Issues endpoint

Issues belong to a Project

When working with data for a specific Project like Issues or Nodes, make sure to define the Dradis-Project-Id HTTP header like so:

$ curl \
  -H 'Authorization: Token token="xMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  https://dradis-pro.dev/pro/api/issues

GET /pro/api/issues

Retrieves all the Issues in your specific project, ordered by the created_at timestamp.

You can paginate the results for 25 views per page by appending e.g. \?page\=1 and \?page\=2, so e.g. http://dradis-pro.dev/pro/api/issues\?page\=1.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  http://dradis-pro.dev/pro/api/issues

Result:

[
  {
    "id": 45,
    "author": "admin@securityroots.com",
    "title": "Insecure cookie configuration: Secure flag",
    "fields": {
      "Title": "Insecure cookie configuration: Secure flag",
      "Rating": "Low",
      "Description": "If the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL.",
      "Mitigation": "At the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the  Secure flag in all cookies to ensure they are never sent over clear-text channels.",
      "References": "http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue"
    },
    "text": "#[Title]#\r\nInsecure cookie configuration: Secure flag\r\n\r\n#[Rating]#\r\nLow\r\n\r\n#[Description]#\r\nIf the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL. \r\n\r\n#[Mitigation]#\r\nAt the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the  Secure flag in all cookies to ensure they are never sent over clear-text channels.\r\n\r\n#[References]#\r\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue\r\n",
    "created_at": "2016-04-12T16:25:17.486Z",
    "updated_at": "2016-04-12T16:37:05.363Z"
  },
  {
    "id": 44,
    "author": "admin@securityroots.com",
    "title": "Weak SSL ciphers",
    "fields": {
      "Title": "Weak SSL ciphers",
      "Rating": "Critical",
      "Description": "Some of the ciphers enabled in the SSL service cannot considered to be cryptographically secure. When the key length of the cipher is under 56 bits, it is reasonable to assume that an adversary could mount a successful brute-force attack.",
      "Mitigation": "All ciphers with key lengths smaller than 128 bits should be disabled",
      "References": "https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29"
    },
    "text": "#[Title]#\r\nWeak SSL ciphers\r\n\r\n#[Rating]#\r\nCritical\r\n\r\n#[Description]#\r\nSome of the ciphers enabled in the SSL service cannot considered to be cryptographically secure. When the key length of the cipher is under 56 bits, it is reasonable to assume that an adversary could mount a successful brute-force attack.\r\n\r\n#[Mitigation]#\r\nAll ciphers with key lengths smaller than 128 bits should be disabled\r\n\r\n#[References]#\r\nhttps://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29\r\n",
    "created_at": "2016-04-11T16:49:15.657Z",
    "updated_at": "2016-04-12T16:37:12.343Z"
  }
]

GET /pro/api/issues/:id

Retrieves a single Issue from your specified project.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  http://dradis-pro.dev/pro/api/issues/45

Result:

{
  "id": 45,
  "author": "admin@securityroots.com",
  "title": "Insecure cookie configuration: Secure flag",
  "fields": {
    "Title": "Insecure cookie configuration: Secure flag",
    "Rating": "Low",
    "Description": "If the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL.",
    "Mitigation": "At the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the  Secure flag in all cookies to ensure they are never sent over clear-text channels.",
    "References": "http://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue",
    "Test": ""
  },
  "text": "#[Title]#\r\nInsecure cookie configuration: Secure flag\r\n\r\n#[Rating]#\r\nLow\r\n\r\n#[Description]#\r\nIf the Secure attribute is set on a cookie, the browser will ensure that the cookie is only attached to requests going over SSL. \r\n\r\n#[Mitigation]#\r\nAt the bare minimum, the Secure flag should be set in all cookies containing session tokens. However, if the application uses SSL transport, it is best to set the  Secure flag in all cookies to ensure they are never sent over clear-text channels.\r\n\r\n#[References]#\r\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)#Description_of_the_Issue\r\n\r\n#[Test]#\r\n",
  "created_at": "2016-04-12T16:25:17.486Z",
  "updated_at": "2016-04-12T16:38:39.932Z"
}

POST /pro/api/issues

Creates an Issue in the specified project. The attributes for the Issue must be provided in the POST body as JSON.

HTTP status 201 will be returned if the creation completes successfully, and a Location header will be sent with the response, set to the URL of the newly created resource.

Accepted Parameter Use
issue Pass it the text parameter.
text Pass it the content of the Issue using JSON on one line subbing in \r\n for new lines. Don't forget to include field names with the #[ ]# syntax.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  -H 'Content-type: application/json' \
  -X POST \
  -d '{"issue":{"text": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information."}}' \
  http://dradis-pro.dev/pro/api/issues

Result:

{
  "id": 51,
  "author": "admin@securityroots.com",
  "title": "Dangerous HTTP methods: TRACE",
  "fields": {
    "Title": "Dangerous HTTP methods: TRACE",
    "Rating": "Medium",
    "Description": "The TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information."
  },
  "text": "#[Title]#\r\nDangerous HTTP methods: TRACE\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nThe TRACE HTTP method is used as a debugging mechanism that allows the client to see what is being received at the other end of the request chain and use that data for testing and diagnostic information.",
  "created_at": "2016-04-12T20:18:12.090Z",
  "updated_at": "2016-04-12T20:18:12.090Z"
}

PUT /pro/api/issues/:id

Updates an Issue in the specified project. The attributes to be updated must be provided in the body as JSON. Like the POST method, make sure to write out the new content of the Issue using JSON on one line subbing in \r\n to create newlines as needed.

HTTP status 200 will be returned if the update completes successfully.

See POST above for more details on the accepted parameters.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  -H 'Content-type: application/json' \
  -X PUT \
  -d '{"issue":{"text": "#[Title]#\r\nUpdated Issue Title\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample Issue description"}}' \
  http://dradis-pro.dev/pro/api/issues/45

Result:

{
  "id": 45,
  "author": "admin@securityroots.com",
  "title": "Updated Issue Title",
  "fields": {
    "Title": "Updated Issue Title",
    "Rating": "Medium",
    "Description": "Updated sample Issue description"
  },
  "text": "#[Title]#\r\nUpdated Issue Title\r\n\r\n#[Rating]#\r\nMedium\r\n\r\n#[Description]#\r\nUpdated sample Issue description",
  "created_at": "2016-04-12T16:25:17.486Z",
  "updated_at": "2016-04-12T20:24:02.471Z"
}

DELETE /pro/api/issues/:id

Deletes an Issue from your specified project. HTTP status 200 will be returned if the deletion completes successfully.

Sample request:

curl \
  -H 'Authorization: Token token="hxMsNwttqN5bVNEYcrIF01s65"' \
  -H 'Dradis-Project-Id: 3' \
  -H 'Content-type: application/json' \
  -X DELETE \
  http://dradis-pro.dev/pro/api/issues/45

Result:

{
  "message": "Resource deleted successfully"
}

Next help article: Evidence endpoint →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.