Release Automation

Expand all | Collapse all

Configuring REST Call - CA RA & IBM AppScan

Jump to Best Answer
  • 1.  Configuring REST Call - CA RA & IBM AppScan

    Posted 04-27-2016 04:58 AM

    Hi Team,

     

    I have a requirement to integration IBM AppScan via CA RA for scanning activities in our deployment design.

    IBM AppScan provides Rest API methods to login and also to trigger a scan. However, I am seeing difficulties in configuring Rest Action available under Web action pack.

    Moreover, this method uses NORMAL authentication and x-www-form-urlencoded header format. Can someone help me on the same?

     

     

    Thanks,

    Raghavendra Guttur

    EMC Data Storage Systems



  • 2.  Re: Configuring REST Call - CA RA & IBM AppScan

    Posted 05-02-2016 06:11 PM

    Hello,

     

    What type of difficulties are you having? In regards to the header you described you can try adding "Content-Type: x-www-form-urlencoded" as a single value to the input field array used for Http Headers for the REST Operation action. Based on the screenshot above it looks like you would need to change the REST Operation action to use the Rest Verb POST method vs default GET. I'm not sure what to make of the Normal authentication. Maybe that means that it should be posted via the "parameters" or "body" input fields. Reviewing the Raw or Preview data might help you decipher what fields should contain which values as if you were going to try getting it to work with curl.

     

    Kind regards,

    Gregg



  • 3.  Re: Configuring REST Call - CA RA & IBM AppScan

    Posted 05-04-2016 09:34 AM

    Hi Gregg,

    Thanks for your response! I am able to login via RestAction available in CA RA suite.

    However, I need to capture session cookie provided in response. Do we have an easy way to capture the same?

     

     

    Thanks,

    Raghavendra Guttur

    EMC Data Storage Systems



  • 4.  Re: Configuring REST Call - CA RA & IBM AppScan

    Posted 05-04-2016 09:55 AM

    I don't know of anything that will specifically get the session_id/cookie directly from the action. I *think* you will likely need to capture the response headers as string into a string parameter and then use another action to capture the text you want. The javascript action would be able to get it though there may be another action that is better/easier in getting that data (maybe the "Strings - Extract Regular Expression Text From String" action).

     

    Regards,

    Gregg



  • 5.  Re: Configuring REST Call - CA RA & IBM AppScan
    Best Answer

    Posted 05-06-2016 04:41 AM

    Thanks Gregg! As you mentioned, response data is been taken to a string array and applied RegEx pattern to extract the cookie.

    Later, invoked these cookies via string as a header to trigger AppScan job! Here is the flow designed and it's working according our expectations.

     

    1. Step 1 = Login into IBM AppScan
    2. Step 2 = Regular Expressions – Grep Cookies
    3. Step 3 = Collect Cookies (Posted as Header in subsequent calls)
    4. Step 4 = Delay (10 Sec)
    5. Step 5 = Trigger Scan (By adding content type and cookies)
    6. Step 6 = Waiting to complete scan and report generation

     

     

    Thanks,

    Raghavendra Guttur

    EMC Data Storage Systems

    +91 9901900122