Firewall REST API - v2

NEW IN RELEASE 114

FIREWALL

The Firewall REST API was released in IQ Server release 114. It allows you to:

Requirements

The Firewall REST API is only accessible with the Firewall license.

GET Auto-Released from Quarantine Summary

NEXT-GEN FIREWALL

Requires the View IQ elements persmission at Repositories level.

To get a summary of auto-released from quarantine components, you can issue a GET request to the following path:

GET /api/v2/firewall/releaseQuarantine/summary

Here is an example cURL command to run this request.

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/summary

This cURL request will produce a JSON response of the following form

{
    "autoReleaseQuarantineCountMTD": 3,
    "autoReleaseQuarantineCountYTD": 120
}
ItemDescription
autoReleaseQuarantineCountMTDThe number of auto-released from quarantine components from the start of the current month to the current date
autoReleaseQuarantineCountYTDThe number of auto-released from quarantine components from the start of the current year to the current date

GET Quarantined Components Summary

Requires the View IQ elements persmission at Repositories level.

To get a summary of quarantined components, you can issue a GET request to the following path:

GET /api/v2/firewall/quarantine/summary

Here is an example cURL command to run this request.

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/quarantine/summary

This cURL request will produce a JSON response of the following form

{
    "repositoryCount": 2,
    "quarantineEnabledRepositoryCount": 2,
    "quarantineEnabled": true,
    "totalComponentCount": 25,
    "quarantinedComponentCount": 0
}

Item

Description

repositoryCountThe total number of repositories
quarantineEnabledRepositoryCountThe total number of repositories with the quarantine capability enabled
quarantineEnabledThe true if any repository has the quarantine capability enabled, false otherwise
totalComponentCountThe total number of components across all repositories
quarantinedComponentCountThe total number of quarantined components

GET Auto-Released from Quarantine Config

NEXT-GEN FIREWALL

Requires the View IQ elements persmission at Repositories level.

To get a list of policy condition types that are configurable for auto-release from quarantine and whether they have auto-release from quarantine capability turned on or not, you can issue a GET request to the following path:

GET /api/v2/firewall/releaseQuarantine/configuration

Here is an example cURL command to run this request.

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration

This cURL request will produce a JSON response of the following form

[
    {
        "id": "IntegrityRating",
        "name": "Integrity Rating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "name": "License",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License Threat Group",
        "name": "License Threat Group",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilitySeverity",
        "name": "Security Vulnerability Severity",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilityCategory",
        "name": "Security Vulnerability Category",
        "autoReleaseQuarantineEnabled": true
    }
]

PUT to Update Auto-Released from Quarantine Config

NEXT-GEN FIREWALL

Requires the Edit IQ elements persmission at Repositories level.

You can enable and/or disable the auto-release from quarantine capability on some or all of the policy condition types that are configurable for auto-release from quarantine by issuing the PUT request:

PUT /api/v2/firewall/releaseQuarantine/configuration

You will also need to include JSON data specifying the policy condition types that need to be updated. For example:

[
    {
        "id": "IntegrityRating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "autoReleaseQuarantineEnabled": false
    }
]

The above request only enables auto-release from quarantine capability on Integrity Rating policy condition type and disables it for License policy condition type. Other policy condition types not part of the JSON body are not updated.

Here is an example cURL command to run this request.

curl -u admin:admin123 -X PUT -H "Content-Type: application/json" -d '[{"id":"IntegrityRating","name":"Integrity Rating","autoReleaseQuarantineEnabled":true},{"id":"License","name":"License","autoReleaseQuarantineEnabled":false}]' http://localhost:8070/api/v2/firewall/releaseQuarantine/configuration

This cURL request will produce a JSON response of the following form

[
    {
        "id": "IntegrityRating",
        "name": "Integrity Rating",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "License",
        "name": "License",
        "autoReleaseQuarantineEnabled": false
    },
    {
        "id": "License Threat Group",
        "name": "License Threat Group",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilitySeverity",
        "name": "Security Vulnerability Severity",
        "autoReleaseQuarantineEnabled": true
    },
    {
        "id": "SecurityVulnerabilityCategory",
        "name": "Security Vulnerability Category",
        "autoReleaseQuarantineEnabled": true
    }
]

GET List of Auto-Released from Quarantine Components

NEXT-GEN FIREWALL

Requires the View IQ elements persmission at Repositories level.

To get a summary of auto-released from quarantine components, you can issue a GET request to the following path:

GET /api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&sortBy=releaseQuarantineTime&asc=true

This REST API supports pagination. Here is an explanation of the query parameters of this REST API:

Query ParameterDescriptionOptionalDefault Value
pageThe pagination page number. The minimum allowed page number is 1.Yes1
pageSizeThe maximum number of records to return per page. The value should be between 1 and 10000.Yes10
policyIdWhen provided, the API returns only the components that have a policy violation that causes quarantine (fail action) against the policy with this ID.Yes
sortBy

The field the records to be sorted by. For now, the API only supports sorting by releaseQuarantineTime and quarantineTime.

Quarantined components can only be sorted by quarantineTime

Yes

Auto-Released from Quarantine Components: releaseQuarantineTime

Quarantined Components: quarantineTime

asc

A boolean value to indicate the order of sorting.

true indicates that the records will be sorted in ascending order, false indicates they will be sorted in descending order.

Yestrue

Here is an example cURL command to run this request.

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/autoReleasedFromQuarantine?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&sortBy=releaseQuarantineTime&asc=true

The above cURL request will produce a JSON response of the following form

{
    "total": 2,
    "page": 1,
    "pageSize": 10,
    "pageCount": 1,
    "results": [
        {
            "displayName": "1_test : 0.0.0",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-24T17:36:34.612+0000",
            "dateCleared": "2021-03-24T18:53:45.588+0000",
            "quarantinePolicyViolations": [],
			"componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "1_test",
                    "version": "0.0.0"
                }
            },
			"pathname": "1_test/-/1_test-0.0.0.tgz",
            "hash": "2cfd634fae225311e3b6",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": false
        },
        {
            "displayName": "rc-util : 5.9.5",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-24T14:45:02.567+0000",
            "dateCleared": "2021-03-24T18:53:46.115+0000",
            "quarantinePolicyViolations": [],
			"componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "rc-util",
                    "version": "1.2.0"
                }
            },
			"pathname": "rc-util/-/rc-util-5.9.5.tgz",
            "hash": "b3e3c46f8a404334a2b3a5633d4f0be7",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": false
        }
    ]
}
ItemDescription
totalThe total number of records this query can return across all pages.
pageThe page number specified on the query.
pageSizeThe page size specified on the query.
pageCountThe total number of pages this query can return.
displayNameThe name of the component and its version number.
repositoryThe repository name where the component is installed.
quarantineDateThe date and time when the component was quarantined.
dateClearedThe date and time when the component was released from quarantine.
quarantinePolicyViolations

Policy violations that caused this component to be quarantined. This will be empty for components automatically released from quarantine.

Refer to Policy Violation REST API - v2 for more details on the JSON structure.

componentIdentifierThe format and coordinates for the claimed component.
pathnameThe component path in the repository.
hashThe component hash.
matchStateVerify if the comparison of a component to known components is or is not a match in one of the following ways: Exact, Similar, or Unknown.
repositoryIdThe repository ID where the component is installed.
quarantinedWhether the component is quarantined or not.

GET List of Quarantined Components

Requires the View IQ elements persmission at Repositories level.

To get a summary of auto-released from quarantine components, you can issue a GET request to the following path:

GET /api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&sortBy=releaseQuarantineTime&asc=true

Here is an example cURL command to run this request.

curl -u admin:admin123 http://localhost:8070/api/v2/firewall/components/quarantined?page=1&pageSize=10&policyId=384b7857d9b5424d91e00a0b945e3ec8&sortBy=quarantineTime&asc=true

The above cURL request will produce a JSON response of the following form

{
    "total": 1,
    "page": 1,
    "pageSize": 10,
    "pageCount": 1,
    "results": [
        {
            "displayName": "add-fedops : 0.0.0",
            "repository": "npm_proxy",
            "quarantineDate": "2021-03-29T14:43:51.477+0000",
            "dateCleared": null,
            "quarantinePolicyViolations": [
                {
                    "policyId": "384b7857d9b5424d91e00a0b945e3ec8",
                    "policyName": "Integrity-Rating",
                    "policyViolationId": "974d9e6cd7924ecdb622f9f7cef47510",
                    "threatLevel": 9,
                    "constraintViolations": [
                        {
                            "constraintId": "f03a3a2abdf94703a019e37b8c5cdc16",
                            "constraintName": "Suspicious integrity rating",
                            "reasons": [
                                {
                                    "reason": "Integrity Rating was Suspicious",
                                    "reference": null
                                }
                            ]
                        }
                    ]
                }
            ],
			"componentIdentifier": {
                "format": "npm",
                "coordinates": {
                    "packageId": "add-fedops",
                    "version": "0.0.0"
                }
            },
			"pathname": "add-fedops/-/add-fedops-0.0.0.tgz",
            "hash": "b1b6ea3b7e4aa4f49250",
            "matchState": "exact",
            "repositoryId": "298bf707fd4f4323b7a0200b8dddd201",
            "quarantined": true
        }
    ]
}

Please, refer to the GET List of Auto-Released from Quarantine Components for more details on the query parameters and the JSON output since both JSON APIs follow the same structure.

PUT Configure Anonymous Access for the Quarantined Component View

NEW IN RELEASE 136

Requires the Edit IQ elements persmission at Repositories level.To enable or disable anonymous access for the Quarantined Component View , you can issue a PUT request to the following path:

PUT /api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

Here is an example cURL command to run this request.

curl -u admin:admin123 -X PUT http://localhost:8070/api/v2/firewall/quarantinedComponentView/configuration/anonymousAccess/false

By default, anonymous access for the Quarantined Component View is enabled.