uploadlargefile.do
The uploadlargefile.do call uploads a single file as a set of parts to an existing build or creates a build. Uploading the file in parts avoids timeout errors, which can occur when uploading a large file using the uploadfile.do call.
Veracode recommends using this call as an alternative to the uploadfile.do call. Before using this API, Veracode strongly recommends that you read API usage and access guidelines. Ensure you access the APIs with the domain for your region.
Before uploading additional files, ensure that:
- An upload or prescan is not in progress.
- The
beginscan.docall is not in progress. - If you recently ran the
beginscan.docall, you did not setauto_scantotrue.
Because the uploadlargefile.do call creates a build, if one does not already exist or if the most recent build has a published static scan, you do not need to call createbuild.do. If the call creates a build, the build name is the date of the build with the scan type. For example, 03 Mar 2019 Static.
If you want to upload a file that does not have the same name as a previous file, you can use the filename parameter to change the name, enabling flaw-matching with previously scanned files.
Resource URL
https://analysiscenter.veracode.com/api/5.0/uploadlargefile.do
Header requirements
- Set
Content-Length: <number of bytes in the file> - Set
Content-Type: binary/octet-stream
Parameters
| Name | Type | Description |
|---|---|---|
app_idRequired | Integer | Application ID. |
fileRequired | String | File to upload. The maximum file size is 2GB. NOTE: You must enter the @ symbol before the entire pathname, including the specific filename. |
filename | String | Enter a new, unique filename for the uploaded file. The filename cannot begin or end with slashes or periods. |
sandbox_id | Integer | Enter the ID of the target sandbox for the upload file. |
Java example
This call supports the HTTP POST method. Because HTTPie does not support streaming uploads, you can use this Java example as an alternative to HTTPie.
java -jar vosp-api-wrappers-java-<version>.jar -vid <Veracode API ID> -vkey <Veracode API key> -action uploadfile -app_id <Veracode application ID> -filepath c:\Users\<username>\<filename>
Java results
The uploadlargefile.do call returns the filelist XML document, which references the filelist.xsd schema file. You can use the XSD schema file to validate the XML data.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<filelist xmlns="https://analysiscenter.veracode.com/schema/2.0/filelist"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
account_id=<account ID> app_id=<application ID> build_id=<build ID> filelist_version="1.1"
xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/filelist
https://analysiscenter.veracode.com/resource/2.0/filelist.xsd">
<file file_id=<file ID> file_name="<filename>" file_status="Uploaded"/>
</filelist>
Python example
This call supports the HTTP POST method. Because HTTPie does not support streaming uploads, you can use this Python script example as an alternative to HTTPie.
import os
import sys
import requests
import configparser
from veracode_api_signing.plugin_requests import RequestsAuthPluginVeracodeHMAC
def parse_veracode_credentials(file_path: str) -> dict:
config = configparser.ConfigParser()
config.read(file_path)
if 'default' not in config:
raise KeyError(f"Section 'default' not found in the credentials file: {file_path}")
credentials = {
'veracode_api_key_id': config['default'].get('veracode_api_key_id'),
'veracode_api_key_secret': config['default'].get('veracode_api_key_secret')
}
if not credentials['veracode_api_key_id'] or not credentials['veracode_api_key_secret']:
raise KeyError("Credentials file is missing required API key ID or secret")
return credentials
def main(file_path: str, app_id: str):
if not app_id.isdigit():
raise ValueError("App ID must be numeric")
credentials_file = os.path.expanduser('~/.veracode/credentials')
if not os.path.exists(credentials_file):
print(f"Credentials file does not exist: {credentials_file}")
sys.exit(1)
try:
credentials = parse_veracode_credentials(credentials_file)
except ValueError as e:
print(f"Error: {e}")
sys.exit(1)
if not os.path.exists(file_path):
print(f"File does not exist: {file_path}")
sys.exit(1)
print(f"Veracode API Key ID: {credentials.get('veracode_api_key_id')}")
try:
file_size = os.path.getsize(file_path)
base_filename = os.path.basename(file_path)
with open(file_path, 'rb') as file:
headers = {
'Content-Type': 'binary/octet-stream',
'Content-Length': str(file_size)
}
resp = requests.post(
'https://analysiscenter.veracode.com/api/5.0/uploadlargefile.do',
headers=headers,
params={'app_id': app_id, 'filename': base_filename},
data=file,
auth=RequestsAuthPluginVeracodeHMAC(
credentials['veracode_api_key_id'],
credentials['veracode_api_key_secret']
)
)
except Exception as err:
print(f'Error occurred: {err}')
sys.exit(1)
else:
print(f'Req Headers: {resp.request.headers}')
print(f'Resp Code: {resp.status_code}\nResp Text: {resp.text}')
if __name__ == "__main__":
if len(sys.argv) != 3:
print("Usage: python script.py <file_path> <app_id>")
sys.exit(1)
file_path = sys.argv[1]
app_id = sys.argv[2]
try:
main(file_path, app_id)
except Exception as e:
print(f"Error: {e}")
sys.exit(1)