1. 接口描述
接口请求域名: csip.tencentcloudapi.com 。
获取资产视角的漏洞风险列表
默认接口请求频率限制:20次/秒。
推荐使用 API Explorer
点击调试
API Explorer 提供了在线调用、签名验证、SDK 代码生成和快速检索接口等能力。您可查看每次调用的请求内容和返回结果以及自动生成 SDK 调用示例。
2. 输入参数
以下请求参数列表仅列出了接口请求参数和部分公共参数,完整公共参数列表见 公共请求参数。
| 参数名称 | 必选 | 类型 | 描述 |
|---|---|---|---|
| Action | 是 | String | 公共参数,本接口取值:DescribeRiskCenterAssetViewVULRiskList。 |
| Version | 是 | String | 公共参数,本接口取值:2022-11-21。 |
| Region | 否 | String | 公共参数,此参数为可选参数。 |
| MemberId.N | 否 | Array of String | 集团账号的成员id 示例值:["mem-6wfo0fzks3","mem-85fo0fzks4"] |
| Filter | 否 | Filter | 过滤内容 示例值:{"Filters":[{"Name":"RecentTime","Values":["2024-10-31 19:46:48"],"OperatorType":5},{"Name":"InstanceType","Values":["CVM"],"OperatorType":7}],"Limit":10,"Offset":0,"Order":"desc","By":"RecentTime"} |
| Tags.N | 否 | Array of AssetTag | 资产标签 示例值:[{"TagKey":"key","TagValue":"value"}] |
3. 输出参数
| 参数名称 | 类型 | 描述 |
|---|---|---|
| TotalCount | Integer | 总条数 示例值:10 |
| Data | Array of AssetViewVULRisk | 资产视角的漏洞风险列表 示例值:[ { "AffectAsset": "ins-9527", "AppId": "1302111215", "AppName": "libcurl-minimal,curl", "AppVersion": "7.61.1-18.el8", "CVE": "CVE-2023-27536", "CWPVersion": 0, "Component": "curl,libcurl-minimal", "Describe": "describe info", "EMGCVulType": 0, "FirstTime": "2024-08-29 00:10:36", "Fix": "建议关注厂商公告或升级到最新版本。\n建议您更新当前系统或软件至最新版,完成漏洞的修复。", "From": "容器检测", "Id": "11fc83d411bad671e4f9ef862dc", "Index": "5f3112799f4ae379c0880d43c285", "InstanceId": "sha256:5ddc976460bc8a1ad043720bfc16c52c45d4847e53fadb6", "InstanceName": "centos", "InstanceType": "Local", "InstanceUUID": "3cbf2d8f-c40a-452a-92ec-140f9b2d29a2", "IsSupportDetect": false, "IsSupportRepair": false, "Level": "extreme", "Nick": "声声乌龙", "POCId": "pcmgr-407", "Payload": "7.61.1-18.el8", "Port": "80", "RecentTime": "2024-10-30 11:20:39", "References": "https://hackerone.com/reports/1895135", "Service": "service", "Status": 0, "Uin": "10001122178", "VULName": "Curl 身份认证绕过漏洞(CVE-2023-27536)", "VULType": "其他", "VULURL": "http://url" } ] |
| StatusLists | Array of FilterDataObject | 状态列表 示例值:[ { "Text": "未处理", "Value": "0" }, { "Text": "标记已处置", "Value": "1" }, { "Text": "已忽略", "Value": "2" }, { "Text": "已修复", "Value": "3" } ] |
| LevelLists | Array of FilterDataObject | 危险等级列表 示例值:[ { "Text": "严重", "Value": "extreme" }, { "Text": "高危", "Value": "high" }, { "Text": "中危", "Value": "middle" }, { "Text": "低危", "Value": "low" }, { "Text": "提示", "Value": "info" } ] |
| FromLists | Array of FilterDataObject | 来源列表 示例值:[ { "Text": "云安全中心", "Value": "0" }, { "Text": "主机检测", "Value": "1" }, { "Text": "容器检测", "Value": "5" } ] |
| VULTypeLists | Array of FilterDataObject | 漏洞类型列表 示例值:[ { "Text": "信息泄漏", "Value": "信息泄漏" }, { "Text": "处理逻辑错误", "Value": "处理逻辑错误" }, { "Text": "其他", "Value": "其他" }, { "Text": "路径遍历", "Value": "路径遍历" }, { "Text": "授权问题", "Value": "授权问题" }, { "Text": "注入漏洞", "Value": "注入漏洞" }, { "Text": "代码注入", "Value": "代码注入" }, { "Text": "缓冲区溢出", "Value": "缓冲区溢出" }, { "Text": "配置错误", "Value": "配置错误" }, { "Text": "加密问题", "Value": "加密问题" }, { "Text": "跨站脚本", "Value": "跨站脚本" }, { "Text": "命令注入", "Value": "命令注入" } ] |
| InstanceTypeLists | Array of FilterDataObject | 资产类型列表 示例值:[ { "Text": "托管集群", "Value": "managed_cluster" }, { "Text": "CVM", "Value": "CVM" }, { "Text": "本地镜像", "Value": "Local" }, { "Text": "CLB", "Value": "CLB" } ] |
| RequestId | String | 唯一请求 ID,由服务端生成,每次请求都会返回(若请求因其他原因未能抵达服务端,则该次请求不会获得 RequestId)。定位问题时需要提供该次请求的 RequestId。 |
4. 示例
示例1 获取资产视角的漏洞风险列表
获取资产视角的漏洞风险列表
输入示例
POST / HTTP/1.1
Host: csip.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeRiskCenterAssetViewVULRiskList
<公共请求参数>
{
"MemberId": [
"mem-68b8087a65268000"
],
"Filter": {
"Limit": 1,
"Offset": 0
}
}输出示例
{
"Response": {
"Data": [
{
"AffectAsset": "ins-9527",
"AppId": "1302111215",
"AppName": "libcurl-minimal,curl",
"AppVersion": "7.61.1-18.el8",
"CVE": "CVE-2023-27536",
"CWPVersion": 0,
"Component": "curl,libcurl-minimal",
"Describe": "describe info",
"EMGCVulType": 0,
"FirstTime": "2024-08-29 00:10:36",
"Fix": "建议关注厂商公告或升级到最新版本。\n建议您更新当前系统或软件至最新版,完成漏洞的修复。",
"From": "容器检测",
"Id": "11fc83d411bad6***71e4f9ef862dc",
"Index": "5f31127***99f4ae379c0880d43c285",
"InstanceId": "sha256:5d***dc976460b***c8a1ad043720b***fc16c52c45d4847e53fadb6",
"InstanceName": "centos",
"InstanceType": "Local",
"InstanceUUID": "3cbf2d8f-c40a-452a-92ec-140f9b2d29a2",
"IsSupportDetect": false,
"IsSupportRepair": false,
"Level": "extreme",
"Nick": "声声乌龙",
"POCId": "pcmgr-407***",
"Payload": "7.61.1-18.el8",
"Port": "80",
"RecentTime": "2024-10-30 11:20:39",
"References": "https://hackerone.com/reports/1895135",
"Service": "service",
"Status": 0,
"Uin": "10001122178",
"VULName": "Curl 身份认证绕过漏洞(CVE-2023-27536)",
"VULType": "其他",
"VULURL": "http://url"
}
],
"FromLists": [
{
"Text": "云安全中心",
"Value": "0"
},
{
"Text": "主机检测",
"Value": "1"
},
{
"Text": "容器检测",
"Value": "5"
}
],
"InstanceTypeLists": [
{
"Text": "托管集群",
"Value": "managed_cluster"
},
{
"Text": "CVM",
"Value": "CVM"
},
{
"Text": "本地镜像",
"Value": "Local"
},
{
"Text": "CLB",
"Value": "CLB"
}
],
"LevelLists": [
{
"Text": "严重",
"Value": "extreme"
},
{
"Text": "高危",
"Value": "high"
},
{
"Text": "中危",
"Value": "middle"
},
{
"Text": "低危",
"Value": "low"
},
{
"Text": "提示",
"Value": "info"
}
],
"RequestId": "efdf251a-7f1a-4b9b-8e61-a19fc018ffa9",
"StatusLists": [
{
"Text": "未处理",
"Value": "0"
},
{
"Text": "标记已处置",
"Value": "1"
},
{
"Text": "已忽略",
"Value": "2"
},
{
"Text": "已修复",
"Value": "3"
}
],
"TotalCount": 532,
"VULTypeLists": [
{
"Text": "信息泄漏",
"Value": "信息泄漏"
},
{
"Text": "处理逻辑错误",
"Value": "处理逻辑错误"
},
{
"Text": "其他",
"Value": "其他"
},
{
"Text": "路径遍历",
"Value": "路径遍历"
},
{
"Text": "授权问题",
"Value": "授权问题"
},
{
"Text": "注入漏洞",
"Value": "注入漏洞"
},
{
"Text": "代码注入",
"Value": "代码注入"
},
{
"Text": "缓冲区溢出",
"Value": "缓冲区溢出"
},
{
"Text": "配置错误",
"Value": "配置错误"
},
{
"Text": "加密问题",
"Value": "加密问题"
},
{
"Text": "跨站脚本",
"Value": "跨站脚本"
},
{
"Text": "命令注入",
"Value": "命令注入"
}
]
}
}5. 开发者资源
腾讯云 API 平台
腾讯云 API 平台 是综合 API 文档、错误码、API Explorer 及 SDK 等资源的统一查询平台,方便您从同一入口查询及使用腾讯云提供的所有 API 服务。
API Inspector
用户可通过 API Inspector 查看控制台每一步操作关联的 API 调用情况,并自动生成各语言版本的 API 代码,也可前往 API Explorer 进行在线调试。
SDK
云 API 3.0 提供了配套的开发工具集(SDK),支持多种编程语言,能更方便的调用 API。
- Tencent Cloud SDK 3.0 for Python: GitHub Gitee
- Tencent Cloud SDK 3.0 for Java: GitHub Gitee
- Tencent Cloud SDK 3.0 for PHP: GitHub Gitee
- Tencent Cloud SDK 3.0 for Go: GitHub Gitee
- Tencent Cloud SDK 3.0 for Node.js: GitHub Gitee
- Tencent Cloud SDK 3.0 for .NET: GitHub Gitee
- Tencent Cloud SDK 3.0 for C++: GitHub Gitee
- Tencent Cloud SDK 3.0 for Ruby: GitHub Gitee
命令行工具
6. 错误码
该接口暂无业务逻辑相关的错误码,其他错误码详见 公共错误码。
