Class Finding (1.12.2)

Finding(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A Finding resource represents a vulnerability instance identified during a ScanRun.

Attributes

NameDescription
name str
Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.
finding_type str
Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings
severity google.cloud.websecurityscanner_v1.types.Finding.Severity
Output only. The severity level of the reported vulnerability.
http_method str
Output only. The http method of the request that triggered the vulnerability, in uppercase.
fuzzed_url str
Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.
body str
Output only. The body of the request that triggered the vulnerability.
description str
Output only. The description of the vulnerability.
reproduction_url str
Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.
frame_url str
Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.
final_url str
Output only. The URL where the browser lands when the vulnerability is detected.
tracking_id str
Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.
form google.cloud.websecurityscanner_v1.types.Form
Output only. An addon containing information reported for a vulnerability with an HTML form, if any.
outdated_library google.cloud.websecurityscanner_v1.types.OutdatedLibrary
Output only. An addon containing information about outdated libraries.
violating_resource google.cloud.websecurityscanner_v1.types.ViolatingResource
Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.
vulnerable_headers google.cloud.websecurityscanner_v1.types.VulnerableHeaders
Output only. An addon containing information about vulnerable or missing HTTP headers.
vulnerable_parameters google.cloud.websecurityscanner_v1.types.VulnerableParameters
Output only. An addon containing information about request parameters which were found to be vulnerable.
xss google.cloud.websecurityscanner_v1.types.Xss
Output only. An addon containing information reported for an XSS, if any.
xxe google.cloud.websecurityscanner_v1.types.Xxe
Output only. An addon containing information reported for an XXE, if any.

Classes

Severity

Severity(value)

The severity level of a vulnerability.

Values: SEVERITY_UNSPECIFIED (0): No severity specified. The default value. CRITICAL (1): Critical severity. HIGH (2): High severity. MEDIUM (3): Medium severity. LOW (4): Low severity.