search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.74k stars 1.56k forks source link

Possibility to send an API call to a custom service from the product page? #11139

Open atharva1051 opened 1 month ago

atharva1051 commented 1 month ago

Describe the solution you'd like When i'm on the product page I'd like to have a button whjich would make an API call to some service, which can send some data related to my product to my service. Does any such implemenmtation already exist?

Additional context It can also be something like a webhook. when someone remediates something, DefectDojo can send some payload.

kiblik commented 1 month ago

Hi @atharva1051, There are webhooks https://documentation.defectdojo.com/integrations/notification_webhooks/ (if Transition graph is broken, please check dev version - it will be fixed in master next week). It is a bit new functionality (still in the experimental phase) and there is limited list of supported events right now. But feedback is more than welcome - to be able to mark it as stable functionality.

atharva1051 commented 3 weeks ago

Understood, I was suggesting maybe a sub menu in the product page something like "Actions" in that for eg an option to kickoff some automatons. TLDR: make a POST REST API call. That would be really cool. But I'd understand if that is a really niche use-case.

I did find a way to do this using HTML CSS and JS Scripting [POC working], I will share my code snippet soon so that someone can help me send some product info with that API call. As I'm quite a beginner in django.

atharva1051 commented 5 days ago

Hello, Sorry for the extremely late response. This is something I was trying to implement, the code is very bad, since I am not really a UI/ django developer, if someone can help me improve this, I am able to recieve a request at my endpoint. I also want to attach the browser sessions cookie in the payload while sending the request.

Thanks and Regards, Appriciate the help.

<div class="row">
  <div class="col-md-12">
    <div class="panel panel-default">
      <div class="panel-heading">
        <h3 class="panel-title">{% trans "Send API Trigger!" %}</h3>
      </div>
      <button id="api-trigger-btn" class="btn btn-primary">Trigger API</button>
    </div>
  </div>
</div>

<script>
  document.getElementById("api-trigger-btn").addEventListener("click", function () {
    // Define the API endpoint
    const apiUrl = "http://localhost:3000/log_request"; // replace with your actual API endpoint

    // Define the payload to send with the request
    const data = {
      action: "scan_triggered",
      timestamp: new Date().toISOString(),
      page_url: window.location.href // URL of the current page
    };

    // Send a POST request
    fetch(apiUrl, {
      method: "POST",
      headers: {
        "Content-Type": "application/json"
      },
      body: JSON.stringify(data)
    })
    .then(response => response.json())
    .then(data => {
      console.log("API call successful:", data);
      alert("API triggered successfully!");
    })
    .catch(error => {
      console.error("Error triggering API:", error);
      alert("Failed to trigger API.");
    });
  });
</script>

image