How to successfully pull data from Veracode through REST API? - rest

I'm trying to pull data from veracode(json or xml). I tried to use curl to connect to the api but i keep getting the error:"Failed to connect to analysiscenter.veracode.com port 443:Timed out".
curl --compressed -u USERNAME:PASSWORD https://analysiscenter.veracode.com/api/5.0/getapplist.do -F "include_user_info=true"
According to veracode documentation, to connect to the API, one needs to have Reviewer or Security Lead role.I have both Reviewer and Submitter role.The curl command should return some data like this:
xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/applist https://analysiscenter.veracode.com/resource/2.0/applist.xsd" >applist_version="1.2" account_id="123">Code" policy_updated_date="2013-11-11T14:37:34-05:00"/>
create_application_profile="true" create_sandbox="true" >create_new_build="true" assign_app_to_team="true" >assign_app_to_any_team="true" view_sandbox="true" view_results="true" >approve_mitigations="true" submit_static_scan="true"/>

this looks like a network issue, based on the error that you pasted. Can you ping the URL?
CURL also needs some configuration to use SSL. See this answer for some tips:
Configuring cURL for SSL

Related

Basic authentication with GitHub API X-Rate-Limit

I'm practicing with GitHub API using curl.
I've authenticated my request about my own repos, and the GitHub guides suggest the x-rate-limit (cap on requests per hour) should go up to 5000.
This did indeed happen on first request.
I entered
curl -i -u Vanilla https://api.github.com/users/Vanilla
Then got prompt for password and entered my PAT.
Header info showed x-rate-limit of 5000.
Since then I exported my PAT to a variable and called
curl -i -u Vanilla:$var https://api.github.com/users/Vanilla
This returned x-rate-limit as 50.
Now, even if I use the previous format of just username and enter PAT when prompted, x-rate-limit still capped at 50.
I'm confused as to why.
Any help much appreciated.
Thanks

How can i get the logs of git using github API

I referred to many documents to get the logs of GitHub using GitHub API. But I couldn't find the way. I want to get the logs of GitHub events(commit, changes, etc..) and send them to cloudwatch. How can I achieve this? Or any other way to get the log without using authentication?
For example, I need a command like this so that I can get the logs without touching GitHub
curl -i -H "Authorization: token <PAT token>." \
https://api.github.com/user/repos
or any program to get the logs is welcome
or Any rest API to get the GitHub logs
I am not familiar with GitHub. can anyone give me a solution or idea?
below I mentioned the links that I have followed. Anyone can refer and if possible modify any command or API call to get the logs it would be great.
https://www.softwaretestinghelp.com/github-rest-api-tutorial/
https://dev.to/gr2m/github-api-authentication-personal-access-tokens-53kd
https://titanwolf.org/Network/Articles/Article?AID=f441bab7-8fc8-45ae-b12b-4c41efbbe2d1

Keycloak: Could not find resource for full path

I am trying to get the REST API of keycloak to work.
Thanks to this post I was able to get the token. But when trying the example for the list of users in the first answer, I get the error:
"error": "RESTEASY003210: Could not find resource for full path: http://PATHTOCEAKLOAK:81/auth/user/realms/master/users"
Here my request with Postman:
As I am using a Bitnami-container the admin is called user that's why I am using /auth/user/ instead of /auth/admin/
For those who are still facing this error and using 17.0+ version of Keycloak, there's a change in endpoints as per the official documentation. I resolved this issue by just using {realm}/user and omitting /auth in between.
In addition to #Akanksha_p's answer, here is a command to get the token using curl:
curl -k -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=your-client" -d "username=some-user" -d "password=hardpassword" -d "grant_type=password" -X POST https://your.fqdn.server:8443/realms/yourrealm/protocol/openid-connect/token
I was actually working on the same and using docker image of bitnami/keycloak:latest
it worked with just removing /auth from base path and keeping it as /admin
something like this (GET http://localhost:8085/admin/realms/test-realm/users)
enter image description here
If you want to know wich url are available on your current realm you can go in Realm -> Settings and click on "Ednpoints" link.
Or directly go to the following url : http://{host}:{port}/realms/{your_realm}/.well-known/openid-configuration.
#Kostanos - I will try to get the /auth/ Path back with a reverseproxy in front of the keycloak. Like nginx and make a rewrite

How do I curl against a git.io URL generated from a private repo?

I have a script that I'd like to be able to access via a curl command against its https://raw.githubusercontent.com/... location. Using git.io, it's really easy to shorten this URL to something like https://git.io/ABCDE.
But there's an issue related to the fact that my script exists in a private repository. If I directly curl against the githubusercontent URL, I get 404: Not Found. I'm able to bypass this by passing an authorization header with the request, e.g.
$ curl -H "Authorization: token <My Github Personal Access Token>" \
https://raw.githubusercontent.com/...
> !#/bin/bash
... # rest of script
However, when I use my shortened URL, I don't get anything back. Not even a 404.
$ curl -H "Authorization: token <My Github Personal Access Token>" \
https://git.io/ABCDE
$
Anyone know what's going on here?
The way a URL shortener works is that it issues some sort of 3xx-series HTTP status code that redirects you to the new location, and then you make your request against that new location. However, by default, curl does not follow redirects, so all you see when you make your request is the output from git.io, which in this case is nothing.
If you want to follow redirects, then you should use the -L option to curl, which will make it follow redirects. Note that this can be insecure in many cases when passing credentials, since any credentials passed with -H will be passed to any remote server that the data is redirected to. In this case, that's what you want, but it can be a security problem in other cases if the credentials were only intended for the original server.

Unable to launch a single user using REST api

I am using JuPyter hub on K8s. I went through the documentation and had a look at the APIs. Now, I want to use one to start a pod. However, I am unable to start one using this post.
What would be the curl request for this POST request?
I have tried with the given command and it does not work:
curl -XPOST http://some_ip.ap-south-1.elb.amazonaws.com/users/adwait/server
405 : Method Not Allowed