CWE 목록 조회
CWE 취약점 목록을 조회합니다.
필요 권한
사용자 이상의 계정으로 이용할 수 있습니다.
HTTP 요청
GET /api/sonar/cwes
cURL 예시
curl -H "Authorization: Bearer <API_KEY>" \
https://HOSTNAME/api/sonar/cwes?offset=0&limit=20
요청 매개변수
| 키 | 필수 | 타입 | 설명 | 비고 |
|---|---|---|---|---|
| offset | X | 32비트 정수 | 건너뛸 갯수 | 기본값 0 |
| limit | X | 32비트 정수 | 최대 갯수 | 최소 0, 최대 1000. 미지정 시 20 |
| keywords | X | 문자열 | 검색 키워드 | id, name, description 대상으로 검색 |
| type | X | 문자열 | CWE 종류 | weakness, category, view 중 하나 (미입력시 weakness) |
정상 응답
{
"total_count": 943,
"cwes": [
{
"id": "CWE-5",
"name": "J2EE Misconfiguration: Data Transmission Without Encryption",
"status": "Draft",
"type": "Weakness",
"mapping_notes": {
"usage": "Allowed",
"reasons": "Acceptable-Use",
"rationale": "This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.",
"comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction."
},
"abstraction": null,
"structure": null,
"description": "Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.",
"extended_description": null,
"likelihood_of_exploit": null,
"datas": {
"notes": {
"note": [
{
"type": "Other",
"_text": "\n <xhtml:p>If an application uses SSL to guarantee confidential communication with client browsers, the application configuration should make it impossible to view any access controlled page without SSL. There are three common ways for SSL to be bypassed:</xhtml:p>\n\n <xhtml:ul>\n \n <xhtml:li>A user manually enters URL and types \"HTTP\" rather than \"HTTPS\".</xhtml:li>\n \n <xhtml:li>Attackers intentionally send a user to an insecure URL.</xhtml:li>\n \n <xhtml:li>A programmer erroneously creates a relative link to a page in the application, which does not switch from HTTP to HTTPS. (This is particularly easy to do when the link moves between public and secured areas on a web site.)</xhtml:li>\n \n</xhtml:ul>\n\n "
}
]
},
"references": {
"reference": [
{
"external_reference_id": "REF-6"
}
]
},
"content_history": {
"previous_entry_name": [
{
"date": "2008-04-11",
"_text": "J2EE Misconfiguration: Insecure Transport"
}
],
"submission": {
"submission_date": "2006-07-19",
"submission_releasedate": "2006-07-19",
"submission_version": "Draft 3",
"submission_name": "7 Pernicious Kingdoms"
},
"modification": [
{
"modification_organization": "Cigital",
"modification_name": "Eric Dalci",
"modification_comment": "updated Time_of_Introduction",
"modification_date": "2008-07-01"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Relationships, Other_Notes, Taxonomy_Mappings",
"modification_date": "2008-09-08"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Other_Notes",
"modification_date": "2011-03-29"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Common_Consequences",
"modification_date": "2011-06-01"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Relationships",
"modification_date": "2012-05-11"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Potential_Mitigations",
"modification_date": "2012-10-30"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Relationships",
"modification_date": "2014-07-30"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Common_Consequences, Description",
"modification_date": "2017-11-08"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated References, Relationships",
"modification_date": "2020-02-24"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Potential_Mitigations",
"modification_date": "2023-01-31"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Relationships",
"modification_date": "2023-04-27"
},
{
"modification_organization": "MITRE",
"modification_name": "CWE Content Team",
"modification_comment": "updated Mapping_Notes",
"modification_date": "2023-06-29"
}
]
},
"applicable_platforms": {
"language": [
{
"prevalence": "Undetermined",
"name": "Java"
}
]
},
"potential_mitigations": {
"mitigation": [
{
"phase": [
"System Configuration"
],
"description": "The product configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages."
}
]
},
"common_consequences": {
"consequence": [
{
"scope": [
"Confidentiality"
],
"impact": [
"Read Application Data"
]
},
{
"scope": [
"Integrity"
],
"impact": [
"Modify Application Data"
]
}
]
},
"taxonomy_mappings": {
"taxonomy_mapping": [
{
"entry_name": "J2EE Misconfiguration: Insecure Transport",
"taxonomy_name": "7 Pernicious Kingdoms"
}
]
},
"modes_of_introduction": {
"introduction": [
{
"phase": "Implementation"
},
{
"phase": "Operation"
}
]
}
},
"created": "2006-07-19",
"updated": "2023-06-29"
}
]
}
오류 응답
offset, limit 값이 정수가 아닌 경우
HTTP 상태 코드 400 응답
{
"error_code": "invalid-argument",
"error_msg": "'offset' parameter should be int type"
}
offset, limit 값이 음수인 경우
HTTP 상태 코드 400 응답
{
"error_code": "invalid-argument",
"error_msg": "'offset' must be greater than or equal to 0."
}
limit 값이 최댓값을 초과한 경우
HTTP 상태 코드 400 응답
{
"error_code": "invalid-argument",
"error_msg": "'limit' must be less than or equal to 1000."
}
type 값이 유효하지 않은 경우
HTTP 상태 코드 400 응답
{
"error_code": "invalid-argument",
"error_msg": "type should be one of Weakness, Category, View"
}