Vulnerability scan interface

Last Updated: Dec 05, 2017

Request parameters

NameParent NodeTypeRequired?Description
AppInfo-String (JSON format)YesInformation of the application to be scanned.
dataTypeAppInfoNumberNoApplication data type. Values:
  • 1: App URL
  • 2: App MD5
dataAppInfoStringNoApplication data.
  • When dataType=1, enter the download address of the application package.
  • When dataType=2, enter the MD5 value of the application package.
md5AppInfoStringNoMD5 value of the application package.
Required for file verification when dataType=1.
sizeAppInfoNumberNoApplication package size (unit: bytes).
Required for file verification when dataType=1.
callbackUrlAppInfoStringNoCallback address of the reverse notification when the task is completed.
Required when dataType=1.
This notification is a GET request, whose Request URL is: callbackUrl+"?item_id=xxx&task_status=1". Where, item_id denotes the task ID returned by the vulnerability scan interface, and task_status denotes the status of the task. The task_status values include:
  • 1: finished
  • 2: processing
  • 3: processing error
  • 4: processing timeout
When task_status is 1, 3, or 4, you can view the processing results through corresponding query interface. But the results of failed scans are not included.
appOsTypeAppInfoNumberNoApplication type. Values:
  • 1: apk
  • 2: ipa (not supported currently)
ExtParam-StringNoAdditional information. Determined upon specific service.

Request example

  1. https://jaq.aliyuncs.com/
  2. ?Format=JSON
  3. &AccessKeyId=accessKeyId
  4. &Action=ScanVuln
  5. &SignatureMethod=HMAC-SHA1&ExtParam=xxx
  6. &RegionId=cn-hangzhou
  7. &AppInfo=%7B%22appOsType%22%3A1%2C%22callbackUrl%22%3A%22http%3A%2F%2Faaa.com%2Fcallback%22%2C%22data%22%3A%22http%3A%2F%2Fg01.alibaba-inc.com%2Ftfscom%2FLB1PaMeKXXXXXX8XFXXXXXXXXXX.tfsprivate1446115983140-375%22%2C%22dataType%22%3A1%2C%22md5%22%3A%22ce86f08da845d0af6d9df2a958de17b0%22%2C%22size%22%3A1713656%7D
  8. &SignatureNonce=4a733057-2adc-4f7f-b530-fd73fb6ad079
  9. &SignatureVersion=1.0
  10. &Version=2016-04-12
  11. &Signature=sVQVNw38rOCJdn6Nq8YN6CT9jTg%3D
  12. &Timestamp=2016-06-05T07%3A16%3A04Z

Returned parameters

NameParent NodeDescription
Data-Returned results.
itemIdDataUnique ID of a task.
progressDataTask progress. Values:
  • 1: finished (you can view the processing results through the corresponding query interface).
  • 2: asynchronous processing in progress (you can view the processing results only after app_info.callback_url receives a reverse notification).
Currently,
  • app_info.data_type=1 indicates asynchronous processing, and the returned field value is 2.
  • app_info.data_type=2 indicates synchronous processing, and the returned field value is 1.

Return example

JSON format

  1. {
  2. "Data": {
  3. "ItemId": "adef0394-3370-4e94-82c6-07af0d15a9cd",
  4. "Progress": 2
  5. },
  6. "ErrorMsg": "Success",
  7. "ErrorCode": 0
  8. }

XML format

  1. <?xml version='1.0' encoding='UTF-8'?>
  2. <ShieldResponse>
  3. <Data>
  4. <ItemId>
  5. e112d1ba-d058-4a96-ac1e-4b9f4986cf2e
  6. </ItemId>
  7. <Progress>2</Progress>
  8. </Data>
  9. <ErrorMsg>Success</ErrorMsg>
  10. <ErrorCode>0</ErrorCode>
  11. </ShieldResponse>
Thank you! We've received your feedback.