REST Resource: projects.scanConfigs.scanRuns.findings

Resource: Finding

A Finding resource represents a vulnerability instance identified during a ScanRun.

JSON representation
{
  "name": string,
  "findingType": string,
  "httpMethod": string,
  "fuzzedUrl": string,
  "body": string,
  "description": string,
  "reproductionUrl": string,
  "frameUrl": string,
  "finalUrl": string,
  "trackingId": string,
  "form": {
    object (Form)
  },
  "outdatedLibrary": {
    object (OutdatedLibrary)
  },
  "violatingResource": {
    object (ViolatingResource)
  },
  "vulnerableHeaders": {
    object (VulnerableHeaders)
  },
  "vulnerableParameters": {
    object (VulnerableParameters)
  },
  "xss": {
    object (Xss)
  }
}
Fields
name

string

Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.

findingType

string

Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-scanner/docs/scan-result-details

httpMethod

string

Output only. The http method of the request that triggered the vulnerability, in uppercase.

fuzzedUrl

string

Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.

body

string

Output only. The body of the request that triggered the vulnerability.

description

string

Output only. The description of the vulnerability.

reproductionUrl

string

Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.

frameUrl

string

Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.

finalUrl

string

Output only. The URL where the browser lands when the vulnerability is detected.

trackingId

string

Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.

form

object (Form)

Output only. An addon containing information reported for a vulnerability with an HTML form, if any.

outdatedLibrary

object (OutdatedLibrary)

Output only. An addon containing information about outdated libraries.

violatingResource

object (ViolatingResource)

Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.

vulnerableHeaders

object (VulnerableHeaders)

Output only. An addon containing information about vulnerable or missing HTTP headers.

vulnerableParameters

object (VulnerableParameters)

Output only. An addon containing information about request parameters which were found to be vulnerable.

xss

object (Xss)

Output only. An addon containing information reported for an XSS, if any.

Form

! Information about a vulnerability with an HTML.

JSON representation
{
  "actionUri": string,
  "fields": [
    string
  ]
}
Fields
actionUri

string

! The URI where to send the form when it's submitted.

fields[]

string

! The names of form fields related to the vulnerability.

OutdatedLibrary

Information reported for an outdated library.

JSON representation
{
  "libraryName": string,
  "version": string,
  "learnMoreUrls": [
    string
  ]
}
Fields
libraryName

string

The name of the outdated library.

version

string

The version number.

learnMoreUrls[]

string

URLs to learn more information about the vulnerabilities in the library.

ViolatingResource

Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.

JSON representation
{
  "contentType": string,
  "resourceUrl": string
}
Fields
contentType

string

The MIME type of this resource.

resourceUrl

string

URL of this violating resource.

VulnerableHeaders

Information about vulnerable or missing HTTP Headers.

JSON representation
{
  "headers": [
    {
      object (Header)
    }
  ],
  "missingHeaders": [
    {
      object (Header)
    }
  ]
}
Fields
headers[]

object (Header)

List of vulnerable headers.

missingHeaders[]

object (Header)

List of missing headers.

VulnerableParameters

Information about vulnerable request parameters.

JSON representation
{
  "parameterNames": [
    string
  ]
}
Fields
parameterNames[]

string

The vulnerable parameter names.

Xss

Information reported for an XSS.

JSON representation
{
  "stackTraces": [
    string
  ],
  "errorMessage": string
}
Fields
stackTraces[]

string

Stack traces leading to the point where the XSS occurred.

errorMessage

string

An error message generated by a javascript breakage.

Methods

get

Gets a Finding.

list

List Findings under a given ScanRun.
Cette page vous a-t-elle été utile ? Évaluez-la :

Envoyer des commentaires concernant…

Web Security Scanner Documentation