Querying SQL Injection Rule Policies

Function

URI

POST /v1/{project_id}/audit/{instance_id}/rule/sqls

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition: Project ID. You can obtain the value by calling the IAM API for querying the project list of a specified IAM user. Constraints N/A Range: The value is subject to the return value of the IAM service interface. The value contains 32 to 64 characters. Default Value: N/A
instance_id	Yes	String	Definition: Instance ID. The value can be obtained from the ID field of the API for querying the instance list. Constraints N/A Range: The value is subject to the value of the API for querying the instance list. The value contains 32 to 64 characters. Default Value: N/A

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition: User token. You can obtain the token by calling the IAM API used to query the user token. The token is the value of X-Subject-Token in the response header. Constraints N/A Range: The value is subject to the user token query interface of the IAM service. Default Value: N/A

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
page	No	Integer	Current page
size	No	Integer	Page size.
risk_levels	No	String	Risk level. HIGH MEDIUM LOW NO_RISK

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
rules	Array of rules objects	SQL rule list
total	Integer	Total number.

**Table 5** rules
Parameter	Type	Description
id	String	SQL rule ID
name	String	SQL rule name
status	String	Rule status. ON OFF
risk_level	String	Risk level. HIGH MEDIUM LOW
type	String	Risk type
rank	Integer	Priority. A smaller value indicates a higher priority.
feature	String	SQL command feature
regex	String	Regular expression.

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
details	Array of DbssErrorDetail objects	PDP5 authentication exception information
encoded_authorization_message	String	PDP5 authentication exception information
error_code	String	Error Codes
error_msg	String	Error message.

**Table 7** DbssErrorDetail
Parameter	Type	Description
error_code	String	Error Codes
error_msg	String	PDP5 error information

Status code: 403

**Table 8** Response body parameters
Parameter	Type	Description
details	Array of DbssErrorDetail objects	PDP5 authentication exception information
encoded_authorization_message	String	PDP5 authentication exception information
error_code	String	Error Codes
error_msg	String	Error message.

**Table 9** DbssErrorDetail
Parameter	Type	Description
error_code	String	Error Codes
error_msg	String	PDP5 error information

Status code: 500

**Table 10** Response body parameters
Parameter	Type	Description
details	Array of DbssErrorDetail objects	PDP5 authentication exception information
encoded_authorization_message	String	PDP5 authentication exception information
error_code	String	Error Codes
error_msg	String	Error message.

**Table 11** DbssErrorDetail
Parameter	Type	Description
error_code	String	Error Codes
error_msg	String	PDP5 error information

Example Requests

/v1/{project_id}/audit/{instance_id}/rule/sqls

{
  "risk_levels" : "HIGH"
}

Example Responses

Status code: 200

Success

{
  "rules" : [ {
    "id" : "zX4W2ngBo47GiyUSBuNs",
    "name" : "MySQL error based SQL injection",
    "status" : "ON",
    "type" : "SYSTEM",
    "risk_level" : "HIGH",
    "rank" : 1,
    "feature" : "Regular expression",
    "regex" : "((.*)?(select)\\s+[0-9]+\\s+from\\s+\\(\\s*select\\s+count(.*)?(concat)\\s*(.*)?(from)\\s*(information_schema.tables)(.*)?(group)\\s+(by)(.*)?)"
  } ],
  "total" : 1
}