Create a credentials variable for Dynamic Analysis login scripts with the REST API
You can use the Dynamic Analysis API to update credentials fields in login scripts by creating a scan engine variable that the API uses at runtime.
With a variable login script you do not need to know the credentials for the application to which Dynamic Analysis is logging in, nor do you need to create a new login script every time the credentials values change.
To configure variables in the Veracode Platform, see 05_da_web_configure_scanner_variables.md.
See the example login scripts.
Example Python code for using the scan engine variables API feature is available from https://github.com/anon-veracoder/veracode-dynamic-analysis-api-examples.
To complete this task:
-
Add the values for the
description
,value
, and, optional,reference_key
properties in the JSON file. The reference key is the value you use in your login script. Alternatively, you can use thescanner_variable_id
that the API returns in response to a POST in your login scripts. -
Send the following request:
http --auth-type=veracode_hmac POST "https://api.veracode.com/was/configservice/v1/scanner_variables" < input.json
This is an example of how to create a new scan engine variable key-value pair:
{
"description": "Password key for my application",
"reference_key": "MY_PASSWORD_KEY",
"value": "Passw0rd123"
}This example adds the
totp
property set totrue
to indicate that the value is a time-based one-time password (TOTP) secret. You use TOTP secrets to sign in to URLs that require multifactor authentication (MFA). See the example Selenium scripts.{
"description": "Password key for my application",
"reference_key": "MY_PASSWORD_KEY",
"value": "Passw0rd123"
"totp": true
}This is an excerpt of a Selenium login script that references the key
MY_PASSWORD_KEY
. When the dynamic scan engine executes the login script, the valuePassw0rd123
replaces the key${MY_PASSWORD_KEY}
at runtime. The login script does not return the key value, which remains hidden from users.{
"name": "Name-of-Your-Dynamic-Analysis",
"id": "5045080b-99ad-47e9-a8a6-7897bf4b5975",
"comment": "",
"request": "type",
"target": "name=password",
"targets": [
[
"name=password",
"name"
],
[
"css=tr:nth-child(7) input:nth-child(2)",
"css:finder"
],
[
"xpath=//input[@name='password']",
"xpath:attributes"
],
[
"xpath=//tr[7]/td[2]/form/input[2]",
"xpath:position"
]
],
"value": "${MY_PASSWORD_KEY}"
}