Policy Actions using GraphQL API

  • Published on Jan 9, 2025
  • 11 minute(s) read
Prev Next

Traceable provides the GraphQL public API for performing CRUD (create, read, update, and delete) operations on AST scan policies. To do this, see the following sections:

Before you begin

  • Make a note of the API Endpoint URL: https://<traceable_public_api_url>/graphql. In this URL, replace the <traceable_public_api_url> accordingly, for example, https://api.traceable.ai/graphql. This Endpoint URL is required to perform the necessary operations.

  • You are assigned the necessary RBAC permissions to carry out the operations. Refer to the table in the respective tabs to understand the permissions required to perform the action. For more information, see Teams and Roles - RBAC.

  • Following are the attributes used in the document along with their descriptions:

    Attribute Name

    Description

    name

    The policy name

    id

    The policy ID

    filterBy

    The list of filters based on which you can fetch policies

    filterBy.key

    The keys based on which you wish to filter the policies. This attribute can take the following values:

    • POLICY_ID

    • NAME

    • OWNERS

    operator

    The operators based on which you wish to compare the key and its corresponding value. This attribute can take the following values:

    • IN

    • EQUALS

    • LIKE

    configuration.attacksSelection

    The list of attacks

Policy Actions

The following tabs discuss the actions and their corresponding metrics and a sample request. You can click on each tab to view the details.

Following are some important metrics for retrieving the list of policies in your account:

Field

astPolicies

Type

Query

Required Permission(s)

  • Access to Call Detail Data (View)

  • Manage API Access (Enabled)

  • Manage Access to Issues (View)

  • Module Level Access

    • API Catalog (View)

    • Analytics (View)

    • API Testing (View)

Authorization

Platform API Token. For the steps to retrieve this, see Public APIs.

Following is the template you can use to retrieve a list of policies filtered by Policy ID, Name, or Owners:

Note

You must replace the key, operator, and value fields in the below JSON according to your requirements.

Template
{
  astPolicies(
    filterBy: [
    {key: #POLICY_ID, #NAME, #OWNERS    
    operator: #IN, #EQUALS, #LIKE 
    value: ["policyId1"]}]
  ) {
    results {
      id
      name
      description
      metadata {
        createdBy
        creationTimestamp
        lastEditTimestamp
        lastEditedBy
        __typename
      }
      configuration {
        attacksSelection {
          attackSelectionLevel
          pluginSelectionGroup
          plugin {
            idPredicates {
              relationalOperator
              value
              __typename
            }
            labelPredicates {
              relationalOperator
              value
              __typename
            }
            namePredicates {
              relationalOperator
              value
              __typename
            }
            __typename
          }
          pluginCategory {
            idPredicates {
              relationalOperator
              value
              __typename
            }
            namePredicates {
              relationalOperator
              value
              __typename
            }
            __typename
          }
          selectionMode
          rule {
            attackField
            operatorType
            value
            __typename
          }
          vulnerabilityType {
            namePredicates {
              relationalOperator
              value
              __typename
            }
            __typename
          }
          __typename
        }
        attackCoverage
        attackImpact
        attackMethods
        __typename
      }
      __typename
    }
    count
    __typename
  }
}
Example

Sample Request

{
  astPolicies(
    filterBy: [
    {key: POLICY_ID  
    operator: EQUALS 
    value: ["8d8c1234-6915-475d-810b-abc5d4a8022f"]}]
  ) {
    results {
      id
      name
      description
      metadata {
        createdBy
        creationTimestamp
        lastEditTimestamp
        lastEditedBy
        __typename
      }
      configuration {
        attacksSelection {
          attackSelectionLevel
          pluginSelectionGroup
          plugin {
            idPredicates {
              relationalOperator
              value
              __typename
            }
            labelPredicates {
              relationalOperator
              value
              __typename
            }
            namePredicates {
              relationalOperator
              value
              __typename
            }
            __typename
          }
          pluginCategory {
            idPredicates {
              relationalOperator
              value
              __typename
            }
            namePredicates {
              relationalOperator
              value
              __typename
            }
            __typename
          }
          selectionMode
          rule {
            attackField
            operatorType
            value
            __typename
          }
          vulnerabilityType {
            namePredicates {
              relationalOperator
              value
              __typename
            }
            __typename
          }
          __typename
        }
        attackCoverage
        attackImpact
        attackMethods
        __typename
      }
      __typename
    }
    count
    __typename
  }
}

Sample Response

{
  "data": {
    "astPoliciesV2": {
      "results": [
        {
          "id": "8d8c1234-6915-475d-810b-abc5d4a8022f",
          "name": "all-attack-policy",
          "description": "",
          "metadata": {
            "createdBy": "Traceable AI",
            "creationTimestamp": "2024-09-04T17:02:12.460Z",
            "lastEditTimestamp": "2024-09-04T17:02:12.460Z",
            "lastEditedBy": "Traceable AI",
            "__typename": "AstPolicyV2Metadata"
          },
          "configuration": {
            "attacksSelection": [
              {
                "attackSelectionLevel": "ALL",
                "pluginSelectionGroup": null,
                "plugin": null,
                "pluginCategory": null,
                "selectionMode": "INCLUDE",
                "rule": null,
                "vulnerabilityType": null,
                "__typename": "AttackSelection"
              }
            ],
            "attackCoverage": "SMOKE",
            "attackImpact": null,
            "attackMethods": [
              "GET",
              "POST",
              "PUT",
              "DELETE",
              "PATCH"
            ],
            "__typename": "AstPolicyV2Configuration"
          },
          "__typename": "AstPolicyV2"
        }
      ],
      "count": 1,
      "__typename": "AstPoliciesV2ResultSet"
    }
  }
}

Following are some important metrics for creating a policy in your account:

Field

createAstPolicy

Type

mutation

Required Permission(s)

  • Access to Call Detail Data (View)

  • Manage API Access (Enabled)

  • Manage Access to Issues (View, Edit)

  • Module Level Access

    • API Catalog (View, Edit)

    • API Protection (View, Edit)

    • Analytics (View, Edit)

    • API Testing (View, Edit)

    • Reports (View, Edit)

    • Sonar (View, Edit)

Authorization

Platform API Token. For the steps to retrieve this, see Public APIs.

Following is the template you can use to create a policy:

Note

You must replace the name, attackSelection, attackMethods, and attackCoverage fields in the below JSON according to your requirements.

Template
mutation {
  createAstPolicy(
    create: {
      name: "public-test-policy" #required
      
      configuration: { #required
        attacksSelection: [
          {
            attackSelectionLevel: #VULNERABILITY_TYPE 
            #PLUGIN, #PLUGIN_CATEGORY, #PLUGIN_SELECTION_GROUP, #RULES, #ALL
            
            selectionMode: #INCLUDE #EXCLUDE
            vulnerabilityType: {
              namePredicates: [
                { value: "Vulnerability Name", relationalOperator: EQUALS }
              ]
            }
          }
        ]
        attackMethods: [GET, POST, PUT, DELETE, PATCH]
        attackCoverage: #SMOKE #OPTIMIZED #EXHAUSTIVE
        attackImpact: SAFE
      }
    }
  ) {
    id
    __typename
  }
}

Following are sample JSON that you can use according to the attackSelectionLevel you wish to use in the above:

attackSelectionLevel

JSON

attackSelectionLevel: VULNERABILITY_TYPE

{
            attackSelectionLevel: VULNERABILITY_TYPE         
            selectionMode: INCLUDE
            vulnerabilityType: {
              namePredicates: [
                { value: "ssrf_blind", relationalOperator: EQUALS }
              ]
            }
            
}

attackSelectionLevel: ALL

{ attackSelectionLevel: ALL, selectionMode: INCLUDE }

attackSelectionLevel: RULES

{
            attackSelectionLevel: RULES
            selectionMode: INCLUDE
            rule: {
              attackField: SOURCE_PLUGIN
              # VULNERABILITY_LABEL, #VULNERABILITY_CATEGORY, 
              # VULNERABILITY_SEVERITY, #SOURCE_PLUGIN, 
              # SOURCE_PLUGIN_SAFETY_TYPE, #SOURCE_PLUGIN_TYPE, #CUSTOM_LABEL
              
              operatorType: #IN, #EQUALS, #LIKE
              value: ["regex_dos"]
            }
}

Example

Sample Request

mutation {
  createAstPolicy(
    create: {
      name: "Sample AST Policy"
      
      configuration: {
        attacksSelection: [
          {
            attackSelectionLevel: VULNERABILITY_TYPE 
            
            selectionMode: INCLUDE
            vulnerabilityType: {
              namePredicates: [
                { value: "ssrf_blind", relationalOperator: EQUALS }
              ]
            }
          }
        ]
        attackMethods: [GET, POST, PUT, DELETE, PATCH]
        attackCoverage: SMOKE
        attackImpact: SAFE
      }
    }
  ) {
    id
    __typename
  }
}

Sample Response

{
  "data": {
    "createAstPolicy": {
      "id": "12f4ab71-ab7f-43a7-9ab1-1234c737f9c7",
      "__typename": "CreateAstPolicyV2Response"
    }
  }
}

Following are some important metrics for deleting a policy from your account:

Field

deleteAstPolicy

Type

mutation

Required Permission(s)

  • Access to Call Detail Data (View)

  • Manage API Access (Enabled)

  • Manage Access to Issues (View, Edit)

  • Module Level Access

    • API Catalog (View, Edit)

    • API Protection (View, Edit)

    • Analytics (View, Edit)

    • API Testing (View, Edit)

    • Reports (View, Edit)

    • Sonar (View, Edit)

Authorization

Platform API Token. For the steps to retrieve this, see Public APIs.

Following is the template you can use to delete a policy using the policy ID:

Note

You must replace the policyV2IdList field in the below JSON according to your requirements.

Template
mutation {
  deleteAstPolicies(policyV2IdList: ["policyId1"]) {
    success
    __typename
  }
}

Example

Sample Request

mutation {
  deleteAstPolicies(policyV2IdList: ["12ab2a87-987b-4b77-856d-50abc23982ae"]) {
    success
    __typename
  }
}

Sample Response

{
  "data": {
    "updateAstPolicy": {
      "success": true,
      "__typename": "MutationResponse"
    }
  }
}

Following are some important metrics for updating a policy in your account:

Field

updateAstPolicy

Type

mutation

Required Permission(s)

  • Access to Call Detail Data (View)

  • Manage API Access (Enabled)

  • Manage Access to Issues (View, Edit)

  • Module Level Access

    • API Catalog (View, Edit)

    • API Protection (View, Edit)

    • Analytics (View, Edit)

    • API Testing (View, Edit)

    • Reports (View, Edit)

    • Sonar (View, Edit)

Authorization

Platform API Token. For the steps to retrieve this, see Public APIs.

Following is the template you can use to update a policy using the policy ID and name:

Note

You must replace the id, name, and configuration field in the below JSON according to your requirements.

Template
mutation {
  updateAstPolicy(
    update: {
      id: "policy_id" #required
      name: "policy_name" #required
      configuration: { #required
        attacksSelection: [
          {
            attackSelectionLevel: VULNERABILITY_TYPE
            selectionMode: INCLUDE
            vulnerabilityType: {
              namePredicates: [
                { value: "Vulnerability Name", relationalOperator: EQUALS }
              ]
            }
          }
        ]
        attackMethods: [GET, PUT, DELETE, PATCH, POST]
        attackCoverage: SMOKE
      }
    }
  ) {
    success
    __typename
  }
}

Example

Sample Request

mutation {
  updateAstPolicy(
    update: {
      id: "12ab2a87-987b-4b77-856d-50abc23982ae"
      name: "sample-test-policy"
      configuration: { 
        attacksSelection: [
          {
            attackSelectionLevel: VULNERABILITY_TYPE
            selectionMode: INCLUDE
            vulnerabilityType: {
              namePredicates: [
                { value: "regex_dos", relationalOperator: EQUALS }
              ]
            }
          }
        ]
        attackMethods: [GET, PUT, DELETE, PATCH, POST]
        attackCoverage: SMOKE
      }
    }
  ) {
    success
    __typename
  }
}

Sample Response

{
  "data": {
    "updateAstPolicy": {
      "success": true,
      "__typename": "MutationResponse"
    }
  }
}

Related articles