findings
Creates, updates, deletes, gets or lists a findings resource.
Overview
| Name | findings |
| Type | Resource |
| Id | google.websecurityscanner.findings |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system. |
body | string | Output only. The body of the request that triggered the vulnerability. |
description | string | Output only. The description of the vulnerability. |
finalUrl | string | Output only. The URL where the browser lands when the vulnerability is detected. |
findingType | string | Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings |
form | object | Output only. An addon containing information reported for a vulnerability with an HTML form, if any. (id: Form) |
frameUrl | string | Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported. |
fuzzedUrl | string | Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability. |
httpMethod | string | Output only. The http method of the request that triggered the vulnerability, in uppercase. |
outdatedLibrary | object | Output only. An addon containing information about outdated libraries. (id: OutdatedLibrary) |
reproductionUrl | string | Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability. |
severity | string | Output only. The severity level of the reported vulnerability. |
trackingId | string | Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns. |
violatingResource | object | Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. (id: ViolatingResource) |
vulnerableHeaders | object | Output only. An addon containing information about vulnerable or missing HTTP headers. (id: VulnerableHeaders) |
vulnerableParameters | object | Output only. An addon containing information about request parameters which were found to be vulnerable. (id: VulnerableParameters) |
xss | object | Output only. An addon containing information reported for an XSS, if any. (id: Xss) |
xxe | object | Output only. An addon containing information reported for an XXE, if any. (id: Xxe) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system. |
body | string | Output only. The body of the request that triggered the vulnerability. |
description | string | Output only. The description of the vulnerability. |
finalUrl | string | Output only. The URL where the browser lands when the vulnerability is detected. |
findingType | string | Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings |
form | object | Output only. An addon containing information reported for a vulnerability with an HTML form, if any. (id: Form) |
frameUrl | string | Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported. |
fuzzedUrl | string | Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability. |
httpMethod | string | Output only. The http method of the request that triggered the vulnerability, in uppercase. |
outdatedLibrary | object | Output only. An addon containing information about outdated libraries. (id: OutdatedLibrary) |
reproductionUrl | string | Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability. |
severity | string | Output only. The severity level of the reported vulnerability. |
trackingId | string | Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns. |
violatingResource | object | Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. (id: ViolatingResource) |
vulnerableHeaders | object | Output only. An addon containing information about vulnerable or missing HTTP headers. (id: VulnerableHeaders) |
vulnerableParameters | object | Output only. An addon containing information about request parameters which were found to be vulnerable. (id: VulnerableParameters) |
xss | object | Output only. An addon containing information reported for an XSS, if any. (id: Xss) |
xxe | object | Output only. An addon containing information reported for an XXE, if any. (id: Xxe) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, scanConfigsId, scanRunsId, findingsId | Gets a Finding. | |
list | select | projectsId, scanConfigsId, scanRunsId | filter, pageToken, pageSize | List Findings under a given ScanRun. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
findingsId | string | |
projectsId | string | |
scanConfigsId | string | |
scanRunsId | string | |
filter | string | |
pageSize | integer (int32) | |
pageToken | string |
SELECT examples
- get
- list
Gets a Finding.
SELECT
name,
body,
description,
finalUrl,
findingType,
form,
frameUrl,
fuzzedUrl,
httpMethod,
outdatedLibrary,
reproductionUrl,
severity,
trackingId,
violatingResource,
vulnerableHeaders,
vulnerableParameters,
xss,
xxe
FROM google.websecurityscanner.findings
WHERE projectsId = '{{ projectsId }}' -- required
AND scanConfigsId = '{{ scanConfigsId }}' -- required
AND scanRunsId = '{{ scanRunsId }}' -- required
AND findingsId = '{{ findingsId }}' -- required;
List Findings under a given ScanRun.
SELECT
name,
body,
description,
finalUrl,
findingType,
form,
frameUrl,
fuzzedUrl,
httpMethod,
outdatedLibrary,
reproductionUrl,
severity,
trackingId,
violatingResource,
vulnerableHeaders,
vulnerableParameters,
xss,
xxe
FROM google.websecurityscanner.findings
WHERE projectsId = '{{ projectsId }}' -- required
AND scanConfigsId = '{{ scanConfigsId }}' -- required
AND scanRunsId = '{{ scanRunsId }}' -- required
AND filter = '{{ filter }}'
AND pageToken = '{{ pageToken }}'
AND pageSize = '{{ pageSize }}';