Deze pagina is nog niet beschikbaar in uw eigen taal. We werken er hard aan om meer taalversies toe te voegen. Bedankt voor uw steun.

Querying the Vulnerability List

Updated on 2024-01-31 GMT+08:00

Function

This API is used to query the list of detected vulnerabilities.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/vulnerability/vulnerabilities

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

User project ID

Minimum: 1

Maximum: 256

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise user ID

Default: 0

Minimum: 0

Maximum: 256

type

No

String

Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability

Minimum: 0

Maximum: 32

vul_id

No

String

Vulnerability ID

Minimum: 0

Maximum: 256

vul_name

No

String

Vulnerability name

Minimum: 0

Maximum: 256

limit

No

Integer

Number of records displayed on each page

Minimum: 0

Maximum: 200

Default: 10

offset

No

Integer

Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.

Minimum: 0

Maximum: 2000000

Default: 0

repair_priority

No

String

Fix Priority Critical High Medium Low

Minimum: 1

Maximum: 10

handle_status

No

String

description: |- Handling status. The options are as follows: - unhandled - handled

Default: unhandled

Minimum: 1

Maximum: 32

cve_id

No

String

Vulnerability ID

Minimum: 0

Maximum: 32

label_list

No

String

Vulnerability tag

Minimum: 0

Maximum: 128

status

No

String

Vulnerability status

Minimum: 0

Maximum: 32

asset_value

No

String

Asset importance important common test

Minimum: 0

Maximum: 32

group_name

No

String

Server group name

Minimum: 0

Maximum: 256

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

x-auth-token

Yes

String

User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Minimum: 1

Maximum: 32768

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total_num

Long

Total number of software vulnerabilities

Minimum: 0

Maximum: 2147483647

data_list

Array of VulInfo objects

Software vulnerability list

Array Length: 0 - 2147483647

Table 5 VulInfo

Parameter

Type

Description

vul_name

String

Vulnerability name

Minimum: 0

Maximum: 256

vul_id

String

Vulnerability ID

Minimum: 0

Maximum: 64

label_list

Array of strings

Vulnerability tag

Minimum: 0

Maximum: 65534

Array Length: 0 - 2147483647

repair_necessity

String

Necessity to repair

Minimum: 0

Maximum: 64

severity_level

String

Vulnerability level

Minimum: 0

Maximum: 64

host_num

Integer

Number of affected servers

Minimum: 0

Maximum: 2147483647

unhandle_host_num

Integer

Number of unhandled servers

Minimum: 0

Maximum: 2147483647

scan_time

Long

Last scan time

Minimum: 0

Maximum: 9223372036854775807

solution_detail

String

Solution

Minimum: 0

Maximum: 65534

url

String

Vulnerability URL

Minimum: 0

Maximum: 2083

description

String

Vulnerability description

Minimum: 0

Maximum: 65534

type

String

Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability

Minimum: 0

Maximum: 128

host_id_list

Array of strings

Host list

Minimum: 0

Maximum: 128

Array Length: 0 - 2147483647

cve_list

Array of cve_list objects

CVE list

Array Length: 1 - 10000

patch_url

String

Patch address

Minimum: 0

Maximum: 512

repair_priority

String

Fix Priority Critical High Medium Low

Minimum: 1

Maximum: 32

hosts_num

VulnerabilityHostNumberInfo object

Affected server

repair_success_num

Integer

Number of successful repairs

Minimum: 0

Maximum: 1000000

fixed_num

Long

Number of repairs

Minimum: 0

Maximum: 1000000

ignored_num

Long

Number of ignored items

Minimum: 0

Maximum: 1000000

verify_num

Integer

Number of verifications

Minimum: 0

Maximum: 1000000

Table 6 cve_list

Parameter

Type

Description

cve_id

String

CVE ID

Minimum: 1

Maximum: 32

cvss

Float

CVSS score

Minimum: 0

Maximum: 10

Table 7 VulnerabilityHostNumberInfo

Parameter

Type

Description

important

Integer

Number of important servers

Minimum: 0

Maximum: 10000

common

Integer

Number of common servers

Minimum: 0

Maximum: 10000

test

Integer

Number of test servers

Minimum: 0

Maximum: 10000

Example Requests

Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10

Example Responses

Status code: 200

vulnerability list

{
  "total_num" : 1,
  "data_list" : [ {
    "description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
    "host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
    "host_num" : 1,
    "scan_time" : 1661752185836,
    "severity_level" : "Critical",
    "repair_necessity" : "Critical",
    "solution_detail" : "To upgrade the affected software",
    "type" : "linux_vul",
    "unhandle_host_num" : 0,
    "url" : "https://ubuntu.com/security/CVE-2022-27405",
    "vul_id" : "USN-5528-1",
    "vul_name" : "USN-5528-1: FreeType vulnerabilities"
  } ]
}

Status Codes

Status Code

Description

200

vulnerability list

Error Codes

See Error Codes.

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback