WebSphere Automation "How To" Series #13 : How to
retrieve a list of vulnerabilities using APIs
Previous blogs in this WebSphere Automation "How To" series :
WebSphere Automation "How To" Series #1 : How to get WebSphere Automation UI URL WebSphere Automation "How To" Series #2 : How to specify user roles and permissions WebSphere Automation "How To" Series #3 : How to configure WebSphere Automation with an Enterprise LDAP WebSphere Automation "How To" Series #4 : How to register WebSphere Application Server traditional servers using configuretWasUsageMetering.py script WebSphere Automation "How To" Series #5 : How to register WebSphere Liberty servers WebSphere Automation "How To" Series #6 : How to configure email server and email addresses for notifications WebSphere Automation "How To" Series #7 : How to setup Instana to send alerts to WebSphere Automation WebSphere Automation "How To" Series #8 : How to setup secure access to Linux or UNIX servers WebSphere Automation "How To" Series #9 : How to trigger a memory leak health investigation when used heap is over 80 percent WebSphere Automation "How To" Series #10 : How to view WebSphere Automation REST APIs using Swagger UIWebSphere Automation "How To" Series #11 : How to get and delete assets using APIsWebSphere Automation "How To" Series #12 : How to get security bulletins using APIsThis post will focus on how to
retrieve a list of vulnerabilities using APIs.
The WebSphere Automation REST APIs enable you to retrieve a list of vulnerabilities that have been identified on an asset that is registered with WebSphere Automation. By using the vulnerabilities operations from the CLI, you can retrieve a full list of the identified vulnerabilities, retrieve the details of a specific vulnerability, or update the details of a specific vulnerability.
The WebSphere Automation REST APIs are technology preview in this release. IBM Docs directly related to WebSphere Automation REST API are located at
https://www.ibm.com/docs/en/ws-automation?topic=technology-preview-viewing-rest-api.
To utilize WebSphere Automation REST APIs through CLI, we need the URL and token values. IBM Docs
https://www.ibm.com/docs/en/ws-automation?topic=technology-preview-viewing-rest-api shows the following details on how to acquire the necessary token value for an authorized user profile.
Get the password for the administrator account.
oc -n WSA_INSTANCE_NAMESPACE get secret admin-user-details -o jsonpath='{.data.initial_admin_password}' | base64 -d && echo
WSA_INSTANCE_NAMESPACE is the namespace of the instance where WebSphere Automation is installed.
Replace <password> in the following command with the value returned from the command above, and use the correct value for WSA_INSTANCE_NAMESPACE.
curl -k -X POST -H 'Content-Type: application/json' -d '{"username":"admin","password":"<password>"}' https://$(oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}')/icp4d-api/v1/authorize | jq -r .token
To get the necessary URL value to use in the curl commands, we can append a prefix of 'https://' and a suffix of '/websphereauto/secvul/apis' around the result of the following command.
oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}'
To set a URL variable on Linux, we could use the following
URL=https://$(oc get route -n WSA_INSTANCE_NAMESPACE -o jsonpath='{.items[?(@.spec.to.name=="ibm-nginx-svc")].spec.host}')/websphereauto/secvul/apis
Now that we've captured the token and URL values, we can show how to utilize the WebSphere Automation REST APIs to
retrieve a list of vulnerabilities.
For this example, we've registered a WebSphere Application Server traditional v9.0.5.10 server and a WebSphere Liberty 21.0.0.12 server with several fixes applied as shown in the following screenshot.
The Swagger UI shows the following available Vulnerabilities operations.
Using CLI with the token value set in a variable TOKEN and url set in a variable URL, we can issue the following command to
retrieve a list of the vulnerabilities and use jq to pretty print the json output. We are showing just the first 14 lines of the result below.
[root@api.XXX.ibm.com Vulnerabilities]# curl -k -X GET "${URL}/vulnerabilities?limit=100" -H "accept: application/json" -H "Authorization: Bearer $TOKEN" | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9745 0 9745 0 0 111k 0 --:--:-- --:--:-- --:--:-- 111k
{
"offset": 0,
"limit": 100,
"total_count": 5,
"results": [
{
"id": "82938ae2-cdfb-3f86-9fb6-2d9787fd3ccd",
"name": "6559306 : IBM J9 VM@bph4a-twas1-1.fyre.ibm.com",
"description": "There are multiple vulnerabilities in the IBM® SDK, Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. These might affect some configurations of IBM WebSphere Application Server traditional and IBM WebSphere Application Server Liberty. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.",
"nId": "39259729-c5a0-37cc-b887-dcda610e4518",
"securityBulletinId": "496d4509-dfe8-3072-a8be-2d394683bf21",
"resolved": true,
"resolutionReason": "fixpack-installed",
"resolutionDate": "2022-05-20T12:50:13Z",
For this example, we can see that there were 5 vulnerabilities detected at one time in this environment. Using the APIs, the maximum number of results returned is determined by the 'limit' parameter. The value must be an integer between 1 and 100. The default 'limit' parameter is 25.
You can find more IBM Docs related to WebSphere Automation at
https://www.ibm.com/docs/en/ws-automation.
#websphere #automation#WSA#WebSphereAutomation