AnsweredAssumed Answered

Profile id required in API scan launch?

Question asked by Parag Baxi on Mar 20, 2012
Latest reply on Mar 20, 2012 by nadouani

The WAS API User Guide v2.2 document states on page 57 the following input elements for launching a new scan via the API 3.0:

 

Required ElementsOptional Elements
name (Text)optionProfile (Text)
webApp.name (Text)scannerAppliance (Text)
type (Keyword: DISCOVERY or VULNERABILITY)webAppAuthRecord (Text)

 

 

However, when launching a scan via curl without an option profile, I receive an error.

 

POST XML:

<ServiceRequest>
    <data>
        <WasScan>
            <name>Cheese API</name>
            <type>VULNERABILITY</type> 
            <target>
                <webApp>
                    <id>[redacted]</id>
                </webApp>
            </target>
        </WasScan>
    </data>
</ServiceRequest>

 

Error response:

$ curl -u "username:password" -H "content-type: text/xml" -X "POST" -d @- "https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan" < data.xml
<?xml version="1.0" encoding="UTF-8"?>
<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">
  <responseCode>INVALID_REQUEST</responseCode>
  <responseErrorDetails>
    <errorMessage>profile: Element is required.</errorMessage>
  </responseErrorDetails>
</ServiceResponse>

 

When I modify data to include an option profile -- the same option profile listed as default for the web app -- then the API call is successful.

 

POST XML:

<ServiceRequest>
    <data>
        <WasScan>
            <name>Cheese API</name>
            <type>VULNERABILITY</type> 
            <target>
                <webApp>
                    <id>[redacted]</id>
                </webApp>
            </target>
            <profile>
                <id>[redacted]</id>
            </profile>
        </WasScan>
    </data>
</ServiceRequest>

 

Response:

 

<ServiceResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://qualysapi.qualys.com/qps/xsd/3.0/was/wasscan.xsd">
  <responseCode>SUCCESS</responseCode>
  <count>1</count>
  <data>
    <WasScan>
      <id>[redacted]</id>
    </WasScan>
  </data>
</ServiceResponse>

 

 

Why is the option profile listed as optional?

Outcomes