AnsweredAssumed Answered

PHP CURL API Request with Criteria

Question asked by MemoryCorruption on Aug 21, 2013
Latest reply on Aug 22, 2013 by Axel

Hello,

 

I've been having some trouble getting the response I'm looking for from the WAS API.  I can get the data back that I need if I just use CURL via the command line and supply it an XML file as the payload, but I can't seem to do it within my application. Is there a way supply criteria to the API without using an XML file as the payload?

 

My working CURL Request looks like this:

curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST"

--data-binary @-

"https://qualysapi.qualys.com/qps/rest/3.0/search/was/wasscansched

ule" < file.xml

 

file.xml looks like:

<ServiceRequest>

      <filters>

           <Criteria field="active" operator="EQUALS">true</Criteria>

           <Criteria field="type" operator="EQUALS">VULNERABILITY</Criteria>

      </filters>

</ServiceRequest>

 

I'm trying to get back all of the active schedules for my WAS scans.  The above request works fine.

 

In PHP i'm trying to do the same thing, here is what I have:

 

    function post_was($url, $username, $password, $payload = NULL) {

 

            $post_string = http_build_query($payload);

            $openWAS_was = curl_init($url);

            curl_setopt($openWAS_was, CURLOPT_USERPWD, $username . ':' . $password);

            curl_setopt($openWAS_was, CURLOPT_HTTPHEADER, array("Content-type: application/x-www-form-urlencoded", "X-Requested-With: myApp"));

            curl_setopt($openWAS_was, CURLOPT_TIMEOUT, 30);

            curl_setopt($openWAS_was, CURLOPT_POST, 1);

            curl_setopt($openWAS_was, CURLOPT_POSTFIELDS, $post_string);

            curl_setopt($openWAS_was, CURLOPT_RETURNTRANSFER, true);

 

            $output = curl_exec($openWAS_was);

 

            return $output;

 

    }

 

My "$payload" is where I have my "Criteria".  It looks like this "active=true&type=Vulnerability". Note that this does return all of my scheduled scans, but it just ignores my POST data. Is this not the proper way to do it?  Is there a better way of doing this? Any help would be appreciated. Thank you.

Outcomes