REST Resource: projects.scanConfigs.scanRuns.findings

{
  "name": string,
  "findingType": string,
  "severity": enum (Severity),
  "httpMethod": string,
  "fuzzedUrl": string,
  "body": string,
  "description": string,
  "reproductionUrl": string,
  "frameUrl": string,
  "finalUrl": string,
  "trackingId": string,
  "form": {
    object (Form)
  },
  "outdatedLibrary": {
    object (OutdatedLibrary)
  },
  "violatingResource": {
    object (ViolatingResource)
  },
  "vulnerableHeaders": {
    object (VulnerableHeaders)
  },
  "vulnerableParameters": {
    object (VulnerableParameters)
  },
  "xss": {
    object (Xss)
  }
}

string

The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.

string

The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner

enum (Severity)

The severity level of the reported vulnerability.

string

The http method of the request that triggered the vulnerability, in uppercase.

string

The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.

string

The body of the request that triggered the vulnerability.

string

The description of the vulnerability.

string

The URL containing human-readable payload that user can leverage to reproduce the vulnerability.

string

If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.

string

The URL where the browser lands when the vulnerability is detected.

string

The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.

object (Form)

An addon containing information reported for a vulnerability with an HTML form, if any.

object (OutdatedLibrary)

An addon containing information about outdated libraries.

object (ViolatingResource)

An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.

object (VulnerableHeaders)

An addon containing information about vulnerable or missing HTTP headers.

object (VulnerableParameters)

An addon containing information about request parameters which were found to be vulnerable.

object (Xss)

An addon containing information reported for an XSS, if any.

{
  "actionUri": string,
  "fields": [
    string
  ]
}

string

! The URI where to send the form when it's submitted.

string

! The names of form fields related to the vulnerability.

{
  "libraryName": string,
  "version": string,
  "learnMoreUrls": [
    string
  ]
}

string

The name of the outdated library.

string

The version number.

string

URLs to learn more information about the vulnerabilities in the library.

{
  "contentType": string,
  "resourceUrl": string
}

string

The MIME type of this resource.

string

URL of this violating resource.

{
  "headers": [
    {
      object (Header)
    }
  ],
  "missingHeaders": [
    {
      object (Header)
    }
  ]
}

object (Header)

List of vulnerable headers.

object (Header)

List of missing headers.

{
  "name": string,
  "value": string
}

string

Header name.

string

Header value.

{
  "parameterNames": [
    string
  ]
}

string

The vulnerable parameter names.

{
  "stackTraces": [
    string
  ],
  "errorMessage": string
}

string

Stack traces leading to the point where the XSS occurred.

string

An error message generated by a javascript breakage.