文档首页> 主机安全服务(新版)HSS> API参考> API说明> 漏洞管理> 查询漏洞列表
更新时间:2024-07-04 GMT+08:00
在线调试
CLI示例
查看PDF
分享

查询漏洞列表

功能介绍

查询漏洞列表

调用方法

请参见如何调用API

URI

GET /v5/{project_id}/vulnerability/vulnerabilities

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目ID

最小长度:1

最大长度:256
表2 Query参数

参数

是否必选

参数类型

描述

enterprise_project_id

String

企业项目ID,“0”表示默认企业项目,查询所有企业项目时填写:all_granted_eps

缺省值:0

最小长度:0

最大长度:256

type

String

漏洞类型,包含如下: -linux_vul : linux漏洞 -windows_vul : windows漏洞 -web_cms : Web-CMS漏洞 -app_vul : 应用漏洞

最小长度:0

最大长度:32

vul_id

String

漏洞ID

最小长度:0

最大长度:256

vul_name

String

漏洞名称

最小长度:0

最大长度:256

limit

Integer

每页显示个数

最小值:0

最大值:200

缺省值:10

offset

Integer

偏移量:指定返回记录的开始位置

最小值:0

最大值:2000000

缺省值:0

repair_priority

String

修复优先级 Critical 紧急 High 高 Medium 中 Low 低

最小长度:1

最大长度:10

handle_status

String

处置状态,包含如下:

  • unhandled :未处理

  • handled : 已处理

缺省值:unhandled

最小长度:1

最大长度:32

cve_id

String

漏洞编号

最小长度:0

最大长度:32

label_list

String

漏洞标签

最小长度:0

最大长度:128

status

String

漏洞状态

最小长度:0

最大长度:32

asset_value

String

资产重要性 important common test

最小长度:0

最大长度:32

group_name

String

服务器组名称

最小长度:0

最大长度:256

请求参数

表3 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

用户Token。 通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)

最小长度:1

最大长度:32768

响应参数

状态码: 200

表4 响应Body参数

参数

参数类型

描述

total_num

Long

漏洞总数

最小值:0

最大值:2147483647

data_list

Array of VulInfo objects

软件漏洞列表

数组长度:0 - 2147483647
表5 VulInfo

参数

参数类型

描述

vul_name

String

漏洞名称

最小长度:0

最大长度:256

vul_id

String

漏洞ID

最小长度:0

最大长度:64

label_list

Array of strings

漏洞标签

最小长度:0

最大长度:65534

数组长度:0 - 2147483647

repair_necessity

String

修复必要性

  • Critical : 漏洞cvss评分大于等于9;对应控制台页面的高危

  • High : 漏洞cvss评分大于等于7,小于9;对应控制台页面的中危

  • Medium : 漏洞cvss评分大于等于4,小于7;对应控制台页面的中危

  • Low : 漏洞cvss评分小于4;对应控制台页面的低危

最小长度:0

最大长度:64

severity_level

String

漏洞级别

  • Critical : 漏洞cvss评分大于等于9;对应控制台页面的高危

  • High : 漏洞cvss评分大于等于7,小于9;对应控制台页面的中危

  • Medium : 漏洞cvss评分大于等于4,小于7;对应控制台页面的中危

  • Low : 漏洞cvss评分小于4;对应控制台页面的低危

最小长度:0

最大长度:64

host_num

Integer

受影响服务器台数

最小值:0

最大值:2147483647

unhandle_host_num

Integer

未处理主机台数,除已忽略和已修复的主机数量

最小值:0

最大值:2147483647

scan_time

Long

最近扫描时间,时间戳单位:毫秒

最小值:0

最大值:9223372036854775807

solution_detail

String

修复漏洞的指导意见

最小长度:0

最大长度:65534

url

String

URL链接

最小长度:0

最大长度:2083

description

String

漏洞描述

最小长度:0

最大长度:65534

type

String

漏洞类型,包含如下: -linux_vul : linux漏洞 -windows_vul : windows漏洞 -web_cms : Web-CMS漏洞 -app_vul : 应用漏洞

最小长度:0

最大长度:128

host_id_list

Array of strings

可处置该漏洞的主机列表

最小长度:0

最大长度:128

数组长度:0 - 2147483647

cve_list

Array of cve_list objects

CVE列表

数组长度:1 - 10000

patch_url

String

补丁地址

最小长度:0

最大长度:512

repair_priority

String

修复优先级 Critical 紧急 High 高 Medium 中 Low 低

最小长度:1

最大长度:32

hosts_num

VulnerabilityHostNumberInfo object

影响主机

repair_success_num

Integer

修复成功次数

最小值:0

最大值:1000000

fixed_num

Long

修复数量

最小值:0

最大值:1000000

ignored_num

Long

忽略数量

最小值:0

最大值:1000000

verify_num

Integer

验证数量

最小值:0

最大值:1000000

repair_priority_list

Array of RepairPriorityListInfo objects

修复优先级,每个修复优先级对应的主机数量

数组长度:0 - 4
表6 cve_list

参数

参数类型

描述

cve_id

String

CVE ID

最小长度:1

最大长度:32

cvss

Float

CVSS分值

最小值:0

最大值:10
表7 VulnerabilityHostNumberInfo

参数

参数类型

描述

important

Integer

重要主机数量

最小值:0

最大值:10000

common

Integer

一般主机数量

最小值:0

最大值:10000

test

Integer

测试主机数量

最小值:0

最大值:10000
表8 RepairPriorityListInfo

参数

参数类型

描述

repair_priority

String

修复优先级 Critical 紧急 High 高 Medium 中 Low 低

最小长度:1

最大长度:10

host_num

Integer

当前修复优先级对应的主机数量

最小值:0

最大值:2147483647

请求示例

查询project_id为2b31ed520xxxxxxebedb6e57xxxxxxxx的漏洞列表前10条数据。

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10

响应示例

状态码: 200

漏洞列表

{
  "total_num" : 1,
  "data_list" : [ {
    "description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
    "host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
    "host_num" : 1,
    "scan_time" : 1661752185836,
    "severity_level" : "Critical",
    "repair_necessity" : "Critical",
    "solution_detail" : "To upgrade the affected software",
    "type" : "linux_vul",
    "unhandle_host_num" : 0,
    "url" : "https://ubuntu.com/security/CVE-2022-27405",
    "vul_id" : "USN-5528-1",
    "vul_name" : "USN-5528-1: FreeType vulnerabilities",
    "repair_priority_list" : [ {
      "repair_priority" : "Critical",
      "host_num" : 0
    }, {
      "repair_priority" : "High",
      "host_num" : 0
    }, {
      "repair_priority" : "Medium",
      "host_num" : 1
    }, {
      "repair_priority" : "Low",
      "host_num" : 0
    } ]
  } ]
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListVulnerabilitiesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListVulnerabilitiesRequest request = new ListVulnerabilitiesRequest();
        request.withEnterpriseProjectId("<enterprise_project_id>");
        request.withType("<type>");
        request.withVulId("<vul_id>");
        request.withVulName("<vul_name>");
        request.withLimit(<limit>);
        request.withOffset(<offset>);
        request.withRepairPriority("<repair_priority>");
        request.withHandleStatus("<handle_status>");
        request.withCveId("<cve_id>");
        request.withLabelList("<label_list>");
        request.withStatus("<status>");
        request.withAssetValue("<asset_value>");
        request.withGroupName("<group_name>");
        try {
            ListVulnerabilitiesResponse response = client.listVulnerabilities(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = BasicCredentials(ak, sk)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListVulnerabilitiesRequest()
        request.enterprise_project_id = "<enterprise_project_id>"
        request.type = "<type>"
        request.vul_id = "<vul_id>"
        request.vul_name = "<vul_name>"
        request.limit = <limit>
        request.offset = <offset>
        request.repair_priority = "<repair_priority>"
        request.handle_status = "<handle_status>"
        request.cve_id = "<cve_id>"
        request.label_list = "<label_list>"
        request.status = "<status>"
        request.asset_value = "<asset_value>"
        request.group_name = "<group_name>"
        response = client.list_vulnerabilities(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListVulnerabilitiesRequest{}
	enterpriseProjectIdRequest:= "<enterprise_project_id>"
	request.EnterpriseProjectId = &enterpriseProjectIdRequest
	typeRequest:= "<type>"
	request.Type = &typeRequest
	vulIdRequest:= "<vul_id>"
	request.VulId = &vulIdRequest
	vulNameRequest:= "<vul_name>"
	request.VulName = &vulNameRequest
	limitRequest:= int32(<limit>)
	request.Limit = &limitRequest
	offsetRequest:= int32(<offset>)
	request.Offset = &offsetRequest
	repairPriorityRequest:= "<repair_priority>"
	request.RepairPriority = &repairPriorityRequest
	handleStatusRequest:= "<handle_status>"
	request.HandleStatus = &handleStatusRequest
	cveIdRequest:= "<cve_id>"
	request.CveId = &cveIdRequest
	labelListRequest:= "<label_list>"
	request.LabelList = &labelListRequest
	statusRequest:= "<status>"
	request.Status = &statusRequest
	assetValueRequest:= "<asset_value>"
	request.AssetValue = &assetValueRequest
	groupNameRequest:= "<group_name>"
	request.GroupName = &groupNameRequest
	response, err := client.ListVulnerabilities(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

漏洞列表

错误码

请参见错误码

父主题: 漏洞管理
分享:

    相关文档

    相关产品