uploadlargefile.do

Veracode APIs

The uploadlargefile.do call uploads a single file as a set of parts to an existing build or creates a build. Uploading the file in parts avoids timeout errors, which can occur when uploading a large file using the uploadfile.do call.

Veracode recommends using this call as an alternative to the uploadfile.do call. Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.
Before uploading additional files, ensure that:
  • An upload or prescan is not in progress.
  • The beginscan.do call is not in progress.
  • If you recently ran the beginscan.do call, you did not set auto_scan to true.

Since the uploadlargefile.do call creates a build, if one does not already exist or if the most recent build has a published static scan, you do not need to call createbuild.do. If the call creates a build, the build name is the date of the build with the scan type. For example, 03 Mar 2019 Static.

If you want to upload a file that does not have the same name as a previous file, you can use the filename parameter to change the name, enabling flaw-matching with previously scanned files.

Resource URL

https://analysiscenter.veracode.com/api/5.0/uploadlargefile.do

Header Requirements

  • Set Content-Length: <number of bytes in the file>
  • Set Content-Type: binary/octet-stream

Parameters

Name Type Description
app_id

Required

Integer Application ID.
file

Required

String

File to upload. The maximum file size is 2GB.

Note: You must enter the @ symbol before the entire path, including the specific filename.
filename String Enter a new, unique filename for the uploaded file. The filename cannot begin or end with slashes or periods.
sandbox_id Integer Enter the ID of the target sandbox for the upload file.

Java Example

This call supports the HTTP POST method. Because HTTPie does not support streaming uploads, you can use this Java example as an alternative to HTTPie.

java -jar vosp-api-wrappers-java-<version>.jar -vid <Veracode API ID> -vkey <Veracode API key> -action uploadfile -app_id <Veracode application ID> -filepath c:\Users\<username>\<filename>

Java Results

The uploadlargefile.do call returns the filelist XML document, which references the filelist.xsd schema file. You can use the XSD schema file to validate the XML data. See the filelist.xsd schema documentation.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<filelist xmlns="https://analysiscenter.veracode.com/schema/2.0/filelist" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      account_id=<account ID> app_id=<application ID> build_id=<build ID> filelist_version="1.1" 
      xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/filelist 
      https://analysiscenter.veracode.com/resource/2.0/filelist.xsd">
   <file file_id=<file ID> file_name="<filename>" file_status="Uploaded"/>
</filelist>

Python Example

This call supports the HTTP POST method. Because HTTPie does not support streaming uploads, you can use this Python script example as an alternative to HTTPie.

import requests
import sys
from veracode_api_signing.plugin_requests import RequestsAuthPluginVeracodeHMAC

app_id = 123456 #insert <Veracode application id> here
filename = 'verademo.war' #insert <filename> here
vid = 123456 #insert veracode api key id here
vkey = 1234567890 #insert veracode api key secret here

try:
    with open(filename, 'rb') as file:
        resp = requests.post('https://analysiscenter.veracode.com/api/5.0/uploadlargefile.do',
                headers={'Content-Type': 'binary/octet-stream'},params={'app_id': app_id, 'filename': filename},
                data=file,auth=RequestsAuthPluginVeracodeHMAC(vid,vkey))
except Exception as err:
    print(f'Error occurred: {err}')
    sys.exit(1)
else:
    print(f'Req Headers: {resp.request.headers}')
    print(f'Resp Code: {resp.status_code}\nResp Text: {resp.text}')