Creating a Vulnerability Scan Task
Function
This API is used to create a vulnerability scan task.
Calling Method
For details, see Calling APIs.
URI
POST /v5/{project_id}/vulnerability/scan-task
| Parameter | Mandatory | Type | Description | 
|---|---|---|---|
| project_id | Yes | String | Project ID. | 
| Parameter | Mandatory | Type | Description | 
|---|---|---|---|
| enterprise_project_id | No | String | ID of the enterprise project that a server belongs. An enterprise project can be configured only after the enterprise project function is enabled. Enterprise project ID. The value 0 indicates the default enterprise project. To query servers in all enterprise projects, set this parameter to all_granted_eps. If you have only the permission on an enterprise project, you need to transfer the enterprise project ID to query the server in the enterprise project. Otherwise, an error is reported due to insufficient permission. | 
Request Parameters
| Parameter | Mandatory | Type | Description | 
|---|---|---|---|
| X-Auth-Token | Yes | String | User token. It can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token. | 
| Parameter | Mandatory | Type | Description | 
|---|---|---|---|
| manual_scan_type | No | Array of strings | Operation type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability -urgent_vul: emergency vulnerability | 
| batch_flag | No | Boolean | Specifies whether the operation is performed in batches. If the value is true, all supported servers are scanned. | 
| range_type | No | String | Range of servers to be scanned. The options are as follows: -all_host: Scan all servers. You do not need to set agent_id_list for this type. -specific_host: | 
| agent_id_list | No | Array of strings | Server list | 
| urgent_vul_id_list | No | Array of strings | Scan all ID list of emergency vulnerabilities. If this parameter is left blank, all emergency vulnerabilities are scanned. Its value can be: URGENT-CVE-2023-46604 Apache ActiveMQ Remote Code Execution Vulnerability URGENT-HSSVD-2020-1109 Elasticsearch Unauthorized Access Vulnerability URGENT-CVE-2022-26134 Atlassian Confluence OGNL Remote Code Execution Vulnerability (Cve-2022-26134) URGENT-CVE-2023-22515 Atlassian Confluence Data Center and Server Privilege Escalation Vulnerability (CVE-2023-22515) URGENT-CVE-2023-22518 Atlassian Confluence Data Center & Server Inappropriate Authorization Mechanism Vulnerability (CVE-2023-22518) URGENT-CVE-2023-28432 MinIO Information Disclosure Vulnerability (CVE-2023-28432) URGENT-CVE-2023-37582 Apache RocketMQ Remote Code Execution Vulnerability (CVE-2023-37582) URGENT-CVE-2023-33246 Apache RocketMQ Remote Code Execution Vulnerability (CVE-2023-33246) URGENT-CNVD-2023-02709 ZENTAO Project Management System Remote Command Execution Vulnerability (CNVD-2023-02709) URGENT-CVE-2022-36804 Atlassian Bitbucket Server and Data Center Command Injection Vulnerability (CVE-2022-36804) URGENT-CVE-2022-22965 Spring Framework JDK >= 9 Remote Code Execution Vulnerability URGENT-CVE-2022-25845 fastjson <1.2.83 Remote Code Execution Vulnerability URGENT-CVE-2019-14439 Jackson-databind Remote Command Execution Vulnerability (CVE-2019-14439) URGENT-CVE-2020-13933 Apache Shiro Authentication Bypass Vulnerability (CVE-2020-13933) URGENT-CVE-2020-26217 XStream < 1.4.14 Remote Code Execution Vulnerability (CVE-2020-26217) URGENT-CVE-2021-4034 Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034) URGENT-CVE-2021-44228 Apache Log4j2 Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046) URGENT-CVE-2022-0847 Dirty Pipe - Linux Kernel Local Privilege Escalation Vulnerability (CVE-2022-0847) | 
Response Parameters
Status code: 200
| Parameter | Type | Description | 
|---|---|---|
| task_id | String | Detection task ID | 
Example Requests
Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.
POST https://{endpoint}/v5/{project_id}/vulnerability/scan-task?enterprise_project_id=XXX
{
  "manual_scan_type" : "urgent_vul",
  "batch_flag" : false,
  "range_type" : "specific_host",
  "agent_id_list" : [ "0253edfd-30e7-439d-8f3f-17c54c997064" ],
  "urgent_vul_id_list" : [ "URGENT-CVE-2023-46604", "URGENT-HSSVD-2020-1109", "URGENT-CVE-2022-26134", "URGENT-CVE-2023-22515", "URGENT-CVE-2023-22518", "URGENT-CVE-2023-28432", "URGENT-CVE-2023-37582", "URGENT-CVE-2023-33246", "URGENT-CNVD-2023-02709", "URGENT-CVE-2022-36804", "URGENT-CVE-2022-22965", "URGENT-CVE-2022-25845", "URGENT-CVE-2019-14439", "URGENT-CVE-2020-13933", "URGENT-CVE-2020-26217", "URGENT-CVE-2021-4034", "URGENT-CVE-2021-44228", "URGENT-CVE-2022-0847" ]
}
  Example Responses
Status code: 200
Request succeeded.
{
  "task_id" : "d8a12cf7-6a43-4cd6-92b4-aabf1e917"
}
  SDK Sample Code
The SDK sample code is as follows.
Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 | package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.hss.v5.region.HssRegion; import com.huaweicloud.sdk.hss.v5.*; import com.huaweicloud.sdk.hss.v5.model.*; import java.util.List; import java.util.ArrayList; public class CreateVulnerabilityScanTaskSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); HssClient client = HssClient.newBuilder() .withCredential(auth) .withRegion(HssRegion.valueOf("<YOUR REGION>")) .build(); CreateVulnerabilityScanTaskRequest request = new CreateVulnerabilityScanTaskRequest(); ManualVulScanRequestInfo body = new ManualVulScanRequestInfo(); List<String> listbodyUrgentVulIdList = new ArrayList<>(); listbodyUrgentVulIdList.add("URGENT-CVE-2023-46604"); listbodyUrgentVulIdList.add("URGENT-HSSVD-2020-1109"); listbodyUrgentVulIdList.add("URGENT-CVE-2022-26134"); listbodyUrgentVulIdList.add("URGENT-CVE-2023-22515"); listbodyUrgentVulIdList.add("URGENT-CVE-2023-22518"); listbodyUrgentVulIdList.add("URGENT-CVE-2023-28432"); listbodyUrgentVulIdList.add("URGENT-CVE-2023-37582"); listbodyUrgentVulIdList.add("URGENT-CVE-2023-33246"); listbodyUrgentVulIdList.add("URGENT-CNVD-2023-02709"); listbodyUrgentVulIdList.add("URGENT-CVE-2022-36804"); listbodyUrgentVulIdList.add("URGENT-CVE-2022-22965"); listbodyUrgentVulIdList.add("URGENT-CVE-2022-25845"); listbodyUrgentVulIdList.add("URGENT-CVE-2019-14439"); listbodyUrgentVulIdList.add("URGENT-CVE-2020-13933"); listbodyUrgentVulIdList.add("URGENT-CVE-2020-26217"); listbodyUrgentVulIdList.add("URGENT-CVE-2021-4034"); listbodyUrgentVulIdList.add("URGENT-CVE-2021-44228"); listbodyUrgentVulIdList.add("URGENT-CVE-2022-0847"); List<String> listbodyAgentIdList = new ArrayList<>(); listbodyAgentIdList.add("0253edfd-30e7-439d-8f3f-17c54c997064"); body.withUrgentVulIdList(listbodyUrgentVulIdList); body.withAgentIdList(listbodyAgentIdList); body.withRangeType("specific_host"); body.withBatchFlag(false); request.withBody(body); try { CreateVulnerabilityScanTaskResponse response = client.createVulnerabilityScanTask(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } | 
Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | # coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkhss.v5.region.hss_region import HssRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkhss.v5 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = HssClient.new_builder() \ .with_credentials(credentials) \ .with_region(HssRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateVulnerabilityScanTaskRequest() listUrgentVulIdListbody = [ "URGENT-CVE-2023-46604", "URGENT-HSSVD-2020-1109", "URGENT-CVE-2022-26134", "URGENT-CVE-2023-22515", "URGENT-CVE-2023-22518", "URGENT-CVE-2023-28432", "URGENT-CVE-2023-37582", "URGENT-CVE-2023-33246", "URGENT-CNVD-2023-02709", "URGENT-CVE-2022-36804", "URGENT-CVE-2022-22965", "URGENT-CVE-2022-25845", "URGENT-CVE-2019-14439", "URGENT-CVE-2020-13933", "URGENT-CVE-2020-26217", "URGENT-CVE-2021-4034", "URGENT-CVE-2021-44228", "URGENT-CVE-2022-0847" ] listAgentIdListbody = [ "0253edfd-30e7-439d-8f3f-17c54c997064" ] request.body = ManualVulScanRequestInfo( urgent_vul_id_list=listUrgentVulIdListbody, agent_id_list=listAgentIdListbody, range_type="specific_host", batch_flag=False ) response = client.create_vulnerability_scan_task(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) | 
Create an emergency vulnerability detection task whose agent_id is 0253edfd-30e7-439d-8f3f-17c54c997064 and vulnerability ID list is urgent_vul_id_list.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := hss.NewHssClient( hss.HssClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateVulnerabilityScanTaskRequest{} var listUrgentVulIdListbody = []string{ "URGENT-CVE-2023-46604", "URGENT-HSSVD-2020-1109", "URGENT-CVE-2022-26134", "URGENT-CVE-2023-22515", "URGENT-CVE-2023-22518", "URGENT-CVE-2023-28432", "URGENT-CVE-2023-37582", "URGENT-CVE-2023-33246", "URGENT-CNVD-2023-02709", "URGENT-CVE-2022-36804", "URGENT-CVE-2022-22965", "URGENT-CVE-2022-25845", "URGENT-CVE-2019-14439", "URGENT-CVE-2020-13933", "URGENT-CVE-2020-26217", "URGENT-CVE-2021-4034", "URGENT-CVE-2021-44228", "URGENT-CVE-2022-0847", } var listAgentIdListbody = []string{ "0253edfd-30e7-439d-8f3f-17c54c997064", } rangeTypeManualVulScanRequestInfo:= "specific_host" batchFlagManualVulScanRequestInfo:= false request.Body = &model.ManualVulScanRequestInfo{ UrgentVulIdList: &listUrgentVulIdListbody, AgentIdList: &listAgentIdListbody, RangeType: &rangeTypeManualVulScanRequestInfo, BatchFlag: &batchFlagManualVulScanRequestInfo, } response, err := client.CreateVulnerabilityScanTask(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } | 
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
| Status Code | Description | 
|---|---|
| 200 | Request succeeded. | 
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot 
    