跳到主要内容
版本:1.8.7

漏洞管理

使用流程
  1. 根据漏洞状态列表接口获取获取漏洞状态字段
  2. 通过漏洞列表接口获取项目或 Agent 对应的漏洞列表
  3. 通过 漏洞 id 使用漏洞验证接口进行重放验证
  4. 自行验证完或已知的漏洞使用漏洞状态修改

漏洞概览

  • API Path/api/v1/vuln/summary

  • 请求方法GET

  • 详细说明: 使用下列条件来查看项目的漏洞数量统计

  • Query 参数

    参数名说明必填类型限制示例
    language编程语言[string]
    level漏洞等级:1,2,3,4[int]
    order排序指标:type,type,first_time,latest_time,url[string]
    project_id项目 ID[int]
    status状态名[string]
    status_id状态 ID[int]
    type漏洞类型[string]
    url漏洞的对应 URL[string]
    version_id默认值为项目的当前版本[int]
  • 请求内容

    /api/v1/vuln/summary?language=JAVA&level=&type=&url=a&order=level&status_id=1&project_id=58
  • 响应内容

    {
    "status": 201,
    "msg": "success",
    "data": {
    "language": [{
    "language": "JAVA",
    "count": 428
    }, {
    "language": "PYTHON",
    "count": 64
    }],
    "level": [{
    "level": "高危",
    "count": 254,
    "level_id": 1
    }, {
    "level": "中危",
    "count": 172,
    "level_id": 2
    }, {
    "level": "低危",
    "count": 54,
    "level_id": 3
    }, {
    "level": "无风险",
    "count": 4,
    "level_id": 4
    }, {
    "level": "提示",
    "count": 8,
    "level_id": 5
    }],
    "type": [{
    "type": "路径穿越",
    "count": 120
    }, {
    "type": "反射型XSS",
    "count": 107
    }, {
    "type": "XML外部实体注入",
    "count": 65
    }, {
    "type": "命令执行 ",
    "count": 49
    }, {
    "type": "Sql注入",
    "count": 37
    }, {
    "type": "服务器端请求伪造",
    "count": 29
    }, {
    "type": "不安全的随机数",
    "count": 27
    }, {
    "type": "不安全的hash算法",
    "count": 22
    }, {
    "type": "动态库加载",
    "count": 16
    }, {
    "type": "不安全的重定向",
    "count": 4
    }, {
    "type": "exec-code",
    "count": 3
    }, {
    "type": "没有Content-Security-Policy的响应",
    "count": 2
    }, {
    "type": "禁用 X-XSS-Protection 的响应",
    "count": 2
    }, {
    "type": "没有反点击劫持控制的页面",
    "count": 2
    }, {
    "type": "没有 X-Content-Type-Options 标头的响应",
    "count": 2
    }, {
    "type": "不安全的转发",
    "count": 1
    }, {
    "type": "",
    "count": 1
    }, {
    "type": "",
    "count": 1
    }, {
    "type": "",
    "count": 1
    }, {
    "type": "",
    "count": 1
    }],
    "projects": [{
    "project_name": "openrasp-vulns",
    "count": 178,
    "id": 121
    }, {
    "project_name": "openrasp106",
    "count": 111,
    "id": 131
    }, {
    "project_name": "openrasp1.0.6",
    "count": 63,
    "id": 123
    }, {
    "project_name": "Python-DockerVulspace",
    "count": 36,
    "id": 139
    }, {
    "project_name": "springsec",
    "count": 23,
    "id": 58
    }]
    },
    "level_data": []
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[object]
    data>>language[array]
    data>>language>>language编程语言[string]
    data>>language>>count编程语言对应的漏洞数量[int]
    data>>level[array]
    data>>level>>level漏洞类型名称[string]
    data>>level>>count漏洞级别对应的漏洞数量[int]
    data>>level>>level_id漏洞类型 ID[int]
    data>>type[array]
    data>>type>>type漏洞类型的对应名称[string]
    data>>type>>count漏洞类型对应的漏洞数量[int]
    data>>projects[array]
    data>>projects>>project_name项目名[string]
    data>>projects>>count项目对应的漏洞数量[int]
    data>>projects>>id项目 ID[int]
    status状态码 :201[int]
    msg状态信息 :success[string]
    参数名说明必填类型值可能性限制示例
    language[array]
    level[array]
    type[array]
    projects[array]
    参数名说明必填类型值可能性限制示例
    language编程语言[string]
    count编程语言对应的漏洞数量[int]
    参数名说明必填类型值可能性限制示例
    level漏洞类型名称[string]
    count漏洞级别对应的漏洞数量[int]
    level_id漏洞类型 ID[int]
    参数名说明必填类型值可能性限制示例
    type漏洞类型的对应名称[string]
    count漏洞类型对应的漏洞数量[int]
    参数名说明必填类型值可能性限制示例
    project_name项目名[string]
    count项目对应的漏洞数量[int]
    id项目 ID[int]

漏洞列表(项目相关)

  • API Path/api/v1/vulns

  • 请求方法GET

  • 详细说明: 获取项目对应的漏洞列表

  • Query 参数

    参数名说明必填类型限制示例
    language编程语言[string]
    level漏洞等级的id:1,2,3,4[int]
    order排序指标:type, level, first_time, latest_time, url[string]
    page对应页码[int]
    pageSize每页数量[int]
    project_id项目 ID[int]
    status状态名[string]
    status_id状态 ID[int]
    type漏洞类型[string]
    url漏洞的对应 URL[string]
    version_id默认值为项目的当前版本[int]
  • 请求内容

    /api/v1/vulns?page=1&pageSize=20&language=JAVA&level=&type=&project_name=&url=a&order=level&status_id=1&project_id=58
  • 响应内容

    {
    "status": 201,
    "msg": "success",
    "data": [{
    "id": 2653,
    "type": "命令执行 ",
    "hook_type_id": 40,
    "url": "http://localhost:8080/vul/cmd-003/id",
    "uri": "/vul/cmd-003/id",
    "agent_id": 484,
    "level_id": 1,
    "http_method": "GET",
    "top_stack": "org.springframework.web.method.support.HandlerMethodArgumentResolver.resolveArgument",
    "bottom_stack": "java.lang.Runtime.exec",
    "taint_position": "HEADER/PATH",
    "latest_time": 1632993094,
    "first_time": 1629774096,
    "language": "JAVA",
    "status": "待验证",
    "index": 0,
    "project_name": "springsec",
    "project_id": 58,
    "server_name": "Apache Tomcat/9.0.37",
    "server_type": "apache tomcat",
    "level_type": 1,
    "level": "高危"
    }, {
    "id": 2654,
    "type": "路径穿越",
    "hook_type_id": 44,
    "url": "http://localhost:8080/vul/file-read-001",
    "uri": "/vul/file-read-001",
    "agent_id": 484,
    "level_id": 1,
    "http_method": "GET",
    "top_stack": "org.springframework.web.method.support.HandlerMethodArgumentResolver.resolveArgument",
    "bottom_stack": "java.io.File.<init>",
    "taint_position": "GET/HEADER/PATH",
    "latest_time": 1632993094,
    "first_time": 1629774097,
    "language": "JAVA",
    "status": "待验证",
    "index": 1,
    "project_name": "springsec",
    "project_id": 58,
    "server_name": "Apache Tomcat/9.0.37",
    "server_type": "apache tomcat",
    "level_type": 1,
    "level": "高危"
    }],
    "page": {
    "alltotal": 22,
    "num_pages": 2,
    "page_size": 20
    }
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制
    data[array]
    status状态码:201[int]
    msg状态信息:success[string]
    参数名说明必填类型值可能性示例
    id[int]
    type[string]
    hook_type_id[int]
    url[string]
    uri[string]
    agent_id[int]
    level_id[int]
    http_method[string]
    top_stack[string]
    bottom_stack[string]
    taint_position[string]
    latest_time[int]
    first_time[int]
    language[string]
    status[string]
    index[int]
    project_name项目名[string]
    project_id项目ID[int]
    server_name[string]
    server_type[string]
    level_type[int]
    level[string]

漏洞列表(Agent相关)

  • API Path/api/v1/plugin/vuln/list

  • 请求方法GET

  • 详细说明: 使用 agent 名 获取对应的漏洞列表

  • Query 参数

    参数名说明必填类型限制示例
    nameAgent 名称[string]
    order排序指标:id, hook_type_id, url, http_method, top_stack, bottom_stack[string]
    page对应页码[int]
    pageSize每页数量[int]
    url漏洞的对应url[string]
  • 请求内容

    /api/v1/plugin/vuln/list
  • 响应内容

    {

    "data":

    [

    {
    "id": 0,
    "type": "string",
    "level_id": 0,
    "url": "string",
    "http_method": "string",
    "top_stack": "string",
    "bottom_stack": "string",
    "hook_type_id": 0,
    "level": "string"
    }
    ],
    "status": 201,
    "msg": "success"

    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[array]
    status状态码:201[int]
    msg状态信息:success[string]
    参数名说明必填类型值可能性限制示例
    id[int]
    type[string]
    level_id[int]
    url[string]
    http_method[string]
    top_stack[string]
    bottom_stack[string]
    hook_type_id[int]
    level漏洞名[string]

漏洞详情

  • API Path/api/v1/vuln/{id}

  • 请求方法GET

  • 详细说明: 使用漏洞对应的 id 来获取漏洞详情信息

  • REST 参数

    参数名说明必填类型值可能性限制示例
    id[int]
  • 请求内容

    /api/v1/vuln/12811
  • 响应内容

    {
    "status": 201,
    "msg": "success",
    "data": {
    "vul": {
    "url": "http://localhost:8080/vulns/009-deserialize.jsp",
    "uri": "/vulns/009-deserialize.jsp",
    "agent_name": "Linux-fv-az129-986-v1.0.6-java.action.github.com",
    "http_method": "GET",
    "type": "不安全的hash算法",
    "taint_position": null,
    "first_time": 1635310288,
    "latest_time": 1635479684,
    "project_name": "openrasp-vulns",
    "project_version": "V1.0",
    "language": "JAVA",
    "level": "低危",
    "level_type": 3,
    "counts": 3,
    "req_header": "GET /vulns/009-deserialize.jsp?id=whoami HTTP/1.1\nhost:localhost:8080\nuser-agent:curl/7.68.0\naccept:*/*\n",
    "response": "\n\n",
    "graph": null,
    "context_path": "openrasp-vulns",
    "client_ip": "127.0.0.1",
    "status": "待验证",
    "taint_value": null,
    "param_name": {},
    "method_pool_id": null,
    "project_id": 121
    },
    "server": {
    "name": "server.name",
    "hostname": "fv-az129-986",
    "ip": "localhost",
    "port": 8080,
    "container": "Tomcat/8.x",
    "server_type": "tomcat",
    "container_path": "/home/runner/work/DongTai-agent-java/apache-tomcat-8.5.40",
    "runtime": "OpenJDK Runtime Environment",
    "environment": "java.vendor=Azul Systems, Inc., sun.java.launcher=SUN_STANDARD, catalina.base=/home/runner/work/DongTai-agent-java/apache-tomcat-8.5.40, sun.management.compiler=HotSpot 64-Bit Tiered Compilers, catalina.useNaming=true, os.name=Linux, sun.boot.class.path=/",
    "command": "org.apache.catalina.startup.Bootstrap start"
    },
    "strategy": {
    "desc": "",
    "sample_code": "",
    "repair_suggestion": ""
    }
    }
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[object]
    status状态码:201[int]
    msg状态信息:success[string]
    参数名说明必填类型值可能性限制示例
    vul[object]
    server[object]
    strategy[object]
    参数名说明必填类型值可能性限制示例
    desc[string]
    sample_code[string]
    repair_suggestion[string]
    参数名说明必填类型值可能性限制示例
    name[string]
    hostname[string]
    ip[string]
    port[string]
    container[string]
    server_type[string]
    container_path[string]
    runtime[string]
    environment[string]
    command[string]
    参数名说明必填类型值可能性限制示例
    url[string]
    uri[string]
    agent_name[string]
    http_method[string]
    type[string]
    taint_position[string]
    first_time[int]
    latest_time[int]
    project_name项目名[string]
    project_version项目的版本名[string]
    language编程语言[string]
    level漏洞类型名称[string]
    level_type漏洞类型 ID[int]
    counts[int]
    request_header[string]
    response[string]
    graph[string]
    context_path[string]
    client_ip[string]
    status[string]
    taint_value[string]
    param_name[string]
    method_pool_id[int]
    project_id项目 ID[int]

漏洞验证

  • API Path/api/v1/vul/recheck

  • 请求方法GET

  • 详细说明: 验证用户对应的漏洞(需要指定验证行为的类型)

  • Query 参数

    参数名说明必填类型限制示例
    projectId项目的对应 ID,只有在 type 参数为 project 时,该参数才会被使用[int]
    type可选项有('all','project'),对应全部漏洞和指定项目的漏洞[string]
  • 请求内容

    /api/v1/vul/recheck?type=all
  • 响应内容

    {
    "status":201,
    "msg":"处理成功",
    "data":{
    "no_agent":492,
    "pending":422,
    "recheck":57,
    "checking":20
    }
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[object]
    status状态码:201、202[int]
    msg状态信息:ids 必须为:漏洞 ID,漏洞 ID 格式、处理成功、漏洞重放出错、ids 不能为空[string]
    参数名说明必填类型值可能性示例
    no_agent项目是否存在 Agent[boolean]
    pending重放的等待队列长度[int]
    recheck重放的成功队列长度[int]
    checking重放的检测队列长度[int]

漏洞验证

  • API Path/api/v1/vul/recheck

  • 请求方法POST

  • 详细说明: 验证用户对应的漏洞(需要指定验证行为的类型)

  • REST参数

    参数名说明必填类型值可能性限制示例
    ids需要验证的漏洞的 ID,用 ',' 分割[int]
  • 请求内容

    /api/v1/vul/recheck
    {
    "ids":"12986,12985,12983,12984,12982,12981,12980,12897,12978,12979,12977,12976,12975,12974,12973,12911,12972,12965,12964,12970"
    }
  • 响应内容

    {
    "status": 201,
    "msg": "处理成功",
    "data": {
    "no_agent": 11,
    "pending": 19,
    "recheck": 0,
    "checking": 1
    }
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[object]
    status状态码:201、202[int]
    msg状态信息:ids 必须为:漏洞 ID,漏洞 ID 格式、处理成功、漏洞重放出错、ids 不能为空[string]
    参数名说明必填类型值可能性示例
    no_agent项目是否存在 Agent[boolean]
    pending重放的等待队列长度[int]
    recheck重放的成功队列长度[int]
    checking重放的检测队列长度[int]

漏洞状态列表

  • API Path/api/v1/vul/status_list

  • 请求方法GET

  • 详细说明: 漏洞状态列表,里面包含了漏洞的可选状态,调用漏洞状态修改 API 时请先从此 API 获取漏洞状态数据。

  • 请求内容

    /api/v1/vul/recheck
  • 响应内容

    {
    "status": 201,
    "msg": "success",
    "data": [{
    "id": 1,
    "name": "待验证",
    "name_en": "Pending",
    "name_zh": "待验证"
    }, {
    "id": 2,
    "name": "验证中",
    "name_en": "Verifying",
    "name_zh": "验证中"
    }, {
    "id": 3,
    "name": "已确认",
    "name_en": "Confirmed",
    "name_zh": "已确认"
    }, {
    "id": 4,
    "name": "已忽略",
    "name_en": "Ignore",
    "name_zh": "已忽略"
    }, {
    "id": 5,
    "name": "已处理",
    "name_en": "Solved",
    "name_zh": "已处理"
    }]
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[array]
    status状态码:201[int]
    msg状态信息:success[string]
    参数名说明必填类型值可能性示例
    id[int]
    name[string]
    name_en[string]
    name_zh[string]

漏洞状态修改

  • API Path/api/v1/vuln/status

  • 请求方法POST

  • 详细说明: 修改指定 id 的漏洞状态,状态由以下两个参数指定,status 对应状态名词,status_id 对应状态的 id,均可由漏洞状态列表 API 获得,优先使用 status_id

  • 请求内容

    /api/v1/vuln/status
    {
    "id": 12811,
    "status": "已忽略"
    }
  • 响应内容

    {
    "status": 201,
    "msg": "漏洞状态修改为已忽略"
    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    status状态码:201、202[int]
    msg状态信息:参数不正确 、漏洞状态修改为{}[string]

漏洞总数(Agent相关)

  • API Path/api/v1/plugin/vuln/count

  • 请求方法GET

  • 详细说明: 获取用户对应的漏洞列表

  • Query 参数

    参数名说明必填类型限制示例
    name[string]
  • 请求内容

    /api/v1/plugin/vuln/count?name=string
  • 响应内容

    {

    "data": 0,
    "status": 201,
    "msg": "success"

    }
  • 返回结果Json Object

    参数名说明必填类型值可能性限制示例
    data[int]
    status状态码 :201[int]
    msg状态信息 :success[string]