Security problems API - GET vulnerable functions

Lists vulnerable functions of a security problem along with their usage.

The request produces an application/json payload.

Early Adopter

This request is an Early Adopter release and may be changed in non-compatible way.

GET	Managed	`https://{your-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}/vulnerableFunctions`
	SaaS	`https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}/vulnerableFunctions`
	Environment ActiveGate	`https://{your-activegate-domain}/e/{your-environment-id}/api/v2/securityProblems/{id}/vulnerableFunctions`

Authentication

To execute this request, you need an access token with Read security problems (securityProblems.read) scope. To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter Type Description In Required

string

Parameter	Type	Description	In	Required
id	string	The ID of the required security problem.	path	required
vulnerableFunctionsSelector	string	Defines the scope of the query. Only vulnerable functions matching the specified criteria are included in the response. You can add the following criteria. Values are not case sensitive and the `EQUALS` operator is used unless otherwise specified. Management zone ID: `managementZoneIds("mzId-1","mzId-2")`. Management zone name: `managementZones("name-1","name-2")`. Values are case sensitive. Process group ID: `processGroupIds("pgId-1", "pgId-2")`. Specify Dynatrace entity IDs here. Process group name: `processGroupNames("name-1", "name-2")`. Values are case sensitive. Process group name contains: `processGroupNameContains("name-1")`. The `CONTAINS` operator is used. Specify the value of a criterion as a quoted string. The following special characters must be escaped with a tilde (`~`) inside quotes: Tilde `~` Quote `"`	query	optional
groupBy	string	Defines additional grouping types in which vulnerable functions should be displayed. You can add one of the following grouping types. Process group: `PROCESS_GROUP`	query	optional

The ID of the required security problem.

path

required

vulnerableFunctionsSelector

string

Defines the scope of the query. Only vulnerable functions matching the specified criteria are included in the response.

You can add the following criteria. Values are not case sensitive and the EQUALS operator is used unless otherwise specified.

Management zone ID: managementZoneIds("mzId-1","mzId-2").
Management zone name: managementZones("name-1","name-2"). Values are case sensitive.
Process group ID: processGroupIds("pgId-1", "pgId-2"). Specify Dynatrace entity IDs here.
Process group name: processGroupNames("name-1", "name-2"). Values are case sensitive.
Process group name contains: processGroupNameContains("name-1"). The CONTAINS operator is used.

Specify the value of a criterion as a quoted string. The following special characters must be escaped with a tilde (~) inside quotes:

Tilde ~
Quote "

query

optional

groupBy

string

Defines additional grouping types in which vulnerable functions should be displayed.

You can add one of the following grouping types.

Process group: PROCESS_GROUP

query

optional

Response

Response codes

Code	Type	Description
200	VulnerableFunctionsContainer	Success. The response contains the list of vulnerable functions.

Response body objects

The `VulnerableFunctionsContainer` object

A list of vulnerable functions, their security problem wide usages and their usages per process group. Optional: A list of vulnerable function usages per process group for a security problem.

Element Type Description

vulnerableFunctions

Element	Type	Description
vulnerableFunctions	VulnerableFunctionProcessGroups[]	A list of vulnerable functions, their security problem wide usages and their usages per process group. Can be `null`.
vulnerableFunctionsByProcessGroup	ProcessGroupVulnerableFunctions[]	A list of vulnerable function usages per process group for a security problem. The result is sorted based on the following criteria: the number of vulnerable functions in use (descending). the number of vulnerable functions not in use (descending). the number of vulnerable functions not available (descending). the process group identifier (ascending) Can be `null`.

VulnerableFunctionProcessGroups[]

A list of vulnerable functions, their security problem wide usages and their usages per process group.

Can be null.

vulnerableFunctionsByProcessGroup

ProcessGroupVulnerableFunctions[]

A list of vulnerable function usages per process group for a security problem. The result is sorted based on the following criteria:

the number of vulnerable functions in use (descending).
the number of vulnerable functions not in use (descending).
the number of vulnerable functions not available (descending).
the process group identifier (ascending)

Can be null.

The `VulnerableFunctionProcessGroups` object

A vulnerable function including its usage by specific process groups in context of the security problem.

Element	Type	Description
function	VulnerableFunction	Defines an vulnerable function. Can be `null`.
usage	string	The vulnerable function usage based on the given process groups: IN_USE if at least one process group calls this vulnerable function. NOT_IN_USE if all process groups do not call this vulnerable function. NOT_AVAILABLE if vulnerable function usage could not be calculated for at least one process group and no process group calls this vulnerable function. The element can hold these values `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE` Can be `null`.
processGroupsInUse	string[]	The process group identifiers, where this vulnerable function is in use. Can be `null`.
processGroupsNotInUse	string[]	The process group identifiers, where this vulnerable function is not in use. Can be `null`.
processGroupsNotAvailable	string[]	The process group identifiers, where information about the usage of this function not available. Can be `null`.

The `VulnerableFunction` object

Defines an vulnerable function.

Element Type Description

className

string

Element	Type	Description
className	string	The class name of the vulnerable function. Can be `null`.
filePath	string	The file path of the vulnerable function. Can be `null`.
functionName	string	The function name of the vulnerable function. Can be `null`.

The class name of the vulnerable function.

Can be null.

filePath

string

The file path of the vulnerable function.

Can be null.

functionName

string

The function name of the vulnerable function.

Can be null.

The `ProcessGroupVulnerableFunctions` object

The vulnerable functions of a process group including their usage.

Element	Type	Description
processGroup	string	The process group identifier. Can be `null`.
functionsInUse	VulnerableFunction[]	A list of vulnerable functions in use. Can be `null`.
functionsNotInUse	VulnerableFunction[]	A list of vulnerable functions not in use. Can be `null`.
functionsNotAvailable	VulnerableFunction[]	A list of vulnerable functions with unknown state. Can be `null`.

Response body JSON model

json
{
  "vulnerableFunctions": [
    {
      "function": {
        "className": "string",
        "filePath": "string",
        "functionName": "string"
      },
      "usage": "IN_USE",
      "processGroupsInUse": [
        "string"
      ],
      "processGroupsNotInUse": [
        "string"
      ],
      "processGroupsNotAvailable": [
        "string"
      ]
    }
  ],
  "vulnerableFunctionsByProcessGroup": [
    {
      "processGroup": "string",
      "functionsInUse": [
        {}
      ],
      "functionsNotInUse": [
        {}
      ],
      "functionsNotAvailable": [
        {}
      ]
    }
  ]
}

Security problems API - GET vulnerable functions

Authentication

Parameters

Response

Response codes

Response body objects

The VulnerableFunctionsContainer object

The VulnerableFunctionProcessGroups object

The VulnerableFunction object

The ProcessGroupVulnerableFunctions object

Response body JSON model

The `VulnerableFunctionsContainer` object

The `VulnerableFunctionProcessGroups` object

The `VulnerableFunction` object

The `ProcessGroupVulnerableFunctions` object