Push a file for cloud detection using CreateFileDetect - Security Center

Operation description

Use this operation to submit a file to the cloud for detection. It supports two scenarios: malicious file detection and Skill archive detection.

File submission methods

Submit a file by either pre-uploading it or providing a download link.

If you use the pre-upload method, ensure the file is uploaded successfully before you call this operation. For details on how to upload a file, see the CreateFileDetectUploadUrl operation.

If you use a download link, specify a publicly accessible URL in the DownloadUrl parameter.

The malicious file detection scenario supports both methods. For the Skill archive detection scenario (when Type is 6), the pre-upload method is not supported, and you must provide a download link.

Unique identifier

All API operations related to file detection include the HashKey parameter. This parameter specifies the file's unique identifier for a detection task, which you use to query the results.

For Skill archive detection (when Type is 6), you do not need to calculate the HashKey in advance. This operation returns a globally unique UUID as the file's identifier, which you can use to query the results.

For malicious file detection (when Type is 0), you must calculate the HashKey before you call this operation. The HashKey value must be the MD5 or SHA-256 hash of the entire file.

To calculate the MD5 or SHA-256 hash of a file, follow these steps:

Use the MD5 or SHA-256 algorithm to generate a 128-bit or 256-bit hash value. You can use common libraries such as MessageDigest in Java or the hashlib library in Python.
Encode the hash value into a hexadecimal string. You can use tools such as the Codec utility in Java or the hex() function in Python. Ensure that the final string consists of only digits and lowercase letters. An MD5 hash is 32 characters long, and a SHA-256 hash is 64 characters long.

Note: You must use the same HashKey value when you submit a file for detection and when you query the results. Otherwise, both the submission and the query will fail.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-sas:CreateFileDetect

create

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
SourceIp	string	No	The IP address of the source.	115.213.XX.XX
Type	integer	Yes	The type of the file to detect. Valid values: 0: Malicious file detection 6: Skill archive detection	0
HashKey	string	No	The unique identifier of the file. This parameter is required if `Type` is `0`. Its value must be the MD5 or SHA-256 hash of the file. If you set `Type` to `6`, you do not need to specify this parameter. The operation returns the file's unique identifier in the response.	0a212417e65c26ff133cfff28f6c****
OssKey	string	No	The storage key of the file in an Object Storage Service (OSS) bucket. If you submit the file by using the `DownloadUrl` parameter, you can leave this parameter empty. To obtain the value of this parameter, call the CreateFileDetectUploadUrl operation. Note This parameter is not supported when `Type` is set to `6`.	1/2022/06/23/15/41/16559701077444693a0c6-33b2-4cc2-a99f-9f38b8b8****
DownloadUrl	string	No	The download link for the file. You can provide a public URL to trigger file detection without uploading the file. Note Skill archives can be submitted only by providing a download link. Therefore, this parameter is required when `Type` is set to `6`.	https://xxxxxxxx.oss-cn-hangzhou-1.aliyuncs.com/xxxxx/xxxxxxxxxxxxxx?Expires=1671448125&OSSAccessKeyId=xxx
Decompress	boolean	No	Specifies whether to decompress the archive for detection. Valid values: true: Yes. false: No. Note This parameter is not supported when `Type` is set to `6`.	false
DecompressMaxLayer	integer	No	The maximum number of decompression layers for nested archives. The maximum value is 5. This parameter is required if you set `Decompress` to `true`. Note This parameter is not supported when `Type` is set to `6`.	1
DecompressMaxFileCount	integer	No	The maximum number of files that can be decompressed from an archive. The maximum value is 1000. This parameter is required if you set `Decompress` to `true`. Note This parameter is not supported when `Type` is set to `6`.	100

Response elements

Element	Type	Description	Example
	object	The response parameters.
RequestId	string	The request ID.	7E0618A9-D5EF-4220-9471-C42B5E92719F
HashKey	string	The unique identifier of the file.	0a212417e65c26ff133cfff28f6c****

Examples

Success response

JSON format

{
  "RequestId": "7E0618A9-D5EF-4220-9471-C42B5E92719F",
  "HashKey": "0a212417e65c26ff133cfff28f6c****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	RequestTooFrequently	Request too frequently, please try again later
400	GetFileError	Get file error, please check input params and file size, and make sure upload file success.
400	InvalidDownloadUrl	Invalid file download URL.
400	FileSizeOverLimit	File size over limit.
500	ServerError	ServerError
500	SystemBusy	System busy, please try again later.
403	NoPermission	caller has no permission	You are not authorized to do this operation.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.