My goal for this package is to provide a simple Go client for the Veracode Security Labs API.
import "github.com/wizardsoftheweb/go-securitylabs/vsl"Check out the examples for usage. Start with authentication.
I wanted to include a Mermaid diagram just because.
classDiagram
class Client {
+*url.URL BaseUrl
+*http.Client Client
+string AuthKey
+string AuthSecret
+SetAuthFromEnvironment() error
+SetAuth(key string, secret string)
-newRequest(method string, path string, options interface, body interface) (*http.Request, error)
-do(ctx context.Context, request *http.Request, v interface) (*http.Response, error)
-attachQueryParams(path string, options interface) string
}
- Veracode Security Labs API Docs
- Writing a Go client for your RESTful API
- Adding context and options to your Go client package
I don't have access to a Veracode Security Labs account for testing. My current employer wanted me to write a proposal to be able to develop against our account off-hours. That's work and I don't like doing work for hobby code. If you're interested in sponsoring me or providing access to an account I can run tests against, feel free to reach out!
Sometime soon I'll have all the GitHub niceties like a Contributing.md and issues templates.
I have several open questions.
None of these are in any particular order.
- Get something simple pulled out of the wrapper article
- Learn how to use
httptest.Server - Build request and response structs for each of the available URLs (where applicable)
- Users
- GET /api/users?page=0
- GET /api/users/details?page=0
- GET /api/users/:id/progress
- PUT /api/users/:id
- Summaries
- GET /api/onboarding?page=0
- GET /api/progress?page=0
- GET /api/campaigns/progress?page=0
- GET /api/engagement/time
- Lessons
- GET /api/lessons?page=0
- GET /api/lessons/:id/progress?page=0
- GET /api/lessons/search
- Roles
- GET /api/roles
- GET /api/roles/:id/progress?page=0
- Invites
- POST /api/invites
- Users
- Collect all (as many as possible) of the responses from input permutations on the available URLs (needs a real account)
- Authentication
- Users
- GET /api/users?page=0
- GET /api/users/details?page=0
- GET /api/users/:id/progress
- PUT /api/users/:id
- DELETE /api/users/:id
- Summaries
- GET /api/onboarding?page=0
- GET /api/progress?page=0
- GET /api/campaigns/progress?page=0
- GET /api/engagement/time
- Lessons
- GET /api/lessons?page=0
- GET /api/lessons/:id/progress?page=0
- GET /api/lessons/search
- Roles
- GET /api/roles
- GET /api/roles/:id/progress?page=0
- Invites
- POST /api/invites
- Mock all the available URLs (these still need to be tested against a real account to verify branches; anything marked off has only been mocked against the docs)
- Authentication
- Users
- GET /api/users?page=0
- GET /api/users/details?page=0
- GET /api/users/:id/progress
- PUT /api/users/:id
- DELETE /api/users/:id
- Summaries
- GET /api/onboarding?page=0
- GET /api/progress?page=0
- GET /api/campaigns/progress?page=0
- GET /api/engagement/time
- Lessons
- GET /api/lessons?page=0
- GET /api/lessons/:id/progress?page=0
- GET /api/lessons/search
- Roles
- GET /api/roles
- GET /api/roles/:id/progress?page=0
- Invites
- POST /api/invites
- Develop wrappers for each endpoint (including bubbling up errors)
- Authentication
- Users
- GET /api/users?page=0
- GET /api/users/details?page=0
- GET /api/users/:id/progress
- PUT /api/users/:id
- DELETE /api/users/:id
- Summaries
- GET /api/onboarding?page=0
- GET /api/progress?page=0
- GET /api/campaigns/progress?page=0
- GET /api/engagement/time
- Lessons
- GET /api/lessons?page=0
- GET /api/lessons/:id/progress?page=0
- GET /api/lessons/search
- Roles
- GET /api/roles
- GET /api/roles/:id/progress?page=0
- Invites
- POST /api/invites
- Develop convenience methods for the API calls (eg
GetAllUsersDetails)
- Set up CI pipelines (GHA? CircleCI?)
- Define nice status checks like code coverage
- Figure out godoc
- Reenable
-
unused -
deadcode
-
- Follow
structcheckissue fix for Go 1.18