Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log in to VINCE.
  2. Go to your User Profile.
  3. Scroll down to "Generate API Key".
  4. Copy they API key to a safe place, you will not be able to access it again. If lost, you need to regenerate a new one.
  5. Use the API key in the headers of your request as shown below.

Code Block
languagepy
headers={'Authorization': "Token {}".format(token)}

...

Code Block
languagepy
# get information about organizations you belong to:
api = 'https://kb.cert.org/vince/comm/api/vendor/'
headers={'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/api/vendor #get information about vendors you belong to
[   {   'emails': ['test@example.com'],
        'id': 3548,
        'users': ['vince.user'],
        'vendor_name': 'VendorCorp'},
    {   'emails': ['test@example.com'],
        'id': 3551,
        'users': ['vince.user'],
        'vendor_name': 'Testing Co'},
    {   'emails': ['test@example.com', 'test3@example.com'],
        'id': 3549,
        'users': ['vince.user', 'Vince User'],
        'vendor_name': 'Testing Vendor'}]

...

Code Block
languagepy
# get a list of your cases
headers={'Authorization': "Token {}".format(token)}
api = 'https://kb.cert.org/vince/comm/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/api/cases # get a list of cases involved in
[   {   'created': '2020-06-11T18:51:48.204903Z',
        'due_date': None,
        'status': 'Active',
        'summary': 'test',
        'title': 'test',
        'vuid': '782161'},
    {   'created': '2020-04-28T19:48:50.216317Z',
        'due_date': '2018-07-23T14:20:09Z',
        'status': 'Inactive',
        'summary': 'TechSmash firmware or operating system software drivers '
                   'may not sufficiently validate elliptic curve parameters '
                   'used to generate public keys during a Diffie-Hellman key '
                   'exchange, which may allow a remote attacker to obtain the '
                   'encryption key used by the device',
        'title': 'TechSmash implementations may not sufficiently validate '
                 'elliptic curve parameters during Diffie-Hellman key exchange',
        'vuid': '3123125'}]

...

Get case metadata

Code Block
languagepy
# get information about VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: vince/comm/api/case/701852/ # get information about a specific case
{   'created': '2020-06-11T18:51:48.204903Z',
    'due_date': None,
    'status': 'Active',
    'summary': 'test',
    'title': 'test',
    'vuid': '785701'}

Get posts for case

Code Block
languagepy
# get all posts for case VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/posts/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: vince/comm/api/case/posts/701852/ # get all posts for a specific case
[   {   'author': 'vince.user',
        'content': 'The [draft vulnerability '
                   'note](http://localhost:8000/vince/comm/case/18/notedraft/) '
                   'has been updated.',
        'created': '2020-11-17T19:13:07.866230Z',
        'pinned': True},
    {   'author': 'vince.user',
        'content': 'Please [view this draft vulnerability '
                   'note](http://localhost:8000/vince/comm/case/18/notedraft/).',
        'created': '2020-11-17T19:07:56.624450Z',
        'pinned': True},
    {   'author': 'vince.user',
        'content': 'test 2',
        'created': '2020-10-29T19:49:33.422875Z',
        'pinned': False},
    {   'author': 'vince.user',
        'content': 'test 1',
        'created': '2020-10-29T19:49:30.434164Z',
        'pinned': False}]

Get original report for case

Code Block
languagepy
# get the original report for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/report/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/report/701582/ # get report for a specific case
{   'contact_email': 'joebob@vendor.example.com',
    'contact_name': 'Joe Bob',
    'contact_org': 'VendorExample',
    'contact_phone': '5551231234',
    'date_submitted': '2020-06-08T20:01:47.896419Z',
    'disclosure_plans': '',
    'exploit_references': '',
    'product_name': 'test',
    'product_version': 'v. 12.3',
    'public_references': '',
    'share_release': True,
    'vendor_name': 'Test Vendor',
    'vul_description': 'This is the description',
    'vul_disclose': True,
    'vul_discovery': 'This is the discovery.',
    'vul_exploit': 'This is the exploit',
    'vul_exploited': True,
    'vul_impact': 'This is the impact',
    'vul_public': True}

List vuls for case

Code Block
languagepy
# get the vuls for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/vuls/701582/ # get vuls for a specific case
[   {   'cve': None,
        'date_added': '2020-11-19T21:43:17.210726Z',
        'description': 'This is another vul without a cve.',
        'name': 'VU#785701.2'},
    {   'cve': '2020-19293',
        'date_added': '2020-10-22T15:30:11.888074Z',
        'description': 'Test this is a vul.',
        'name': 'CVE-2020-19293'}]

List vendors for case

Code Block
languagepy
# get all the vendors involved in VU#701582 (also gets their status and statements)
api = 'https://kb.cert.org/vince/comm/api/case/vendors/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/vendors/701582/ # get vendors for a specific case
[   {   'cert_addendum': None,
        'date_added': '2020-11-20T14:40:24.080886Z',
        'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-23T19:50:44.813809Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp'},
    {   'cert_addendum': None,
        'date_added': '2020-10-08T18:27:41.526942Z',
        'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-19T21:26:32.399730Z',
        'status': 'Affected',
        'vendor': 'Testing Co'}]

List vendors including status and statement for each vul

Code Block
languagepy
# get all the vendors and their status/statement/references for each specific vul
api = f'https://kb.cert.org/vince/comm/api/case/vendors/vuls/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/vendors/vuls/701582/ # get vendors status for specific vuls
[   {   'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-19T21:47:44.239683Z',
        'status': 'Affected',
        'vendor': 'Testing Co',
        'vulnerability': 'VU#785701.2'},
    {   'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'This is my statement',
        'statement_date': '2020-10-22T15:38:11.859615Z',
        'status': 'Not Affected',
        'vendor': 'Testing Co',
        'vulnerability': 'CVE-2020-19293'},
    {   'references': '',
        'statement': '',
        'statement_date': '2020-11-20T15:23:18.997947Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp',
        'vulnerability': 'VU#785701.2'},
    {   'references': '',
        'statement': '',
        'statement_date': '2020-11-20T15:23:18.938232Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp',
        'vulnerability': 'CVE-2020-19293'}]

Get vul note text, if available

Code Block
languagepy
# get the vulnerability note, if available
api = f'https://kb.cert.org/vince/comm/api/case/note/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
#API: /vince/comm/api/case/note/710582/ # get draft vul note
{   'content': '### Overview\r\n'
               '\r\n'
               'Testing API so need some content.\r\n'
               '\r\n'
               '\r\n'
               '### Description\r\n'
               '\r\n'
               '### Impact\r\n'
               'The complete impact of this vulnerability is not yet known.\r\n'
               '\r\n'
               '### Solution\r\n'
               'The CERT/CC is currently unaware of a practical solution to '
               'this problem.\r\n'
               '\r\n'
               '### Acknowledgements\r\n'
               'Thanks to the reporter who wishes to remain anonymous.\r\n'
               '\r\n'
               'This document was written by Emily Sarneso.',
    'datefirstpublished': None,
    'dateupdated': '2020-11-17T19:13:07.755453Z',
    'published': False,
    'references': ['www.example.org', 'www.example.com'],
    'revision': 2,
    'title': 'test',
    'vuid': '785701'}

Update vendor status

Code Block
languagepy
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/vendor/statement/{case}/'
data = [{'vendor': 3548, 
	'status':'Not Affected', 
	'references':["http://www.test.gov", "https://www.google.com"], 
	'share':True,
	'vulnerability':'CVE-2020-19293', 
	'statement': 'This is my statement'}, 
	{'vendor': 3548, 
	'status':'Affected', 
	'statement':"Test", 
	'references':["http://www.test.gov","https://www.google.com"], 
	'share':True,
	'vulnerability':'VU#785701.2'}]
r = requests.post(api, headers=headers, data=json.dumps(data))
print(r.text)
Code Block
languagejs
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/vendor/statement/{case}/'
data = [{'vendor': 3548,   # vendor ID only required if user belongs to multiple vendors in a case
	'status':'Not Affected',  # required: ['Affected', 'Not Affected', 'Unknown']
	'references':["http://www.test.gov", "https://www.google.com"],  # not required, must be a list 
	'share':True, # not required, default = False
	'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or 'VU#xxxxxx.n'
	'statement': 'This is my statement'}]  # not required 

...