# Acceptance Criteria: alibabacloud-sas-malware-detection

**Scenario**: Malicious File Detection using Alibaba Cloud Security Center CLI
**Purpose**: Skill testing acceptance criteria

---

# Correct CLI Command Patterns

## 1. Product — `sas` exists as an aliyun CLI plugin

```bash
aliyun sas --help
```

## 2. Commands — verify each action exists

#### CORRECT
```bash
aliyun sas describe-version-config
aliyun sas create-file-detect-upload-url --type 0 --hash-key-context-list HashKey=<md5> FileSize=<size>
aliyun sas create-file-detect --type 0 --hash-key <md5> --oss-key <key>
aliyun sas get-file-detect-result --type 0 --hash-key-list <md5>
```

#### INCORRECT
```bash
# Wrong: using PascalCase API names instead of plugin mode (kebab-case)
aliyun sas DescribeVersionConfig
aliyun sas CreateFileDetectUploadUrl
```

## 3. Service Status Check

#### CORRECT
```bash
resp=$(aliyun sas describe-version-config --region cn-shanghai)
sdk_capacity=$(echo "$resp" | jq -r '.SdkCapacity // 0')
postpay_switch=$(echo "$resp" | jq -r '.PostPayModuleSwitch // "{}"')
sdk_postpay=$(echo "$postpay_switch" | jq -r '.SDK // 0')
# Service available if sdk_capacity > 0 OR sdk_postpay == 1
```

#### INCORRECT
```bash
# Wrong: only checking one payment mode
sdk_capacity=$(echo "$resp" | jq -r '.SdkCapacity // 0')
# Missing PostPayModuleSwitch.SDK check — misses postpay users
```

## 4. File Upload URL — `create-file-detect-upload-url`

#### CORRECT
```bash
aliyun sas create-file-detect-upload-url \
    --type 0 \
    --hash-key-context-list HashKey="$md5" FileSize="$file_size"
```

#### INCORRECT
```bash
# Wrong: using --hash-key-list instead of --hash-key-context-list
aliyun sas create-file-detect-upload-url --type 0 --hash-key-list "$md5"
```

## 5. OSS Form Upload via curl

#### CORRECT
```bash
curl -s -o /dev/null -w "%{http_code}" \
    -X POST "$public_url" \
    -F "key=$oss_key" \
    -F "policy=$policy" \
    -F "OSSAccessKeyId=$access_id" \
    -F "Signature=$signature" \
    -F "success_action_status=200" \
    -F "file=@$file_path"
```

#### INCORRECT
```bash
# Wrong: using PUT instead of POST (OSS form upload requires POST)
curl -X PUT "$public_url" --data-binary @"$file_path"
```

## 6. File Detection Submission

#### CORRECT
```bash
aliyun sas create-file-detect --type 0 --hash-key "$md5" --oss-key "$oss_key"
```

#### INCORRECT
```bash
# Wrong: missing --type parameter
aliyun sas create-file-detect --hash-key "$md5" --oss-key "$oss_key"
```

## 7. Result Polling

#### CORRECT
```bash
result_resp=$(aliyun sas get-file-detect-result --type 0 --hash-key-list "$md5")
result_code=$(echo "$result_resp" | jq -r '.ResultList[0].Result // 3')
# Result=3 means still detecting — must continue polling
if [[ "$result_code" == "3" ]]; then
    sleep 5  # poll again
fi
```

#### INCORRECT
```bash
# Wrong: not handling Result=3 (still detecting)
score=$(echo "$result_resp" | jq -r '.ResultList[0].Score')
# May get empty/null Score if detection is still in progress
```

## 8. Score Interpretation

#### CORRECT
| Score Range | Risk Level |
|-------------|------------|
| 0-60 | Safe |
| 61-70 | Risk |
| 71-80 | Suspicious |
| 81-100 | Malicious |

#### INCORRECT
```bash
# Wrong: binary safe/malicious without gradient
if [[ "$score" -gt 50 ]]; then risk="Malicious"; fi
```