Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 0 additions & 112 deletions docs/source/SOURCES.rst

This file was deleted.

35 changes: 35 additions & 0 deletions docs/source/api-admin.rst
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,38 @@ This can be done in the admin and from the command line::

$ ./manage.py create_api_user --email "p4@nexb.com" --first-name="Phil" --last-name "Goel"
User p4@nexb.com created with API key: ce8616b929d2adsddd6146346c2f26536423423491

API client configuration
----------------------------

API clients must send a User-Agent header that matches the value of the
`VCIO_USER_AGENT` setting.

Add the following to your .env file::

VCIO_USER_AGENT="vulnerablecode-client"

Requests without the configured User-Agent header will be rejected with 403 Forbidden.

API rate limiting
-------------------

The API uses request throttling to protect the service from excessive traffic.

The rate limits can be configured in the .env file::

THROTTLE_RATE_ANON=10/minute
THROTTLE_RATE_UI=15/minute
THROTTLE_RATE_USER_HIGH=1/second
THROTTLE_RATE_USER_MEDIUM=30/minute
THROTTLE_RATE_USER_LOW=20/minute

Configure Altcha protection
----------------------------

VulnerableCode uses Altcha to protect forms from automated abuse without
relying on third-party CAPTCHA services

To enable Altcha, add the following setting to your .env file::

ALTCHA_HMAC_KEY=32-byte secret
39 changes: 0 additions & 39 deletions docs/source/api.rst
Original file line number Diff line number Diff line change
Expand Up @@ -100,45 +100,6 @@ Sample python script::
The response will be a list of packages, these are packages
that are affected by and/or that fix a vulnerability.

.. _CPE Bulk Search:

CPE Bulk Search
---------------------


The CPE bulk search endpoint allows you to search for packages in bulk.
You can pass a list of packages in the request body and the endpoint will
return a list of vulnerabilities.


You can pass a list of ``cpes`` in the request body. Each cpe should be a
non empty string and a valid CPE.


The request body should be a JSON object with the following structure::

{
"cpes": [
"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:struts:2.3.2:*:*:*:*:*:*:*"
]
}

Sample python script::

import requests

request_body = {
"cpes": [
"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"
],
}

resp = requests.post('https://public.vulnerablecode.io/api/cpes/bulk_search', json= request_body, headers={'Authorization': "Token 123456789"}).json()

The response will be a list of vulnerabilities that have the following CPEs.


API endpoints reference
--------------------------

Expand Down
Binary file modified docs/source/images/pkg_details.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/source/images/pkg_search.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed docs/source/images/vcio-db-admin-2023-11-27-01.png
Binary file not shown.
Binary file not shown.
Loading
Loading