Updated on 2024-11-19 GMT+08:00

Creating a Vulnerability Scan Task

Function

This API is used to create a vulnerability scan task.

Calling Method

For details, see Calling APIs.

URI

POST /v5/{project_id}/vulnerability/scan-task

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise project ID of the tenant

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token.

It can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token.

Table 4 Request body parameters

Parameter

Mandatory

Type

Description

manual_scan_type

No

Array of strings

Operation type. The options are as follows:

-linux_vul: Linux vulnerability

-windows_vul: Windows vulnerability

-web_cms: Web-CMS vulnerability

-app_vul: application vulnerability

-urgent_vul: emergency vulnerability

batch_flag

No

Boolean

Specifies whether the operation is performed in batches. If the value is true, all supported servers are scanned.

range_type

No

String

Range of servers to be scanned. The options are as follows:

-all_host: Scan all servers. You do not need to set agent_id_list for this type.

-specific_host:

agent_id_list

No

Array of strings

Server list

urgent_vul_id_list

No

Array of strings

Scan all ID list of emergency vulnerabilities. If this parameter is left blank, all emergency vulnerabilities are scanned.

Its value can be:

URGENT-CVE-2023-46604 Apache ActiveMQ Remote Code Execution Vulnerability

URGENT-HSSVD-2020-1109 Elasticsearch Unauthorized Access Vulnerability

URGENT-CVE-2022-26134 Atlassian Confluence OGNL Remote Code Execution Vulnerability (Cve-2022-26134)

URGENT-CVE-2023-22515 Atlassian Confluence Data Center and Server Privilege Escalation Vulnerability (CVE-2023-22515)

URGENT-CVE-2023-22518 Atlassian Confluence Data Center & Server Inappropriate Authorization Mechanism Vulnerability (CVE-2023-22518)

URGENT-CVE-2023-28432 MinIO Information Disclosure Vulnerability (CVE-2023-28432)

URGENT-CVE-2023-37582 Apache RocketMQ Remote Code Execution Vulnerability (CVE-2023-37582)

URGENT-CVE-2023-33246 Apache RocketMQ Remote Code Execution Vulnerability (CVE-2023-33246)

URGENT-CNVD-2023-02709 ZENTAO Project Management System Remote Command Execution Vulnerability (CNVD-2023-02709)

URGENT-CVE-2022-36804 Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804)

URGENT-CVE-2022-22965 Spring Framework JDK >= 9 Remote Code Execution Vulnerability

URGENT-CVE-2022-25845 fastjson <1.2.83 Remote Code Execution Vulnerability

URGENT-CVE-2019-14439 Jackson-databind Remote Command Execution Vulnerability (CVE-2019-14439)

URGENT-CVE-2020-13933 Apache Shiro Authentication Bypass Vulnerability (CVE-2020-13933)

URGENT-CVE-2020-26217 XStream < 1.4.14 Remote Code Execution Vulnerability (CVE-2020-26217)

URGENT-CVE-2021-4034 Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)

URGENT-CVE-2021-44228 Apache Log4j2 Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)

URGENT-CVE-2022-0847 Dirty Pipe - Linux Kernel Local Privilege Escalation Vulnerability (CVE-2022-0847)

Response Parameters

Status code: 200

Table 5 Response body parameters

Parameter

Type

Description

task_id

String

Detection task ID

Example Requests

Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.

POST https://{endpoint}/v5/{project_id}/vulnerability/scan-task?enterprise_project_id=XXX

{
  "manual_scan_type" : "urgent_vul",
  "batch_flag" : false,
  "range_type" : "specific_host",
  "agent_id_list" : [ "0253edfd-30e7-439d-8f3f-17c54c997064" ],
  "urgent_vul_id_list" : [ "URGENT-CVE-2023-46604", "URGENT-HSSVD-2020-1109", "URGENT-CVE-2022-26134", "URGENT-CVE-2023-22515", "URGENT-CVE-2023-22518", "URGENT-CVE-2023-28432", "URGENT-CVE-2023-37582", "URGENT-CVE-2023-33246", "URGENT-CNVD-2023-02709", "URGENT-CVE-2022-36804", "URGENT-CVE-2022-22965", "URGENT-CVE-2022-25845", "URGENT-CVE-2019-14439", "URGENT-CVE-2020-13933", "URGENT-CVE-2020-26217", "URGENT-CVE-2021-4034", "URGENT-CVE-2021-44228", "URGENT-CVE-2022-0847" ]
}

Example Responses

Status code: 200

Succeeded in manually detecting vulnerabilities

{
  "task_id" : "d8a12cf7-6a43-4cd6-92b4-aabf1e917"
}

SDK Sample Code

The SDK sample code is as follows.

Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;

import java.util.List;
import java.util.ArrayList;

public class CreateVulnerabilityScanTaskSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateVulnerabilityScanTaskRequest request = new CreateVulnerabilityScanTaskRequest();
        ManualVulScanRequestInfo body = new ManualVulScanRequestInfo();
        List<String> listbodyUrgentVulIdList = new ArrayList<>();
        listbodyUrgentVulIdList.add("URGENT-CVE-2023-46604");
        listbodyUrgentVulIdList.add("URGENT-HSSVD-2020-1109");
        listbodyUrgentVulIdList.add("URGENT-CVE-2022-26134");
        listbodyUrgentVulIdList.add("URGENT-CVE-2023-22515");
        listbodyUrgentVulIdList.add("URGENT-CVE-2023-22518");
        listbodyUrgentVulIdList.add("URGENT-CVE-2023-28432");
        listbodyUrgentVulIdList.add("URGENT-CVE-2023-37582");
        listbodyUrgentVulIdList.add("URGENT-CVE-2023-33246");
        listbodyUrgentVulIdList.add("URGENT-CNVD-2023-02709");
        listbodyUrgentVulIdList.add("URGENT-CVE-2022-36804");
        listbodyUrgentVulIdList.add("URGENT-CVE-2022-22965");
        listbodyUrgentVulIdList.add("URGENT-CVE-2022-25845");
        listbodyUrgentVulIdList.add("URGENT-CVE-2019-14439");
        listbodyUrgentVulIdList.add("URGENT-CVE-2020-13933");
        listbodyUrgentVulIdList.add("URGENT-CVE-2020-26217");
        listbodyUrgentVulIdList.add("URGENT-CVE-2021-4034");
        listbodyUrgentVulIdList.add("URGENT-CVE-2021-44228");
        listbodyUrgentVulIdList.add("URGENT-CVE-2022-0847");
        List<String> listbodyAgentIdList = new ArrayList<>();
        listbodyAgentIdList.add("0253edfd-30e7-439d-8f3f-17c54c997064");
        body.withUrgentVulIdList(listbodyUrgentVulIdList);
        body.withAgentIdList(listbodyAgentIdList);
        body.withRangeType("specific_host");
        body.withBatchFlag(false);
        request.withBody(body);
        try {
            CreateVulnerabilityScanTaskResponse response = client.createVulnerabilityScanTask(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateVulnerabilityScanTaskRequest()
        listUrgentVulIdListbody = [
            "URGENT-CVE-2023-46604",
            "URGENT-HSSVD-2020-1109",
            "URGENT-CVE-2022-26134",
            "URGENT-CVE-2023-22515",
            "URGENT-CVE-2023-22518",
            "URGENT-CVE-2023-28432",
            "URGENT-CVE-2023-37582",
            "URGENT-CVE-2023-33246",
            "URGENT-CNVD-2023-02709",
            "URGENT-CVE-2022-36804",
            "URGENT-CVE-2022-22965",
            "URGENT-CVE-2022-25845",
            "URGENT-CVE-2019-14439",
            "URGENT-CVE-2020-13933",
            "URGENT-CVE-2020-26217",
            "URGENT-CVE-2021-4034",
            "URGENT-CVE-2021-44228",
            "URGENT-CVE-2022-0847"
        ]
        listAgentIdListbody = [
            "0253edfd-30e7-439d-8f3f-17c54c997064"
        ]
        request.body = ManualVulScanRequestInfo(
            urgent_vul_id_list=listUrgentVulIdListbody,
            agent_id_list=listAgentIdListbody,
            range_type="specific_host",
            batch_flag=False
        )
        response = client.create_vulnerability_scan_task(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateVulnerabilityScanTaskRequest{}
	var listUrgentVulIdListbody = []string{
        "URGENT-CVE-2023-46604",
	    "URGENT-HSSVD-2020-1109",
	    "URGENT-CVE-2022-26134",
	    "URGENT-CVE-2023-22515",
	    "URGENT-CVE-2023-22518",
	    "URGENT-CVE-2023-28432",
	    "URGENT-CVE-2023-37582",
	    "URGENT-CVE-2023-33246",
	    "URGENT-CNVD-2023-02709",
	    "URGENT-CVE-2022-36804",
	    "URGENT-CVE-2022-22965",
	    "URGENT-CVE-2022-25845",
	    "URGENT-CVE-2019-14439",
	    "URGENT-CVE-2020-13933",
	    "URGENT-CVE-2020-26217",
	    "URGENT-CVE-2021-4034",
	    "URGENT-CVE-2021-44228",
	    "URGENT-CVE-2022-0847",
    }
	var listAgentIdListbody = []string{
        "0253edfd-30e7-439d-8f3f-17c54c997064",
    }
	rangeTypeManualVulScanRequestInfo:= "specific_host"
	batchFlagManualVulScanRequestInfo:= false
	request.Body = &model.ManualVulScanRequestInfo{
		UrgentVulIdList: &listUrgentVulIdListbody,
		AgentIdList: &listAgentIdListbody,
		RangeType: &rangeTypeManualVulScanRequestInfo,
		BatchFlag: &batchFlagManualVulScanRequestInfo,
	}
	response, err := client.CreateVulnerabilityScanTask(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Succeeded in manually detecting vulnerabilities

Error Codes

See Error Codes.