getdynamicflaws.do

Veracode APIs

The getdynamicflaws.do call returns information on a specific flaw.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines. Ensure you access the APIs with the domain for your region.

REST API Equivalent

The REST API equivalent of this call is a GET to /appsec/v2/applications/<guid>/findings/<id>/dynamic_flaw_info. Veracode strongly recommends that you use the REST API for this action. For new integrations, always use the REST APIs.

Resource URL

https://analysiscenter.veracode.com/api/5.0/getdynamicflaws.do

Permissions

You need the Results API role to use this call.

Parameters

Name Type Description
build_id

Required

Integer Application or sandbox build ID.
flaw_id

Required

Integer Find flaw IDs on the Triage Flaws page in the Veracode Platform or in the issueid fields returned by the Detailed Report API.

To locate the parameters for getdynamicflaws.do:

  1. Call getapplist.do to locate the app_id for your application.
  2. Call getbuildlist.do with the app_id to locate the current build_id for your application.
  3. Call detailedreport.do with the build_id to locate a flaw_id.
  4. In the XML code of the detailed report, find the report section for the target flaw and then find the issueid element in that section. The issueid is the flaw_id.

HTTPie Example

Examples use the HTTPie command-line tool. See Using HTTPie with the Python Authentication Library.

http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getdynamicflaws.do" "build_id==<build id>" "flaw_id==2"

HTTPie Results

The getdynamicflaws.do call returns the dynamicfinding XML document, which references the dynamicfinding.xsd schema file. You can use the XSD schema file to validate the XML data.

<?xml version="1.0" encoding="UTF-8"?>

<dynamicfinding xmlns:xsi="http&#x3a;&#x2f;&#x2f;www.w3.org&#x2f;2001&#x2f;XMLSchema-instance" 
         xmlns="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;4.0&#x2f;dynamicfinding" 
         xsi:schemaLocation="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;4.0&#x2f;dynamicfinding 
         https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;resource&#x2f;4.0&#x2f;dynamicscaninfo.xsd" 
         app_id="<app id>" build_id="<build id>" flaw_id="2" engine_version="" cwe_id="402" 
         description="The security cookie does not have the &#x22;HttpOnly&#x22; attribute set. Using this attribute helps 
            to prevent client-side Javascript from accessing the cookie, thereby mitigating one of the most common XSS exploit 
            scenarios.&#xa;" remediation="Unless the application requires that cookies be accessible to Javascript code, set 
            the &#x22;HttpOnly&#x22; attribute when generating cookies.&#xa;" 
         parameter_type="" 
         parameter_name="" 
         parameter="Set-Cookie security HTTP response header" 
         original_arg="" 
         raw_response="HTTP&#x2f;1.1 302 Found&#xd;&#xa;Date&#x3a; Tue, 01 Oct 2019 20&#x3a;46&#x3a;15 GMT&#xd;&#xa;Server&#x3a; 
             Apache&#xd;&#xa;Set-Cookie&#x3a; PHPSESSID&#x3d;3696on897sncfp18jb800jnvfl&#x3b; path&#x3d;&#x2f;&#xd;&#xa;Expires&#x3a; 
             Thu, 19 Nov 1981 08&#x3a;52&#x3a;00 GMT&#xd;&#xa;Cache-Control&#x3a; no-store, no-cache, must-revalidate&#xd;&#xa;Pragma&#x3a; 
             no-cache&#xd;&#xa;Set-Cookie&#x3a; PHPSESSID&#x3d;3696on897sncfp18jb800jnvfl&#x3b; path&#x3d;&#x2f;&#xd;&#xa;Set-Cookie&#x3a; 
             security&#x3d;low&#xd;&#xa;Location&#x3a; login.php&#xd;&#xa;Keep-Alive&#x3a; timeout&#x3d;65, max&#x3d;100&#xd;&#xa;Connection&#x3a; 
             Keep-Alive&#xd;&#xa;Content-Type&#x3a; text&#x2f;html&#x3b; charset&#x3d;UTF-8&#xd;&#xa;Content-Length&#x3a; 0&#xd;&#xa;&#xd;&#xa;" 
             injected_arg="" referer_url="">
   <request host="www.example.com" port="80" secure="false" raw_request="GET &#x2f; HTTP&#x2f;1.1&#xd;&#xa;Host&#x3a; 
             www.example.com#xd;&#xa;User-Agent&#x3a; Mozilla&#x2f;5.0 &#x28;Windows NT 5.2&#x3b; WOW64&#x3b; rv&#x3a;21.0&#x29; 
             Gecko&#x2f;20100101 Firefox&#x2f;21.0&#x2f;Veracode Security Scan&#x2f;support&#x40;veracode.com&#xd;&#xa;Accept&#x3a; 
             &#x2a;&#x2f;&#x2a;&#xd;&#xa;Connection&#x3a; keep-alive&#xd;&#xa;Accept-Encoding&#x3a; identity&#xd;&#xa;Accept-Language&#x3a; 
             en-us,en&#x3b;q&#x3d;0.5&#xd;&#xa;Content-Length&#x3a; 0&#xd;&#xa;&#xd;&#xa;" method="GET" protocol="HTTP" 
             url="http&#x3a;&#x2f;&#x2f;dvwa.sa.veracode.io&#x2f;" path="&#x2f;" uri="&#x2f;" body="">
      <header name="Host" value="www.example.com"/>
      <header name="User-Agent" value="Mozilla&#x2f;5.0 &#x28;Windows NT 5.2&#x3b; WOW64&#x3b; rv&#x3a;21.0&#x29; Gecko&#x2f;20100101 
         Firefox&#x2f;21.0&#x2f;Veracode Security Scan&#x2f;support&#x40;veracode.com"/>
      <header name="Accept" value="&#x2a;&#x2f;&#x2a;"/>
      <header name="Connection" value="keep-alive"/>
      <header name="Accept-Encoding" value="identity"/>
      <header name="Accept-Language" value="en-us,en&#x3b;q&#x3d;0.5"/>
      <header name="Content-Length" value="0"/>
   </request>
</dynamicfinding>