Skip to content

/AWS1/IF_SAG=>CREATEPENTEST()

About CreatePentest

Creates a new pentest configuration in an agent space. A pentest defines the security test parameters, including target assets, risk type exclusions, and logging configuration.

Method Signature

METHODS /AWS1/IF_SAG~CREATEPENTEST
  IMPORTING
    !IV_TITLE TYPE /AWS1/SAGSTRING OPTIONAL
    !IV_AGENTSPACEID TYPE /AWS1/SAGSTRING OPTIONAL
    !IO_ASSETS TYPE REF TO /AWS1/CL_SAGASSETS OPTIONAL
    !IT_EXCLUDERISKTYPES TYPE /AWS1/CL_SAGRISKTYPELIST_W=>TT_RISKTYPELIST OPTIONAL
    !IV_SERVICEROLE TYPE /AWS1/SAGSERVICEROLE OPTIONAL
    !IO_LOGCONFIG TYPE REF TO /AWS1/CL_SAGCLOUDWATCHLOG OPTIONAL
    !IO_VPCCONFIG TYPE REF TO /AWS1/CL_SAGVPCCONFIG OPTIONAL
    !IO_NETWORKTRAFFICCONFIG TYPE REF TO /AWS1/CL_SAGNETWORKTRAFCONFIG OPTIONAL
    !IV_CODEREMEDIATIONSTRATEGY TYPE /AWS1/SAGCODEREMEDSTRATEGY OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_sagcreatepntstoutput
  RAISING
    /AWS1/CX_SAGCLIENTEXC
    /AWS1/CX_SAGSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING

Required arguments:

iv_title TYPE /AWS1/SAGSTRING /AWS1/SAGSTRING

The title of the pentest.

iv_agentspaceid TYPE /AWS1/SAGSTRING /AWS1/SAGSTRING

The unique identifier of the agent space to create the pentest in.

Optional arguments:

io_assets TYPE REF TO /AWS1/CL_SAGASSETS /AWS1/CL_SAGASSETS

The assets to include in the pentest, such as endpoints, actors, documents, and source code.

it_excluderisktypes TYPE /AWS1/CL_SAGRISKTYPELIST_W=>TT_RISKTYPELIST TT_RISKTYPELIST

The list of risk types to exclude from the pentest.

iv_servicerole TYPE /AWS1/SAGSERVICEROLE /AWS1/SAGSERVICEROLE

The IAM service role to use for the pentest.

io_logconfig TYPE REF TO /AWS1/CL_SAGCLOUDWATCHLOG /AWS1/CL_SAGCLOUDWATCHLOG

The CloudWatch Logs configuration for the pentest.

io_vpcconfig TYPE REF TO /AWS1/CL_SAGVPCCONFIG /AWS1/CL_SAGVPCCONFIG

The VPC configuration for the pentest.

io_networktrafficconfig TYPE REF TO /AWS1/CL_SAGNETWORKTRAFCONFIG /AWS1/CL_SAGNETWORKTRAFCONFIG

The network traffic configuration for the pentest, including custom headers and traffic rules.

iv_coderemediationstrategy TYPE /AWS1/SAGCODEREMEDSTRATEGY /AWS1/SAGCODEREMEDSTRATEGY

The code remediation strategy for the pentest. Valid values are AUTOMATIC and DISABLED.

RETURNING

oo_output TYPE REF TO /aws1/cl_sagcreatepntstoutput /AWS1/CL_SAGCREATEPNTSTOUTPUT

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->createpentest(
  io_assets = new /aws1/cl_sagassets(
    it_actors = VALUE /aws1/cl_sagactor=>tt_actorlist(
      (
        new /aws1/cl_sagactor(
          io_authentication = new /aws1/cl_sagauthentication(
            iv_providertype = |string|
            iv_value = |string|
          )
          it_uris = VALUE /aws1/cl_sagurilist_w=>tt_urilist(
            ( new /aws1/cl_sagurilist_w( |string| ) )
          )
          iv_description = |string|
          iv_identifier = |string|
        )
      )
    )
    it_documents = VALUE /aws1/cl_sagdocumentinfo=>tt_documentlist(
      (
        new /aws1/cl_sagdocumentinfo(
          iv_artifactid = |string|
          iv_s3location = |string|
        )
      )
    )
    it_endpoints = VALUE /aws1/cl_sagendpoint=>tt_endpointlist(
      ( new /aws1/cl_sagendpoint( |string| ) )
    )
    it_integratedrepositories = VALUE /aws1/cl_sagintgrtdrepository=>tt_integratedrepositorylist(
      (
        new /aws1/cl_sagintgrtdrepository(
          iv_integrationid = |string|
          iv_providerresourceid = |string|
        )
      )
    )
    it_sourcecode = VALUE /aws1/cl_sagsourcecoderepo=>tt_sourcecoderepositorylist(
      ( new /aws1/cl_sagsourcecoderepo( |string| ) )
    )
  )
  io_logconfig = new /aws1/cl_sagcloudwatchlog(
    iv_loggroup = |string|
    iv_logstream = |string|
  )
  io_networktrafficconfig = new /aws1/cl_sagnetworktrafconfig(
    it_customheaders = VALUE /aws1/cl_sagcustomheader=>tt_customheaderlist(
      (
        new /aws1/cl_sagcustomheader(
          iv_name = |string|
          iv_value = |string|
        )
      )
    )
    it_rules = VALUE /aws1/cl_sagnetworktrafficrule=>tt_networktrafficrulelist(
      (
        new /aws1/cl_sagnetworktrafficrule(
          iv_effect = |string|
          iv_networktrafficruletype = |string|
          iv_pattern = |string|
        )
      )
    )
  )
  io_vpcconfig = new /aws1/cl_sagvpcconfig(
    it_securitygrouparns = VALUE /aws1/cl_sagsecgrouparns_w=>tt_securitygrouparns(
      ( new /aws1/cl_sagsecgrouparns_w( |string| ) )
    )
    it_subnetarns = VALUE /aws1/cl_sagsubnetarns_w=>tt_subnetarns(
      ( new /aws1/cl_sagsubnetarns_w( |string| ) )
    )
    iv_vpcarn = |string|
  )
  it_excluderisktypes = VALUE /aws1/cl_sagrisktypelist_w=>tt_risktypelist(
    ( new /aws1/cl_sagrisktypelist_w( |string| ) )
  )
  iv_agentspaceid = |string|
  iv_coderemediationstrategy = |string|
  iv_servicerole = |string|
  iv_title = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_string = lo_result->get_pentestid( ).
  lv_string = lo_result->get_title( ).
  lv_timestamp = lo_result->get_createdat( ).
  lv_timestamp = lo_result->get_updatedat( ).
  lo_assets = lo_result->get_assets( ).
  IF lo_assets IS NOT INITIAL.
    LOOP AT lo_assets->get_endpoints( ) into lo_row.
      lo_row_1 = lo_row.
      IF lo_row_1 IS NOT INITIAL.
        lv_string = lo_row_1->get_uri( ).
      ENDIF.
    ENDLOOP.
    LOOP AT lo_assets->get_actors( ) into lo_row_2.
      lo_row_3 = lo_row_2.
      IF lo_row_3 IS NOT INITIAL.
        lv_string = lo_row_3->get_identifier( ).
        LOOP AT lo_row_3->get_uris( ) into lo_row_4.
          lo_row_5 = lo_row_4.
          IF lo_row_5 IS NOT INITIAL.
            lv_string = lo_row_5->get_value( ).
          ENDIF.
        ENDLOOP.
        lo_authentication = lo_row_3->get_authentication( ).
        IF lo_authentication IS NOT INITIAL.
          lv_authenticationprovidert = lo_authentication->get_providertype( ).
          lv_string = lo_authentication->get_value( ).
        ENDIF.
        lv_string = lo_row_3->get_description( ).
      ENDIF.
    ENDLOOP.
    LOOP AT lo_assets->get_documents( ) into lo_row_6.
      lo_row_7 = lo_row_6.
      IF lo_row_7 IS NOT INITIAL.
        lv_string = lo_row_7->get_s3location( ).
        lv_string = lo_row_7->get_artifactid( ).
      ENDIF.
    ENDLOOP.
    LOOP AT lo_assets->get_sourcecode( ) into lo_row_8.
      lo_row_9 = lo_row_8.
      IF lo_row_9 IS NOT INITIAL.
        lv_string = lo_row_9->get_s3location( ).
      ENDIF.
    ENDLOOP.
    LOOP AT lo_assets->get_integratedrepositories( ) into lo_row_10.
      lo_row_11 = lo_row_10.
      IF lo_row_11 IS NOT INITIAL.
        lv_string = lo_row_11->get_integrationid( ).
        lv_string = lo_row_11->get_providerresourceid( ).
      ENDIF.
    ENDLOOP.
  ENDIF.
  LOOP AT lo_result->get_excluderisktypes( ) into lo_row_12.
    lo_row_13 = lo_row_12.
    IF lo_row_13 IS NOT INITIAL.
      lv_risktype = lo_row_13->get_value( ).
    ENDIF.
  ENDLOOP.
  lv_servicerole = lo_result->get_servicerole( ).
  lo_cloudwatchlog = lo_result->get_logconfig( ).
  IF lo_cloudwatchlog IS NOT INITIAL.
    lv_string = lo_cloudwatchlog->get_loggroup( ).
    lv_string = lo_cloudwatchlog->get_logstream( ).
  ENDIF.
  lv_string = lo_result->get_agentspaceid( ).
ENDIF.