Info |
---|
The VINCE API is still under development, but we are making this documentation available for folks who might want to try it out in the meantime. Please let us know what changes you'd like by submitting feedback through VINCE. |
Table of Contents |
---|
...
Token Authentication:
First, you have to login to the VINCE COMM UI and generate a key in your profile:
...
- Log in to VINCE.
- Go to your User Profile.
- Scroll down to "Generate API Key".
- Copy they API key to a safe place, you
...
- will not be able to access it again.
...
- If lost, you need to regenerate a new one.
- Use the
...
- API key in the headers of your
...
Code Examples
...
- request as shown below.
Code Block |
---|
headers={'Authorization': "Token {}".format(token)} |
Code Examples
List orgs you belong to
Code Block | ||
---|---|---|
| ||
# get information about organizations you belong to: api = 'https://kb.cert.org/vince/comm/api/vendor/' headers={'Authorization': "Token {}".format(token) } r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block | ||
---|---|---|
| ||
# get a list of your cases
headers={'Authorization': "Token {}".format(token)}
api = 'https://kb.cert.org/vince/comm/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
# get information about VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
# get all posts for case VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/posts/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
# get the original report for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/report/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
# get the vuls for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
API: /vince/comm/api/vendor #get information about vendors you belong to
[ { 'emails': ['test@example.com'],
'id': 3548,
'users': ['vince.user'],
'vendor_name': 'VendorCorp'},
{ 'emails': ['test@example.com'],
'id': 3551,
'users': ['vince.user'],
'vendor_name': 'Testing Co'},
{ 'emails': ['test@example.com', 'test3@example.com'],
'id': 3549,
'users': ['vince.user', 'Vince User'],
'vendor_name': 'Testing Vendor'}] |
List your cases
Code Block | ||
---|---|---|
| ||
# get a list of your cases
headers={'Authorization': "Token {}".format(token)}
api = 'https | ||
Code Block | ||
# get all the vendors involved in VU#701582 (also gets their status and statements) api = 'https://kb.cert.org/vince/comm/api/casecases/vendors/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block |
---|
# get all the vendors and their status/statement/references for each specific vul
api = f'https://kb.cert.org/vince/comm/api/case/vendors/vuls/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
# get the vulnerability note, if available
api = f'https://kb.cert.org/vince/comm/api/case/note/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/vendor/statement/{case}/'
data = [{'vendor': 3548,
'status':'Not Affected',
'references':["http://www.test.gov", "https://www.google.com"],
'share':True,
'vulnerability':'CVE-2020-19293',
'statement': 'This is my statement'},
{'vendor': 3548,
'status':'Affected',
'statement':"Test",
'references':["http://www.test.gov","https://www.google.com"],
'share':True,
'vulnerability':'VU#785701.2'}]
r = requests.post(api, headers=headers, data=json.dumps(data))
print(r.text)
|
Code Block |
---|
API: /vince/comm/api/vendor #get information about vendors you belong to [ { 'emails': ['emilytest@gmail.com'],API: /vince/comm/api/cases # get a list of cases involved in [ { 'created': '2020-06-11T18:51:48.204903Z', 'due_date': None, 'status': 'Active', 'summary': 'test', 'title': 'test', 'vuid': '782161'}, { 'created': '2020-04-28T19:48:50.216317Z', 'due_date': '2018-07-23T14:20:09Z', 'status': 'Inactive', 'summary': 'TechSmash firmware or operating system software drivers ' 'may not sufficiently validate elliptic curve parameters ' 'used to generate public keys during a Diffie-Hellman key ' 'exchange, which may allow a remote attacker to obtain the ' 'id': 3548, 'users': ['emily.sarneso']encryption key used by the device', 'vendor_nametitle': 'Microsoft'}, TechSmash implementations may not { 'emails': ['emilytest@gmail.com'],sufficiently validate ' 'id': 3551, 'users': ['emily.sarneso']elliptic curve parameters during Diffie-Hellman key exchange', 'vendor_namevuid': 'Testing Co3123125'}, { 'emails': ['emilytest@gmail.com', 'emilytest2@gmail.com'], 'id': 3549, 'users': ['emily.sarneso', 'Emily Ecoff']] |
Get case metadata
Code Block |
---|
# get information about VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
API: vince/comm/api/case/701852/ # get information about a specific case { 'created': '2020-06-11T18:51:48.204903Z', 'due_date': None, 'vendor_name'status': 'Testing Vendor'}] API: /vince/comm/api/cases # get a list of cases involved in [ { 'created': '2020-06-11T18:51:48.204903Z', Active', 'summary': 'test', 'due_datetitle': None'test', 'statusvuid': '785701'} |
Get posts for case
Code Block |
---|
# get all posts for case VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/posts/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
API: vince/comm/api/case/posts/701852/ # get all posts for a specific case [Active', 'summary': 'test', 'title': 'test', 'vuid': '785701'}, { 'createdauthor': '2020-04-28T19:48:50.216317Zvince.user', 'due_datecontent': '2018-07-23T14:20:09Z', The [draft vulnerability ' 'status': 'Inactive', 'summary': 'Bluetooth firmware or operating system software drivers 'note](http://localhost:8000/vince/comm/case/18/notedraft/) ' 'mayhas not sufficiently validate elliptic curve parameters 'been updated.', 'created': '2020-11-17T19:13:07.866230Z', 'used to generate public keys during a Diffie-Hellman key 'pinned': True}, { 'author': 'vince.user', 'exchange, which may allow a remote attacker to obtain the 'content': 'Please [view this draft vulnerability ' 'encryption key used by the devicenote](http://localhost:8000/vince/comm/case/18/notedraft/).', 'titlecreated': 'Bluetooth implementations may not sufficiently validate '2020-11-17T19:07:56.624450Z', 'pinned': True}, { 'elliptic curve parameters during Diffie-Hellman key exchange'author': 'vince.user', 'vuidcontent': '304725'}] API: vince/comm/api/case/701852/ # get information about a specific case { test 2', 'created': '2020-0610-11T1829T19:5149:4833.204903Z422875Z', 'due_datepinned': NoneFalse}, { 'statusauthor': 'Activevince.user', 'summarycontent': 'test 1', 'titlecreated': 'test2020-10-29T19:49:30.434164Z', 'vuidpinned': '785701'False}] API: vince/comm/api/case/posts/701852/ |
Get original report for case
Code Block |
---|
# get allthe original postsreport for aVU#701852 api = 'https://kb.cert.org/vince/comm/api/case/report/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block |
---|
API: /vince/comm/case/report/701582/ # get report for a specific case { 'contact_email': 'joebob@vendor.example.com', 'contact_name': 'Joe Bob', 'contact_org': 'VendorExample', 'contact_phone': '5551231234', 'date_submitted': '2020-06-08T20:01:47.896419Z', 'disclosure_plans': '', 'exploit_references': '', 'product_name': 'test', 'product_version': 'v. 12.3specific case [ { 'author': 'ecoff', 'content': 'The [draft vulnerability ' 'note](http://localhost:8000/vince/comm/case/18/notedraft/) ' 'has been updated.', 'created'public_references': '2020-11-17T19:13:07.866230Z', 'pinned'share_release': True}, { 'authorvendor_name': 'ecoffTest Vendor', 'content'vul_description': 'PleaseThis [viewis this draft vulnerability 'the description', 'vul_disclose': True, 'vul_discovery': 'This is 'note](http://localhost:8000/vince/comm/case/18/notedraft/).the discovery.', 'created'vul_exploit': '2020-11-17T19:07:56.624450ZThis is the exploit', 'pinnedvul_exploited': True}, { 'author'vul_impact': 'emily.sarnesoThis is the impact', 'content'vul_public': 'test 2', 'created': '2020-10-29T19:49:33.422875Z', 'pinned': False}, True} |
List vuls for case
Code Block |
---|
# get the vuls for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
API: /vince/comm/case/vuls/701582/ # get vuls for a specific case [ { 'authorcve': 'emily.sarneso'None, 'contentdate_added': 'test 12020-11-19T21:43:17.210726Z', 'createddescription': '2020-10-29T19:49:30.434164ZThis is another vul without a cve.', 'pinnedname': False}] API: /vince/comm/case/report/701582/ # get report for a specific case 'VU#785701.2'}, { 'contact_emailcve': 'joebob@rapid7.com2020-19293', 'contactdate_nameadded': 'Joe Bob2020-10-22T15:30:11.888074Z', 'contact_org 'description': 'Rapid 7Test this is a vul.', 'contact_phone': '5551231234', 'date_submittedname': 'CVE-2020-19293'}] |
List vendors for case
Code Block |
---|
# get all the vendors involved in VU#701582 (also gets their status and statements)
api = 'https://kb.cert.org/vince/comm/api/case/vendors/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
API: /vince/comm/case/vendors/701582/ # get vendors for a specific case [ { 'cert_addendum': None, 'date_added': '2020-11-20T14:40:24.080886Z', 'references': 'http://www.example.com\nhttps://www.example.org', 'statement': 'Test', 'statement_date': '2020-11-23T19:50:44.813809Z', 'status': 'Unknown', 'vendor': 'VendorCorp'}, 06-08T20:01:47.896419Z', 'disclosure_plans': '', 'exploit_references': '', 'product_name': 'test', 'product_version': 'v. 12.3', 'public_references': '', 'share_release': True, 'vendor_name': 'Test Vendor', 'vul_description': 'This is the description', 'vul_disclose': True, 'vul_discovery': 'This is the discovery.', 'vul_exploit': 'This is the exploit', 'vul_exploited': True, 'vul_impact': 'This is the impact', 'vul_public': True} API: /vince/comm/case/vuls/701582/ # get vuls for a specific case [ { 'cvecert_addendum': None, 'date_added': '2020-1110-19T2108T18:4327:1741.210726Z526942Z', 'descriptionreferences': 'This is another vul without a cve.http://www.example.com\nhttps://www.example.org', 'namestatement': 'VU#785701.2Test'}, { 'cve': '2020-19293', 'date_added 'statement_date': '2020-1011-22T1519T21:3026:1132.888074Z399730Z', 'descriptionstatus': 'Test this is a vul.Affected', 'namevendor': 'CVE-2020-19293'}] API: /vince/comm/case/vendors/701582/ Testing Co'}] |
List vendors including status and statement for each vul
Code Block |
---|
# get vendorsall forthe avendors specificand their status/statement/references for each specific vul api = f'https://kb.cert.org/vince/comm/api/case/vendors/vuls/{case}/' headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) } r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block |
---|
API: /vince/comm/case/vendors/vuls/701582/ # get vendors status for specific vuls [ { 'references': 'http://www.example.com\nhttps://www.example.orgcase [ { 'cert_addendum': None, 'date_added': '2020-11-20T14:40:24.080886Z', 'references': 'http://www.test.gov\nhttps://www.google.com', 'statement': 'Test', 'statement_date': '2020-11-23T19:50:44.813809Z', 'statusstatement': 'UnknownTest', 'vendorstatement_date': 'Microsoft'}2020-11-19T21:47:44.239683Z', { 'cert_addendumstatus': None'Affected', 'date_addedvendor': '2020-10-08T18:27:41.526942ZTesting Co', 'referencesvulnerability': 'VU#785701.2'}, { 'references': 'http://www.testexample.govcom\nhttps://www.googleexample.comorg', 'statement': 'TestThis is my statement', 'statement_date': '2020-1110-19T2122T15:2638:3211.399730Z859615Z', 'status': 'Not Affected', 'vendor': 'Testing Co'}], API: /vince/comm/case/vendors/vuls/701582/ # get vendors status for specific vuls [ 'vulnerability': 'CVE-2020-19293'}, { 'references': 'http://www.test.gov\nhttps://www.google.com', 'statement': 'Test', 'statement_date': '2020-11-19T2120T15:4723:4418.239683Z997947Z', 'status': 'AffectedUnknown', 'vendor': 'Testing CoVendorCorp', 'vulnerability': 'VU#785701.2'}, { 'references': 'http://www.test.gov\nhttps://www.google.com', 'statement': 'This is my statement', 'statement_date': '2020-1011-22T1520T15:3823:1118.859615Z938232Z', 'status': 'Not AffectedUnknown', 'vendor': 'Testing CoVendorCorp', 'vulnerability': 'CVE-2020-19293'}] |
Get vul note text, if available
Code Block |
---|
# get the vulnerability note, if available
api = f'https://kb.cert.org/vince/comm/api/case/note/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Code Block |
---|
#API: /vince/comm/api/case/note/710582/ # get draft vul note { 'content': '### Overview\r\n' '\r\n', { 'references': '', 'statement': '', 'statement_date': '2020-11-20T15:23:18.997947Z', 'status': 'Unknown', 'vendor': 'Microsoft', 'vulnerability': 'VU#785701.2'}, { 'references': '', 'statement': '', 'Testing API so 'statement_date': '2020-11-20T15:23:18.938232Z',need some content.\r\n' 'status': 'Unknown', '\r\n' 'vendor': 'Microsoft', 'vulnerability': 'CVE-2020-19293'}] #API: /vince/comm/api/case/note/710582/ # get draft vul note { 'content': '### Overview\r\n' '### Description\r\n' 'Testing API so need some content.\r\n' '### Impact\r\n' 'The complete impact of this vulnerability is not yet known.\r\n' '### Description\r\n' '### Solution\r\n' '### Impact\r\n' The CERT/CC is currently unaware of a practical solution to ' 'The complete impact of this vulnerability is not yet'this knownproblem.\r\n' '\r\n' '### SolutionAcknowledgements\r\n' 'TheThanks CERT/CCto isthe currentlyreporter unawarewho ofwishes ato practical solution to remain anonymous.\r\n' 'this problem.\r\n' '\r\n' This document was written by Emily Sarneso.', 'datefirstpublished': None, 'dateupdated'### Acknowledgements\r\n': '2020-11-17T19:13:07.755453Z', 'published': False, 'references': 'Thanks to the reporter who wishes to remain anonymous.\r\n'['www.example.org', 'www.example.com'], 'revision': 2, 'title': 'test', 'vuid': '\r\n' 'This document was written by Emily Sarneso.', 'datefirstpublished': None, 'dateupdated': '2020-11-17T19:13:07.755453Z', 'published': False, 'references': ['www.google.com', 'www.test.com'], 'revision': 2, 'title': 'test', 'vuid': '785701'} #update vendor status api = f'https://kb.cert.org/vince/comm/api/case/vendor/statement/{case}/' data = [{'vendor': 3548, # vendor ID only required if user belongs to multiple vendors in a case 'status':'Not Affected', # required: ['Affected', 'Not Affected', 'Unknown'] 'references':["http://www.test.gov", "https://www.google.com"], # not required, must be a list 'share':True, # not required, default = False 'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or 'VU#xxxxxx.n' 'statement': 'This is my statement'}] # not required |
OLD JWT WAY: (This doesn't work anymore)
First you have to "login" to get your jwt (JSON web token).
Code Block |
---|
url = 'https://vince-test.cert-dit.org/vinny/auth/api-token-auth/'
r = requests.post(url, data={'username':user, 'password':password})
rj = r.json()
token = rj['token'] |
Examples:
Code Block |
---|
# get a list of your cases
headers={'Authorization': "Bearer {}".format(token)}
api = 'https://vince-test.cert-dit.org/vinny/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
# get information about VU#701852
api = 'https://vince-test.cert-dit.org/vinny/api/case/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
# get all posts for case VU#701852
api = 'https://vince-test.cert-dit.org/vinny/api/case/posts/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
# get the original report for VU#701852
api = 'https://vince-test.cert-dit.org/vinny/api/case/report/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
# get the vuls for VU#701852
api = 'https://vince-test.cert-dit.org/vinny/api/case/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
# get all the vendors involved in VU#701582 (also gets their status and statements)
api = 'https://vince-test.cert-dit.org/vinny/api/case/vendors/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
And if you want to CURL...
Code Block |
---|
curl -X POST -F 'username=[username]' -F 'password=[password]' https://vince-test.cert-dit.org/vinny/auth/api-token-auth/
{"token":"eyJraWQiOiJ2OXdycTNXXC9FbG9SV2NLanUwNUdRd20wbzgzMm1IUGpVZklEYUcxWUpwaz0iLCJhbGciOiJSUzI1NiJ9.eyJjdXN0b206dGl0bGUiOiJEZXZlbG9wZXIxIiwic3ViIjoiNTM3ZGQ4NjItYWExYy00NDRjLWEzNzMtOWFlNTNjOTZiZTdiIiwiY29nbml0bzpncm91cHMiOlsiQ0VSVFwvQ0MiXSwiZW1haWxfdmVyaWZpZWQiOnRydWUsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTIuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0yXzFnb2hyTXNIViIsInBob25lX251bWJlcl92ZXJpZmllZCI6dHJ1ZSwiY29nbml0bzp1c2VybmFtZSI6IjUzN2RkODYyLWFhMWMtNDQ0Yy1hMzczLTlhZTUzYzk2YmU3YiIsInByZWZlcnJlZF91c2VybmFtZSI6IkVtaWx5IFNhcm5lc28iLCJnaXZlbl9uYW1lIjoiRW1pbHkiLCJsb2NhbGUiOiJVUyIsImF1ZCI6IjJldGhsZW9nZnVoY2swbDducGFycWhhc3VrIiwiZXZlbnRfaWQiOiIyZGE2N2RjOC00ZGU0LTQyMGMtOWIxYS0zNmM4OGM1YTI3MDkiLCJjdXN0b206T3JnYW5pemF0aW9uIjoiQ0VSVFwvQ0MiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTU4MDgyODYxNSwicGhvbmVfbnVtYmVyIjoiKzE0MTI1MTk2NDI2IiwiZXhwIjoxNTgwODMyMjE1LCJpYXQiOjE1ODA4Mjg2MTUsImZhbWlseV9uYW1lIjoiU2FybmVzbyIsImVtYWlsIjoiZWNvZmZAY2VydC5vcmcifQ.bVvX5gNPXoxOY3rgMyb4siY0T6KqR_F4GTiMR-xeGlE3BLuPVL646vsdflsjdlfjsldjfjalfjlajsdla;ldfjtAKp2Tl-6NCeCdJ4utVXpVNLSZ8pUpLclRGI1q--920eieh2O5dugp9tYrXf1D4OuiwMqzAM2MUFwwIFlCJB79O5THXrTtbpmfAp_XNafu94R5kP4VKtiMHd5_vRygPG2eydbCmox6oe1K44sZ1Guc5P4CQ9QYhpT7e8ICscnpKYvHWnnSAdcKguAmCcDPbytJywGohpT7ajxJAmmQRapbaqbHftlipKfkyjWPsxE0X3v8Uf-_WZG7z9yZjxdeeB-EP_V7z2WRoay8mWhjxJjCVHHbaxlqDA","email":"ecoff@cert.org"}
curl https://vince-test.cert-dit.org/vinny/api/case/report/701852/ -H 'Accept: application/json' -H 'Authorization: Bearer eyJraWQiOiJ2OXdycTNXXC9FbG9SV2NLanUwNUdRd20wbzgzMm1IUGpVZklEYUcxWUpwaz0iLCJhbGciOiJSUzI1NiJ9.eyJjdXN0b206dGl0bGUiOiJEZXZlbG9wZXIxIiwic3ViIjoiNTM3ZGQ4NjItYWExYy00NDRjLWEzNzMtOWFlNTNjOTZiZTdiIiwiY29nbml0bzpncm91cHMiOlsiQ0VSVFwvQ0MiXSwiZW1haWxfdmVyaWZpZWQiOnRydWUsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTIuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0yXzFnb2hyTXNIViIsInBob25lX251bWJlcl92ZXJpZmllZCI6dHJ1ZSwiY29nbml0bzp1c2VybmFtZSI6IjUzN2RkODYyLWFhMWMtNDQ0Yy1hMzczLTlhZTUzYzk2YmU3YiIsInByZWZlcnJlZF91c2VybmFtZSI6IkVtaWx5IFNhcm5lc28iLCJnaXZlbl9uYW1lIjoiRW1pbHkiLCJsb2NhbGUiOiJVUyIsImF1ZCI6IjJldGhsZW9nZnVoY2swbDducGFycWhhc3VrIiwiZXZlbnRfaWQiOiIyZGE2N2RjOC00ZGU0LTQyMGMtOWIxYS0zNmM4OGM1YTI3MDkiLCJjdXN0b206T3JnYW5pemF0aW9uIjoiQ0VSVFwvQ0MiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTU4MDgyODYxNSwicGhvbmVfbnVtYmVyIjoiKzE0MTI1MTk2NDI2IiwiZXhwIjoxNTgwODMyMjE1LCJpYXQiOjE1ODA4Mjg2MTUsImZhbWlseV9uYW1lIjoiU2FybmVzbyIsImVtYWlsIjoiZWNvZmZAY2VydC5vcmcifQ.bVvX5gNPXoxOY3rgMyb4siY0T6KqR_F4GTiMR-xeGlE3BLuPVL646vtAKp2Tl-6NCeCdJ4udsfsdfsdfsdfsfsdtVXpVNLSZ8pUpLclRGI1q--920eieh2O5dugp9tYrXf1D4OuiwMqzAM2MUFwwIFlCJB79O5THXrTtbpmfAp_XNafu94R5kP4VKtiMHd5_vRygPG2eydbCmox6oe1K44sZ1Guc5P4CQ9QYhpT7e8ICscnpKYvHWnnSAdcKguAmCcDPbytJywGohpT7ajxJAmmQRapbaqbHftlipKfkyjWPsxE0X3v8Uf-_WZG7z9yZjxdeeB-EP_V7z2WRoay8mWhjxJjCVHHbaxlqDA'
{"vendor_name":"AwesomeTools","product_name":"AwesomeTools Library v.1.2.3","product_version":"v.1.2.3","vul_description":"Buffer Overflow","vul_exploit":"Populate library data structure with string field with 10000 characters","vul_impact":"Code execution","vul_discovery":"Fuzzing","vul_public":false,"public_references":"","vul_exploited":false,"exploit_references":"","vul_disclose":false,"disclosure_plans":"","date_submitted":"2020-01-27T15:25:24.028635Z","share_release":true,"contact_name":"Emily Smith3w","contact_phone":"","contact_email":"emilysmith42675-usability3@yahoo.com","contact_org":"Usability"} |
Warning |
---|
Items below this line are older API docs |
Getting an Authentication Token
- Log in to VINCE.
- Go to your User Profile.
- Scroll down to "Generate API Key".
- Copy they API key to a safe place, you will not be able to access it again. If lost, you need to regenerate a new one.
Using the token
Code Block |
---|
headers={'Authorization': "Token {}".format(token)} |
API Reference
List cases
Code Block |
---|
# get a list of your cases
api = 'https://[VINCE_URL]/comm/api/cases/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Retrieve a specific case
785701'} |
Update vendor status
Code Block |
---|
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/vendor/statement/{case}/'
data = [{'vendor': 3548,
'status':'Not Affected',
'references':["http://www.test.gov", "https://www.google.com"],
'share':True,
'vulnerability':'CVE-2020-19293',
'statement': 'This is my statement'},
{'vendor': 3548,
'status':'Affected',
'statement':"Test",
'references':["http://www.test.gov","https://www.google.com"],
'share':True,
'vulnerability':'VU#785701.2'}]
r = requests.post |
Code Block |
# get information about VU#701852 api = 'https://[VINCE_URL]/comm/api/case/701852/' r = requests.get(api, headers=headers, stream=Truedata=json.dumps(data)) print(r.text) |
Retrieve posts for a case
Code Block |
---|
##update get all posts for case VU#701852vendor status api = f'https://[VINCE_URL]//kb.cert.org/vince/comm/api/case/posts/701852vendor/statement/{case}/' rdata = requests.get(api, headers=headers, stream=True) print(r.text) |
Retrieve original report for a case
Code Block |
---|
# get the original report for VU#701852
api = 'https://[VINCE_URL]/comm/api/case/report/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Retrieve vuls for a case
Code Block |
---|
# get the vuls for VU#701852
api = 'https://[VINCE_URL]/comm/api/case/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text) |
Retrieve vendors for a case
Code Block |
---|
# get all the vendors involved in VU#701582 (also gets their status and statements) api = 'https://[VINCE_URL]/comm/api/case/vendors/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) [{'vendor': 3548, # vendor ID only required if user belongs to multiple vendors in a case 'status':'Not Affected', # required: ['Affected', 'Not Affected', 'Unknown'] 'references':["http://www.test.gov", "https://www.google.com"], # not required, must be a list 'share':True, # not required, default = False 'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or 'VU#xxxxxx.n' 'statement': 'This is my statement'}] # not required |