com.rapid7.appspider

Class EnterpriseRestClient

java.lang.Object

com.rapid7.appspider.EnterpriseRestClient

All Implemented Interfaces:

EnterpriseClient

public final class EnterpriseRestClient
extends Object
implements EnterpriseClient

Provides methods to communicating with AppSpider Enterprise while obsuring the implementation details of that communication.

Constructor Summary

Constructors

Constructor and Description
EnterpriseRestClient(HttpClientService clientService, String restEndPointUrl, ApiSerializer apiSerializer, ContentHelper contentHelper, LoggerFacade logger) Instantiates a new instance of the EnterpriseClient class

Method Summary

Modifier and Type	Method and Description
Optional<List<ClientIdNamePair>>	getClientNameIdPairs(String authToken) gets an array of all name/id pairs of clients that the authorized user can access
Optional<String[]>	getConfigNames(String authToken) returns String[] of scan config names
Optional<String>	getEngineGroupIdFromName(String authToken, String engineGroupName) fetches the unique id of the engine group given by engineGroupName
Optional<String[]>	getEngineGroupNamesForClient(String authToken) fetches the names of available engine groups
Optional<InputStream>	getReportZip(String authToken, String scanId) provides InputStream for the request report zip
Optional<String>	getScanStatus(String authToken, String scanId) gets the current status of the scan identified by scanId
String	getUrl() returns the full URL for the enterprise rest endpoint
Optional<String>	getVulnerabilitiesSummaryXml(String authToken, String scanId) gets the vulnerability summary XML as a String
boolean	hasReport(String authToken, String scanId) determines if a scan identified by scanId has a report or not
boolean	isScanFinished(String authToken, String scanId) determines if the scan identified by scanId has finished
Optional<String>	login(AuthenticationModel authModel) calls the /Authentication/Login endpoint with provided details
ScanResult	runScanByConfigName(String authToken, String configName) starts a new scan using configuration matching configName
boolean	saveConfig(String authToken, String name, URL url, String engineGroupId) calls the /Configs/SaveConfig endpoint using the provided data to create or update a configuration
boolean	testAuthentication(AuthenticationModel authModel) calls the /Authentication/Login endpoint with provided details returning true if credentials are valid

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

EnterpriseRestClient

public EnterpriseRestClient(HttpClientService clientService,
                            String restEndPointUrl,
                            ApiSerializer apiSerializer,
                            ContentHelper contentHelper,
                            LoggerFacade logger)

Instantiates a new instance of the EnterpriseClient class

Parameters:

clientService - helper that works directly with lower level HttpClient methods

restEndPointUrl - base endpoint including /rest/v1 or equilvalent path

apiSerializer - Helper class providing handling of HttpResponse to JSONObject methods

contentHelper - Helper class providing parsing and encoding methods to support api calls

logger - logger used for diagnostic output

Throws:

IllegalArgumentException - thrown if any of the arguments are null or if restEntPointUrl is empty

Method Detail

getUrl

public String getUrl()

returns the full URL for the enterprise rest endpoint

Specified by:

getUrl in interface EnterpriseClient

Returns:

the full URL for the enterprise rest endpoint

login

public Optional<String> login(AuthenticationModel authModel)

calls the /Authentication/Login endpoint with provided details

Specified by:

login in interface EnterpriseClient

Parameters:

authModel - authentication details such as username, password and optionally clientId

Returns:

on success Optional containing the authorization token; otherwise empty

testAuthentication

public boolean testAuthentication(AuthenticationModel authModel)

calls the /Authentication/Login endpoint with provided details returning true if credentials are valid

Specified by:

testAuthentication in interface EnterpriseClient

Parameters:

authModel - authentication details such as username, password and optionally clientId

Returns:

true if endpoint returns authorization token; otherwise, false

getEngineGroupNamesForClient

public Optional<String[]> getEngineGroupNamesForClient(String authToken)

fetches the names of available engine groups

Specified by:

getEngineGroupNamesForClient in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

Returns:

On success an Optional containing an array of Strings representing the names of available engine groups; otherwise, Optional.empty()

getEngineGroupIdFromName

public Optional<String> getEngineGroupIdFromName(String authToken,
                                                 String engineGroupName)

fetches the unique id of the engine group given by engineGroupName

Specified by:

getEngineGroupIdFromName in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

engineGroupName - name of the engine to get the id of

Returns:

Optional containing the id of the engine group if found; otherwise, Optional.empty()

runScanByConfigName

public ScanResult runScanByConfigName(String authToken,
                                      String configName)

starts a new scan using configuration matching configName

Specified by:

runScanByConfigName in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

configName - name of the config to run

Returns:

ScanResult containing details on the success of the request and if successful the unique id of the scan

getScanStatus

public Optional<String> getScanStatus(String authToken,
                                      String scanId)

gets the current status of the scan identified by scanId

Specified by:

getScanStatus in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

scanId - unique scan identifier of the scan

Returns:

Optional containing current scan status as String on success; Otherwise Optional.empty()

isScanFinished

public boolean isScanFinished(String authToken,
                              String scanId)

determines if the scan identified by scanId has finished

Specified by:

isScanFinished in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

scanId - unique scan identifier of the scan

Returns:

true if scan has finished regardless of how it finished, or false if it hasn't

hasReport

public boolean hasReport(String authToken,
                         String scanId)

determines if a scan identified by scanId has a report or not

Specified by:

hasReport in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

scanId - unique scan identifier of the scan

Returns:

true if the scan has a report; otherwise, false

getConfigNames

public Optional<String[]> getConfigNames(String authToken)

returns String[] of scan config names

Specified by:

getConfigNames in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

Returns:

String[] of all scan config names

saveConfig

public boolean saveConfig(String authToken,
                          String name,
                          URL url,
                          String engineGroupId)

calls the /Configs/SaveConfig endpoint using the provided data to create or update a configuration

Specified by:

saveConfig in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

name - name of the scanconfig to save

url - target URL for the scan

engineGroupId - unique engine group id for the engine(s) to be used to execute the scan

Returns:

true on success; otherwise, false

getVulnerabilitiesSummaryXml

public Optional<String> getVulnerabilitiesSummaryXml(String authToken,
                                                     String scanId)

gets the vulnerability summary XML as a String

Specified by:

getVulnerabilitiesSummaryXml in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

scanId - unique scan identifier of the scan to provide report for

Returns:

Optional containing the vulnerability summary as XML String on success; otherwise, Optional.empty()

getReportZip

public Optional<InputStream> getReportZip(String authToken,
                                          String scanId)

provides InputStream for the request report zip

Specified by:

getReportZip in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

scanId - unique scan identifier of the scan to provide report for

Returns:

Optional containing InputStream on success; otherwise, Optional.empty()

getClientNameIdPairs

public Optional<List<ClientIdNamePair>> getClientNameIdPairs(String authToken)

gets an array of all name/id pairs of clients that the authorized user can access

Specified by:

getClientNameIdPairs in interface EnterpriseClient

Parameters:

authToken - authorization token required to execute request

Returns:

array of ClientIdNamePair objects representing the id's and names of accessible clients