漏洞发现 API

引入于极狐GitLab 12.5。

note此 API 资源从漏洞重命名为漏洞发现,因为漏洞是服务于漏洞对象的。 要使用以前的漏洞 API 修复损坏的集成,请将 vulnerabilities URL 部分更改为 vulnerability_findings

对漏洞发现的每个 API 调用都必须经过身份验证

如果用户没有访问使用项目安全仪表板的权限,对该项目的漏洞发现的任何请求都会返回 403 Forbidden 状态码。

caution此 API 正在被废弃,处于不稳定状态。 响应负载在极狐GitLab 发布中可能会变化或损坏。 请使用 GraphQL API 代替。 请参阅 GraphQL 示例以开始使用。

漏洞发现分页

默认情况下,GET 请求一次返回 20 个结果,因为 API 结果是分页的。

详情请参阅分页

列出项目漏洞发现

列出项目的所有漏洞发现。

GET /projects/:id/vulnerability_findings
GET /projects/:id/vulnerability_findings?report_type=sast
GET /projects/:id/vulnerability_findings?report_type=container_scanning
GET /projects/:id/vulnerability_findings?report_type=sast,dast
GET /projects/:id/vulnerability_findings?scope=all
GET /projects/:id/vulnerability_findings?scope=dismissed
GET /projects/:id/vulnerability_findings?severity=high
GET /projects/:id/vulnerability_findings?confidence=unknown,experimental
GET /projects/:id/vulnerability_findings?pipeline_id=42
caution从 12.9 开始,将不再报告 undefined 的严重和置信级别。
参数 类型 是否必需 描述
id integer/string yes 经过身份验证的用户是成员的项目 ID 或 URL 编码的路径
report_type string array no 返回属于特定报告类型的漏洞发现。有效值:sastdastdependency_scanningcontainer_scanning。默认为所有
scope string no 返回特定范围的漏洞发现:alldismissed。默认为 dismissed
severity string array no 返回属于特定严重级别的漏洞发现:infounknownlowmediumhighcritical。默认为所有
confidence string array no 返回属于特定置信级别的漏洞发现:ignoreunknownexperimentallowmediumhighconfirmed。默认为所有
pipeline_id integer/string no 返回属于特定流水线的漏洞发现
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/4/vulnerability_findings"

响应示例:

[
  {
    "id": null,
    "report_type": "sast",
    "name": "Possible command injection",
    "severity": "high",
    "confidence": "high",
    "scanner": {
      "external_id": "brakeman",
      "name": "Brakeman",
      "vendor": "GitLab"
    },
    "identifiers": [
      {
        "external_type": "brakeman_warning_code",
        "external_id": "14",
        "name": "Brakeman Warning Code 14",
        "url": "https://brakemanscanner.org/docs/warning_types/command_injection/"
      }
    ],
    "project_fingerprint": "ac218b1770af030cfeef967752ab803c55afb36d",
    "uuid": "ad5e3be3-a193-55f5-a200-bc12865fb09c",
    "create_jira_issue_url": null,
    "false_positive": true,
    "create_vulnerability_feedback_issue_path": "/root/test-false-positive/-/vulnerability_feedback",
    "create_vulnerability_feedback_merge_request_path": "/root/test-false-positive/-/vulnerability_feedback",
    "create_vulnerability_feedback_dismissal_path": "/root/test-false-positive/-/vulnerability_feedback",
    "project": {
      "id": 2,
      "name": "Test False Positive",
      "full_path": "/root/test-false-positive",
      "full_name": "Administrator / Test False Positive"
    },
    "dismissal_feedback": null,
    "issue_feedback": null,
    "merge_request_feedback": null,
    "description": null,
    "links": [],
    "location": {
      "file": "app/controllers/users_controller.rb",
      "start_line": 42,
      "class": "UsersController",
      "method": "list_users"
    },
    "remediations": [
      null
    ],
    "solution": null,
    "evidence": null,
    "request": null,
    "response": null,
    "evidence_source": null,
    "supporting_messages": [],
    "assets": [],
    "details": {},
    "state": "detected",
    "scan": {
      "type": "sast",
      "status": "success",
      "start_time": "2021-09-02T20:55:48",
      "end_time": "2021-09-02T20:55:48"
    },
    "blob_path": "/root/test-false-positive/-/blob/dfd75607752a839bbc9c7362d111effaa470fecd/app/controllers/users_controller.rb#L42"
  }
]

使用 GraphQL 代替漏洞发现 REST API

为即将弃用漏洞发现 REST API 端点作准备,使用 GraphQL API 通过以下示例执行等效操作。

GraphQL - 项目漏洞

使用 Project.vulnerabilities

{
  project(fullPath: "root/security-reports") {
    vulnerabilities {
      nodes{
        id
        reportType
        title
        severity
        scanner {
          externalId
          name
          vendor
        }
        identifiers {
          externalType
          externalId
          name
          url
        }
        falsePositive
        project {
          id
          name
          fullPath
        }
        description
        links {
          name
          url
        }
        location {
          ... on
          VulnerabilityLocationSast {
            file
            startLine
            endLine
            vulnerableClass
            vulnerableMethod
            blobPath
          }
        }
        details {
          ... on
          VulnerabilityDetailCode {
            description
            fieldName
            lang
            name
            value
          }
        }
        state
      }
    }
  }
}

响应示例:

{
  "data": {
    "project": {
      "vulnerabilities": {
        "nodes": [
          {
            "id": "gid://gitlab/Vulnerability/236",
            "reportType": "SAST",
            "title": "Generic Object Injection Sink",
            "severity": "CRITICAL",
            "scanner": {
              "externalId": "eslint",
              "name": "ESLint",
              "vendor": "GitLab"
            },
            "identifiers": [
              {
                "externalType": "eslint_rule_id",
                "externalId": "security/detect-object-injection",
                "name": "ESLint rule ID security/detect-object-injection",
                "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection"
              },
              {
                "externalType": "cwe",
                "externalId": "94",
                "name": "CWE-94",
                "url": "https://cwe.mitre.org/data/definitions/94.html"
              }
            ],
            "falsePositive": false,
            "project": {
              "id": "gid://gitlab/Project/20",
              "name": "Security Reports",
              "fullPath": "root/security-reports"
            },
            "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.",
            "links": [],
            "location": {
              "file": "src/js/main.js",
              "startLine": "28",
              "endLine": "28",
              "vulnerableClass": null,
              "vulnerableMethod": null,
              "blobPath": "/root/security-reports/-/blob/91031428a5b5dbb81e8d889738b1875c1bfea787/src/js/main.js"
            },
            "details": [],
            "state": "DETECTED"
          }
        ]
      }
    }
  }
}