BF Security Rules CWE API
Irena Bojanova, Inventor/Creator, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~
//Exclusive Rights Only//
The BF Security Rules CWE API generates datasets of BF Improper States (by CWE where applicable) that should not be present at code execution to assure code safety.
UI → Key required:
https://samate.nist.gov/services/BF/BFSecurityRules.xml/CWE?key=YOUR_KEY
https://samate.nist.gov/services/BF/BFSecurityRules.json/CWE?key=YOUR_KEYNote: ID="-1" if no CWE corresponds to that BF Wwakness Triple.
API → Key required:
C#
HttpClient client = new HttpClient() { BaseAddress = new Uri("https://samate.nist.gov/services/BF") }; //replace YOUR_USER_NAME and YOUR_KEY client.DefaultRequestHeaders.Add("user", YOUR_USER_NAME); client.DefaultRequestHeaders.Add("key", YOUR_KEY); //result in XML var responseXML = await client.GetAsync("BFSecurityRules.xml/CWE/api"); responseXML.EnsureSuccessStatusCode(); var resultXML = await responseXML.Content.ReadAsStringAsync(); //result in JSON var responseJSON = await client.GetAsync("BFSecurityRules.json/CWE/api"); responseJSON.EnsureSuccessStatusCode(); var resulJSON = await responseJSON.Content.ReadAsStringAsync();Python
//to be added//
BF CITATION: