Firewall REST API - v2
NEW IN RELEASE 114
FIREWALL
The Firewall REST API was released in IQ Server release 114. It allows you to:
Requirements
The Firewall REST API is only accessible with the Firewall license.
GET Auto-Released from Quarantine Summary
NEXT-GEN FIREWALL
Requires the View IQ elements persmission at Repositories level.
To get a summary of auto-released from quarantine components, you can issue a GET request to the following path:
GET /api/v2/firewall/releaseQuarantine/summary
Here is an example cURL command to run this request.
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/summary
This cURL request will produce a JSON response of the following form
{ "autoReleaseQuarantineCountMTD": 3, "autoReleaseQuarantineCountYTD": 120 }
Item | Description |
---|---|
autoReleaseQuarantineCountMTD | The number of auto-released from quarantine components from the start of the current month to the current date |
autoReleaseQuarantineCountYTD | The number of auto-released from quarantine components from the start of the current year to the current date |
GET Quarantined Components Summary
Requires the View IQ elements persmission at Repositories level.
To get a summary of quarantined components, you can issue a GET request to the following path:
GET /api/v2/firewall/quarantine/summary
Here is an example cURL command to run this request.
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/quarantine/summary
This cURL request will produce a JSON response of the following form
{ "repositoryCount": 2, "quarantineEnabledRepositoryCount": 2, "quarantineEnabled": true, "totalComponentCount": 25, "quarantinedComponentCount": 0 }
Item | Description |
---|---|
repositoryCount | The total number of repositories |
quarantineEnabledRepositoryCount | The total number of repositories with the quarantine capability enabled |
quarantineEnabled | The true if any repository has the quarantine capability enabled, false otherwise |
totalComponentCount | The total number of components across all repositories |
quarantinedComponentCount | The total number of quarantined components |
GET Auto-Released from Quarantine Config
NEXT-GEN FIREWALL
Requires the View IQ elements persmission at Repositories level.
To get a list of policy condition types that are configurable for auto-release from quarantine and whether they have auto-release from quarantine capability turned on or not, you can issue a GET request to the following path:
GET /api/v2/firewall/releaseQuarantine/configuration
Here is an example cURL command to run this request.
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration
This cURL request will produce a JSON response of the following form
[ { "id": "IntegrityRating", "name": "Integrity Rating", "autoReleaseQuarantineEnabled": true }, { "id": "License", "name": "License", "autoReleaseQuarantineEnabled": true }, { "id": "License Threat Group", "name": "License Threat Group", "autoReleaseQuarantineEnabled": true }, { "id": "SecurityVulnerabilitySeverity", "name": "Security Vulnerability Severity", "autoReleaseQuarantineEnabled": true }, { "id": "SecurityVulnerabilityCategory", "name": "Security Vulnerability Category", "autoReleaseQuarantineEnabled": true } ]
PUT to Update Auto-Released from Quarantine Config
NEXT-GEN FIREWALL
Requires the Edit IQ elements persmission at Repositories level.
You can enable and/or disable the auto-release from quarantine capability on some or all of the policy condition types that are configurable for auto-release from quarantine by issuing the PUT request:
PUT /api/v2/firewall/releaseQuarantine/configuration
You will also need to include JSON data specifying the policy condition types that need to be updated. For example:
[ { "id": "IntegrityRating", "autoReleaseQuarantineEnabled": true }, { "id": "License", "autoReleaseQuarantineEnabled": false } ]
The above request only enables auto-release from quarantine capability on Integrity Rating policy condition type and disables it for License policy condition type. Other policy condition types not part of the JSON body are not updated.
Here is an example cURL command to run this request.
curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '[{"id":"IntegrityRating","name":"Integrity Rating","autoReleaseQuarantineEnabled":true},{"id":"License","name":"License","autoReleaseQuarantineEnabled":false}]' http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration
This cURL request will produce a JSON response of the following form
[ { "id": "IntegrityRating", "name": "Integrity Rating", "autoReleaseQuarantineEnabled": true }, { "id": "License", "name": "License", "autoReleaseQuarantineEnabled": false }, { "id": "License Threat Group", "name": "License Threat Group", "autoReleaseQuarantineEnabled": true }, { "id": "SecurityVulnerabilitySeverity", "name": "Security Vulnerability Severity", "autoReleaseQuarantineEnabled": true }, { "id": "SecurityVulnerabilityCategory", "name": "Security Vulnerability Category", "autoReleaseQuarantineEnabled": true } ]
GET List of Auto-Released from Quarantine Components
NEXT-GEN FIREWALL
Requires the View IQ elements persmission at Repositories level.
To get a summary of auto-released from quarantine components, you can issue a GET request to the following path:
GET /api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true
This REST API supports pagination. Here is an explanation of the query parameters of this REST API:
Query Parameter | Description | Optional | Default Value |
---|---|---|---|
page | The pagination page number. The minimum allowed page number is 1. | Yes | 1 |
pageSize | The maximum number of records to return per page. The value should be between 1 and 10000. | Yes | 10 |
policyId | When provided, the API returns only the components that have a policy violation that causes quarantine (fail action) against the policy with this ID. | Yes | |
componentName | NEW IN RELEASE 160 When provided, the API returns only the components that have display names that contain (case-insensitively) the value of this parameter. | Yes | |
sortBy | The field the records to be sorted by. For now, the API only supports sorting by Quarantined components can only be sorted by | Yes | Auto-Released from Quarantine Components: Quarantined Components: |
asc | A boolean value to indicate the order of sorting.
| Yes | true |
Here is an example cURL command to run this request.
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=t&sortBy=releaseQuarantineTime&asc=true
The above cURL request will produce a JSON response of the following form
{ "total": 2, "page": 1, "pageSize": 10, "pageCount": 1, "results": [ { "displayName": "1_test : 0.0.0", "repository": "npm_proxy", "quarantineDate": "2021-03-24T17:36:34.612+0000", "dateCleared": "2021-03-24T18:53:45.588+0000", "quarantinePolicyViolations": [], "componentIdentifier": { "format": "npm", "coordinates": { "packageId": "1_test", "version": "0.0.0" } }, "pathname": "1_test/-/1_test-0.0.0.tgz", "hash": "2cfd634fae225311e3b6", "matchState": "exact", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201", "quarantined": false }, { "displayName": "rc-util : 5.9.5", "repository": "npm_proxy", "quarantineDate": "2021-03-24T14:45:02.567+0000", "dateCleared": "2021-03-24T18:53:46.115+0000", "quarantinePolicyViolations": [], "componentIdentifier": { "format": "npm", "coordinates": { "packageId": "rc-util", "version": "1.2.0" } }, "pathname": "rc-util/-/rc-util-5.9.5.tgz", "hash": "b3e3c46f8a404334a2b3a5633d4f0be7", "matchState": "exact", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201", "quarantined": false } ] }
Item | Description |
---|---|
total | The total number of records this query can return across all pages. |
page | The page number specified on the query. |
pageSize | The page size specified on the query. |
pageCount | The total number of pages this query can return. |
displayName | The name of the component and its version number. |
repository | The repository name where the component is installed. |
quarantineDate | The date and time when the component was quarantined. |
dateCleared | The date and time when the component was released from quarantine. |
quarantinePolicyViolations | Policy violations that caused this component to be quarantined. This will be empty for components automatically released from quarantine. Refer to Policy Violation REST API - v2 for more details on the JSON structure. |
componentIdentifier | The format and coordinates for the claimed component. |
pathname | The component path in the repository. |
hash | The component hash. |
matchState | Verify if the comparison of a component to known components is or is not a match in one of the following ways: Exact, Similar, or Unknown. |
repositoryId | The repository ID where the component is installed. |
quarantined | Whether the component is quarantined or not. |
GET List of Quarantined Components
Requires the View IQ elements persmission at Repositories level.
To get a summary of auto-released from quarantine components, you can issue a GET request to the following path:
GET /api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=releaseQuarantineTime&asc=true
Here is an example cURL command to run this request.
curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&componentName=add&sortBy=quarantineTime&asc=true
The above cURL request will produce a JSON response of the following form
{ "total": 1, "page": 1, "pageSize": 10, "pageCount": 1, "results": [ { "displayName": "add-fedops : 0.0.0", "repository": "npm_proxy", "quarantineDate": "2021-03-29T14:43:51.477+0000", "dateCleared": null, "quarantinePolicyViolations": [ { "policyId": "384b7857d9b5424d91e00a0b945e3ec8", "policyName": "Integrity-Rating", "policyViolationId": "974d9e6cd7924ecdb622f9f7cef47510", "threatLevel": 9, "constraintViolations": [ { "constraintId": "f03a3a2abdf94703a019e37b8c5cdc16", "constraintName": "Suspicious integrity rating", "reasons": [ { "reason": "Integrity Rating was Suspicious", "reference": null } ] } ] } ], "componentIdentifier": { "format": "npm", "coordinates": { "packageId": "add-fedops", "version": "0.0.0" } }, "pathname": "add-fedops/-/add-fedops-0.0.0.tgz", "hash": "b1b6ea3b7e4aa4f49250", "matchState": "exact", "repositoryId": "298bf707fd4f4323b7a0200b8dddd201", "quarantined": true } ] }
Please, refer to the GET List of Auto-Released from Quarantine Components for more details on the query parameters and the JSON output since both JSON APIs follow the same structure.
PUT Configure Anonymous Access for the Quarantined Component View
NEW IN RELEASE 136
Requires the Edit IQ elements persmission at Repositories level.To enable or disable anonymous access for the Quarantined Component View , you can issue a PUT request to the following path:
PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
Here is an example cURL command to run this request.
curl -u admin:admin123 -X PUT http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false
By default, anonymous access for the Quarantined Component View is enabled.