Blame - docs/dyn/websecurityscanner_v1.projects.scanConfigs.scanRuns.findings.html - platform/external/python/google-api-python-client

<h1><a href="websecurityscanner_v1.html">Web Security Scanner API</a> . <a href="websecurityscanner_v1.projects.html">projects</a> . <a href="websecurityscanner_v1.projects.scanConfigs.html">scanConfigs</a> . <a href="websecurityscanner_v1.projects.scanConfigs.scanRuns.html">scanRuns</a> . <a href="websecurityscanner_v1.projects.scanConfigs.scanRuns.findings.html">findings</a></h1>

76

<h2>Instance Methods</h2>

77

78

<code><a href="#get">get(name, x__xgafv=None)</a></code></p>

79

<p class="firstline">Gets a Finding.</p>

80

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

81

<code><a href="#list">list(parent, filter=None, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p>

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

82

<p class="firstline">List Findings under a given ScanRun.</p>

83

84

<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>

85

<p class="firstline">Retrieves the next page of results.</p>

86

<h3>Method Details</h3>

87

88

<code class="details" id="get">get(name, x__xgafv=None)</code>

<pre>Gets a Finding.

Args:

name: string, Required. The resource name of the Finding to be returned. The name follows the

93

format of

94

'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'. (required)

95

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

102

103

{ # A Finding resource represents a vulnerability instance identified during a

104

# ScanRun.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

105

"name": "A String", # Output only. The resource name of the Finding. The name follows the format of

106

# 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'.

107

# The finding IDs are generated by the system.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

108

"description": "A String", # Output only. The description of the vulnerability.

109

"trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across

110

# multiple ScanRuns.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

111

"form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML

112

# form, if any.

113

"fields": [ # ! The names of form fields related to the vulnerability.

114

"A String",

115

],

116

"actionUri": "A String", # ! The URI where to send the form when it's submitted.

117

},

118

"finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected.

119

"xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any.

120

"attackVector": "A String", # The attack vector of the payload triggering this XSS.

121

"stackTraces": [ # Stack traces leading to the point where the XSS occurred.

122

"A String",

123

],

124

"errorMessage": "A String", # An error message generated by a javascript breakage.

125

"storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS.

126

},

127

"findingType": "A String", # Output only. The type of the Finding.

128

# Detailed and up-to-date information on findings can be found here:

129

# https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings

130

"severity": "A String", # Output only. The severity level of the reported vulnerability.

131

"frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate

132

# parent IFrame is reported.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

133

"vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found

134

# to be vulnerable.

135

"parameterNames": [ # The vulnerable parameter names.

136

"A String",

137

],

138

},

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

139

"violatingResource": { # Information regarding any resource causing the vulnerability such # Output only. An addon containing detailed information regarding any resource causing the

140

# vulnerability such as JavaScript sources, image, audio files, etc.

141

# as JavaScript sources, image, audio files, etc.

142

"resourceUrl": "A String", # URL of this violating resource.

143

"contentType": "A String", # The MIME type of this resource.

144

},

145

"fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that

146

# triggered the vulnerability.

147

"httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in

148

# uppercase.

149

"body": "A String", # Output only. The body of the request that triggered the vulnerability.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

150

"vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers.

151

"headers": [ # List of vulnerable headers.

152

{ # Describes a HTTP Header.

153

"value": "A String", # Header value.

154

"name": "A String", # Header name.

155

},

156

],

157

"missingHeaders": [ # List of missing headers.

158

{ # Describes a HTTP Header.

159

"value": "A String", # Header value.

160

"name": "A String", # Header name.

161

},

162

],

163

},

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

164

"reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to

165

# reproduce the vulnerability.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

166

"outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

167

"learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library.

168

"A String",

169

],

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

170

"version": "A String", # The version number.

171

"libraryName": "A String", # The name of the outdated library.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

172

},

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

}</pre>

</div>

Bu Sun Kim

2020-05-27 12:20:54 -0700

[diff] [blame]

177

<code class="details" id="list">list(parent, filter=None, pageToken=None, pageSize=None, x__xgafv=None)</code>

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

178

<pre>List Findings under a given ScanRun.

179

180

Args:

181

parent: string, Required. The parent resource name, which should be a scan run resource name in the

182

format

183

'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. (required)

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

184

filter: string, The filter expression. The expression must be in the format: <field>

185

<operator> <value>.

186

Supported field: 'finding_type'.

187

Supported operator: '='.

188

pageToken: string, A token identifying a page of results to be returned. This should be a

189

`next_page_token` value returned from a previous List request.

190

If unspecified, the first page of results is returned.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

191

pageSize: integer, The maximum number of Findings to return, can be limited by server.

192

If not specified or not positive, the implementation will select a

193

reasonable value.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

194

x__xgafv: string, V1 error format.

Allowed values

1 - v1 error format

2 - v2 error format

Returns:

An object of the form:

201

202

{ # Response for the `ListFindings` method.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

203

"findings": [ # The list of Findings returned.

204

{ # A Finding resource represents a vulnerability instance identified during a

205

# ScanRun.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

206

"name": "A String", # Output only. The resource name of the Finding. The name follows the format of

207

# 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'.

208

# The finding IDs are generated by the system.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

209

"description": "A String", # Output only. The description of the vulnerability.

210

"trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across

211

# multiple ScanRuns.

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

212

"form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML

213

# form, if any.

214

"fields": [ # ! The names of form fields related to the vulnerability.

215

"A String",

216

],

217

"actionUri": "A String", # ! The URI where to send the form when it's submitted.

218

},

219

"finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected.

220

"xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any.

221

"attackVector": "A String", # The attack vector of the payload triggering this XSS.

222

"stackTraces": [ # Stack traces leading to the point where the XSS occurred.

223

"A String",

224

],

225

"errorMessage": "A String", # An error message generated by a javascript breakage.

226

"storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS.

227

},

228

"findingType": "A String", # Output only. The type of the Finding.

229

# Detailed and up-to-date information on findings can be found here:

230

# https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings

231

"severity": "A String", # Output only. The severity level of the reported vulnerability.

232

"frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate

233

# parent IFrame is reported.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

234

"vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found

235

# to be vulnerable.

236

"parameterNames": [ # The vulnerable parameter names.

237

"A String",

238

],

239

},

Bu Sun Kim

4ed7d3f

2020-05-27 12:20:54 -0700

[diff] [blame]

240

"violatingResource": { # Information regarding any resource causing the vulnerability such # Output only. An addon containing detailed information regarding any resource causing the

241

# vulnerability such as JavaScript sources, image, audio files, etc.

242

# as JavaScript sources, image, audio files, etc.

243

"resourceUrl": "A String", # URL of this violating resource.

244

"contentType": "A String", # The MIME type of this resource.

245

},

246

"fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that

247

# triggered the vulnerability.

248

"httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in

249

# uppercase.

250

"body": "A String", # Output only. The body of the request that triggered the vulnerability.

Bu Sun Kim

6502091

2020-05-20 12:08:20 -0700

[diff] [blame]

251

"vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers.

252

"headers": [ # List of vulnerable headers.

253

{ # Describes a HTTP Header.

254

"value": "A String", # Header value.

255

"name": "A String", # Header name.

256

},

257

],