisories' 65 | responses: 66 | '200': 67 | description: Successful response 68 | 69 | /security/advisories/advisory/{advisory_id}: 70 | get: 71 | description: > 72 | Used to obtain an advisory given its advisory ID 73 | `advisory_id` (i.e., cisco-sa-20180221-ucdm) 74 | parameters: 75 | - name: advisory_id 76 | in: path 77 | description: advisory ID 78 | required: true 79 | type: string 80 | format: cisco-sa-XXX 81 | security: 82 | - psirt_openvuln_api_auth: 83 | - 'read:advisories' 84 | responses: 85 | '200': 86 | description: Successful response 87 | 88 | /security/advisories/severity/{severity}: 89 | get: 90 | description: > 91 | Used to obtain all security advisories for a given security impact rating 92 | (critical, high, medium, or low). 93 | parameters: 94 | - name: severity 95 | in: path 96 | description: Critical, High, Medium, Low 97 | required: true 98 | type: string 99 | enum: 100 | - critical 101 | - high 102 | - medium 103 | - low 104 | format: enum 105 | security: 106 | - psirt_openvuln_api_auth: 107 | - 'read:advisories' 108 | responses: 109 | '200': 110 | description: Successful response 111 | 112 | /security/advisories/severity/{severity}/lastpublished: 113 | get: 114 | description: > 115 | Used to obtain all security advisories for a given security impact rating 116 | (critical, high, medium, or low). 117 | parameters: 118 | - name: severity 119 | in: path 120 | description: Used to obtain all advisories that have a security impact rating of critical 121 | required: true 122 | type: string 123 | enum: 124 | - critical 125 | - high 126 | - medium 127 | - low 128 | format: enum 129 | - name: startDate 130 | in: query 131 | required: true 132 | type: string 133 | format: string 134 | pattern: ^\d{4}\-(0[1-9]|1[012])\-(0[1-9]|[12][0-9]|3[01])$ 135 | - name: endDate 136 | in: query 137 | required: true 138 | type: string 139 | format: string 140 | pattern: ^\d{4}\-(0[1-9]|1[012])\-(0[1-9]|[12][0-9]|3[01])$ 141 | security: 142 | - psirt_openvuln_api_auth: 143 | - 'read:advisories' 144 | responses: 145 | '200': 146 | description: Successful response 147 | 148 | /security/advisories/severity/{severity}/firstpublished: 149 | get: 150 | description: > 151 | Used to obtain all security advisories for a given security impact rating 152 | (critical, high, medium, or low) and additionally filter based of firstpublished 153 | start date and enddate. 154 | parameters: 155 | - name: severity 156 | in: path 157 | description: Used to obtain all advisories that have a security impact rating of critical 158 | required: true 159 | type: string 160 | enum: 161 | - critical 162 | - high 163 | - medium 164 | - low 165 | format: enum 166 | - name: startDate 167 | in: query 168 | required: true 169 | type: string 170 | format: date 171 | pattern: ^\d{4}\-(0[1-9]|1[012])\-(0[1-9]|[12][0-9]|3[01])$ 172 | - name: endDate 173 | in: query 174 | required: true 175 | type: string 176 | format: date 177 | pattern: ^\d{4}\-(0[1-9]|1[012])\-(0[1-9]|[12][0-9]|3[01])$ 178 | security: 179 | - psirt_openvuln_api_auth: 180 | - 'read:advisories' 181 | responses: 182 | '200': 183 | description: Successful response 184 | 185 | /security/advisories/year/{year}: 186 | get: 187 | description: > 188 | Used to obtain all security advisories that have were orginally published 189 | in a specific year `YYYY`. 190 | parameters: 191 | - name: year 192 | in: path 193 | description: The four digit year. 194 | required: true 195 | type: string 196 | format: YYYY 197 | security: 198 | - psirt_openvuln_api_auth: 199 | - 'read:advisories' 200 | responses: 201 | '200': 202 | description: Successful response 203 | 204 | /security/advisories/latest/{number}: 205 | get: 206 | description: > 207 | Used to obtain all the latest security advisories given an 208 | absolute number. For instance, the latest 10 or latest 5. 209 | parameters: 210 | - name: number 211 | in: path 212 | description: An absolute number to obtain the latest security advisories. 213 | required: true 214 | type: integer 215 | format: number 216 | security: 217 | - psirt_openvuln_api_auth: 218 | - 'read:advisories' 219 | responses: 220 | '200': 221 | description: Successful response 222 | 223 | /security/advisories/product: 224 | get: 225 | description: > 226 | Used to obtain all the advisories that affects the given product name. 227 | parameters: 228 | - name: product 229 | in: query 230 | description: An product name to obtain security advisories that matches given product name. 231 | required: true 232 | type: string 233 | format: string 234 | security: 235 | - psirt_openvuln_api_auth: 236 | - 'read:advisories' 237 | responses: 238 | '200': 239 | description: Successful response 240 | 241 | /security/advisories/ios: 242 | get: 243 | description: > 244 | Used to obtain all advisories that affects the given ios version 245 | parameters: 246 | - name: version 247 | in: query 248 | description: IOS version to obtain security advisories 249 | required: true 250 | type: string 251 | format: string 252 | security: 253 | - psirt_openvuln_api_auth: 254 | - 'read:advisories' 255 | responses: 256 | '200': 257 | description: Successful response 258 | 259 | /security/advisories/iosxe: 260 | get: 261 | description: > 262 | Used to obtain all advisories that affects the given ios version 263 | parameters: 264 | - name: version 265 | in: query 266 | description: IOS version to obtain security advisories 267 | required: true 268 | type: string 269 | format: string 270 | security: 271 | - psirt_openvuln_api_auth: 272 | - 'read:advisories' 273 | responses: 274 | '200': 275 | description: Successful response 276 | 277 | /security/advisories/bugid/{bug_id}: 278 | get: 279 | description: > 280 | Used to obtain an advisory using a given bug_id . The `bug_id` format is start with CSC. 281 | parameters: 282 | - name: bug_id 283 | in: path 284 | description: 'BUG Identifier (i.e., CSCxyNNNNN)' 285 | required: true 286 | type: string 287 | format: CSCxyNNNNN 288 | security: 289 | - psirt_openvuln_api_auth: 290 | - 'read:advisories' 291 | responses: 292 | '200': 293 | description: Successful response 294 | 295 | /security/advisories/aci: 296 | get: 297 | description: > 298 | Used to obtain all advisories that affects the given aci version. 299 | parameters: 300 | - name: version 301 | in: query 302 | description: 'IOS version to obtain security advisories' 303 | required: true 304 | type: string 305 | format: string 306 | security: 307 | - psirt_openvuln_api_auth: 308 | - 'read:advisories' 309 | responses: 310 | '200': 311 | description: Successful response 312 | 313 | /security/advisories/nxos: 314 | get: 315 | description: > 316 | Used to obtain all advisories that affects the given nxos version. 317 | parameters: 318 | - name: version 319 | in: query 320 | description: 'NXOS version to obtain security advisories' 321 | required: true 322 | type: string 323 | format: string 324 | security: 325 | - psirt_openvuln_api_auth: 326 | - 'read:advisories' 327 | responses: 328 | '200': 329 | description: Successful response --------------------------------------------------------------------------------