PageRenderTime 25ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/README.md

https://bitbucket.org/datatheorem/dt-api-client
Markdown | 88 lines | 53 code | 35 blank | 0 comment | 0 complexity | 7c55b2b8b839ec7cf86e2056004148e1 MD5 | raw file
    

  1. Data Theorem Portal API
    2. 

  2. -----------------------
    3. 

  3. 

  4. This repository provides a reference client in Python for querying the Data Theorem APIs.
    5. 

  5. 

  6. The client has been tested on Python 3.6, Python 3.7 and Python 3.8. Documentation for these APIs is
    7. 

  7. available at https://docs.securetheorem.com/ (Formally https://datatheorem.github.io/PortalApi/)
    8. 

  8. 

  9. 

  10. ### Functional Tests
    11. 

  11. 

  12. Requirements :
    13. 

  13. 

  14.     XCode should be at least 10.2 ( to support Swift 5.0)
    15. 

  15.     Swiftlint is required to compile duckduckgo ( brew install swiftlint)
    16. 

  16. 

  17. To download the functional tests XCode projects you need to install lfs
    18. 

  18. 

  19.     brew install git-lfs
    20. 

  20.     git lfs install --local  # On your local repo
    21. 

  21.     git lfs fetch --all  # On your local repo
    22. 

  22.     git lfs pull  # On your local repo
    23. 

  23. 

  24. Then you can launch functional tests with python
    25. 

  25. 

  26.     python -m functional_tests.test
    27. 

  27. 

  28. The full stacktrace of the building process can be found on file building-stack-trace.txt
    29. 

  29. 

  30. ### Setup
    31. 

  31. 

  32. The Python module uses the _requests_ library for connecting to the Data Theorem APIs:
    33. 

  33. 

  34.     python setup.py install
    35. 

  35. 

  36. ### Results API
    37. 

  37. 

  38. The **Results API v2** provides access to a list of all mobile apps registered within a specified customer's Data
    39. 

  39. Theorem account and the list of scans and security issues found during the scanning of the apps.
    40. 

  40. 

  41. The _results_api_cli.py_ sample script can be used to write all the issues affecting all the mobile Apps configured
    42. 

  42. within your Data Theorem account to a CSV file, with a CVSS score generated for each issue.
    43. 

  43. 

  44. A **Result API key** is needed in order to call the script; the API key can be found in the Data Theorem portal at
    45. 

  45. https://www.securetheorem.com/sdlc/api under the **"Accessing Data"** section. With the Results API key, the script can
    46. 

  46. then be used:
    47. 

  47. 

  48.     python results_api_cli.py --api-key <results_api_key>
    49. 

  49. 

  50. Full documentation for the Results API is available at https://docs.securetheorem.com/mobile_security_results/introduction.html.
    51. 

  51. 

  52. ### Upload API
    53. 

  53. 

  54. The **Upload API** can be used to upload **PreProd** mobile binaries directly to Data Theorem for scanning.
    55. 

  55. 

  56. The _upload_app_cli.py_ sample script can be used to upload a mobile App build to be scanned.
    57. 

  57. 

  58. An **Upload API key** is needed in order to call the script; the API key can be found in the Data Theorem portal at
    59. 

  59. https://www.securetheorem.com/sdlc/api under the **"Uploading Applications"** section. With the Upload API key, the
    60. 

  60. script can then be used:
    61. 

  61. 

  62.     python upload_app_cli.py --api-key <upoad_api_key> --comments test --username user --password p4ss ./app.ipa
    63. 

  63. 

  64. 

  65. Full documentation for the Upload API is available at https://docs.securetheorem.com/mobile_security_devops/uploading_mobile_apps.html.
    66. 

  66. 

  67. ### Upload UI Test API
    68. 

  68. 

  69. The **UI Test Upload API** can be used to upload `XCUITest` bundles to be used to perform a fully-automated dynamic scan of its associated mobile app in your Data Theorem account.
    70. 

  70. 

  71. The _upload_xcuitest_cli.py_ sample script can be used to automatically extract your application's UI Tests, an `.xctest` bundle, from your Xcode project. This bundle can then be uploaded to DataTheorem and used to quickly dynamically scan the associated app.
    72. 

    73. 

  73. An **Upload API key** is needed in order to call the script; the API key can be found in the Data Theorem portal at
    74. 

  74. https://www.securetheorem.com/sdlc/api under the **"Uploading Applications"** section. With the Upload API key, the
    75. 

  75. script can then be used:
    76. 

  76. 

  77.     python upload_xcuitest_cli.py --api-key <upoad_api_key> MyApp/MyApp.xcodeproj
    78. 

  78. 

  79. Optional arguments:
    80. 

  80. 

  81. * `--scheme`: Scheme to use to build the Xcode project. Required if more than one scheme exists in the Xcode project.
    82. 

  82. * `--product`: Product name of to your UI Test target in your Xcode project. Required if you have more than one UI Test target.
    83. 

  83. * `--release_type`: The type of release this UI Testing bundle should run for: APP_STORE (default) or PRE_PROD.
    84. 

  84. * `--app_bundle_id`: Specify a bundle ID instead of using the bundle ID from the Xcode project. It will be used to associate the UI Test with the corresponding app in your Data Theorem account.
    85. 

  85. * `--app_version`: Specify the app version instead of version from the Xcode project. It will be used to associate the UI Test with the corresponding app in your Data Theorem account.
    86. 

  86. * `--workspace_path`: Extract the testing bundle from a workspace - required if the main Xcode product depends on other Xcode projects within such workspace.
    87. 

  87. 

  88. Full documentation for the Upload UI Test API is available at https://docs.securetheorem.com/mobile_security_devops/uploading_xcuitest_bundles.html.
    89. 

  89.