Short Codes to update scan template through REST API

Short Codes

The rest API /jobs/{jobId}/dastconfig/updatescant is used to update a settings in the scan jobs. The 'scantNodeXpath' value indicates the XPath of the configuration to be updated. For easier usability, short codes are provided for few commonly used Xpaths.

The following list the Short Codes currently available for ‘updatescant’ REST API in AppScan Enterprise:
Short Codes XPath
StartingUrl //ScanConfiguration/Application/StartingUrls/StartingUrl
LoginUsername //ScanConfiguration/UserInput/FormFiller/Group[@LogicalName='InternalAppScanUserName']/Value
LoginPassword //ScanConfiguration/UserInput/FormFiller/Group[@LogicalName='InternalAppScanPassword']/Value
LoginMethod //ScanConfiguration/SessionManagement/SessionManagementMode
CustomHeaders //ScanConfiguration/customHeaders
AccountLockout //ScanConfiguration/AdvancedScanOptions/Group

[@LogicalName='TestOptions']/Key

[@LogicalName='AccountLockoutNumOfAttempts']@Value

AdditionalDomains //ScanConfiguration/Application/AdditionalServers
Exclusions //ScanConfiguration/ExploreFilters/RequestFilters

Usage Examples

In these examples, the scantNodeNewValue is the variable that can be changed.

Changing the starting URL:

{
 "scantNodeXpath":"StartingUrl",
 "scantNodeNewValue":"https://urlTest.com"
 }
Changing the login password:
{
 "scantNodeXpath":"LoginPassword",
 "scantNodeNewValue":"passwordTest", "encryptNodeValue":true
 }
Changing the exclusions:
{
 "scantNodeXpath":"Exclusions",
 "scantNodeNewValue":"<RequestFilter FilterType="Exclude"><Description>Microsoft SharePoint site removal URL</Description><PathPattern><ConfigPattern IsRegularExpression="True"><Pattern>.*/deleteweb.aspx</Pattern></ConfigPattern>
 </PathPattern><ParametersPatterns />
 </RequestFilter><RequestFilter FilterType="Exclude"><Description>test exclusion</Description><PathPattern><ConfigPattern IsRegularExpression="True"><Pattern>.*/error.aspx</Pattern></ConfigPattern></PathPattern><ParametersPatterns /></RequestFilter>"
 }
Note: Every exclusion has a description, a pattern and also Parameter patterns which is optional. The rest API overwrites any existing exclusions configured. Hence, it is required to provide the complete list of exclusions for every addition. This applies to all update of all configurations that have multiple values.
Setting a custom header:
{
 "scantNodeXpath":"CustomHeaders",
 "scantNodeNewValue":"<customHeader><Name>Authorization</Name><HeaderValue>Bearer {0}</HeaderValue><ExtractValueFromBodyRegEx>(?i)value\\s*[:|=]\\s*[\"|']([A-Fa-f0-9]{16})[\"|']</ExtractValueFromBodyRegEx><Enabled>True</Enabled><Type>2</Type></customHeader>"
 }
Note: In this example ExtractValueFromBodyRegEx is a regular expression that extracts a value from the response body. The group within the regular expression (the value between the round brackets) is inserted into the 'HeaderValue' like Authorization: Bearer <value of the group>
Setting a Depth Limit:
{
 "scantNodeXpath":"//ScanConfiguration/ExploreFilters/DepthLimit",
 "shortcodeXPathValue":false,
 "scantNodeNewValue":"25"
 }
Note: To update any configurations that do not have a Short Code provided, add shortcodeXPathValue:false to the json in the body.