| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 1 | <html><body> |
| 2 | <style> |
| 3 | |
| 4 | body, h1, h2, h3, div, span, p, pre, a { |
| 5 | margin: 0; |
| 6 | padding: 0; |
| 7 | border: 0; |
| 8 | font-weight: inherit; |
| 9 | font-style: inherit; |
| 10 | font-size: 100%; |
| 11 | font-family: inherit; |
| 12 | vertical-align: baseline; |
| 13 | } |
| 14 | |
| 15 | body { |
| 16 | font-size: 13px; |
| 17 | padding: 1em; |
| 18 | } |
| 19 | |
| 20 | h1 { |
| 21 | font-size: 26px; |
| 22 | margin-bottom: 1em; |
| 23 | } |
| 24 | |
| 25 | h2 { |
| 26 | font-size: 24px; |
| 27 | margin-bottom: 1em; |
| 28 | } |
| 29 | |
| 30 | h3 { |
| 31 | font-size: 20px; |
| 32 | margin-bottom: 1em; |
| 33 | margin-top: 1em; |
| 34 | } |
| 35 | |
| 36 | pre, code { |
| 37 | line-height: 1.5; |
| 38 | font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| 39 | } |
| 40 | |
| 41 | pre { |
| 42 | margin-top: 0.5em; |
| 43 | } |
| 44 | |
| 45 | h1, h2, h3, p { |
| 46 | font-family: Arial, sans serif; |
| 47 | } |
| 48 | |
| 49 | h1, h2, h3 { |
| 50 | border-bottom: solid #CCC 1px; |
| 51 | } |
| 52 | |
| 53 | .toc_element { |
| 54 | margin-top: 0.5em; |
| 55 | } |
| 56 | |
| 57 | .firstline { |
| 58 | margin-left: 2 em; |
| 59 | } |
| 60 | |
| 61 | .method { |
| 62 | margin-top: 1em; |
| 63 | border: solid 1px #CCC; |
| 64 | padding: 1em; |
| 65 | background: #EEE; |
| 66 | } |
| 67 | |
| 68 | .details { |
| 69 | font-weight: bold; |
| 70 | font-size: 14px; |
| 71 | } |
| 72 | |
| 73 | </style> |
| 74 | |
| 75 | <h1><a href="websecurityscanner_v1.html">Web Security Scanner API</a> . <a href="websecurityscanner_v1.projects.html">projects</a> . <a href="websecurityscanner_v1.projects.scanConfigs.html">scanConfigs</a> . <a href="websecurityscanner_v1.projects.scanConfigs.scanRuns.html">scanRuns</a> . <a href="websecurityscanner_v1.projects.scanConfigs.scanRuns.findings.html">findings</a></h1> |
| 76 | <h2>Instance Methods</h2> |
| 77 | <p class="toc_element"> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 78 | <code><a href="#close">close()</a></code></p> |
| 79 | <p class="firstline">Close httplib2 connections.</p> |
| 80 | <p class="toc_element"> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 81 | <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| 82 | <p class="firstline">Gets a Finding.</p> |
| 83 | <p class="toc_element"> |
| Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 84 | <code><a href="#list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 85 | <p class="firstline">List Findings under a given ScanRun.</p> |
| 86 | <p class="toc_element"> |
| 87 | <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| 88 | <p class="firstline">Retrieves the next page of results.</p> |
| 89 | <h3>Method Details</h3> |
| 90 | <div class="method"> |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 91 | <code class="details" id="close">close()</code> |
| 92 | <pre>Close httplib2 connections.</pre> |
| 93 | </div> |
| 94 | |
| 95 | <div class="method"> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 96 | <code class="details" id="get">get(name, x__xgafv=None)</code> |
| 97 | <pre>Gets a Finding. |
| 98 | |
| 99 | Args: |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 100 | name: string, Required. The resource name of the Finding to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'. (required) |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 101 | x__xgafv: string, V1 error format. |
| 102 | Allowed values |
| 103 | 1 - v1 error format |
| 104 | 2 - v2 error format |
| 105 | |
| 106 | Returns: |
| 107 | An object of the form: |
| 108 | |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 109 | { # A Finding resource represents a vulnerability instance identified during a ScanRun. |
| Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 110 | "body": "A String", # Output only. The body of the request that triggered the vulnerability. |
| 111 | "description": "A String", # Output only. The description of the vulnerability. |
| 112 | "finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected. |
| 113 | "findingType": "A String", # Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings |
| 114 | "form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML form, if any. |
| 115 | "actionUri": "A String", # ! The URI where to send the form when it's submitted. |
| 116 | "fields": [ # ! The names of form fields related to the vulnerability. |
| 117 | "A String", |
| 118 | ], |
| 119 | }, |
| 120 | "frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported. |
| 121 | "fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability. |
| 122 | "httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in uppercase. |
| 123 | "name": "A String", # Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system. |
| 124 | "outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries. |
| 125 | "learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library. |
| 126 | "A String", |
| 127 | ], |
| 128 | "libraryName": "A String", # The name of the outdated library. |
| 129 | "version": "A String", # The version number. |
| 130 | }, |
| 131 | "reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability. |
| 132 | "severity": "A String", # Output only. The severity level of the reported vulnerability. |
| 133 | "trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns. |
| 134 | "violatingResource": { # Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. # Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. |
| 135 | "contentType": "A String", # The MIME type of this resource. |
| 136 | "resourceUrl": "A String", # URL of this violating resource. |
| 137 | }, |
| 138 | "vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers. |
| 139 | "headers": [ # List of vulnerable headers. |
| 140 | { # Describes a HTTP Header. |
| 141 | "name": "A String", # Header name. |
| 142 | "value": "A String", # Header value. |
| 143 | }, |
| 144 | ], |
| 145 | "missingHeaders": [ # List of missing headers. |
| 146 | { # Describes a HTTP Header. |
| 147 | "name": "A String", # Header name. |
| 148 | "value": "A String", # Header value. |
| 149 | }, |
| 150 | ], |
| 151 | }, |
| 152 | "vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found to be vulnerable. |
| 153 | "parameterNames": [ # The vulnerable parameter names. |
| 154 | "A String", |
| 155 | ], |
| 156 | }, |
| 157 | "xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any. |
| 158 | "attackVector": "A String", # The attack vector of the payload triggering this XSS. |
| 159 | "errorMessage": "A String", # An error message generated by a javascript breakage. |
| 160 | "stackTraces": [ # Stack traces leading to the point where the XSS occurred. |
| 161 | "A String", |
| 162 | ], |
| 163 | "storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS. |
| 164 | }, |
| 165 | }</pre> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 166 | </div> |
| 167 | |
| 168 | <div class="method"> |
| Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 169 | <code class="details" id="list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 170 | <pre>List Findings under a given ScanRun. |
| 171 | |
| 172 | Args: |
| Dmitry Frenkel | 3e17f89 | 2020-10-06 16:46:05 -0700 | [diff] [blame] | 173 | parent: string, Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. (required) |
| Yoshi Automation Bot | b6971b0 | 2020-11-26 17:16:03 -0800 | [diff] [blame] | 174 | filter: string, The filter expression. The expression must be in the format: . Supported field: 'finding_type'. Supported operator: '='. |
| Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 175 | pageSize: integer, The maximum number of Findings to return, can be limited by server. If not specified or not positive, the implementation will select a reasonable value. |
| Yoshi Automation Bot | 0bf565c | 2020-12-09 08:56:03 -0800 | [diff] [blame] | 176 | pageToken: string, A token identifying a page of results to be returned. This should be a `next_page_token` value returned from a previous List request. If unspecified, the first page of results is returned. |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 177 | x__xgafv: string, V1 error format. |
| 178 | Allowed values |
| 179 | 1 - v1 error format |
| 180 | 2 - v2 error format |
| 181 | |
| 182 | Returns: |
| 183 | An object of the form: |
| 184 | |
| 185 | { # Response for the `ListFindings` method. |
| Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 186 | "findings": [ # The list of Findings returned. |
| 187 | { # A Finding resource represents a vulnerability instance identified during a ScanRun. |
| 188 | "body": "A String", # Output only. The body of the request that triggered the vulnerability. |
| 189 | "description": "A String", # Output only. The description of the vulnerability. |
| 190 | "finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected. |
| 191 | "findingType": "A String", # Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings |
| 192 | "form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML form, if any. |
| 193 | "actionUri": "A String", # ! The URI where to send the form when it's submitted. |
| 194 | "fields": [ # ! The names of form fields related to the vulnerability. |
| 195 | "A String", |
| 196 | ], |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 197 | }, |
| Yoshi Automation Bot | cc94ec8 | 2021-01-15 07:10:04 -0800 | [diff] [blame] | 198 | "frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported. |
| 199 | "fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability. |
| 200 | "httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in uppercase. |
| 201 | "name": "A String", # Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system. |
| 202 | "outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries. |
| 203 | "learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library. |
| 204 | "A String", |
| 205 | ], |
| 206 | "libraryName": "A String", # The name of the outdated library. |
| 207 | "version": "A String", # The version number. |
| 208 | }, |
| 209 | "reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability. |
| 210 | "severity": "A String", # Output only. The severity level of the reported vulnerability. |
| 211 | "trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns. |
| 212 | "violatingResource": { # Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. # Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. |
| 213 | "contentType": "A String", # The MIME type of this resource. |
| 214 | "resourceUrl": "A String", # URL of this violating resource. |
| 215 | }, |
| 216 | "vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers. |
| 217 | "headers": [ # List of vulnerable headers. |
| 218 | { # Describes a HTTP Header. |
| 219 | "name": "A String", # Header name. |
| 220 | "value": "A String", # Header value. |
| 221 | }, |
| 222 | ], |
| 223 | "missingHeaders": [ # List of missing headers. |
| 224 | { # Describes a HTTP Header. |
| 225 | "name": "A String", # Header name. |
| 226 | "value": "A String", # Header value. |
| 227 | }, |
| 228 | ], |
| 229 | }, |
| 230 | "vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found to be vulnerable. |
| 231 | "parameterNames": [ # The vulnerable parameter names. |
| 232 | "A String", |
| 233 | ], |
| 234 | }, |
| 235 | "xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any. |
| 236 | "attackVector": "A String", # The attack vector of the payload triggering this XSS. |
| 237 | "errorMessage": "A String", # An error message generated by a javascript breakage. |
| 238 | "stackTraces": [ # Stack traces leading to the point where the XSS occurred. |
| 239 | "A String", |
| 240 | ], |
| 241 | "storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS. |
| 242 | }, |
| 243 | }, |
| 244 | ], |
| 245 | "nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more results in the list. |
| 246 | }</pre> |
| Bu Sun Kim | 6502091 | 2020-05-20 12:08:20 -0700 | [diff] [blame] | 247 | </div> |
| 248 | |
| 249 | <div class="method"> |
| 250 | <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| 251 | <pre>Retrieves the next page of results. |
| 252 | |
| 253 | Args: |
| 254 | previous_request: The request for the previous page. (required) |
| 255 | previous_response: The response from the request for the previous page. (required) |
| 256 | |
| 257 | Returns: |
| 258 | A request object that you can call 'execute()' on to request the next |
| 259 | page. Returns None if there are no more items in the collection. |
| 260 | </pre> |
| 261 | </div> |
| 262 | |
| 263 | </body></html> |