Evaluating Risk Level of Scripts
Function
This API is used to evaluate risks of a job based on the job content. The analysis is only for reference.
High-risk commands affect the normal running of the system or services, or cause special system files to be maliciously deleted or modified.
High-risk command detection checks whether the script content contains high-risk commands or not based on the regular expressions in the check rules.
Constraints
Risk level: LOW, MEDIUM, and HIGH
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, the following identity policy-based permissions are required.
Action
Access Level
Resource Type (*: required)
Condition Key
Alias
Dependencies
coc:document:analyzeRisk
Read
-
-
-
-
URI
POST /v1/job/analyze-job
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
Definition: Tenant token. Constraints: Tenant token obtained from IAM. Value range: N/A. Default value: N/A. |
|
X-Language |
No |
String |
Definition: Internationalization tag. zh-cn indicates Chinese, and en-us or no value indicates English. Constraints: zh-cn indicates Chinese, and en-us or no value indicates English. Value range: zh-cn and en-us Default value: N/A. |
|
x-project-id |
No |
String |
Definition: The project ID. Constraints: Project ID corresponding to the region. Value range: N/A. Default value: N/A. |
|
x-user-profile |
No |
String |
Definition: IAM 5.0 user information. Constraints: N/A. Value range: N/A. Default value: N/A. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
content |
Yes |
String |
Definition: Script content. Constraints: N/A. Value range: N/A. Default value: N/A. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
data |
data object |
Definition: Return data. Value range: N/A. |
|
Parameter |
Type |
Description |
|---|---|---|
|
risk_level |
String |
Definition: Risk level. Value range: N/A. |
|
blacklist_commands |
Array of blacklist_commands objects |
Definition: Blacklist. Value range: N/A. |
|
Parameter |
Type |
Description |
|---|---|---|
|
command_name |
String |
Definition: Command. Value range: N/A. |
|
command_rule |
String |
Definition: Matching rules. Value range: N/A. |
|
example |
String |
Definition: Instance. Value range: N/A. |
|
description_en |
String |
Definition: Blacklist command description in English. Value range: N/A. |
|
description_zh |
String |
Definition: Blacklist command description in Chinese. Value range: N/A. |
Example Requests
Evaluate the risk level of the script content.
POST https://{Endpoint}/v1/job/analyze-job
{
"content" : "#!/bin/bash\necho 123\nrm -f /"
}
Example Responses
Status code: 200
Request result is returned.
For more status codes, see Status Codes.
{
"data" : {
"risk_level" : "HIGH",
"blacklist_commands" : [ {
"command_name" : "rm command",
"command_rule" : "\\s*rm\\s+.*",
"example" : "rm test.txt ",
"description_en" : "The rm command is included, special system files may be maliciously deleted or modified.",
"description_zh" : "If a command contains rm, special system files may be maliciously deleted or modified."
} ]
}
}
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request result is returned. For more status codes, see Status Codes. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
