docker run --rm \
-v /private/var/services/prism:/root/apis \
-p 4010:4010 \
-t stoplight/prism \
mock -h 0.0.0.0 /root/apis/emass.yaml
the api expects an api-key and user-uid in the request headers for all endpoint calls. for interacting with the mock server, simply use any arbitrary value for these keys as below
"api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce"
"user-uid: 1647389405"
# request
curl -X GET \
-H "accept: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
http://dev.localhost:4010/api/systems?policy=rmf
# response
{"meta":{"code":200},"data":[{"systemId":33,"policy":"RMF","registrationType":"Assess and Authorize","name":"System XYZ","acronym":"PM-6","description":"This is a test system for the eMASS API documentation","systemOwner":"DISA","organizationName":"Defense Information Systems Agency","secondaryOrganization":"ID31","versionReleaseNo":"V1","systemType":"IS Major Application","isNSS":true,"isPublicFacing":true,"coamsId":93054,"isTypeAuthorization":true,"ditprId":"30498","authorizationStatus":"Authority to Operate (ATO)","authorizationDate":1638741660,"authorizationTerminationDate":1638741660,"authorizationLength":365,"termsForAuth":"Terms/Conditions to maintain a valid ATO","securityPlanApprovalStatus":"Approved","securityPlanApprovalDate":1638741660,"missionCriticality":"Mission Critical (MC)","geographicalAssociation":"VA Operated IS","systemOwnership":"Region 1","governingMissionArea":"Business MA (BMA)","primaryFunctionalArea":"Health/Medical","secondaryFunctionalArea":"Logistics","primaryControlSet":"NIST SP 800-53 Revision 4","confidentiality":"High","integrity":"High","availability":"High","appliedOverlays":"Classified Information","rmfActivity":"Maintain ATO and conduct reviews","crossDomainTicket":"Cross Domain Ticket test","ditprDonId":"5910, 1234, 8765","mac":"I","dodConfidentiality":"Public","contingencyPlanTested":true,"contingencyPlanTestDate":1426957321,"securityReviewDate":1531958400,"hasOpenPoamItem":true,"hasOpenPoamItem90to120PastScheduledCompletionDate":false,"hasOpenPoamItem120PlusPastScheudledCompletionDate":false,"impact":"Low","hasCUI":false,"hasPII":false,"hasPHI":false,"ppsmRegistryNumber":"Test PPSM Registry Number","interconnectedInformationSystemAndIdentifiers":"Test","isPiaRequired":true,"piaStatus":"Not Started","piaDate":1622048629,"userDefinedField1":"Test User-defined Field 1","userDefinedField2":"Test User-defined Field 2","userDefinedField3":"Test User-defined Field 3","userDefinedField4":"Test User-defined Field 4","userDefinedField5":"Test User-defined Field 5","currentRmfLifecycleStep":"1 - Categorize","otherInformation":"Additional Comments","reportsForScorecard":true,"package":[{"systemId":35,"workflow":"Assess and Authorize","name":"Package name text","currentStageName":"SCA-R","currentStage":4,"totalStages":6,"daysAtCurrentStage":2,"comments":"Comments text."}],"connectivityCcsd":[{"ccsdNumber":"CCSD Number","connectivity":"Test Connectivity"}]}]}
# request
curl -X POST \
-H "Content-Type: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-d '
{
"user-uid": "1647389405"
}
' \
http://dev.localhost:4010/api/api-key
# response the api-key - this api key must be provided in the request header for all endpoint calls
{"meta":{"code":200},"data":[{"cci":"000001,000002","success":true,"systemId":35,"errors":["key:value"]}]}
# request
curl -X GET \
-H "accept: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
http://dev.localhost:4010/api/system-roles
# response
{"meta":{"code":200},"data":[{"roleCategory":"PAC","role":"PM/IAM"}]}
# request
curl -X GET \
-H "accept: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
http://dev.localhost:4010/api/system-roles/PAC?role=IAO
# response
{"meta":{"code":200},"data":[{"systemId":35,"systemName":"eMASS API Example System","systemAcronym":"S-XYZ","roles":[{"roleCategory":"PAC","role":"AO","users":[{"firstName":"John","lastName":"Smith","email":"[email protected]"}]}]}]}
# request
# 33 is the system id here
curl -X GET \
-H "accept: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
http://dev.localhost:4010/api/systems/33/controls
# response
{"meta":{"code":200},"data":[{"systemId":35,"name":"System XYZ","acronym":"AC-3","ccis":"000001,000002","isInherited":true,"modifiedByOverlays":"Privacy","includedStatus":"Manually","complianceStatus":"Status","responsibleEntities":"Unknown","implementationStatus":"Planned","commonControlProvider":"DoD","naJustification":"System EOL within 120 days","controlDesignation":"Common","estimatedCompletionDate":1638741660,"implementationNarrative":"Test Imp. Narrative","slcmCriticality":"Test Criticality","slcmFrequency":"Constantly","slcmMethod":"Automated","slcmReporting":"Test Reporting","slcmTracking":"Test Tracking","slcmComments":"Test SLCM Comments","severity":"Very Low","vulnerabiltySummary":"Test Vulnerability Summary","recommendations":"Test Recommendations","relevanceOfThreat":"Very Low","likelihood":"Very Low","impact":"Very Low","impactDescription":"Impact text","residualRiskLevel":"Very Low","testMethod":"Test"}]}
# request
curl -X POST \
-H "Content-Type: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
-d '
[
{
"cci": "002108",
"testedBy": "Smith, Joe",
"testDate": 1638741660,
"description": "Test result description",
"complianceStatus": "Compliant"
}
]
' \
http://dev.localhost:4010/api/systems/34/test-results
# response
{"meta":{"code":200},"data":[{"cci":"000001,000002","success":true,"systemId":35,"errors":["key:value"]}]}
# request
curl -X POST \
-H "Content-Type: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
-d '
[
{
"status": "Ongoing",
"vulnerabilityDescription": "Description text",
"sourceIdentVuln": "Source Indentifying Vulnerability text",
"pocOrganization": "Army",
"resources": "Resource text.",
"pocFirstName": "John",
"pocLastName": "Smith",
"pocEmail": "[email protected]",
"pocPhoneNumber": "555-555-5555",
"externalUid": "d6d98b88-c866-4496-9bd4-de7ba48d0f52",
"controlAcronym": "AC-23",
"cci": "000132",
"securityChecks": "SV-25123r1_rule,2016-A-0279",
"rawSeverity": "I",
"relevanceOfThreat": "Very Low",
"likelihood": "Very Low",
"impact": "Very Low",
"impactDescription": "Impact text",
"residualRiskLevel": "Very Low",
"recommendations": "Recommendations text",
"mitigation": "Mitigation text",
"severity": "Very Low",
"scheduledCompletionDate": 1599644800,
"comments": "Comments text.",
"completionDate": 1505916276,
"milestones": [
{
"description": "Description text",
"scheduledCompletionDate": 1599644800
}
]
}
]
' \
http://dev.localhost:4010/api/systems/34/poams
# response
{"meta":{"code":200},"data":[{"systemId":33,"poamId":45,"externalUid":"d6d98b88-c866-4496-9bd4-de7ba48d0f52","success":true,"errors":["key:value"]}]}
# request
curl -X POST \
-H "Content-Type: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
-d '
[
{
"description": "Description text",
"scheduledCompletionDate": 1599644800,
"poamId": 44
}
]
' \
http://dev.localhost:4010/api/systems/34/poams/45/milestones
# response
{"meta":{"code":200},"data":[{"systemId":35,"poamId":45,"milestoneId":77,"externalUid":"d6d98b88-c866-4496-9bd4-de7ba48d0f52","success":true,"errors":["key:value"]}]}
# upload artifact as .zip file
http://localhost:4010/api/systems/34/artifacts
http://localhost:4010/api/systems/34/approval/cac
http://localhost:4010/api/systems/34/approval/pac
# request
curl -X POST \
-H "Content-Type: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
-d '
{
"application": {
"applicationName": "Artemis",
"version": "Version 5.0"
},
"applicationFindings": [
{
"rawSeverity": "Moderate",
"codeCheckName": "Hidden Field",
"count": 14,
"scanDate": 1625070000,
"cweId": "155",
"clearFindings": false
}
]
}
' \
http://dev.localhost:4010/api/systems/34/static-code-scans
# response
{"meta":{"code":200},"data":[{"applicationName":"Artemis","version":"Version 5.0","success":true,"systemId":35,"errors":["key:value"]}]}
# request
curl -X POST \
-H "Content-Type: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
-d '
[
{
"provider": "azure",
"resourceId": "/subscriptions/123456789/sample/resource/namespace/default",
"resourceName": "Storage Resource",
"resourceType": "Microsoft.storage.table",
"initiatedBy": "[email protected]",
"cspAccountId": "123456789",
"cspRegion": "useast2",
"isBaseline": true,
"tags": {
"test": "testtag"
},
"complianceResults": [
{
"cspPolicyDefinitionId": "/providers/sample/policy/namespace/au11_policy",
"policyDefinitionTitle": "AU-11 - Audit Record Retention",
"complianceCheckTimestamp": 1644003780,
"isCompliant": false,
"control": "AU-11",
"assessmentProcedure": "000167,000168",
"complianceReason": "retention period not configured",
"policyDeploymentName": "testDeployment",
"policyDeploymentVersion": "1.0.0",
"severity": "Low"
}
]
}
]
' \
http://dev.localhost:4010/api/systems/34/cloud-resource-results
# response
{"meta":{"code":200},"data":[{"resourceId":"/subscriptions/123456789/sample/resource/namespace/default","success":true,"systemId":35,"errors":["key:value"]}]}
# request
curl -X POST \
-H "Content-Type: application/json" \
-H "api-key: f32516cc-57d3-43f5-9e16-8f86780a4cce" \
-H "user-uid: 1647389405" \
-d '
[
{
"containerId": "command-control",
"containerName": "command-control",
"podName": "command-control-955596ffc",
"podIp": "1.1.1.101",
"namespace": "command-control",
"time": 1648217219,
"tags": {
"test": "testtag"
},
"benchmarks": [
{
"benchmark": "RHEL_8_STIG",
"isBaseline": false,
"results": [
{
"ruleId": "SV-230221r743913_rule",
"status": "Pass",
"lastSeen": 1648217219,
"message": "test message"
}
]
}
]
}
]
' \
http://dev.localhost:4010/api/systems/34/container-scan-results
# response
{"meta":{"code":200},"data":[{"containerId":"command-control","success":true,"systemId":35,"errors":["key:value"]}]}