Help Center/ Host Security Service/ API Reference/ API Description/ Container Image/ Querying the Check Item List of a Specified Security Configuration Item of an Image

Updated on 2024-07-04 GMT+08:00

Online Debugging

CLI Examples

View PDF

Querying the Check Item List of a Specified Security Configuration Item of an Image

Function

This API is used to query the check item list of a specified security configuration item of an image.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/image/baseline/risk-configs/{check_name}/rules

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. Minimum: 1 Maximum: 256
check_name	Yes	String	Baseline name Minimum: 0 Maximum: 128

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Enterprise project ID. To query all enterprise projects, set this parameter to all_granted_eps. Default: 0 Minimum: 1 Maximum: 256
image_type	Yes	String	Image type. The options are as follows: private_image: private image repository shared_image: shared image repository local_image: local image instance_image: enterprise image Minimum: 1 Maximum: 32
offset	No	Integer	Offset, which specifies the start position of the record to be returned. Minimum: 0 Maximum: 2000000 Default: 0
limit	No	Integer	Number of records on each page Minimum: 10 Maximum: 200 Default: 10
namespace	No	String	Specifies the organization name. If no image information is available, all images are queried. Minimum: 0 Maximum: 64
image_name	No	String	Image name Minimum: 0 Maximum: 128
image_version	No	String	Image tag name Minimum: 0 Maximum: 64
standard	Yes	String	Standard type. Its value can be: cn_standard: DJCP MLPS compliance standard hw_standard: Huawei standard qt_standard: Qingteng standard Minimum: 0 Maximum: 32
result_type	No	String	Result type. Its value can be: pass: The item passed the check. failed: The item failed the check. Default: unhandled Minimum: 0 Maximum: 64
check_rule_name	No	String	Check item name. Fuzzy match is supported. Minimum: 0 Maximum: 2048
severity	No	String	Risk level. Its value can be: Security Low Medium High Critical Minimum: 0 Maximum: 255
instance_id	No	String	Enterprise repository instance ID. This API is not required for SWR shared edition. Minimum: 0 Maximum: 128

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. Minimum: 1 Maximum: 32768
region	No	String	Region ID Minimum: 0 Maximum: 128

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total_num	Integer	Total risks Minimum: 0 Maximum: 2147483647
data_list	Array of ImageRiskConfigsCheckRulesResponseInfo objects	Data list Array Length: 0 - 2147483647

**Table 5** ImageRiskConfigsCheckRulesResponseInfo
Parameter	Type	Description
severity	String	Risk level. Its value can be: Security Low Medium High Minimum: 0 Maximum: 255
check_name	String	Baseline name Minimum: 0 Maximum: 256
check_type	String	Baseline type Minimum: 0 Maximum: 256
standard	String	Standard type. Its value can be: cn_standard: DJCP MLPS compliance standard hw_standard: Huawei standard qt_standard: Qingteng standard Minimum: 0 Maximum: 16
check_rule_name	String	Check items Minimum: 0 Maximum: 2048
check_rule_id	String	Check item ID Minimum: 0 Maximum: 64
scan_result	String	Detection result. The options are as follows: pass failed Minimum: 0 Maximum: 64

Example Requests

Query the check items of a specified security configuration item whose organization is aaa, image name is centos7, image version is common, and standard type is Huawei standard.

GET https://{endpoint}/v5/{project_id}/image/baseline/risk-configs/{check_name}/rules?offset=0&limit=200&image_type=private_image&namespace=aaa&image_name=centos7/test&image_version=common&standard=hw_standard&enterprise_project_id=all_granted_eps

Example Responses

Status code: 200

Checklist of the specified security configuration item

{
  "total_num" : 1,
  "data_list" : [ {
    "check_rule_id" : "1.1",
    "check_rule_name" : "Rule: Password locking policy.",
    "check_name" : "CentOS 7",
    "check_type" : "CentOS 7",
    "standard" : "hw_standard",
    "scan_result" : "failed",
    "severity" : "High"
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListImageRiskConfigRulesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListImageRiskConfigRulesRequest request = new ListImageRiskConfigRulesRequest();
        request.withEnterpriseProjectId("<enterprise_project_id>");
        request.withImageType("<image_type>");
        request.withOffset(<offset>);
        request.withLimit(<limit>);
        request.withNamespace("<namespace>");
        request.withImageName("<image_name>");
        request.withImageVersion("<image_version>");
        request.withStandard("<standard>");
        request.withResultType("<result_type>");
        request.withCheckRuleName("<check_rule_name>");
        request.withSeverity("<severity>");
        request.withInstanceId("<instance_id>");
        try {
            ListImageRiskConfigRulesResponse response = client.listImageRiskConfigRules(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = BasicCredentials(ak, sk)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListImageRiskConfigRulesRequest()
        request.enterprise_project_id = "<enterprise_project_id>"
        request.image_type = "<image_type>"
        request.offset = <offset>
        request.limit = <limit>
        request.namespace = "<namespace>"
        request.image_name = "<image_name>"
        request.image_version = "<image_version>"
        request.standard = "<standard>"
        request.result_type = "<result_type>"
        request.check_rule_name = "<check_rule_name>"
        request.severity = "<severity>"
        request.instance_id = "<instance_id>"
        response = client.list_image_risk_config_rules(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListImageRiskConfigRulesRequest{}
	enterpriseProjectIdRequest:= "<enterprise_project_id>"
	request.EnterpriseProjectId = &enterpriseProjectIdRequest
	request.ImageType = "<image_type>"
	offsetRequest:= int32(<offset>)
	request.Offset = &offsetRequest
	limitRequest:= int32(<limit>)
	request.Limit = &limitRequest
	namespaceRequest:= "<namespace>"
	request.Namespace = &namespaceRequest
	imageNameRequest:= "<image_name>"
	request.ImageName = &imageNameRequest
	imageVersionRequest:= "<image_version>"
	request.ImageVersion = &imageVersionRequest
	request.Standard = "<standard>"
	resultTypeRequest:= "<result_type>"
	request.ResultType = &resultTypeRequest
	checkRuleNameRequest:= "<check_rule_name>"
	request.CheckRuleName = &checkRuleNameRequest
	severityRequest:= "<severity>"
	request.Severity = &severityRequest
	instanceIdRequest:= "<instance_id>"
	request.InstanceId = &instanceIdRequest
	response, err := client.ListImageRiskConfigRules(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     