用來透過 REST API 更新掃描範本的簡碼
簡碼
rest API /jobs/{jobId}/dastconfig/updatescant 是用來更新掃描工作中的設定。'scantNodeXpath' 值表示要更新之配置的 XPath。為了更方便使用,針對一些常用的 Xpaths 提供簡碼。
以下列出針對 AppScan Enterprise 中 ‘updatescant’ REST API 現行可用的「簡碼」:
簡碼 | XPath |
---|---|
StartingUrl | //ScanConfiguration/Application/StartingUrls/StartingUrl |
LoginUsername | //ScanConfiguration/UserInput/FormFiller/Group[@LogicalName='InternalAppScanUserName']/Value |
LoginPassword | //ScanConfiguration/UserInput/FormFiller/Group[@LogicalName='InternalAppScanPassword']/Value |
LoginMethod | //ScanConfiguration/SessionManagement/SessionManagementMode |
CustomHeaders | //ScanConfiguration/customHeaders |
AccountLockout | //ScanConfiguration/AdvancedScanOptions/Group [@LogicalName='TestOptions']/Key [@LogicalName='AccountLockoutNumOfAttempts']@Value |
AdditionalDomains | //ScanConfiguration/Application/AdditionalServers |
排除 | //ScanConfiguration/ExploreFilters/RequestFilters |
用法範例
在這些範例中,scantNodeNewValue 是可以變更的變數。
變更起始 URL:
{
"scantNodeXpath":"StartingUrl",
"scantNodeNewValue":"https://urlTest.com"
}
變更登入密碼:
{
"scantNodeXpath":"LoginPassword",
"scantNodeNewValue":"passwordTest", "encryptNodeValue":true
}
變更排除項目:
{
"scantNodeXpath":"Exclusions",
"scantNodeNewValue":"<RequestFilter FilterType="Exclude"><Description>Microsoft SharePoint site removal URL</Description><PathPattern><ConfigPattern IsRegularExpression="True"><Pattern>.*/deleteweb.aspx</Pattern></ConfigPattern>
</PathPattern><ParametersPatterns />
</RequestFilter><RequestFilter FilterType="Exclude"><Description>test exclusion</Description><PathPattern><ConfigPattern IsRegularExpression="True"><Pattern>.*/error.aspx</Pattern></ConfigPattern></PathPattern><ParametersPatterns /></RequestFilter>"
}
註: 每個排除項目都有說明、型樣,以及選用的參數型樣。Rest API 會改寫已配置的任何現有排除項目。因此,必須為每次新增提供完整的排除項目清單。這適用於具有多個值之所有配置的所有更新。
設定自訂標頭:
{
"scantNodeXpath":"CustomHeaders",
"scantNodeNewValue":"<customHeader><Name>Authorization</Name><HeaderValue>Bearer {0}</HeaderValue><ExtractValueFromBodyRegEx>(?i)value\\s*[:|=]\\s*[\"|']([A-Fa-f0-9]{16})[\"|']</ExtractValueFromBodyRegEx><Enabled>True</Enabled><Type>2</Type></customHeader>"
}
註: 在此範例中,ExtractValueFromBodyRegEx 是規則運算式,它會從回應主體擷取值。規則運算式內的群組(括弧之間的值)會插入至 'HeaderValue',例如 Authorization: Bearer <群組的值>
設定深度限制:
{
"scantNodeXpath":"//ScanConfiguration/ExploreFilters/DepthLimit",
"shortcodeXPathValue":false,
"scantNodeNewValue":"25"
}
註: 如果要更新未提供「簡碼」的任何配置,請將 shortcodeXPathValue:false 新增至主體中的 json。