Finding(mapping=None, *, ignore_unknown_fields=False, **kwargs)
A Finding resource represents a vulnerability instance identified during a ScanRun.
Attributes | |
---|---|
Name | Description |
name |
str
Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system. |
finding_type |
str
Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings |
severity |
google.cloud.websecurityscanner_v1.types.Finding.Severity
Output only. The severity level of the reported vulnerability. |
http_method |
str
Output only. The http method of the request that triggered the vulnerability, in uppercase. |
fuzzed_url |
str
Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability. |
body |
str
Output only. The body of the request that triggered the vulnerability. |
description |
str
Output only. The description of the vulnerability. |
reproduction_url |
str
Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability. |
frame_url |
str
Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported. |
final_url |
str
Output only. The URL where the browser lands when the vulnerability is detected. |
tracking_id |
str
Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns. |
form |
google.cloud.websecurityscanner_v1.types.Form
Output only. An addon containing information reported for a vulnerability with an HTML form, if any. |
outdated_library |
google.cloud.websecurityscanner_v1.types.OutdatedLibrary
Output only. An addon containing information about outdated libraries. |
violating_resource |
google.cloud.websecurityscanner_v1.types.ViolatingResource
Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. |
vulnerable_headers |
google.cloud.websecurityscanner_v1.types.VulnerableHeaders
Output only. An addon containing information about vulnerable or missing HTTP headers. |
vulnerable_parameters |
google.cloud.websecurityscanner_v1.types.VulnerableParameters
Output only. An addon containing information about request parameters which were found to be vulnerable. |
xss |
google.cloud.websecurityscanner_v1.types.Xss
Output only. An addon containing information reported for an XSS, if any. |
xxe |
google.cloud.websecurityscanner_v1.types.Xxe
Output only. An addon containing information reported for an XXE, if any. |
Classes
Severity
Severity(value)
The severity level of a vulnerability.
Values: SEVERITY_UNSPECIFIED (0): No severity specified. The default value. CRITICAL (1): Critical severity. HIGH (2): High severity. MEDIUM (3): Medium severity. LOW (4): Low severity.