Querying SQL Injection Rule Policies
Function
This API is used to query an SQL injection rule policy.
Calling Method
For details, see Calling APIs.
URI
POST /v1/{project_id}/{instance_id}/dbss/audit/rule/sql-injections
|
Parameter |
Mandatory |
Parameter Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID. |
|
instance_id |
Yes |
String |
Instance ID. You can obtain the value from the ID field in the API for querying the instance list. |
Request Parameter
|
Parameter |
Mandatory |
Parameter Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) |
|
Parameter |
Mandatory |
Parameter Type |
Description |
|---|---|---|---|
|
risk_levels |
No |
String |
Risk severity.
|
Response Parameters
Status code: 200
|
Parameter |
Parameter Type |
Description |
|---|---|---|
|
rules |
Array of rules objects |
SQL rule list |
|
total |
Integer |
Total number |
|
Parameter |
Parameter Type |
Description |
|---|---|---|
|
id |
String |
SQL rule ID |
|
name |
String |
SQL rule name |
|
status |
String |
Rule status. The options are as follows:
|
|
risk_level |
String |
Risk severity.
|
|
type |
String |
Rule types. The value can be:
|
|
rank |
Integer |
Priority. A smaller value indicates a higher priority. |
|
feature |
String |
SQL command features |
|
regex |
String |
Regular expression |
Status code: 400
|
Parameter |
Parameter Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Parameter Type |
Description |
|---|---|---|
|
error_code |
String |
Error code |
|
error_msg |
String |
Error message |
Status code: 403
|
Parameter |
Parameter Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Parameter Type |
Description |
|---|---|---|
|
error_code |
String |
Error code |
|
error_msg |
String |
Error message |
Status code: 500
|
Parameter |
Parameter Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Parameter Type |
Description |
|---|---|---|
|
error_code |
String |
Error code |
|
error_msg |
String |
Error message |
Example Request
/v1/{project_id}/{instance_id}/dbss/audit/rule/sql-injections
{
"risk_levels" : "HIGH"
}
Response Examples
Status code: 200
Succeeded
{
"rules" : [ {
"id" : "zX4W2ngBo47GiyUSBuNs",
"name": "MySQL error based SQL injection",
"status" : "ON",
"type" : "SYSTEM",
"risk_level" : "HIGH",
"rank" : 1,
"feature": "regular expression,
"regex" : "((.*)?(select)\\s+[0-9]+\\s+from\\s+\\(\\s*select\\s+count(.*)?(concat)\\s*(.*)?(from)\\s*(information_schema.tables)(.*)?(group)\\s+(by)(.*)?)"
} ],
"total" : 1
}
Status code: 400
Incorrect request parameters.
{
"error" : {
"error_code" : "DBSS.XXXX",
"error_msg" : "XXX"
}
}
Status code: 500
Internal server error.
{
"error" : {
"error_code" : "DBSS.XXXX",
"error_msg" : "XXX"
}
}
Status Code
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
|
400 |
Incorrect request parameter. |
|
403 |
Authentication failed. |
|
500 |
Internal server error. |
Error Codes
For details, see Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
