AnsweredAssumed Answered

Profile id required in API scan launch?

Question asked by Q Nimbus on Mar 20, 2012
Latest reply on Mar 20, 2012 by nadouani

The WAS API User Guide v2.2 document states on page 57 the following input elements for launching a new scan via the API 3.0:

 

Required ElementsOptional Elements
name (Text)optionProfile (Text)
webApp.name (Text)scannerAppliance (Text)
type (Keyword: DISCOVERY or VULNERABILITY)webAppAuthRecord (Text)

 

 

However, when launching a scan via curl without an option profile, I receive an error.

 

POST XML:

<ServiceRequest>
    <data>
        <WasScan>
            <name>Cheese API</name>
            <type>VULNERABILITY</type> 
            <target>
                <webApp>
                    <id>[redacted]</id>
                </webApp>
            </target>
        </WasScan>
    </data>
</ServiceRequest>

 

Error response:

$ curl -u "username:password" -H "content-type: text/xml" -X "POST" -d @- "https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan" < data.xml
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">
  <responseCode>INVALID_REQUEST</responseCode>
  <responseErrorDetails>
    <errorMessage>profile: Element is required.</errorMessage>
  </responseErrorDetails>
</ServiceResponse>

 

When I modify data to include an option profile -- the same option profile listed as default for the web app -- then the API call is successful.

 

POST XML:

<ServiceRequest>
    <data>
        <WasScan>
            <name>Cheese API</name>
            <type>VULNERABILITY</type> 
            <target>
                <webApp>
                    <id>[redacted]</id>
                </webApp>
            </target>
            <profile>
                <id>[redacted]</id>
            </profile>
        </WasScan>
    </data>
</ServiceRequest>

 

Response:

 

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">
  <responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <WasScan>
      <id>[redacted]</id>
    </WasScan>
  </data>
</ServiceResponse>

 

 

Why is the option profile listed as optional?

Outcomes