From a9c1755651f9e21bc190efa664bb4d44519c5be4 Mon Sep 17 00:00:00 2001
From: Stephen Kapp <mort666@virus.org>
Date: Tue, 19 Aug 2014 11:19:01 -0400
Subject: [PATCH] Mitigation

---
 lib/veracode/api/mitigation.rb       |  9 +++++
 lib/veracode/base.rb                 |  8 ++++
 lib/veracode/mitigation.rb           | 58 ++++++++++++++++++++++++++++
 spec/lib/veracode/mitigation_spec.rb |  0
 4 files changed, 75 insertions(+)
 create mode 100644 lib/veracode/api/mitigation.rb
 create mode 100644 lib/veracode/mitigation.rb
 create mode 100644 spec/lib/veracode/mitigation_spec.rb

diff --git a/lib/veracode/api/mitigation.rb b/lib/veracode/api/mitigation.rb
new file mode 100644
index 0000000..6605245
--- /dev/null
+++ b/lib/veracode/api/mitigation.rb
@@ -0,0 +1,9 @@
+require 'veracode/api/types'
+
+module Veracode
+  module Result
+    class MitigiationInfo < Veracode::Common::Base
+      
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/veracode/base.rb b/lib/veracode/base.rb
index bec8412..5c13397 100644
--- a/lib/veracode/base.rb
+++ b/lib/veracode/base.rb
@@ -27,6 +27,14 @@ def account_id
         end
       end
     
+      def postAPI(path, query={}, debug=false)
+        auth = { :username => @username, :password => @password }
+        
+        options = { :query => query, :basic_auth => auth }
+        
+        self.class.post(path, options)
+      end
+      
       def getXML(path, debug=false)
         auth = { :username => @username, :password => @password }
 
diff --git a/lib/veracode/mitigation.rb b/lib/veracode/mitigation.rb
new file mode 100644
index 0000000..388b9b9
--- /dev/null
+++ b/lib/veracode/mitigation.rb
@@ -0,0 +1,58 @@
+require 'nokogiri'
+require 'veracode/parser/parser'
+require 'veracode/api/mitigation'
+
+module Veracode
+  module API
+    class Mitigiation < Veracode::API::Base
+      GET_MITIGATION_INFO_URI = "/api/getmitigationinfo.do"
+      UPDATE_MITIGATION_INFO_URI = "/api/updatemitigationinfo.do"
+      
+      ACTIONS = ["comment", "fp", "appdesign", "osenv", "netenv", "rejected", "accepted"]
+      
+      def update_mitigation(build_id, comment, action="comment", flaw_list=[]) 
+        if flaw_list.class? == Array
+           flaw_id_list = flaw_list.join(",")
+         else
+           flaw_id_list = flaw_list.to_s
+         end
+         
+         if ACTIONS.include?(action)        
+           query = { :build_id => build_id,  :flaw_id_list => flaw_id_list, :action => action, :comment => comment }
+          
+           xml = postAPI(UPDATE_MITIGATION_INFO_URI, query)
+           case xml.code
+      	   when 200
+      	      clean_xml = xml.body.strip
+      	      parsed = Veracode::Parser.parse(clean_xml) 
+      	      mitigationinfo = Veracode::Result::MitigationInfo.new(parsed)
+           else
+              xml.error!
+           end
+         else
+           ArgumentError.new("invalid value for action: \"#{self}\"")
+         end
+      end
+      
+      def get_mitigation(build_id, flaw_list=[])
+         if flaw_list.class? == Array
+           flaw_id_list = flaw_list.join(",")
+         else
+           flaw_id_list = flaw_list.to_s
+         end
+         
+         query = { :build_id => build_id,  :flaw_id_list => flaw_id_list }
+          
+         xml = postAPI(GET_MITIGATION_INFO_URI, query)
+         case xml.code
+    	   when 200
+    	      clean_xml = xml.body.strip
+    	      parsed = Veracode::Parser.parse(clean_xml) 
+    	      mitigationinfo = Veracode::Result::MitigationInfo.new(parsed)
+         else
+            xml.error!
+         end
+      end
+    end
+  end
+end
diff --git a/spec/lib/veracode/mitigation_spec.rb b/spec/lib/veracode/mitigation_spec.rb
new file mode 100644
index 0000000..e69de29