SCAIFE Registration and Login Module API Definition

This API definition facilitates auditing static analysis alerts using classifiers, optional adaptive heuristics, and alert prioritization. The API enables jump-starting labeled datasets using test suites. It is intended to enable a wide range of users (with widely varying datasets, static analysis tools, machine learning expertise, and amount of labeled data) to benefit from using classifiers and sophisticated prioritization to automatically triage static analysis alerts.
More information: https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=6453
Contact Info: lflynn@cert.org
Version: 1.0.0
BasePath:
SCAIFE API Copyright 2007-2020 Carnegie Mellon University. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Products derived from this software may not include 'Carnegie Mellon University,' 'SEI' and/or 'Software Engineering Institute' in the name of such derived product, nor shall 'Carnegie Mellon University,' 'SEI' and/or 'Software Engineering Institute' be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact permission@sei.cmu.edu. ACKNOWLEDGMENTS AND DISCLAIMERS: This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be construed as an official Government position, policy, or decision, unless designated by other documentation. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN 'AS-IS' BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. [DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. This material includes field names used in the Software Assurance Marketplace (SWAMP), a service that provides continuous software assurance capabilities to developers and researchers at https://www.mir-swamp.org/#. Copyright © 2012-2020 The Morgridge Institute for Research, Inc. All rights reserved. This material includes field names used in the Software Assurance Tool (SwAT), a tool that is used by analysts to analyze static analysis alerts from multiple static analysis tools. https://www.cerdec.army.mil/ Combat Capabilities Development Command (CCDC) C5ISR Center. All rights reserved. DM19-0572
http://apache.org/licenses/LICENSE-2.0.html

Access

Methods

[ Jump to Models ]

Table of Contents

RegistrationServer

UIToRegistration

RegistrationServer

Up 
get /authenticate/{server_name}
Authenticate the access token for the servers (authenticateServerAccess)

Path parameters

server_name (required)
Path Parameter — Name of the server to verify access to, expected values [statistics, datahub, prioritization]

Consumes

This API call consumes the following media types via the Content-Type request header:

Request headers

Return type

request_token

Example data

Content-Type: application/json
{
  "message" : "message",
  "request_id" : "request_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK request_token

400

Invalid Request, Token Invalid

default

Unexpected Error error
Up 
get /status
Provides Server Status (getStatus)

Request headers

Return type

request_token

Example data

Content-Type: application/json
{
  "message" : "message",
  "request_id" : "request_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

Server Is Running request_token

400

Database Connection Lost

default

Unexpected Error error

UIToRegistration

Up 
get /servers/{server_name}
Get access token to use other servers (getServerAccess)

Path parameters

server_name (required)
Path Parameter — Name of the server to grant access to, expected values [statistics, datahub, prioritization]

Consumes

This API call consumes the following media types via the Content-Type request header:

Request headers

Return type

access_token

Example data

Content-Type: application/json
{
  "x_access_token" : "x_access_token"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK access_token

400

Invalid Request

404

Server Access Unavailable

405

Invalid Token Request

default

Unexpected Error error
Up 
post /login
Login page; Authenticate to the SCAIFE system (loginUser)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

login_credentials login_credentials (optional)
Body Parameter — Login credentials for the user.

Return type

access_token

Example data

Content-Type: application/json
{
  "x_access_token" : "x_access_token"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK access_token

400

Invalid Request

405

Login Unavailable

default

Unexpected Error error
Up 
post /logout
Logout of the SCAIFE system (logoutUser)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request headers

Return type

request_token

Example data

Content-Type: application/json
{
  "message" : "message",
  "request_id" : "request_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

200

OK, User Successfully Logged Out request_token

400

Invalid Request

405

Logout Unavailable

default

Unexpected Error error
Up 
post /register
Registration page; Create new users in the SCAIFE system (registerUsers)

Consumes

This API call consumes the following media types via the Content-Type request header:

Request body

user_information user_information (required)
Body Parameter — User information

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.

Responses

201

User Created

400

Invalid Request

405

Registration Unavailable

default

Unexpected Error error

Models

[ Jump to Methods ]

Table of Contents

  1. access_token -
  2. error -
  3. login_credentials -
  4. request_token -
  5. user_information -

access_token - Up

x_access_token (optional)
String

error - Up

code
Integer
message
String

login_credentials - Up

username (optional)
String
password (optional)
String

request_token - Up

request_id (optional)
String
message (optional)
String

user_information - Up

first_name (optional)
String
last_name (optional)
String
organization_name
String
username
String
password
String