WebSphere Application Server & Liberty

 View Only

WebSphere Automation "How To" Series #12 : How to get security bulletins using APIs

By Brian Hanczaryk posted Mon May 30, 2022 06:57 AM

  
WebSphere Automation "How To" Series #12 : How to get security bulletins using APIs

Previous blogs in this WebSphere Automation "How To" series :
WebSphere Automation "How To" Series #1 : How to get WebSphere Automation UI URL 
WebSphere Automation "How To" Series #2 : How to specify user roles and permissions 
WebSphere Automation "How To" Series #3 : How to configure WebSphere Automation with an Enterprise LDAP 
WebSphere Automation "How To" Series #4 : How to register WebSphere Application Server traditional servers using configuretWasUsageMetering.py script 
WebSphere Automation "How To" Series #5 : How to register WebSphere Liberty servers 
WebSphere Automation "How To" Series #6 : How to configure email server and email addresses for notifications 
WebSphere Automation "How To" Series #7 : How to setup Instana to send alerts to WebSphere Automation 
WebSphere Automation "How To" Series #8 : How to setup secure access to Linux or UNIX servers 
WebSphere Automation "How To" Series #9 : How to trigger a memory leak health investigation when used heap is over 80 percent 
WebSphere Automation "How To" Series #10 : How to view WebSphere Automation REST APIs using Swagger UI
WebSphere Automation "How To" Series #11 : How to get and delete assets using APIs


This post will focus on how to get security bulletins using APIs.

The WebSphere Automation REST APIs are technology preview in this release. IBM Docs directly related to WebSphere Automation REST API are located at https://www.ibm.com/docs/en/ws-automation?topic=technology-preview-viewing-rest-api.

To utilize WebSphere Automation REST APIs through CLI, we need the URL and token values. IBM Docs https://www.ibm.com/docs/en/ws-automation?topic=technology-preview-viewing-rest-api shows the following details on how to acquire the necessary token value for an authorized user profile.

Get the password for the administrator account.
oc -n WSA_INSTANCE_NAMESPACE get secret admin-user-details -o jsonpath='{.data.initial_admin_password}' | base64 -d && echo

WSA_INSTANCE_NAMESPACE is the namespace of the instance where WebSphere Automation is installed.

Replace <password> in the following command with the value returned from the command above, and use the correct value for WSA_INSTANCE_NAMESPACE.
curl -k -X POST -H 'Content-Type: application/json' -d '{"username":"admin","password":"<password>"}' https://$(oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}')/icp4d-api/v1/authorize | jq -r .token

To get the necessary URL value to use in the curl commands, we can append a prefix of 'https://' and a suffix of '/websphereauto/secvul/apis' around the result of the following command.
oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}'

To set a URL variable on Linux, we could use the following
URL=https://$(oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}')/websphereauto/secvul/apis

Now that we've captured the token and URL values, we can show how to utilize the WebSphere Automation REST APIs to get security bulletins.

For this example, we've registered a WebSphere Application Server traditional v9.0.5.10 server and a WebSphere Liberty 21.0.0.12 server with several fixes applied as shown in the following screenshot.

Security_1


The Swagger UI shows the following available Bulletins operations.

Bulletins_1


Using CLI with the token value set in a variable TOKEN and url set in a variable URL, we can issue the following command to get the security bulletins and use jq to pretty print the json output. We are showing just the first eight lines of the result below.

[root@api.XXX.ibm.com Bulletins]# curl -k -X GET "${URL}/bulletins?limit=100" -H "accept: application/json" -H "Authorization: Bearer $TOKEN" | jq . 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  190k    0  190k    0     0  1070k      0 --:--:-- --:--:-- --:--:-- 1070k

{
  "offset": 0,
  "limit": 100,
  "total_count": 165,
  "results": [
    {
      "id": "ab2b73db-364e-37a9-8625-b85da544d6fb",
      "name": "Security Bulletin: 6206850",


For this example, we can see that there are 165 security bulletins. Using the APIs, the maximum number of results returned is determined by the 'limit' parameter. The value must be an integer between 1 and 100. The default 'limit' parameter is 25.

Therefore, to view retrieve 165 security bulletins, we will need to issue at least two commands. The 'offset' parameter specifies how many resources to skip over, given the order of the collection. If the 'offset' parameter is not specified, it defaults to 0. Using the 'limit' parameter and 'offset' parameter, we can retrieve all 165 security bulletins with the following two commands.
[root@api.XXX.ibm.com Bulletins]# curl -k -X GET "${URL}/bulletins?limit=100" -H "accept: application/json" -H "Authorization: Bearer $TOKEN" | jq . 
[root@api.XXX.ibm.com Bulletins]# curl -k -X GET "${URL}/bulletins?limit=100&offset=100" -H "accept: application/json" -H "Authorization: Bearer $TOKEN" | jq . 


In this example, if we wanted to get the 165th security bulletin only, we could utilize the following command.
[root@api.XXX.ibm.com Bulletins]# curl -k -X GET "${URL}/bulletins?limit=1&offset=164" -H "accept: application/json" -H "Authorization: Bearer $TOKEN" | jq . 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2889    0  2889    0     0  68785      0 --:--:-- --:--:-- --:--:-- 68785

{
  "offset": 164,
  "limit": 1,
  "total_count": 165,
  "results": [
    {
      "id": "60a240e9-da7d-3443-b72e-80923b479537",
      "name": "Security Bulletin: 959023",
      "created": "2022-05-19T16:37:39Z",
      "createdBy": "cve-monitor",
      "updated": "2022-05-19T16:37:39Z",
      "updatedBy": "cve-monitor",
      "links": {
        "self": {
          "rel": "self",
          "href": "https://cpd-websphere-automation.apps.XXX.ibm.com/60a240e9-da7d-3443-b72e-80923b479537",
          "type": "application/json",
          "title": "self"
        },
        "vulnerabilities": {
          "rel": "related",
          "href": "https://cpd-websphere-automation.apps.XXX.ibm.com/vulnerabilities?securityBulletinId=60a240e9-da7d-3443-b72e-80923b479537",
          "type": "application/json",
          "title": "vulnerabilities"
        }
      },
      "bulletinId": "959023",
      "url": "https://www.ibm.com/support/pages/node/959023",
      "cves": [
        {
          "id": "CVE-2019-4441",
          "description": "IBM WebSphere Application Server could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.",
          "cvssBaseScore": 5.3
        }
      ],
      "summary": "There is a potential information disclosure vulnerability in IBM WebSphere Application Server.",
      "operatingSystems": [
        "AIX",
        "z/OS",
        "HP-UX",
        "Linux",
        "Solaris",
        "Windows",
        "IBM i"
      ],
      "affectedProducts": {
        "traditional": [
          {
            "version": "7.0",
            "remediations": [
              {
                "startVersion": "7.0.0.0",
                "endVersion": "7.0.0.45",
                "iFixes": [
                  "PH13983"
                ]
              }
            ]
          },
          {
            "version": "9.0",
            "remediations": [
              {
                "startVersion": "9.0.0.0",
                "endVersion": "9.0.5.1",
                "operator": "OR",
                "iFixes": [
                  "PH13983"
                ],
                "fixPack": "9.0.5.2"
              }
            ]
          },
          {
            "version": "8.5",
            "remediations": [
              {
                "startVersion": "8.5.0.0",
                "endVersion": "8.5.5.16",
                "operator": "OR",
                "iFixes": [
                  "PH13983"
                ],
                "fixPack": "8.5.5.17"
              }
            ]
          },
          {
            "version": "8.0",
            "remediations": [
              {
                "startVersion": "8.0.0.0",
                "endVersion": "8.0.0.15",
                "iFixes": [
                  "PH13983"
                ]
              }
            ]
          }
        ],
        "liberty": [
          {
            "version": "17.0",
            "remediations": [
              {
                "startVersion": "17.0.0.1",
                "endVersion": "17.0.0.4",
                "operator": "OR",
                "iFixes": [
                  "PH13983"
                ],
                "fixPack": "19.0.0.11"
              }
            ],
            "features": [
              "jsp-2.2",
              "jsp-2.3"
            ]
          },
          {
            "version": "16.0",
            "remediations": [
              {
                "startVersion": "16.0.0.1",
                "endVersion": "16.0.0.4",
                "operator": "OR",
                "iFixes": [
                  "PH13983"
                ],
                "fixPack": "19.0.0.11"
              }
            ],
            "features": [
              "jsp-2.2",
              "jsp-2.3"
            ]
          },
          {
            "version": "18.0",
            "remediations": [
              {
                "startVersion": "18.0.0.1",
                "endVersion": "18.0.0.4",
                "operator": "OR",
                "iFixes": [
                  "PH13983"
                ],
                "fixPack": "19.0.0.11"
              }
            ],
            "features": [
              "jsp-2.2",
              "jsp-2.3"
            ]
          },
          {
            "version": "19.0",
            "remediations": [
              {
                "startVersion": "19.0.0.1",
                "endVersion": "19.0.0.10",
                "operator": "OR",
                "iFixes": [
                  "PH13983"
                ],
                "fixPack": "19.0.0.11"
              }
            ],
            "features": [
              "jsp-2.2",
              "jsp-2.3"
            ]
          }
        ]
      }
    }
  ],
  "first": {
    "rel": "first",
    "href": "https://cpd-websphere-automation.apps.XXX.ibm.com/bulletins?limit=1",
    "type": "application/json",
    "title": "first"
  },
  "last": {
    "rel": "last",
    "href": "https://cpd-websphere-automation.apps.XXX.ibm.com/bulletins?offset=164&limit=1",
    "type": "application/json",
    "title": "last"
  },
  "previous": {
    "rel": "previous",
    "href": "https://cpd-websphere-automation.apps.XXX.ibm.com/bulletins?offset=163&limit=1",
    "type": "application/json",
    "title": "previous"
  }
}


You can find more IBM Docs related to WebSphere Automation at https://www.ibm.com/docs/en/ws-automation.
#websphere#automation#WSA #WebSphereAutomation​​​​
0 comments
25 views

Permalink