跳到主要内容
版本:1.8.7

组件管理

使用流程
  1. 利用项目 id 调用组件概况接口获取组件概况。(项目 id 部分可参考项目部分)

  2. 根据组件概况的大致情况,使用组件列表接口获取获取组件详情信息。

info

可使用组件详情接口,单个获取组件信息

组件概况(项目相关)

  • API Path/api/v1/sca/summary

  • 请求方法GET

  • 详细说明: 使用指定项目信息获取对应的组件概况。

  • Query 参数

    参数名说明必填类型限制示例
    keyword模糊搜索关键词,针对 package_name 字段[string]
    language编程语言[string]
    level_id漏洞等级 ID[int]
    order排序指标:version, level, vul_count, language, package_name[string]
    page对应页码[int]
    pageSize每页数量[int]
    project_id项目 ID[int]
    project_name项目名[string]
    version_id默认值为项目的当前版本[int]
  • 请求内容

    /api/v1/sca/summary?language=JAVA&level=&project_name=&keyword=1&order=version&project_id=
  • 响应内容

    {
    "status": 201,
    "msg": "success",
    "data": {
    "language": [{
    "language": "JAVA",
    "count": 3926
    }, {
    "language": "PYTHON",
    "count": 0
    }],
    "level": [{
    "level": "高危",
    "count": 55,
    "level_id": 1
    }, {
    "level": "中危",
    "count": 13,
    "level_id": 2
    }, {
    "level": "低危",
    "count": 0,
    "level_id": 3
    }, {
    "level": "无风险",
    "count": 3858,
    "level_id": 4
    }, {
    "level": "提示",
    "count": 0,
    "level_id": 5
    }],
    "projects": [{
    "project_name": "openrasp-vulns",
    "count": 513,
    "id": 121
    }, {
    "project_name": "openrasp1.0.6",
    "count": 342,
    "id": 123
    }, {
    "project_name": "openrasp106",
    "count": 171,
    "id": 131
    }, {
    "project_name": "shop",
    "count": 152,
    "id": 85
    }, {
    "project_name": "testStars",
    "count": 87,
    "id": 116
    }]
    }
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[object]
    status状态码:201[int]
    msg状态信息:success[string]
    参数名说明必填类型值可能性限制示例
    language[array]
    level[array]
    projects[array]
    参数名说明必填类型值可能性限制示例
    language编程语言[string]
    count编程语言对应的漏洞数量[int]
    参数名说明必填类型值可能性限制示例
    level漏洞类型名称[string]
    count漏洞级别对应的漏洞数量[int]
    level_id漏洞类型 ID[int]
    参数名说明必填类型值可能性限制示例
    project_name项目名[string]
    count项目对应的漏洞数量[int]
    id项目 ID[int]

组件列表(项目相关)

  • API Path/api/v1/scas
  • 请求方法GET

  • 详细说明: 使用指定项目信息获取对应的组件。

  • Query 参数

    参数名说明必填类型限制示例
    keyword模糊搜索关键词,针对package_name字段[string]
    language编程语言[string]
    level_id漏洞等级 ID[int]
    order排序指标:version, level, vul_count, language, package_name[string]
    page对应页码[int]
    pageSize每页数量[int]
    project_id项目 ID[int]
    project_name项目名[string]
    version_id默认值为项目的当前版本[int]
  • 请求内容

    /api/v1/scas?page=1&pageSize=12&language=JAVA&level=&project_name=&keyword=1&order=version&project_id=
  • 响应内容

    {
    "status": 201,
    "msg": "success",
    "data": [{
    "id": 20931,
    "package_name": "classmate-1.5.1.jar",
    "version": "1.5.1",
    "project_name": "springsec-test-prod",
    "project_id": 142,
    "project_version": "V1.0",
    "language": "JAVA",
    "agent_name": "Mac OS X-localhost-v1.0.6-30a7571c06ec4df99e306f7fa8735e49",
    "signature_value": "3fe0bed568c62df5e89f4f174c101eab25345b6c",
    "level": "无风险",
    "level_type": 4,
    "vul_count": 0,
    "dt": 1635479128
    }, {
    "id": 20932,
    "package_name": "hibernate-commons-annotations-5.1.0.Final.jar",
    "version": "5.1.0.Final",
    "project_name": "springsec-test-prod",
    "project_id": 142,
    "project_version": "V1.0",
    "language": "JAVA",
    "agent_name": "Mac OS X-localhost-v1.0.6-30a7571c06ec4df99e306f7fa8735e49",
    "signature_value": "700aeedc4a2089816621948f0379e17cbd17d5db",
    "level": "无风险",
    "level_type": 4,
    "vul_count": 0,
    "dt": 1635479128
    }, {
    "id": 20929,
    "package_name": "postgresql-42.2.14.jar",
    "version": "42.2.14",
    "project_name": "springsec-test-prod",
    "project_id": 142,
    "project_version": "V1.0",
    "language": "JAVA",
    "agent_name": "Mac OS X-localhost-v1.0.6-30a7571c06ec4df99e306f7fa8735e49",
    "signature_value": "45fa6eef266aa80024ef2ab3688d9faa38c642e5",
    "level": "无风险",
    "level_type": 4,
    "vul_count": 0,
    "dt": 1635479127
    }, {
    "id": 20930,
    "package_name": "byte-buddy-1.10.13.jar",
    "version": "1.10.13",
    "project_name": "springsec-test-prod",
    "project_id": 142,
    "project_version": "V1.0",
    "language": "JAVA",
    "agent_name": "Mac OS X-localhost-v1.0.6-30a7571c06ec4df99e306f7fa8735e49",
    "signature_value": "1426b15be5954246a9a72fd4baae1f42b9a4f45d",
    "level": "无风险",
    "level_type": 4,
    "vul_count": 0,
    "dt": 1635479127
    }],
    "page": {
    "alltotal": 3926,
    "num_pages": 328,
    "page_size": 12
    }
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[array]
    status状态码:201[int]
    msg状态信息:success[string]
    参数名说明必填类型值可能性示例
    id[int]
    package_name[string]
    version[string]
    project_name[string]
    project_id[string]
    project_version[string]
    language[string]
    agent_name[string]
    signature_value[string]
    level[string]
    level_type[string]
    vul_count[int]
    dt[int]

组件详情

  • API Path/api/v1/sca/{id}

  • 请求方法GET

  • 详细说明: 通过指定id来获取对应组件的详情

  • REST 参数

    参数名说明必填类型值可能性限制示例
    id[int]
  • 请求内容

    /api/v1/sca/20931
  • 响应内容

    {
    "status": 201,
    "msg": "success",
    "data": {
    "id": 20893,
    "package_name": "maven:org.springframework:spring-web:5.2.8.RELEASE:",
    "version": "5.2.8.RELEASE",
    "project_name": "springsec-test-prod",
    "project_id": 142,
    "project_version": "V1.0",
    "language": "JAVA",
    "agent_name": "Mac OS X-localhost-v1.0.6-30a7571c06ec4df99e306f7fa8735e49",
    "signature_value": "4f9542d61fff7beb6050e8028dfb6b7c6844c99a",
    "level": "中危",
    "level_type": 2,
    "vul_count": 1,
    "dt": 1635479109,
    "vuls": [{
    "safe_version": "5.2.9.RELEASE",
    "vulcve": "CVE-2020-5421",
    "vulcwe": "NVD-CWE-noinfo",
    "vulname": "Reflected File Download (RFD) Attack",
    "overview": "spring-web is vulnerable to Reflected File Download (RFD) attack. An incomplete fix of CVE-2015-5211 allows an attacker to bypass the protection against RFD attack via the `jsessionid` path parameter.\n\n",
    "teardown": "",
    "reference": "[{\"type\": \"GITHUB_FIX_COMMIT\", \"title\": \"\", \"url\": \"https://github.com/spring-projects/spring-framework/commit/dd011c991ce801660ec2be7979f3fc6462f29289\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)\", \"url\": \"https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@<commits.ambari.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@<dev.ambari.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@<dev.ambari.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@<issues.ambari.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@<issues.ambari.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@<dev.hive.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@<issues.hive.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@<issues.hive.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[ignite-user] 20201117 Query on CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@<user.ignite.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[ignite-user] 20201119 Re: Query on CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@<user.ignite.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[pulsar-commits] 20201022 [GitHub] [pulsar] Ghatage opened a new pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@<commits.pulsar.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[pulsar-commits] 20201023 [GitHub] [pulsar] Ghatage commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@<commits.pulsar.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[pulsar-commits] 20201026 [GitHub] [pulsar] wolfstudy commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@<commits.pulsar.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[pulsar-commits] 20201028 [GitHub] [pulsar] merlimat merged pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421\", \"url\": \"https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@<commits.pulsar.apache.org>\"}, {\"type\": \"VENDOR_DISCLOSURE\", \"title\": \"[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE\", \"url\": \"https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@<dev.ranger.apache.org>\"}, {\"type\": \"OTHER\", \"title\": \"Vulnerability Disclosure\", \"url\": \"https://tanzu.vmware.com/security/cve-2020-5421\"}]",
    "level": "中危"
    }]
    }
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[object]
    status状态码:201[int]
    msg状态信息:success[string]
    参数名说明必填类型值可能性示例
    id[int]
    package_name[string]
    version[string]
    project_name[string]
    project_id[string]
    project_version[string]
    language[string]
    agent_name[string]
    signature_value[string]
    level[string]
    level_type[string]
    vul_count[int]
    dt[int]
    vuls[array]
    参数名说明必填类型值可能性示例
    safe_version[string]
    vulcve[string]
    vulcwe[string]
    vulname[string]
    overview[string]
    teardown[string]
    reference[string]
    level[string]