更新时间:2024-11-19 GMT+08:00

查询漏洞列表

功能介绍

查询漏洞列表

调用方法

请参见如何调用API

URI

GET /v5/{project_id}/vulnerability/vulnerabilities

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目ID

表2 Query参数

参数

是否必选

参数类型

描述

enterprise_project_id

String

企业项目ID,“0”表示默认企业项目,查询所有企业项目时填写:all_granted_eps

type

String

漏洞类型,包含如下:

-linux_vul : linux漏洞

-windows_vul : windows漏洞

-web_cms : Web-CMS漏洞

-app_vul : 应用漏洞

vul_id

String

漏洞ID

vul_name

String

漏洞名称

limit

Integer

每页显示个数

offset

Integer

偏移量:指定返回记录的开始位置

repair_priority

String

修复优先级

Critical 紧急

High 高

Medium 中

Low 低

handle_status

String

处置状态,包含如下:

  • unhandled :未处理

  • handled : 已处理

cve_id

String

漏洞编号

label_list

String

漏洞标签

status

String

漏洞状态

asset_value

String

资产重要性

important

common

test

group_name

String

服务器组名称

请求参数

表3 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

用户Token。

通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)

响应参数

状态码: 200

表4 响应Body参数

参数

参数类型

描述

total_num

Long

漏洞总数

data_list

Array of VulInfo objects

软件漏洞列表

表5 VulInfo

参数

参数类型

描述

vul_name

String

漏洞名称

vul_id

String

漏洞ID

label_list

Array of strings

漏洞标签

repair_necessity

String

修复必要性

  • Critical : 漏洞cvss评分大于等于9;对应控制台页面的高危

  • High : 漏洞cvss评分大于等于7,小于9;对应控制台页面的中危

  • Medium : 漏洞cvss评分大于等于4,小于7;对应控制台页面的中危

  • Low : 漏洞cvss评分小于4;对应控制台页面的低危

severity_level

String

漏洞级别

  • Critical : 漏洞cvss评分大于等于9;对应控制台页面的高危

  • High : 漏洞cvss评分大于等于7,小于9;对应控制台页面的中危

  • Medium : 漏洞cvss评分大于等于4,小于7;对应控制台页面的中危

  • Low : 漏洞cvss评分小于4;对应控制台页面的低危

host_num

Integer

受影响服务器台数

unhandle_host_num

Integer

未处理主机台数,除已忽略和已修复的主机数量

scan_time

Long

最近扫描时间,时间戳单位:毫秒

solution_detail

String

修复漏洞的指导意见

url

String

URL链接

description

String

漏洞描述

type

String

漏洞类型,包含如下:

-linux_vul : linux漏洞

-windows_vul : windows漏洞

-web_cms : Web-CMS漏洞

-app_vul : 应用漏洞

host_id_list

Array of strings

可处置该漏洞的主机列表

cve_list

Array of cve_list objects

CVE列表

patch_url

String

补丁地址

repair_priority

String

修复优先级

Critical 紧急

High 高

Medium 中

Low 低

hosts_num

VulnerabilityHostNumberInfo object

影响主机

repair_success_num

Integer

修复成功次数

fixed_num

Long

修复数量

ignored_num

Long

忽略数量

verify_num

Integer

验证数量

repair_priority_list

Array of RepairPriorityListInfo objects

修复优先级,每个修复优先级对应的主机数量

表6 cve_list

参数

参数类型

描述

cve_id

String

CVE ID

cvss

Float

CVSS分值

表7 VulnerabilityHostNumberInfo

参数

参数类型

描述

important

Integer

重要主机数量

common

Integer

一般主机数量

test

Integer

测试主机数量

表8 RepairPriorityListInfo

参数

参数类型

描述

repair_priority

String

修复优先级

Critical 紧急

High 高

Medium 中

Low 低

host_num

Integer

当前修复优先级对应的主机数量

请求示例

查询project_id为2b31ed520xxxxxxebedb6e57xxxxxxxx的漏洞列表前10条数据。

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/vulnerabilities?offset=0&limit=10

响应示例

状态码: 200

漏洞列表

{
  "total_num" : 1,
  "data_list" : [ {
    "description" : "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, or possibly execute arbitrary code.",
    "host_id_list" : [ "caa958ad-a481-4d46-b51e-6861b8864515" ],
    "host_num" : 1,
    "scan_time" : 1661752185836,
    "severity_level" : "Critical",
    "repair_necessity" : "Critical",
    "solution_detail" : "To upgrade the affected software",
    "type" : "linux_vul",
    "unhandle_host_num" : 0,
    "url" : "https://ubuntu.com/security/CVE-2022-27405",
    "vul_id" : "USN-5528-1",
    "vul_name" : "USN-5528-1: FreeType vulnerabilities",
    "repair_priority_list" : [ {
      "repair_priority" : "Critical",
      "host_num" : 0
    }, {
      "repair_priority" : "High",
      "host_num" : 0
    }, {
      "repair_priority" : "Medium",
      "host_num" : 1
    }, {
      "repair_priority" : "Low",
      "host_num" : 0
    } ]
  } ]
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.hss.v5.region.HssRegion;
import com.huaweicloud.sdk.hss.v5.*;
import com.huaweicloud.sdk.hss.v5.model.*;


public class ListVulnerabilitiesSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        HssClient client = HssClient.newBuilder()
                .withCredential(auth)
                .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                .build();
        ListVulnerabilitiesRequest request = new ListVulnerabilitiesRequest();
        try {
            ListVulnerabilitiesResponse response = client.listVulnerabilities(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkhss.v5.region.hss_region import HssRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkhss.v5 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = HssClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(HssRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListVulnerabilitiesRequest()
        response = client.list_vulnerabilities(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := hss.NewHssClient(
        hss.HssClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListVulnerabilitiesRequest{}
	response, err := client.ListVulnerabilities(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

漏洞列表

错误码

请参见错误码