downloadarcherreport.do
The downloadarcherreport.do
call returns the Archer XML report generated by the generatearcherreport.do
call.
Resource URL
https://analysiscenter.veracode.com/api/3.0/downloadarcherreport.do
Parameters
Name | Type | Description |
---|---|---|
token | String | Universally unique identifier (UUID). Obtain this token from the XML report returned by calling generatearcherreport.do . Use this token to download the Archer report. You can obtain tokens for the five most recent reports. Tokens expire after 30 days.If you do not provide a token, the call returns the latest report produced by generatearcherreport.do , if one exists. |
HTTPie example
Examples use the HTTPie command-line tool.
http --auth-type=veracode_hmac -o archerreport.xml "https://analysiscenter.veracode.com/api/3.0/downloadarcherreport.do" "token==<Archer report token>"
HTTPie results
The downloadarcherreport.do
call returns the archerreport
XML document, which references the archerreport.xsd
schema file. You can use the XSD schema file to validate the XML data. The XML report lists details about the scan of your Archer application.
A partial XML example. Veracode has deprecated assurance level and replaced it with business criticality.
<?xml version="1.0" encoding="UTF-8"?>
<Records xmlns="http://www.archer-tech.com/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:records_version="1.1"
xsi:schemaLocation="https://analysiscenter.veracode.com
/schema/2.0/archerapi
https://analysiscenter.veracode.com/resource
/2.0/archerreport.xsd">
<Record>
<app_name>AWebGoat</app_name>
<app_description></app_description>
<app_id>593078</app_id>
<assurance_level>medium</assurance_level>
<teams>Debug Team,Demo Team,Quality Team,Release Team</teams>
<platform>Not Specified</platform>
<version>18 Sep 2019 Static Promoted</version>
<lifecycle_stage>Not Specified</lifecycle_stage>
<rating>C</rating>
<mitigated_rating></mitigated_rating>
<static_score>53</static_score>
<dynamic_score>0</dynamic_score>
<manual_score>0</manual_score>
<static_mitigated_score>0</static_mitigated_score>
<dynamic_mitigated_score>0</dynamic_mitigated_score>
<manual_mitigated_score>0</manual_mitigated_score>
<app_origin>Not Specified</app_origin>
<generation_date>2019-09-18-17:54</generation_date>
<planned_deployment_date>2019-09-18-17:12</planned_deployment_date>
<last_update_date>2019-09-18-17:54</last_update_date>
<submitted_date>2019-09-18-17:53</submitted_date>
<policy_name>Veracode Recommended Medium</policy_name>
<policy_version>1</policy_version>
<policy_compliance_status>Did Not Pass</policy_compliance_status>
<policy_rules_passed>false</policy_rules_passed>
<grace_period_expired>false</grace_period_expired>
<scan_overdue>true</scan_overdue>
<business_owner></business_owner>
<business_unit>Mobile Secure Ventures </business_unit>
<business_owner_email></business_owner_email>
<application_purpose>Other Development Tools</application_purpose>
<deployment_method>Not Specified</deployment_method>
<tags></tags>
<custom0></custom0>
<custom1></custom1>
<custom2></custom2>
<custom3></custom3>
<custom4></custom4>
<customfield name="Custom 1" value=""/>
<customfield name="Custom 2" value=""/>
<customfield name="Custom 3" value=""/>
<customfield name="Custom 4" value=""/>
<customfield name="Custom 5" value=""/>
<customfield name="Custom 6" value=""/>
<customfield name="Custom 7" value=""/>
<customfield name="Custom 8" value=""/>
<customfield name="Custom 9" value=""/>
<customfield name="Custom 10" value=""/>
<modules>
<Record>
<module>WebGoat-5.0-with-jsp.war</module>
<analysis_type>static</analysis_type>
<compiler>JAVAC_5</compiler>
<os>Java J2SE 6</os>
<architecture>JVM</architecture>
<next_scan_due>2019-12-18-17:54</next_scan_due>
</Record>
<Record>
<module>WebGoat-5.0-with-jsp.war_htmljscode.veracodegen.htmla.jsa</module>
<analysis_type>static</analysis_type>
<compiler>JAVASCRIPT_5_1</compiler>
<os>JavaScript</os>
<architecture>JAVASCRIPT</architecture>
<next_scan_due>2019-12-18-17:54</next_scan_due>
</Record>
</modules>
<flaws>
<Record>
<app_name>AWebGoat</app_name>
<app_id>593078</app_id>
<version>18 Sep 2019 Static Promoted</version>
<platform>Not Specified</platform>
<flaw_issue_id>253</flaw_issue_id>
<module>WebGoat-5.0-with-jsp.war</module>
<severity>0</severity>
<type>Reliance on Security Through Obscurity</type>
<flaw_description><span>The application decrypts or decodes embedded data.
Encryption or encoding of embedded data is typically done to obfuscate the true
intention of the data and to hinder reverse engineering efforts.
javax.crypto.Cipher.doFinal</span> <span>
This message is purely information and does not represent a flaw in the code.
Therefore, no remediation is necessary.</span><span>
References:<ahref="https://
cwe.mitre.org/data/definitions/656.html">CWE&
#x3c;/a></span>
</flaw_description>
<note></note>
<cweid>656</cweid>
<remediationeffort>3</remediationeffort>
<exploitLevel>0</exploitLevel>
<sourcefile>Encoding.java</sourcefile>
<line>501</line>
<sourcefilepath>org/owasp/webgoat/lessons/
Encoding.java</sourcefilepath>
<scope>org.owasp.webgoat.lessons.Encoding</scope>
<functionprototype>java.lang.String decryptString(java.lang.String,
java.lang.String)</functionprototype>
<functionrelativelocation>80</functionrelativelocation>
<url></url>
<categoryid>30</categoryid>
<categoryname>Potential Backdoor</categoryname>
<pcirelated>false</pcirelated>
<cwe_description>The software uses a protection mechanism whose strength depends heavily
on its obscurity, such that knowledge of its algorithms or key data is sufficient to
defeat the mechanism.
</cwe_description>
<count>1</count>
<capecid>0</capecid>
<exploitdifficulty>0</exploitdifficulty>
<exploit_desc></exploit_desc>
<severity_desc></severity_desc>
<remediation_desc></remediation_desc>
<date_first_occurance>2019-09-18-17:12</date_first_occurance>
<date_first_occurrence>2019-09-18-17:12</date_first_occurrence>
<remediation_status>New</remediation_status>
<cia_impact>zzz</cia_impact>
<is_latest_build>false</is_latest_build>
<published_date>2019-09-18-17:54</published_date>
<affects_policy_compliance>false</affects_policy_compliance>
<mitigation_status>none</mitigation_status>
<mitigation_status_desc>Not Mitigated</mitigation_status_desc>
<mitigations/>
<recommendations/>
</Record>
</flaws>
</Record>
</Records>