用户通过alibaba.security.jaq.app.risk.scan接口提交应用进行风险扫描后,用此接口获取风险详细信息,包含漏洞列表、恶意代码列表、仿冒应用列表等信息
名称 | 类型 | 是否必须 | 示例值 | 更多限制 | 描述 |
---|---|---|---|---|---|
item_id | String | 可选 | 0217beb9-87ac-4d01-ae37-a51448a261ff | 任务唯一标识 | |
locale | Locale | 可选 | 本地化语言信息 | ||
|
名称 | 类型 | 示例值 | 描述 |
---|---|---|---|
result | RiskDetail | 风险详情 | |
|
1 2 3 4 5 6 7 8 9 | TaobaoClient client = new DefaultTaobaoClient(url, appkey, secret); AlibabaSecurityJaqAppRiskdetailGetRequest req = new AlibabaSecurityJaqAppRiskdetailGetRequest(); req.setItemId( "0217beb9-87ac-4d01-ae37-a51448a261ff" ); AlibabaSecurityJaqAppRiskdetailGetRequest.Locale obj1 = new AlibabaSecurityJaqAppRiskdetailGetRequest.Locale(); obj1.setCountry( "CN" ); obj1.setLanguage( "zh" ); req.setLocale(obj1); AlibabaSecurityJaqAppRiskdetailGetResponse rsp = client.execute(req); System.out.println(rsp.getBody()); |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 | < alibaba_security_jaq_app_riskdetail_get_response > < result > < fake_info > < fake_app_count >157</ fake_app_count > < fake_app_details > < fake_app_detail > < app_name >手机淘宝</ app_name > < download_urls > </ download_urls > < infected_users >5000</ infected_users > < package_name >com.dm.taobao</ package_name > </ fake_app_detail > </ fake_app_details > < status >1</ status > < total_infected_users >1232300</ total_infected_users > </ fake_info > < malware_info > < malware_count > < high_level >1</ high_level > < low_level >0</ low_level > < total >1</ total > < weak_level >1</ weak_level > </ malware_count > < malware_details > < malware_detail > < description >该软件非官方软件,可能会对您的手机造成一定的风险,请您谨慎使用。</ description > < level >High</ level > < name >A.H.Fak.Alipay</ name > < type >盗版软件</ type > </ malware_detail > </ malware_details > < status >1</ status > </ malware_info > < plugin_info > < plugin_count >1</ plugin_count > < plugin_details > < plugin_detail > < actions > < string >读取地理位置信息</ string > </ actions > < company >baidu</ company > < desc >百度广告插件,可读取设备信息,可能泄露您的个人隐私</ desc > < name >BaiduAd</ name > < types > < string >插屏广告</ string > </ types > < path >广告插件路径: com/baidu/mobads/</ path > </ plugin_detail > </ plugin_details > < status >1</ status > </ plugin_info > < task_status >1</ task_status > < vuln_info > < status >1</ status > < vuln_count > < high_level >10</ high_level > < low_level >4</ low_level > < mid_level >6</ mid_level > < red_line >7</ red_line > < total >20</ total > </ vuln_count > < vuln_details > < vuln_detail > < count >2</ count > < level >high</ level > < locations > < string >Lcom/alibaba/wireless/jaq/vulnerabilities/VulnOpenFileMode#openFileWriteMode</ string > < string >Lcom/alibaba/wireless/jaq/vulnerabilities/VulnOpenFileMode#openFileReadMode</ string > </ locations > < name >File任意读写漏洞</ name > < recommendation >不要使用MODE_WORLD_READABLE和MODE_WORLD_WRITABLE</ recommendation > < red_line >false</ red_line > < vuln_id >1</ vuln_id > < description >从全局可读写(如SD卡)的位置加载的DEX文件存在风险,在版本较低的情况下,任何人都可以读写SD卡上的内容,进而造成文件被替换的风险</ description > </ vuln_detail > </ vuln_details > < task_error_code >0</ task_error_code > < task_error_msg >success</ task_error_msg > </ vuln_info > </ result > </ alibaba_security_jaq_app_riskdetail_get_response > |
1 2 3 4 5 6 | < error_response > < code >50</ code > < msg >Remote service error</ msg > < sub_code >isv.invalid-parameter</ sub_code > < sub_msg >非法参数</ sub_msg > </ error_response > |
错误码 | 错误描述 | 解决方案 |
---|---|---|
isv.param-error | 请求参数错误 | 请检查输入参数 |
isp.server-error | 服务端错误 | 服务端处理错误,请稍后进行重试 |