ISO-5055 Detection Patterns For Given Weakness

Overview

Get the ISO-5055 code detection patterns summary of an application for a particular weakness The service returns the code detection pattern description and the number of impacted objects.

URI

GET /rest/applications/{name}/insights/iso-5055/detection-patterns/characteristics/{characteristic}/weaknesses/{weakness}

Path parameters

name (string)

This parameter identifies the analyzed application. The application name must be properly encoded if it is required. Character back-quote is not allowed.

characteristic (string)

Filter detection patterns based on a specific ISO 5055 characteristic. Allowed values:

“ISO-5055-Performance-Efficiency”
“ISO-5055-Maintainability”
“ISO-5055-Reliability”
“ISO-5055-Security”.

weakness (string)

Filter detection patterns according to a weakness.

Responses

application/json

The response is the list of detection patterns. Example:

[
    {
        "id": "7424",
        "name": "Avoid using SQL queries inside a loop",
        "description": "This metric retrieves all artifacts using at least one SQL query inside a loop statement.",
        "characteristics": [
            {
                "id": "ISO-5055-Performance-Efficiency",
                "name": "Efficiency"
            }
        ],
        "weaknesses": [
            {
               "id": "CWE-1050",
               "name": "CWE-1050"
            }
        ],
        "rationale": "Having an SQL query inside a loop is usually the source...",
        "remediation": "The remediation is often to replace the iterative approach...",
        "remediationSample": "Oracle:\n update..."
        "nbObjects": 29,
    },
]

JSON representation

Property	Type	Description
id	string	Code Detection Pattern reference ID.
name	string	Code Detection Pattern name.
description	string	Describe the purpose of the Code Detection Pattern and explain what it searches for.
characteristics	array(string)	ISO-5055 Characteristics.
characteristics[].id	string	ISO-5055 Characteristic ID.
characteristics[].name	string	ISO-5055 Characteristic display name.
weaknesses	array(string)	ISO-5055 Weaknesses: each weakness is a CWE reference (Common Weakness Enumeration).
weaknesses[].id	string	ISO-5055 Weakness ID.
weaknesses[].name	string	ISO-5055 Weakness name.
rationale	string	Description of the flaw and the consequences.
remediation	string	Recommendation action to remove the flaw.
remediationSample	string	Example of good practice to avoid the flaw.
nbObjects	integer	The number of impacted objects