tencent cloud

Feedback

DescribeCheckItemList

Last updated: 2024-07-22 11:09:29

    1. API Description

    Domain name for API request: tcss.tencentcloudapi.com.

    This API is used to query all check items and return the total number and list of check items.

    A maximum of 20 requests can be initiated per second for this API.

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

    Parameter Name Required Type Description
    Action Yes String Common Params. The value used for this API: DescribeCheckItemList.
    Version Yes String Common Params. The value used for this API: 2020-11-01.
    Region No String Common Params. This parameter is not required.
    Offset No Integer Offset
    Limit No Integer Maximum number of records per query
    Filters.N No Array of ComplianceFilters Name. Valid values: risk_level (risk level); risk_target (check target and risky target); risk_type (risk type); risk_attri (risk type of the check item).

    3. Output Parameters

    Parameter Name Type Description
    ClusterCheckItems Array of ClusterCheckItem Array of check item details
    TotalCount Integer Total number of check items
    RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

    4. Example

    Example1 Querying all check items

    Input Example

    POST / HTTP/1.1
    Host: tcss.tencentcloudapi.com
    Content-Type: application/json
    X-TC-Action: DescribeCheckItemList
    <Common request parameters>
    
    {
        "Limit": "2",
        "Offset": "0"
    }
    

    Output Example

    {
        "Response": {
            "RequestId": "8d03392a-2a32-4950-b203-d2baf28057fe",
            "TotalCount": 34,
            "ClusterCheckItems": [
                {
                    "CheckItemId": 1,
                    "Name": "runc security vulnerability",
                    "ItemDetail": "runc is a CLI tool for spawning and running containers according to the OCI specification. It contains a security vulnerability, which can be exploited to bind server file systems to containers.",
                    "RiskLevel": "Serious",
                    "RiskTarget": "runC",
                    "RiskType": "CVERisk",
                    "RiskAttribute": "PrivilegePromotion",
                    "RiskProperty": "ExistPOC ExistEXP RemoteExploit ServerRestart",
                    "CVENumber": "CVE-2021-30465",
                    "DiscoverTime": "2021-05-27 21:15:00",
                    "Solution": "The vendor has released the update patch to fix the vulnerability, which can be obtained here: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r",
                    "CVSS": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                    "CVSSScore": "8.5",
                    "RelateLink": "https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r https://github.com/opencontainers/runc/releases http://www.openwall.com/lists/oss-security/2021/05/19/2",
                    "AffectedType": "Node",
                    "AffectedVersion": ""
                },
                {
                    "CheckItemId": 2,
                    "Name": "Apache containerd security vulnerability",
                    "ItemDetail": "containerd is a container daemon from the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges.",
                    "RiskLevel": "Middle",
                    "RiskTarget": "Containerd",
                    "RiskType": "CVERisk",
                    "RiskAttribute": "PrivilegePromotion",
                    "RiskProperty": "ExistPOC ExistEXP ServerRestart",
                    "CVENumber": "CVE-2020-15257",
                    "DiscoverTime": "2020-12-01 11:15:00",
                    "Solution": "The vendor has released the update patch to fix the vulnerability, which can be obtained here: https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad",
                    "CVSS": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                    "CVSSScore": "5.2",
                    "RelateLink": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad https://github.com/containerd/containerd/releases/tag/v1.4.3 https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4",
                    "AffectedType": "Node",
                    "AffectedVersion": ""
                }
            ]
        }
    }
    

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    AuthFailure A CAM signature/authentication error occurred.
    FailedOperation The operation failed.
    InternalError An internal error occurred.
    InvalidParameter The parameter is incorrect.
    OperationDenied The operation was denied.
    RequestLimitExceeded The number of requests exceeds the frequency limit.
    UnauthorizedOperation The operation is unauthorized.