Updated on 2024-07-04 GMT+08:00

Querying the Vulnerability List

Function

This API is used to query the list of detected vulnerabilities.

Calling Method

For details, see Calling APIs.

URI

GET /v5/{project_id}/vulnerability/vulnerabilities

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Minimum: 1

Maximum: 256

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps.

Default: 0

Minimum: 0

Maximum: 256

type

No

String

Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability

Minimum: 0

Maximum: 32

vul_id

No

String

Vulnerability ID

Minimum: 0

Maximum: 256

vul_name

No

String

Vulnerability name

Minimum: 0

Maximum: 256

limit

No

Integer

Number of records displayed on each page

Minimum: 0

Maximum: 200

Default: 10

offset

No

Integer

Offset, which specifies the start position of the record to be returned.

Minimum: 0

Maximum: 2000000

Default: 0

repair_priority

No

String

Fix Priority Critical High Medium Low

Minimum: 1

Maximum: 10

handle_status

No

String

description: |- Handling status. The options are as follows: - unhandled - handled

Default: unhandled

Minimum: 1

Maximum: 32

cve_id

No

String

Vulnerability ID

Minimum: 0

Maximum: 32

label_list

No

String

Vulnerability tag

Minimum: 0

Maximum: 128

status

No

String

Vulnerability status

Minimum: 0

Maximum: 32

asset_value

No

String

Asset importance important common test

Minimum: 0

Maximum: 32

group_name

No

String

Server group name

Minimum: 0

Maximum: 256

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Minimum: 1

Maximum: 32768

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total_num

Long

Total number of vulnerabilities

Minimum: 0

Maximum: 2147483647

data_list

Array of VulInfo objects

Software vulnerability list

Array Length: 0 - 2147483647

Table 5 VulInfo

Parameter

Type

Description

vul_name

String

Vulnerability name

Minimum: 0

Maximum: 256

vul_id

String

Vulnerability ID

Minimum: 0

Maximum: 64

label_list

Array of strings

Vulnerability tag

Minimum: 0

Maximum: 65534

Array Length: 0 - 2147483647

repair_necessity

String

Necessity of fixing a vulnerability.

  • Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console.

  • High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console.

  • Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console.

  • Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.

Minimum: 0

Maximum: 64

severity_level

String

Vulnerability severity.

  • Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console.

  • High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console.

  • Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console.

  • Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.

Minimum: 0

Maximum: 64

host_num

Integer

Number of affected servers

Minimum: 0

Maximum: 2147483647

unhandle_host_num

Integer

Number of unhandled servers, excluding ignored and fixed servers.

Minimum: 0

Maximum: 2147483647

scan_time

Long

Last scanned, in ms.

Minimum: 0

Maximum: 9223372036854775807

solution_detail

String

Vulnerability fixing guide

Minimum: 0

Maximum: 65534

url

String

Vulnerability URL

Minimum: 0

Maximum: 2083

description

String

Vulnerability description

Minimum: 0

Maximum: 65534

type

String

Vulnerability type. The options are as follows: -linux_vul: Linux vulnerability -windows_vul: Windows vulnerability -web_cms: Web-CMS vulnerability -app_vul: application vulnerability

Minimum: 0

Maximum: 128

host_id_list

Array of strings

List of servers where the vulnerability can be handled

Minimum: 0

Maximum: 128

Array Length: 0 - 2147483647

cve_list

Array of cve_list objects

CVE list

Array Length: 1 - 10000

patch_url

String

Patch address

Minimum: 0

Maximum: 512

repair_priority

String

Fix Priority Critical High Medium Low

Minimum: 1

Maximum: 32

hosts_num

VulnerabilityHostNumberInfo object

Affected server

repair_success_num

Integer

Number of successful repairs

Minimum: 0

Maximum: 1000000

fixed_num

Long

Number of repairs

Minimum: 0

Maximum: 1000000

ignored_num

Long

Number of ignored items

Minimum: 0

Maximum: 1000000

verify_num

Integer

Number of verifications

Minimum: 0

Maximum: 1000000

repair_priority_list

Array of RepairPriorityListInfo objects

Fixing priority. The number of servers corresponding to each fixing priority.

Array Length: 0 - 4

Table 6 cve_list

Parameter

Type

Description

cve_id

String

CVE ID

Minimum: 1

Maximum: 32

cvss

Float

CVSS score

Minimum: 0

Maximum: 10

Table 7 VulnerabilityHostNumberInfo

Parameter

Type

Description

important

Integer

Number of important servers

Minimum: 0

Maximum: 10000

common

Integer

Number of common servers

Minimum: 0

Maximum: 10000

test

Integer

Number of test servers

Minimum: 0

Maximum: 10000

Table 8 RepairPriorityListInfo

Parameter

Type

Description

repair_priority

String

Priority Critical High Medium Low

Minimum: 1

Maximum: 10

host_num

Integer

Number of servers corresponding to the fixing priority

Minimum: 0

Maximum: 2147483647

Example Requests

Query the first 10 records in the vulnerability list whose project_id is 2b31ed520xxxxxxebedb6e57xxxxxxxx.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10

Example Responses

Status code: 200

vulnerability list

{
  "total_num" : 1,
  "data_list" : [ {
    "description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
    "host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
    "host_num" : 1,
    "scan_time" : 1661752185836,
    "severity_level" : "Critical",
    "repair_necessity" : "Critical",
    "solution_detail" : "To upgrade the affected software",
    "type" : "linux_vul",
    "unhandle_host_num" : 0,
    "url" : "https://ubuntu.com/security/CVE-2022-27405",
    "vul_id" : "USN-5528-1",
    "vul_name" : "USN-5528-1: FreeType vulnerabilities",
    "repair_priority_list" : [ {
      "repair_priority" : "Critical",
      "host_num" : 0
    }, {
      "repair_priority" : "High",
      "host_num" : 0
    }, {
      "repair_priority" : "Medium",
      "host_num" : 1
    }, {
      "repair_priority" : "Low",
      "host_num" : 0
    } ]
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListVulnerabilitiesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListVulnerabilitiesRequest request = new ListVulnerabilitiesRequest();
        request.withEnterpriseProjectId("<enterprise_project_id>");
        request.withType("<type>");
        request.withVulId("<vul_id>");
        request.withVulName("<vul_name>");
        request.withLimit(<limit>);
        request.withOffset(<offset>);
        request.withRepairPriority("<repair_priority>");
        request.withHandleStatus("<handle_status>");
        request.withCveId("<cve_id>");
        request.withLabelList("<label_list>");
        request.withStatus("<status>");
        request.withAssetValue("<asset_value>");
        request.withGroupName("<group_name>");
        try {
            ListVulnerabilitiesResponse response = client.listVulnerabilities(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = BasicCredentials(ak, sk)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListVulnerabilitiesRequest()
        request.enterprise_project_id = "<enterprise_project_id>"
        request.type = "<type>"
        request.vul_id = "<vul_id>"
        request.vul_name = "<vul_name>"
        request.limit = <limit>
        request.offset = <offset>
        request.repair_priority = "<repair_priority>"
        request.handle_status = "<handle_status>"
        request.cve_id = "<cve_id>"
        request.label_list = "<label_list>"
        request.status = "<status>"
        request.asset_value = "<asset_value>"
        request.group_name = "<group_name>"
        response = client.list_vulnerabilities(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListVulnerabilitiesRequest{}
	enterpriseProjectIdRequest:= "<enterprise_project_id>"
	request.EnterpriseProjectId = &enterpriseProjectIdRequest
	typeRequest:= "<type>"
	request.Type = &typeRequest
	vulIdRequest:= "<vul_id>"
	request.VulId = &vulIdRequest
	vulNameRequest:= "<vul_name>"
	request.VulName = &vulNameRequest
	limitRequest:= int32(<limit>)
	request.Limit = &limitRequest
	offsetRequest:= int32(<offset>)
	request.Offset = &offsetRequest
	repairPriorityRequest:= "<repair_priority>"
	request.RepairPriority = &repairPriorityRequest
	handleStatusRequest:= "<handle_status>"
	request.HandleStatus = &handleStatusRequest
	cveIdRequest:= "<cve_id>"
	request.CveId = &cveIdRequest
	labelListRequest:= "<label_list>"
	request.LabelList = &labelListRequest
	statusRequest:= "<status>"
	request.Status = &statusRequest
	assetValueRequest:= "<asset_value>"
	request.AssetValue = &assetValueRequest
	groupNameRequest:= "<group_name>"
	request.GroupName = &groupNameRequest
	response, err := client.ListVulnerabilities(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

vulnerability list

Error Codes

See Error Codes.