极狐 GitLab Logo

漏洞 API

  • Tier: 旗舰版
  • Offering: JihuLab.com, 私有化部署
History
    • last_edited_at 在极狐GitLab 16.7 中弃用。
    • start_date 在极狐GitLab 16.7 中弃用。
    • updated_by_id 在极狐GitLab 16.7 中弃用。
    • last_edited_by_id 在极狐GitLab 16.7 中弃用。
    • due_date 在极狐GitLab 16.7 中弃用。
之前的漏洞 API 已经被重命名为漏洞发现 API,其文档也移动至[另外一个位置](vulnerability_findings.md)。此文档现在描述新的漏洞 API,能够对漏洞提供访问。
此 API 在准备弃用,是不稳定的。响应体数据格式可能随极狐GitLab版本迭代发生变更或出现兼容性破坏,请改用 [GraphQL API](graphql/reference/_index.md#queryvulnerabilities)。更多信息请参阅 [GraphQL examples](#replace-vulnerability-rest-api-with-graphql)。

每个访问漏洞的 API 调用都必须经过身份验证

如果经过身份验证的用户没有权限查看漏洞报告,此请求将返回 403 Forbidden 状态码。

单个漏洞#

获取单个漏洞

plaintext
GET /vulnerabilities/:id
属性类型必需描述
id整数或字符串要获取的漏洞 ID
shell
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/1"

示例响应:

json
1{
2  "id": 1,
3  "title": "Predictable pseudorandom number generator",
4  "description": null,
5  "state": "opened",
6  "severity": "medium",
7  "confidence": "medium",
8  "report_type": "sast",
9  "project": {
10    "id": 32,
11    "name": "security-reports",
12    "full_path": "/gitlab-examples/security/security-reports",
13    "full_name": "gitlab-examples / security / security-reports"
14  },
15  "author_id": 1,
16  "closed_by_id": null,
17  "created_at": "2019-10-13T15:08:40.219Z",
18  "updated_at": "2019-10-13T15:09:40.382Z",
19  "closed_at": null
20}

确认漏洞#

确认给定的漏洞。如果漏洞已经确认,则返回状态码 304

如果经过身份验证的用户没有权限更改漏洞状态,此请求将返回 403 状态码。

plaintext
POST /vulnerabilities/:id/confirm
属性类型必需描述
id整数或字符串要确认的漏洞 ID
shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/confirm"

示例响应:

json
1{
2  "id": 2,
3  "title": "Predictable pseudorandom number generator",
4  "description": null,
5  "state": "confirmed",
6  "severity": "medium",
7  "confidence": "medium",
8  "report_type": "sast",
9  "project": {
10    "id": 32,
11    "name": "security-reports",
12    "full_path": "/gitlab-examples/security/security-reports",
13    "full_name": "gitlab-examples / security / security-reports"
14  },
15  "author_id": 1,
16  "closed_by_id": null,
17  "created_at": "2019-10-13T15:08:40.219Z",
18  "updated_at": "2019-10-13T15:09:40.382Z",
19  "closed_at": null
20}

解决漏洞#

解决给定的漏洞。如果漏洞已经解决,则返回状态码 304

如果经过身份验证的用户没有权限更改漏洞状态,此请求将返回 403 状态码。

plaintext
POST /vulnerabilities/:id/resolve
属性类型必需描述
id整数或字符串要解决的漏洞 ID
shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/resolve"

示例响应:

json
1{
2  "id": 2,
3  "title": "Predictable pseudorandom number generator",
4  "description": null,
5  "state": "resolved",
6  "severity": "medium",
7  "confidence": "medium",
8  "report_type": "sast",
9  "project": {
10    "id": 32,
11    "name": "security-reports",
12    "full_path": "/gitlab-examples/security/security-reports",
13    "full_name": "gitlab-examples / security / security-reports"
14  },
15  "author_id": 1,
16  "closed_by_id": null,
17  "created_at": "2019-10-13T15:08:40.219Z",
18  "updated_at": "2019-10-13T15:09:40.382Z",
19  "closed_at": null
20}

忽略漏洞#

忽略给定的漏洞。如果漏洞已经被忽略,则返回状态码 304

如果经过身份验证的用户没有权限更改漏洞状态,此请求将返回 403 状态码。

plaintext
POST /vulnerabilities/:id/dismiss
属性类型必需描述
id整数或字符串要忽略的漏洞 ID
shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/dismiss"

示例响应:

json
1{
2  "id": 2,
3  "title": "Predictable pseudorandom number generator",
4  "description": null,
5  "state": "closed",
6  "severity": "medium",
7  "confidence": "medium",
8  "report_type": "sast",
9  "project": {
10    "id": 32,
11    "name": "security-reports",
12    "full_path": "/gitlab-examples/security/security-reports",
13    "full_name": "gitlab-examples / security / security-reports"
14  },
15  "author_id": 1,
16  "closed_by_id": null,
17  "created_at": "2019-10-13T15:08:40.219Z",
18  "updated_at": "2019-10-13T15:09:40.382Z",
19  "closed_at": null
20}

恢复漏洞到检测状态#

将给定的漏洞恢复到检测状态。如果漏洞已经处于检测状态,则返回状态码 304

如果经过身份验证的用户没有权限更改漏洞状态,此请求将返回 403 状态码。

plaintext
POST /vulnerabilities/:id/revert
属性类型必需描述
id整数或字符串要恢复到检测状态的漏洞 ID
shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/vulnerabilities/5/revert"

示例响应:

json
1{
2  "id": 2,
3  "title": "Predictable pseudorandom number generator",
4  "description": null,
5  "state": "detected",
6  "severity": "medium",
7  "confidence": "medium",
8  "report_type": "sast",
9  "project": {
10    "id": 32,
11    "name": "security-reports",
12    "full_path": "/gitlab-examples/security/security-reports",
13    "full_name": "gitlab-examples / security / security-reports"
14  },
15  "author_id": 1,
16  "closed_by_id": null,
17  "created_at": "2019-10-13T15:08:40.219Z",
18  "updated_at": "2019-10-13T15:09:40.382Z",
19  "closed_at": null
20}

使用 GraphQL 替换漏洞 REST API#

为了准备即将弃用漏洞 REST API 端点,请使用以下示例通过 GraphQL API 执行等效操作。

GraphQL - 单个漏洞#

使用 Query.vulnerability

graphql
1{
2  vulnerability(id: "gid://gitlab/Vulnerability/20345379") {
3    title
4    description
5    state
6    severity
7    reportType
8    project {
9      id
10      name
11      fullPath
12    }
13    detectedAt
14    confirmedAt
15    resolvedAt
16    resolvedBy {
17      id
18      username
19    }
20  }
21}

示例响应:

json
1{
2  "data": {
3    "vulnerability": {
4      "title": "Improper Input Validation in railties",
5      "description": "A remote code execution vulnerability in development mode Rails beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.",
6      "state": "RESOLVED",
7      "severity": "CRITICAL",
8      "reportType": "DEPENDENCY_SCANNING",
9      "project": {
10        "id": "gid://gitlab/Project/6102100",
11        "name": "security-reports",
12        "fullPath": "gitlab-examples/security/security-reports"
13      },
14      "detectedAt": "2021-10-14T03:13:41Z",
15      "confirmedAt": "2021-12-14T01:45:56Z",
16      "resolvedAt": "2021-12-14T01:45:59Z",
17      "resolvedBy": {
18        "id": "gid://gitlab/User/480804",
19        "username": "thiagocsf"
20      }
21    }
22  }
23}

GraphQL - 确认漏洞#

使用 Mutation.vulnerabilityConfirm

graphql
1mutation {
2  vulnerabilityConfirm(input: { id: "gid://gitlab/Vulnerability/23577695"}) {
3    vulnerability {
4      state
5    }
6    errors
7  }
8}

示例响应:

json
1{
2  "data": {
3    "vulnerabilityConfirm": {
4      "vulnerability": {
5        "state": "CONFIRMED"
6      },
7      "errors": []
8    }
9  }
10}

GraphQL - 解决漏洞#

使用 Mutation.vulnerabilityResolve

graphql
1mutation {
2  vulnerabilityResolve(input: { id: "gid://gitlab/Vulnerability/23577695"}) {
3    vulnerability {
4      state
5    }
6    errors
7  }
8}

示例响应:

json
1{
2  "data": {
3    "vulnerabilityConfirm": {
4      "vulnerability": {
5        "state": "RESOLVED"
6      },
7      "errors": []
8    }
9  }
10}

GraphQL - 忽略漏洞#

使用 Mutation.vulnerabilityDismiss

graphql
1mutation {
2  vulnerabilityDismiss(input: { id: "gid://gitlab/Vulnerability/23577695"}) {
3    vulnerability {
4      state
5    }
6    errors
7  }
8}

示例响应:

json
1{
2  "data": {
3    "vulnerabilityConfirm": {
4      "vulnerability": {
5        "state": "DISMISSED"
6      },
7      "errors": []
8    }
9  }
10}

GraphQL - 恢复漏洞到检测状态#

使用 Mutation.vulnerabilityRevertToDetected

graphql
1mutation {
2  vulnerabilityRevertToDetected(input: { id: "gid://gitlab/Vulnerability/20345379"}) {
3    vulnerability {
4      state
5    }
6    errors
7  }
8}

示例响应:

json
1{
2  "data": {
3    "vulnerabilityConfirm": {
4      "vulnerability": {
5        "state": "DETECTED"
6      },
7      "errors": []
8    }
9  }
10}