Querying a SQL Injection Rule Policy
Function
This API is used to query a SQL injection rule policy.
URI
POST /v1/{project_id}/{instance_id}/dbss/audit/rule/sql-injections
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
project_id |
Yes |
String |
Project ID |
instance_id |
Yes |
String |
Instance ID |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Content-type |
Yes |
String |
The fixed value of this parameter is application/json;charset=UTF-8, which cannot be changed. |
X-Auth-Token |
Yes |
String |
User token |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
risk_levels |
No |
String |
Risk level: (Use commas (,) to separate multiple queries.) HIGH MEDIUM LOW |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
rules |
Array of rules objects |
SQL rule list |
total |
Integer |
Total number of items in the current scope |
Parameter |
Type |
Description |
|---|---|---|
id |
String |
SQL Rule ID |
name |
String |
SQL rule name |
status |
String |
Rule status: ON OFF |
risk_level |
String |
Risk level: HIGH MEDIUM LOW |
type |
String |
System default rules or user-defined rules. [SYSTEM,CUSTOMIZE] |
rank |
Integer |
The priority of this rule, with values ranging from 1 to 8. The smaller the value, the higher the priority |
feature |
String |
SQL command feature For example : Delete * |
regex |
String |
Regular expression |
keywords |
String |
Keyword defined in the system rule. This field is available only for preset rules. |
Status code: 400
Parameter |
Type |
Description |
|---|---|---|
error |
Object |
Error message. |
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error information. |
Status code: 403
Parameter |
Type |
Description |
|---|---|---|
error |
Object |
Error message. |
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error information. |
Status code: 500
Parameter |
Type |
Description |
|---|---|---|
error |
Object |
Error message. |
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error information. |
Example Requests
/v1/{project_id}/{instance_id}/dbss/audit/rule/sql-injections
{
"risk_levels" : "HIGH"
}
Example Responses
Status code: 200
Success
{
"rules" : [ {
"id" : "zX4W2ngBo47GiyUSBuNs",
"name" : "MySQL error based SQL injection",
"status" : "ON",
"type" : "SYSTEM",
"risk_level" : "HIGH",
"rank" : 1,
"feature" : "Regular expression",
"regex" : "((.*)?(select)\\s+[0-9]+\\s+from\\s+\\(\\s*select\\s+count(.*)?(concat)\\s*(.*)?(from)\\s*(information_schema.tables)(.*)?(group)\\s+(by)(.*)?)"
} ],
"total" : 1
}
Status code: 400
Invalid parameter.
{
"error" : {
"error_code" : "DBSS.XXXX",
"error_msg" : "XXX"
}
}
Status code: 500
Internal server error.
{
"error" : {
"error_code" : "DBSS.XXXX",
"error_msg" : "XXX"
}
}
Status Codes
Status Code |
Description |
|---|---|
200 |
Success |
400 |
Invalid parameter. |
403 |
Authentication failed. |
500 |
Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
