DescribeImageSensitiveFileList - Security Center - Alibaba Cloud Documentation Center

Queries information about sensitive files.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-sas:DescribeImageSensitiveFileList	get	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
Criteria	string	No	The value of the sensitive file type.	Rails Master Key
CriteriaType	string	No	The type of the sensitive files that you want to query. Valid values: SensitiveFileKey: the type of alerts for sensitive files. Valid values: npm_token: Node Package Manager (NPM) access token ftp_cfg: FTP configuration google_oauth_key: Google OAuth key planetscale_passwd: PlanetScale password github_ssh_key: Github SSH key msbuild_publish_profile: MSBuild publish profile fastly_cdn_token: Fastly CDN token ssh_private_key: SSH private key aws_cli: Amazon Web Services (AWS) CLI credentials cpanel_proftpd: cPanel ProFTPD credentials postgresql_passwd: PostgreSQL password discord_client_cred: Discord client credentials rails_database: Rails database configuration aws_access_key: AWS access key esmtp_cfg: Extended Simple Mail Transfer Protocol (ESMTP) configuration docker_registry_cfg: Docker image repository configuration pem: Privacy-Enhanced Mail (PEM) common_cred: common credentials sftp_cfg: Secure File Transfer Protocol (SFTP) connection configuration grafana_token: Grafana token slack_token: Slack token ec_private_key: EC private key pypi_token: upload token for the Python Package Index (PyPI) finicity_token: Finicity token k8s_client_key: Kubernetes private key git_cfg: Git configuration django_key: Django key jenkins_ssh: Jenkins SSH configuration file openssh_private_key: OpenSSL private key square_oauth: OAuth credential for Square typeform_token: Typeform token common_database_cfg: general database connection configuration wordpress_database_cfg: WordPress database configuration googlecloud_api_key: API key for Google Cloud vscode_sftp: VSCode SFTP configuration apache_htpasswd: Apache htpasswd planetscale_token: PlanetScale token contentful_preview_token: preview token for Contentful php_database_cfg: database password for a PHP application atom_remote_sync: Atom remote synchronization configuration aws_session_token: AWS session token atom_sftp_cfg: Atom SFTP configuration asana_client_private_key: Asana client key tencentcloud_ak: secret ID of a third-party cloud rsa_private_key: Rivest-Shamir-Adleman (RSA) private key github_personal_token: personal access token for GitHub pgp: Pretty Good Privacy (PGP) encrypted file stripe_skpk: Stripe secret key square_token: Square access token rails_carrierwave: file upload credentials for Rails Carrierwave dbeaver_database_cfg: DBeaver database configuration robomongo_cred: Robomongo credentials github_oauth_token: OAuth access token for GitHub pulumi_token: Pulumi token ventrilo_voip: Ventrilo VoIP server configuration macos_keychain :macOS keychain amazon_mws_token: Amazon MWS token dynatrace_token: Dynatrace token java_keystore: Java KeyStore (JKS) microsoft_sdf: Microsoft SQL Server Compact Edition (CE) database kubernetes_dashboard_cred: user credentials for Kubernetes Dashboard atlassian_token: Atlassian token rdp: remote desktop protocol (RDP) mailgun_key: Mailgun webhook signing key mailchimp_api_key: API key for Mailchimp netrc_cfg: .netrc configuration file openvpn_cfg: OpenVPN configuration github_refresh_token: GitHub refresh token salesforce: Salesforce credentials salesforce: Sendinblue credentials pkcs_private_key: PKCS#12 key rubyonrails_passwd: Ruby on Rails password file filezilla_ftp: FileZilla FTP configuration databricks_token: Databricks token gitLab_personal_toke: personal access token for GitLab rails_master_key: Rails master key sqlite: SQLite3 or SQLite database firefox_logins: Firefox logon configuration mailgun_private_token: Mailgun private token joomla_cfg: Joomla configuration hashicorp_terraform_token: HashiCorp Terraform token jetbrains_ides: JetBrains IDEs configuration heroku_api_key: Heroku API key messagebird_token: MessageBird token messagebird_token: MessageBird token hashicorp_vault_token: HashiCorp Vault token pgp_private_key: PGP private key sshpasswd: SSH password huaweicloud_ak: secret access key of a third-party cloud aws_s3cmd: AWS S3cmd configuration php_config: PHP configuration common_private_key: private key of a common type microsoft_mdf: Microsoft SQL Server database mediawiki_cfg: MediaWiki configuration jenkins_cred: Jenkins credentials rubygems_cred: RubyGems credentials clojars_token: Clojars token phoenix_web_passwd: Phoenix web credentials puttygen_private_key: PuTTYgen private key google_oauth_token: Google OAuth access token rubyonrails_cfg: Ruby On Rails database configuration lob_api_key: Lob API key pkcs_cred: PKCS#12 certificate otr_private_key: Off-the-Record Messaging (OTR) private key contentful_delivery_token: delivery token for Contentful digital_ocean_tugboat: DigitalOcean Tugboat configuration dsa_private_key: Digital Signature Algorithm (DSA) private key rails_app_token: Rails app token git_cred: Git user credential newrelic_api_key: User API key for New Relic github_hub: hub configuration for storing GitHub tokens rubygem: RubyGem token SensitiveFileName: the name of the alert type for sensitive files.	SensitiveFileKey
RiskLevel	string	No	The risk level. Valid values: high medium low	low
ScanRange	array	No	An array that consists of the types of the assets that you want to scan. Valid values: image container
ScanRange	string	No	The type of the asset that you want to scan. Valid values: image container	container
Lang	string	No	The language of the content within the request and response. Default value: zh. Valid values: zh: Chinese en: English	zh
CurrentPage	integer	No	The number of the page to return. Pages start from page 1. Default value: 1.	1
PageSize	integer	No	The number of entries to return on each page. Default value: 20.	20
ImageUuid	string	No	The UUID of the image. Note You can call the DescribeGroupedContainerInstances operation of Container Registry to query the image UUID from the value of the ImageUuid response parameter.	850613a48999900f48417c7e6e9dcfdd

Response parameters

Parameter	Type	Description	Example
	object	The response parameters.
SensitiveFileList	array<object>	An array that consists of the information about the sensitive files.
List	object	The information about the sensitive file.
RiskLevel	string	The risk level. Valid values: high medium low	high
SensitiveFileKey	string	The type of the alert for the sensitive file. Valid values: npm_token: Node Package Manager (NPM) access token. ftp_cfg: FTP configuration. google_oauth_key: Google OAuth key. planetscale_passwd: PlanetScale password. github_ssh_key: GitHub SSH key. msbuild_publish_profile: MSBuild publish profile. fastly_cdn_token: Fastly CDN token. ssh_private_key: SSH private key. aws_cli: Amazon Web Services (AWS) CLI credential. cpanel_proftpd: cPanel ProFTPD credential. postgresql_passwd: PostgreSQL password file. discord_client_cred: Discord client credential. rails_database: Rails database configuration. aws_access_key: AWS access key. esmtp_cfg: Extended Simple Mail Transfer Protocol (ESMTP) configuration. docker_registry_cfg: Docker image repository configuration. pem: Privacy-Enhanced Mail (PEM). common_cred: common credential. sftp_cfg: Secure File Transfer Protocol (SFTP) connection configuration. grafana_token: Grafana token. slack_token: Slack token. ec_private_key: EC private key. pypi_token: upload token for the Python Package Index (PyPI). finicity_token: Finicity token. k8s_client_key: Kubernetes client private key. git_cfg: Git configuration. django_key: Django key. jenkins_ssh: Jenkins SSH configuration file. openssh_private_key: OpenSSH private key. square_oauth: OAuth credential for Square. typeform_token: Typeform token. common_database_cfg: general database connection configuration. wordpress_database_cfg: WordPress database configuration. googlecloud_api_key: API key for Google Cloud. vscode_sftp: VS Code SFTP configuration. apache_htpasswd: Apache htpasswd. planetscale_token: PlanetScale token. contentful_preview_token: preview token for Contentful. php_database_cfg: database password for a PHP application. atom_remote_sync: Atom remote synchronization configuration. aws_session_token: AWS session token. atom_sftp_cfg: Atom SFTP configuration. asana_client_private_key: Asana client key. tencentcloud_ak: secret ID of a third-party cloud. rsa_private_key: Rivest-Shamir-Adleman (RSA) private key. github_personal_token: personal access token for GitHub. pgp: Pretty Good Privacy (PGP) encrypted file. stripe_skpk: Stripe secret key. square_token: Square access token. rails_carrierwave: file upload credential for Rails Carrierwave. dbeaver_database_cfg: DBeaver database configuration. robomongo_cred: Robomongo credential. github_oauth_token: OAuth access token for GitHub. pulumi_token: Pulumi token. ventrilo_voip: Ventrilo VoIP server configuration. macos_keychain: macOS keychain. amazon_mws_token: Amazon MWS token. dynatrace_token: Dynatrace token. java_keystore: Java KeyStore (JKS). microsoft_sdf: Microsoft SQL Server Compact Edition (CE) database. kubernetes_dashboard_cred: user credential for Kubernetes Dashboard. atlassian_token: Atlassian token. rdp: remote desktop protocol (RDP). mailgun_key: Mailgun webhook signing key. mailchimp_api_key: API key for Mailchimp. netrc_cfg: .netrc configuration file. openvpn_cfg: OpenVPN client configuration. github_refresh_token: GitHub refresh token. salesforce: Salesforce credential. sendinblue: Sendinblue token. pkcs_private_key: PKCS#12 key. rubyonrails_passwd: Ruby on Rails password file. filezilla_ftp: FileZilla FTP configuration. databricks_token: Databricks token. gitLab_personal_token: personal access token for GitLab. rails_master_key: Rails master key. sqlite: SQLite3 or SQLite database. firefox_logins: Firefox logon configuration. mailgun_private_token: Mailgun private token. joomla_cfg: Joomla configuration. hashicorp_terraform_token: HashiCorp Terraform token. jetbrains_ides: JetBrains IDEs configuration. heroku_api_key: Heroku API key. messagebird_token: MessageBird token. github_app_token: GitHub app token. hashicorp_vault_token: HashiCorp Vault token. pgp_private_key: PGP private key. sshpasswd: SSH password. huaweicloud_ak: secret access key of a third-party cloud. aws_s3cmd: AWS S3cmd configuration. php_config: PHP configuration. common_private_key: private key of a common type. microsoft_mdf: Microsoft SQL Server database. mediawiki_cfg: MediaWiki configuration. jenkins_cred: Jenkins credential. rubygems_cred: RubyGems credential. clojars_token: Clojars token. phoenix_web_passwd: Phoenix web credential. puttygen_private_key: PuTTYgen private key. google_oauth_token: Google OAuth access token. rubyonrails_cfg: Ruby on Rails database configuration. lob_api_key: Lob API key. pkcs_cred: PKCS#12 certificate. otr_private_key: Off-the-Record Messaging (OTR) private key. contentful_delivery_token: delivery token for Contentful. digital_ocean_tugboat: DigitalOcean Tugboat configuration. dsa_private_key: Digital Signature Algorithm (DSA) private key. rails_app_token: Rails app token. git_cred: Git user credential. newrelic_api_key: user API key for New Relic. github_hub: hub configuration for storing GitHub tokens. rubygem: RubyGems token.	google_oauth_key
SensitiveFileName	string	The name of the alert type for the sensitive file.	AccessKeyLeak
FirstScanTime	long	The timestamp generated when the first scan was performed. Unit: milliseconds.	1663321552000
LastScanTime	long	The timestamp generated when the last scan was performed. Unit: milliseconds.	1663321552000
Count	integer	The number of scans that are performed on the sensitive file.	9
ClassKey	string	The key of the sensitive file type.	password
ClassName	string	The name of the sensitive file type.	password
UnprocessedNum	integer	The number of unprocessed mirrors.	2
Advice	string	The suggestion.	Assess risks based on business conditions, remove risky content.
Description	string	The description of the sensitive file.	Verify the validity of the leaked AK.
PageInfo	object	The pagination information.
CurrentPage	integer	The page number of the returned page.	1
PageSize	integer	The number of entries returned per page. Default value: 20.	20
TotalCount	integer	The total number of entries returned.	149
Count	integer	The number of entries returned on the current page.	1
LastRowKey	string	The key of the last data entry.	CAESGgoSChAKDGNvbXBsZXRlVGltZRABCgQiAggAGAAiQAoJAGYXFWIAAAAACjMDLgAAADFTNzMyZDMwMzAzMDM1Mzc3Njc4MzA2ODY5NmI2YTY1Nzg2NTcxNjE2NDc4NjE=
Success	boolean	Indicates whether the request was successful. Valid values: true: The request was successful. false: The request failed.	true
Code	string	The status code returned. The status code 200 indicates that the request was successful. Other status codes indicate that the request failed. You can identify the cause of the failure based on the status code.	200
Message	string	The error message returned.	successful
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	8D19A089-E6BC-5244-800C-7E590D50487F
HttpStatusCode	integer	The HTTP status code.	200

Examples

Sample success responses

JSONformat

{
  "SensitiveFileList": [
    {
      "RiskLevel": "high",
      "SensitiveFileKey": "google_oauth_key",
      "SensitiveFileName": "AccessKeyLeak",
      "FirstScanTime": 1663321552000,
      "LastScanTime": 1663321552000,
      "Count": 9,
      "ClassKey": "password",
      "ClassName": "password",
      "UnprocessedNum": 2,
      "Advice": "Assess risks based on business conditions, remove risky content.",
      "Description": "Verify the validity of the leaked AK."
    }
  ],
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 20,
    "TotalCount": 149,
    "Count": 1,
    "LastRowKey": "CAESGgoSChAKDGNvbXBsZXRlVGltZRABCgQiAggAGAAiQAoJAGYXFWIAAAAACjMDLgAAADFTNzMyZDMwMzAzMDM1Mzc3Njc4MzA2ODY5NmI2YTY1Nzg2NTcxNjE2NDc4NjE="
  },
  "Success": true,
  "Code": "200",
  "Message": "successful",
  "RequestId": "8D19A089-E6BC-5244-800C-7E590D50487F",
  "HttpStatusCode": 200
}

Error codes

HTTP status code	Error code	Error message	Description
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-07-02	The Error code has changed. The response structure of the API has changed	View Change Details
2024-05-30	The Error code has changed. The response structure of the API has changed	View Change Details
2023-10-17	The Error code has changed. The response structure of the API has changed	View Change Details