Updated on 2024-01-15 GMT+08:00

Querying a SQL Injection Rule Policy

Function

This API is used to query a SQL injection rule policy.

URI

POST /v1/{project_id}/{instance_id}/dbss/audit/rule/sql-injections

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

instance_id

Yes

String

Instance ID

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

Content-type

Yes

String

The fixed value of this parameter is application/json;charset=UTF-8, which cannot be changed.

X-Auth-Token

Yes

String

User token

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

risk_levels

No

String

Risk level: (Use commas (,) to separate multiple queries.) HIGH MEDIUM LOW

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

rules

Array of rules objects

SQL rule list

total

Integer

Total number of items in the current scope

Table 5 rules

Parameter

Type

Description

id

String

SQL Rule ID

name

String

SQL rule name

status

String

Rule status: ON OFF

risk_level

String

Risk level: HIGH MEDIUM LOW

type

String

System default rules or user-defined rules. [SYSTEM,CUSTOMIZE]

rank

Integer

The priority of this rule, with values ranging from 1 to 8. The smaller the value, the higher the priority

feature

String

SQL command feature

For example : Delete *

regex

String

Regular expression

keywords

String

Keyword defined in the system rule. This field is available only for preset rules.

Status code: 400

Table 6 Response body parameters

Parameter

Type

Description

error

Object

Error message.

Table 7 ErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error information.

Status code: 403

Table 8 Response body parameters

Parameter

Type

Description

error

Object

Error message.

Table 9 ErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error information.

Status code: 500

Table 10 Response body parameters

Parameter

Type

Description

error

Object

Error message.

Table 11 ErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error information.

Example Requests

/v1/{project_id}/{instance_id}/dbss/audit/rule/sql-injections

{
  "risk_levels" : "HIGH"
}

Example Responses

Status code: 200

Success

{
  "rules" : [ {
    "id" : "zX4W2ngBo47GiyUSBuNs",
    "name" : "MySQL error based SQL injection",
    "status" : "ON",
    "type" : "SYSTEM",
    "risk_level" : "HIGH",
    "rank" : 1,
    "feature" : "Regular expression",
    "regex" : "((.*)?(select)\\s+[0-9]+\\s+from\\s+\\(\\s*select\\s+count(.*)?(concat)\\s*(.*)?(from)\\s*(information_schema.tables)(.*)?(group)\\s+(by)(.*)?)"
  } ],
  "total" : 1
}

Status code: 400

Invalid parameter.

{
  "error" : {
    "error_code" : "DBSS.XXXX",
    "error_msg" : "XXX"
  }
}

Status code: 500

Internal server error.

{
  "error" : {
    "error_code" : "DBSS.XXXX",
    "error_msg" : "XXX"
  }
}

Status Codes

Status Code

Description

200

Success

400

Invalid parameter.

403

Authentication failed.

500

Internal server error.

Error Codes

See Error Codes.