We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Security-Monitoring: Android Vulnerability Assessment Open API Specification - FIWARE Forge Wiki

Security-Monitoring: Android Vulnerability Assessment Open API Specification

From FIWARE Forge Wiki

Jump to: navigation, search

Contents

Introduction to the Android Vulnerability Assessment API

This API is deprecated.

Android Vulnerability Assessment API Core

The Android Vulnerability Assessment API is a SOAP API accessed via HTTP that uses XML-based representations for information interchange. It is composed of 2 web services: the Provider web service, that allows devices to update their definition database from the server, and the reporter web service, that allows devices to post analysis results to the server.

Intended Audience

This specification is intended for both software developers and reimplementers of this API. For the former, this document provides a full specification of how to interact with the web services. For the latter, this specification provides a full specification of how to reimplement the web service while maintaining compatibility with the existing software.

API Change History

This version of the Android Vulnerability Assessment API Guide replaces and obsoletes all previous versions. The most recent changes are described in the table below:

Revision Date Changes Summary
Jun 28, 2013
  • Added "/summary" operations
  • Updated paths to reflect R2.3 software changes
Apr 22, 2013
  • Initial Release

Additional Resources

You can download the most current version of this document from the FIWARE specification website at Security-Monitoring: Android Vulnerability Assessment Open API Specification. For more details about the Android Vulnerability Assessment that this specification is based upon, please refer to High Level Description. Related documents, including an Architectural Description, are available at the same site.

General Android Vulnerability Assessment API Information

Resources Summary

File:AndroidVulnerabilityResources.png


Representation Format

The Android Vulnerability Assessment API supports XML.

Resource Identification

Resources are identified using the mechanisms described by HTTP protocol specification as defined by IETF RFC-2616.

Faults

Synchronous Faults

Provider Web Service

The OVAL_ProviderWS_AnswerHeader type includes a response_code, which can take the following values:

Fault Element Associated Error Codes Expected in All Requests? Description
Definition Not Found 0 Yes No definition matching the request was found (this is not necessarily an error)
Definition Found 1 Yes One or more definition matching the request was found (this usually indicates a successful response)
Malformed Request 2 Yes The request was malformed
Internal Error 3 Yes There was an internal server error

Reporter Web Service

The OVAL_UploaderWS_AnswerHeader type includes a response_code, which can take the following values:

Fault Element Associated Error Codes Expected in All Requests? Description
Result uploaded 0 Yes The request was processed successfully (this is actually not an error)
Bad IMEI (too short) 2 Yes The IMEI sent in the request was too short
Internal error (database) 3 Yes There was an error writing to the database
Streaming error 4 Yes There was an error writing the result to the disk

Data Types

Provider Web Service

OVAL_ProviderWS_Answer Element

The OVAL_ProviderWS_Answer element is a complexType. It is a sequence of the following 2 elements:

Name Type MinOccurs MaxOccurs Description
OVAL_ProviderWS_AnswerHeader complexType 1 1 Header of the answer
Definitions complexType 1 1 Content of the answer, a list of definitions

OVAL_ProviderWS_AnswerHeader Element

The OVAL_ProviderWS_AnswerHeader element is a complexType. It is a sequence of the following elements:

Name Type MinOccurs MaxOccurs Description
response_code int 1 1 indicates success or error, see Faults section above
details string 0 1 Detailed description of the error
nb_def_found int 0 1 Number of definitions matching the request
date string 0 1 Timestamp of the response

Definitions Element

The Definitions element is a complexType. It is a sequence of the Definition complexType:

Name Type MinOccurs MaxOccurs Description
Definition complexType 1 unbounded An individual definition

Definition Element

The Definition element is a complexType. It is a sequence of the following elements:

Name Type MinOccurs MaxOccurs Description
title string 1 1 Title of the definition
id int 1 1 Id of the definition
cve string 0 1 CVE number of the definition
tags string 0 1 Tags associated with the definition
upload_date string 0 1 Date at which the definition was uplaoded
size int 0 1 Size of the definition
dl_id string 0 1 Download Id that can be used to download the definition

Reporter Web Service

OVAL_UploaderWS_Answer Element

The OVAL_UploaderWS_Answer element is a complexType. It is a sequence of the following 2 elements:

Name Type MinOccurs MaxOccurs Description
OVAL_UploaderWS_AnswerHeader complexType 1 1 Header of the answer
version string 1 1 Version string

OVAL_UploaderWS_AnswerHeader Element

The OVAL_ProviderWS_AnswerHeader element is a complexType. It is a sequence of the following elements:

Name Type MinOccurs MaxOccurs Description
response_code int 1 1 indicates success or error, see Faults section above
details string 0 1 Detailed description of the error
date string 0 1 Timestamp of the response

API Operations

Provider Web Service

/rest/hello

  • Verb: GET
  • Returns: Static string "Hello Updater"

This operation allows to test whether the web service is up and running.

/rest/summary

  • Verb: GET
  • Returns: HTML

This operation allows to display a simple administration web interface.

/rest/fetch_defs/get_all

This operation allows to get metadata of all OVAL definitions in the database, including a dl_id element that can be used to download definitions.

/rest/fetch_defs/by_id/{id}

This operation allows to get metadata of the OVAL definition with id equal to {id} in the database, including a dl_id element that can be used to download the definition.

/rest/fetch_defs/by_date/{date}

This operation allows to get metadata of all OVAL definitions more recent than {date} in the database, including a dl_id element that can be used to download definitions.

/rest/download/{id_download}

  • Verb: GET
  • Returns:

This operation allows to download a definition, using a dl_id that was acquired through one of the fetch_defs operation.

/rest/search_defs/list_all

This operation allows to get metadata of all OVAL definitions in the database, without dl_id elements.

/rest/search_defs/by_cve/{cve}

This operation allows to get metadata of the OVAL definition with CVE id equal to {cve} in the database, without a dl_id element.

/rest/search_defs/by_tags/{tags}

This operation allows to get metadata of all OVAL definitions categorized using {tags} in the database, without dl_id elements.

{tag} can be one or more tags separated by the '+' character.

/rest/raw_defs/get_all

  • Verb: GET
  • Returns:

This operation allows to download all OVAL definitions in the database, merged in one file.

/rest/raw_defs/list_all

  • Verb: GET
  • Returns:

This operation allows to get an ASCII listing representing all OVAL definitions in the database.

/rest/raw_defs/by_id/{id}

  • Verb: GET
  • Returns:

This operation allows to download the OVAL definition with id equal to {id} in the database.

/rest/raw_defs/by_date/{date}

  • Verb: GET
  • Returns:

This operation allows to download all OVAL definitions more recent than {date} in the database, merged in one file.

Reporter Web Service

/rest/hello

  • Verb: GET
  • Returns: Static string "Hello Reporter"

This operation allows to test whether the web service is up and running.

/rest/summary

  • Verb: GET
  • Returns: HTML

This operation allows to display a simple administration web interface.

/rest/upload

  • Verb: POST
  • HTTP POST Parameters:
    • imei: The IMEI of the client
    • filename: the name of the uploaded file
    • file: the content of the file
  • Returns: XML element OVAL_UploaderWS_Answer

This operation allows to upload a new OVAL result.

/rest/list_results

  • Verb: GET
  • Returns: ASCII listing representing OVAL results in the database

This operation allows to list OVAL results in the database.

Personal tools
Create a book