漏洞发现 API
引入于极狐GitLab 12.5。
此 API 资源从漏洞重命名为漏洞发现,因为漏洞是服务于漏洞对象的。
要使用以前的漏洞 API 修复损坏的集成,请将
vulnerabilities
URL 部分更改为 vulnerability_findings
。对漏洞发现的每个 API 调用都必须经过身份验证。
如果用户没有访问使用项目安全仪表板的权限,对该项目的漏洞发现的任何请求都会返回 403 Forbidden
状态码。
此 API 正在被废弃,处于不稳定状态。
响应负载在极狐GitLab 发布中可能会变化或损坏。
请使用 GraphQL API 代替。
请参阅 GraphQL 示例以开始使用。
漏洞发现分页
默认情况下,GET
请求一次返回 20 个结果,因为 API 结果是分页的。
详情请参阅分页。
列出项目漏洞发现
列出项目的所有漏洞发现。
GET /projects/:id/vulnerability_findings
GET /projects/:id/vulnerability_findings?report_type=sast
GET /projects/:id/vulnerability_findings?report_type=container_scanning
GET /projects/:id/vulnerability_findings?report_type=sast,dast
GET /projects/:id/vulnerability_findings?scope=all
GET /projects/:id/vulnerability_findings?scope=dismissed
GET /projects/:id/vulnerability_findings?severity=high
GET /projects/:id/vulnerability_findings?confidence=unknown,experimental
GET /projects/:id/vulnerability_findings?pipeline_id=42
从 12.9 开始,将不再报告
undefined
的严重和置信级别。参数 | 类型 | 是否必需 | 描述 |
---|---|---|---|
id
| integer/string | yes | 经过身份验证的用户是成员的项目 ID 或 URL 编码的路径 |
report_type
| string array | no | 返回属于特定报告类型的漏洞发现。有效值:sast 、dast 、dependency_scanning 或 container_scanning 。默认为所有
|
scope
| string | no | 返回特定范围的漏洞发现:all 或 dismissed 。默认为 dismissed
|
severity
| string array | no | 返回属于特定严重级别的漏洞发现:info 、unknown 、low 、medium 、high 或 critical 。默认为所有
|
confidence
| string array | no | 返回属于特定置信级别的漏洞发现:ignore 、unknown 、experimental 、low 、medium 、high 或 confirmed 。默认为所有
|
pipeline_id
| integer/string | no | 返回属于特定流水线的漏洞发现 |
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/4/vulnerability_findings"
响应示例:
[
{
"id": null,
"report_type": "sast",
"name": "Possible command injection",
"severity": "high",
"confidence": "high",
"scanner": {
"external_id": "brakeman",
"name": "Brakeman",
"vendor": "GitLab"
},
"identifiers": [
{
"external_type": "brakeman_warning_code",
"external_id": "14",
"name": "Brakeman Warning Code 14",
"url": "https://brakemanscanner.org/docs/warning_types/command_injection/"
}
],
"project_fingerprint": "ac218b1770af030cfeef967752ab803c55afb36d",
"uuid": "ad5e3be3-a193-55f5-a200-bc12865fb09c",
"create_jira_issue_url": null,
"false_positive": true,
"create_vulnerability_feedback_issue_path": "/root/test-false-positive/-/vulnerability_feedback",
"create_vulnerability_feedback_merge_request_path": "/root/test-false-positive/-/vulnerability_feedback",
"create_vulnerability_feedback_dismissal_path": "/root/test-false-positive/-/vulnerability_feedback",
"project": {
"id": 2,
"name": "Test False Positive",
"full_path": "/root/test-false-positive",
"full_name": "Administrator / Test False Positive"
},
"dismissal_feedback": null,
"issue_feedback": null,
"merge_request_feedback": null,
"description": null,
"links": [],
"location": {
"file": "app/controllers/users_controller.rb",
"start_line": 42,
"class": "UsersController",
"method": "list_users"
},
"remediations": [
null
],
"solution": null,
"evidence": null,
"request": null,
"response": null,
"evidence_source": null,
"supporting_messages": [],
"assets": [],
"details": {},
"state": "detected",
"scan": {
"type": "sast",
"status": "success",
"start_time": "2021-09-02T20:55:48",
"end_time": "2021-09-02T20:55:48"
},
"blob_path": "/root/test-false-positive/-/blob/dfd75607752a839bbc9c7362d111effaa470fecd/app/controllers/users_controller.rb#L42"
}
]
使用 GraphQL 代替漏洞发现 REST API
为即将弃用漏洞发现 REST API 端点作准备,使用 GraphQL API 通过以下示例执行等效操作。
GraphQL - 项目漏洞
使用 Project.vulnerabilities
。
{
project(fullPath: "root/security-reports") {
vulnerabilities {
nodes{
id
reportType
title
severity
scanner {
externalId
name
vendor
}
identifiers {
externalType
externalId
name
url
}
falsePositive
project {
id
name
fullPath
}
description
links {
name
url
}
location {
... on
VulnerabilityLocationSast {
file
startLine
endLine
vulnerableClass
vulnerableMethod
blobPath
}
}
details {
... on
VulnerabilityDetailCode {
description
fieldName
lang
name
value
}
}
state
}
}
}
}
响应示例:
{
"data": {
"project": {
"vulnerabilities": {
"nodes": [
{
"id": "gid://gitlab/Vulnerability/236",
"reportType": "SAST",
"title": "Generic Object Injection Sink",
"severity": "CRITICAL",
"scanner": {
"externalId": "eslint",
"name": "ESLint",
"vendor": "GitLab"
},
"identifiers": [
{
"externalType": "eslint_rule_id",
"externalId": "security/detect-object-injection",
"name": "ESLint rule ID security/detect-object-injection",
"url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection"
},
{
"externalType": "cwe",
"externalId": "94",
"name": "CWE-94",
"url": "https://cwe.mitre.org/data/definitions/94.html"
}
],
"falsePositive": false,
"project": {
"id": "gid://gitlab/Project/20",
"name": "Security Reports",
"fullPath": "root/security-reports"
},
"description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.",
"links": [],
"location": {
"file": "src/js/main.js",
"startLine": "28",
"endLine": "28",
"vulnerableClass": null,
"vulnerableMethod": null,
"blobPath": "/root/security-reports/-/blob/91031428a5b5dbb81e8d889738b1875c1bfea787/src/js/main.js"
},
"details": [],
"state": "DETECTED"
}
]
}
}
}
}