Querying Vulnerability Information About a Server

Function

This API is used to query the vulnerability information about a server.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/vulnerability/host/{host_id}

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Tenant project ID. Minimum: 1 Maximum: 256
host_id	Yes	String	Server ID. Minimum: 1 Maximum: 128

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Enterprise project ID. To query all enterprise projects, set this parameter to all_granted_eps. Default: 0 Minimum: 0 Maximum: 256
type	No	String	Vulnerability type. The default value is linux_vul. The options are as follows: linux_vul: Linux vulnerability windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability app_vul: application vulnerability urgent_vul: emergency vulnerability Minimum: 0 Maximum: 64
vul_name	No	String	Vulnerability name Minimum: 0 Maximum: 256
limit	No	Integer	Number of records displayed on each page. Minimum: 0 Maximum: 200 Default: 10
offset	No	Integer	Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. Minimum: 0 Maximum: 2000000 Default: 0
handle_status	No	String	Handling status. The options are as follows: - unhandled - handled Minimum: 1 Maximum: 32
status	No	String	Vulnerability status. The options are as follows: vul_status_unfix: not fixed vul_status_ignored: ignored vul_status_verified: verification in progress vul_status_fixing: The fix is in progress. vul_status_fixed: The fix succeeded. vul_status_reboot : The issue is fixed and waiting for restart. vul_status_failed: The issue failed to be fixed. vul_status_fix_after_reboot: Restart the server and try again. Minimum: 1 Maximum: 32
repair_priority	No	String	Fixing priority. The options are as follows: Critical High Medium Low Minimum: 1 Maximum: 10

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. Minimum: 1 Maximum: 32768

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total_num	Long	Total Minimum: 0 Maximum: 2147483647
data_list	Array of HostVulInfo objects	List of vulnerabilities on a server Array Length: 0 - 2147483647

**Table 5** HostVulInfo
Parameter	Type	Description
vul_name	String	Vulnerability name Minimum: 0 Maximum: 256
vul_id	String	Vulnerability ID Minimum: 0 Maximum: 64
label_list	Array of strings	Vulnerability tag list Minimum: 0 Maximum: 65534 Array Length: 0 - 2147483647
repair_necessity	String	Repair urgency. The options are as follows: immediate_repair: The problem must be rectified as soon as possible. delay_repair: The problem can be fixed later. not_needed_repair: The problem does not need to be fixed. Minimum: 0 Maximum: 64
scan_time	Long	Latest scan time Minimum: 0 Maximum: 9223372036854775807
type	String	Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability Minimum: 0 Maximum: 128
app_list	Array of app_list objects	List of software affected by the vulnerability on the server Array Length: 0 - 2147483647
severity_level	String	Risk level. Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console. High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console. Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console. Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console. Minimum: 1 Maximum: 128
solution_detail	String	Solution Minimum: 0 Maximum: 65534
url	String	URL Minimum: 0 Maximum: 2083
description	String	Vulnerability description Minimum: 0 Maximum: 65534
repair_cmd	String	Repair command Minimum: 1 Maximum: 256
status	String	Vulnerability status vul_status_unfix: not fixed vul_status_ignored: ignored vul_status_verified: verification in progress vul_status_fixing: The fix is in progress. vul_status_fixed: The fix succeeded. vul_status_reboot : The issue is fixed and waiting for restart. vul_status_failed: The issue failed to be fixed. vul_status_fix_after_reboot: Restart the server and try again. Minimum: 1 Maximum: 128
repair_success_num	Integer	Total times that the vulnerability is fixed by HSS on the entire network Minimum: 0 Maximum: 1000000
cve_list	Array of cve_list objects	CVE list Array Length: 1 - 10000
is_affect_business	Boolean	Whether services are affected
first_scan_time	Long	First scan time Minimum: 0 Maximum: 9223372036854775807
app_name	String	Software Minimum: 0 Maximum: 256
app_version	String	Version Minimum: 0 Maximum: 256
app_path	String	Software path Minimum: 0 Maximum: 512
version	String	ECS quota Minimum: 0 Maximum: 128
support_restore	Boolean	Indicates whether data can be rolled back to the backup created when the vulnerability was fixed.
disabled_operate_types	Array of disabled_operate_types objects	List of operation types of vulnerabilities that cannot be performed. Array Length: 1 - 10000
repair_priority	String	Fixing priority. The options are as follows: Critical High Medium Low Minimum: 1 Maximum: 10

**Table 6** app_list
Parameter	Type	Description
app_name	String	Software Minimum: 0 Maximum: 256
app_version	String	Software Version Minimum: 0 Maximum: 256
upgrade_version	String	Version that the software with vulnerability needs to be upgraded to Minimum: 0 Maximum: 256
app_path	String	Path of the application software (This field is available only for application vulnerabilities.) Minimum: 1 Maximum: 512

**Table 7** cve_list
Parameter	Type	Description
cve_id	String	CVE ID Minimum: 1 Maximum: 32
cvss	Float	CVSS score Minimum: 0 Maximum: 10

**Table 8** disabled_operate_types
Parameter	Type	Description
operate_type	String	Operation type. ignore not_ignore: unignore immediate_repair: fix manual_repair: verify add_to_whitelist: Minimum: 1 Maximum: 64
reason	String	Indicates the reason why the operation cannot be performed. Minimum: 0 Maximum: 512

Example Requests

Query the first 10 vulnerabilities on the server whose ID is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/host/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx?offset=0&limit=10

Example Responses

Status code: 200

List of vulnerabilities on a server

{
  "data_list" : [ {
    "app_list" : [ {
      "app_name" : "Apache Log4j API(Apache Log4j API)",
      "app_version" : "2.8.2",
      "upgrade_version" : "2.8.3",
      "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar"
    }, {
      "app_name" : "Apache Log4j Core(Apache Log4j Core)",
      "app_version" : "2.8.2",
      "upgrade_version" : "2.8.3",
      "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar"
    } ],
    "app_name" : "Apache Log4j API(Apache Log4j API)",
    "app_path" : "/CloudResetPwdUpdateAgent/lib/log4j-api-2.8.2.jar",
    "app_version" : "2.8.2",
    "cve_list" : [ {
      "cve_id" : "CVE-2021-45046",
      "cvss" : 9
    } ],
    "description" : "It was found that the fix for address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in some non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern, leading to information leakage and remote code execution in some environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for the message search mode and disabling the JNDI function by default.",
    "first_scan_time" : 1688956612533,
    "is_affect_business" : true,
    "label_list" : [ ],
    "repair_necessity" : "Critical",
    "scan_time" : 1690469489713,
    "severity_level" : "Critical",
    "repair_cmd" : "yum update tcpdump",
    "solution_detail" : "The official fixing suggestions for this vulnerability have been released. You can visit the following website and fix the vulnerability accordingly:\nhttps://logging.apache.org/log4j/2.x/security.html\nFor details about the patch for this vulnerability, visit the following website:\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nFor details about unofficial fixing suggestions for this vulnerability, visit the following website:\nhttp://www.openwall.com/lists/oss-security/2021/12/14/4\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd\nhttp://www.openwall.com/lists/oss-security/2021/12/15/3\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf\nhttps://www.kb.cert.org/vuls/id/930724\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf\nhttps://www.debian.org/security/2021/dsa-5022\nhttps://www.oracle.com/security-alerts/alert-cve-2021-44228.html\nhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032\nhttp://www.openwall.com/lists/oss-security/2021/12/18/1\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/\nThe vulnerability exploitation/POC of this vulnerability has been exposed. You can verify the vulnerability by referring to the following links:\nhttps://github.com/X1pe0/Log4J-Scan-Win\nhttps://github.com/cckuailong/Log4j_CVE-2021-45046\nhttps://github.com/BobTheShoplifter/CVE-2021-45046-Info\nhttps://github.com/tejas-nagchandi/CVE-2021-45046\nhttps://github.com/pravin-pp/log4j2-CVE-2021-45046\nhttps://github.com/mergebase/log4j-samples\nhttps://github.com/lukepasek/log4jjndilookupremove\nhttps://github.com/ludy-dev/cve-2021-45046\nhttps://github.com/lijiejie/log4j2_vul_local_scanner\nhttps://github.com/CaptanMoss/Log4Shell-Sandbox-Signature\nhttps://github.com/taise-hub/log4j-poc",
    "status" : "vul_status_unfix",
    "type" : "app_vul",
    "url" : "[\"https://www.oracle.com/security-alerts/cpujan2022.html\"]",
    "version" : "hss.version.wtp",
    "vul_id" : "HCVD-APP-CVE-2021-45046",
    "vul_name" : "CVE-2021-45046",
    "repair_success_num" : 3,
    "support_restore" : true,
    "disabled_operate_types" : [ {
      "operate_type" : "immediate_repair",
      "reason" : "The kernel vulnerability of CCE container node cannot be automatically fixed."
    } ]
  } ],
  "total_num" : 31
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListHostVulsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListHostVulsRequest request = new ListHostVulsRequest();
        request.withEnterpriseProjectId("<enterprise_project_id>");
        request.withType("<type>");
        request.withVulName("<vul_name>");
        request.withLimit(<limit>);
        request.withOffset(<offset>);
        request.withHandleStatus("<handle_status>");
        request.withStatus("<status>");
        request.withRepairPriority("<repair_priority>");
        try {
            ListHostVulsResponse response = client.listHostVuls(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = __import__('os').getenv("CLOUD_SDK_AK")
    sk = __import__('os').getenv("CLOUD_SDK_SK")

    credentials = BasicCredentials(ak, sk) \

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListHostVulsRequest()
        request.enterprise_project_id = "<enterprise_project_id>"
        request.type = "<type>"
        request.vul_name = "<vul_name>"
        request.limit = <limit>
        request.offset = <offset>
        request.handle_status = "<handle_status>"
        request.status = "<status>"
        request.repair_priority = "<repair_priority>"
        response = client.list_host_vuls(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListHostVulsRequest{}
	enterpriseProjectIdRequest:= "<enterprise_project_id>"
	request.EnterpriseProjectId = &enterpriseProjectIdRequest
	typeRequest:= "<type>"
	request.Type = &typeRequest
	vulNameRequest:= "<vul_name>"
	request.VulName = &vulNameRequest
	limitRequest:= int32(<limit>)
	request.Limit = &limitRequest
	offsetRequest:= int32(<offset>)
	request.Offset = &offsetRequest
	handleStatusRequest:= "<handle_status>"
	request.HandleStatus = &handleStatusRequest
	statusRequest:= "<status>"
	request.Status = &statusRequest
	repairPriorityRequest:= "<repair_priority>"
	request.RepairPriority = &repairPriorityRequest
	response, err := client.ListHostVuls(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     