How to download the contrast_security.yaml file via CURL

  • Updated

Objective

How to download an agents contrast_security.yaml via CURL commands from the Contrast UI.

Process

  1. Create a new user that will have limited permissions (default permissions to start)
  2. Login as the new user --> click on profile --> "Your account" and gather the following:
    • Organization ID
    • API Key
    • Authorization Header
  3. Logout as the new user
  4. Login as admin and restrict the user to:
    • Organization Role: Edit (can do very little, like add notifications and view a few things but not much)
    • Application Access Group: <none> (can see no applications, servers or vuln)
    • API Only: <check> (can get into the website at all)
  5. Construct the CURL command using the information gathered:
curl '#{host}/Contrast/api/ng/#{org_id}/agents/external/default/#{language}'\
-HAuthorization:#{authorization} \
-HAPI-Key:#{api_key} \
-H 'content-type: application/json' \
-H 'accept: application/json' \
--data-binary '{"metadata":[]}' —compressed -o #{output_file}
 

Example for the Java agents YAML:

curl 'https://app.contrastsecurity.com/Contrast/api/ng/a08a6414-c084-421c-b4fb-9b71794c3d0f/agents/external/default/JAVA' \
-HAuthorization:Y29udHJhc3RAYWNtZS5jb206TktQRzU1WkhWODk3N0k5MA== \
-HAPI-Key:H6j5Z1vFjz58LLhUq3bg5UY91Md19E5I \
-H 'content-type: application/json' \
-H 'accept: application/json' \
--data-binary '{"metadata":[{"agentLabel":"user","value":"foo"}]}' --compressed -OJ

 

KEY:

host:  https://app.contrastsecurity.com
org_id: UUID of the organization
language: JAVA, DOTNET_CORE, NODE, RUBY, PYTHON, PROXY, GO, PHP
output_file: where to save, file ending with .yaml
 
 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request