Web Security Scanner API . projects . scanConfigs . scanRuns . findings

Instance Methods

close()

Close httplib2 connections.

get(name, x__xgafv=None)

Gets a Finding.

list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)

List Findings under a given ScanRun.

list_next()

Retrieves the next page of results.

Method Details

close() 
Close httplib2 connections.
get(name, x__xgafv=None) 
Gets a Finding.

Args:
  name: string, Required. The resource name of the Finding to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A Finding resource represents a vulnerability instance identified during a ScanRun.
  "body": "A String", # Output only. The body of the request that triggered the vulnerability.
  "description": "A String", # Output only. The description of the vulnerability.
  "finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected.
  "findingType": "A String", # Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings
  "form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML form, if any.
    "actionUri": "A String", # ! The URI where to send the form when it's submitted.
    "fields": [ # ! The names of form fields related to the vulnerability.
      "A String",
    ],
  },
  "frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.
  "fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.
  "httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in uppercase.
  "name": "A String", # Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.
  "outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries.
    "learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library.
      "A String",
    ],
    "libraryName": "A String", # The name of the outdated library.
    "version": "A String", # The version number.
  },
  "reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.
  "severity": "A String", # Output only. The severity level of the reported vulnerability.
  "trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.
  "violatingResource": { # Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. # Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.
    "contentType": "A String", # The MIME type of this resource.
    "resourceUrl": "A String", # URL of this violating resource.
  },
  "vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers.
    "headers": [ # List of vulnerable headers.
      { # Describes a HTTP Header.
        "name": "A String", # Header name.
        "value": "A String", # Header value.
      },
    ],
    "missingHeaders": [ # List of missing headers.
      { # Describes a HTTP Header.
        "name": "A String", # Header name.
        "value": "A String", # Header value.
      },
    ],
  },
  "vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found to be vulnerable.
    "parameterNames": [ # The vulnerable parameter names.
      "A String",
    ],
  },
  "xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any.
    "attackVector": "A String", # The attack vector of the payload triggering this XSS.
    "errorMessage": "A String", # An error message generated by a javascript breakage.
    "stackTraces": [ # Stack traces leading to the point where the XSS occurred.
      "A String",
    ],
    "storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS.
  },
  "xxe": { # Information reported for an XXE. # Output only. An addon containing information reported for an XXE, if any.
    "payloadLocation": "A String", # Location within the request where the payload was placed.
    "payloadValue": "A String", # The XML string that triggered the XXE vulnerability. Non-payload values might be redacted.
  },
}
list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None) 
List Findings under a given ScanRun.

Args:
  parent: string, Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. (required)
  filter: string, The filter expression. The expression must be in the format: . Supported field: 'finding_type'. Supported operator: '='.
  pageSize: integer, The maximum number of Findings to return, can be limited by server. If not specified or not positive, the implementation will select a reasonable value.
  pageToken: string, A token identifying a page of results to be returned. This should be a `next_page_token` value returned from a previous List request. If unspecified, the first page of results is returned.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response for the `ListFindings` method.
  "findings": [ # The list of Findings returned.
    { # A Finding resource represents a vulnerability instance identified during a ScanRun.
      "body": "A String", # Output only. The body of the request that triggered the vulnerability.
      "description": "A String", # Output only. The description of the vulnerability.
      "finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected.
      "findingType": "A String", # Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings
      "form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML form, if any.
        "actionUri": "A String", # ! The URI where to send the form when it's submitted.
        "fields": [ # ! The names of form fields related to the vulnerability.
          "A String",
        ],
      },
      "frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.
      "fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.
      "httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in uppercase.
      "name": "A String", # Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.
      "outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries.
        "learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library.
          "A String",
        ],
        "libraryName": "A String", # The name of the outdated library.
        "version": "A String", # The version number.
      },
      "reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.
      "severity": "A String", # Output only. The severity level of the reported vulnerability.
      "trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.
      "violatingResource": { # Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. # Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.
        "contentType": "A String", # The MIME type of this resource.
        "resourceUrl": "A String", # URL of this violating resource.
      },
      "vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers.
        "headers": [ # List of vulnerable headers.
          { # Describes a HTTP Header.
            "name": "A String", # Header name.
            "value": "A String", # Header value.
          },
        ],
        "missingHeaders": [ # List of missing headers.
          { # Describes a HTTP Header.
            "name": "A String", # Header name.
            "value": "A String", # Header value.
          },
        ],
      },
      "vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found to be vulnerable.
        "parameterNames": [ # The vulnerable parameter names.
          "A String",
        ],
      },
      "xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any.
        "attackVector": "A String", # The attack vector of the payload triggering this XSS.
        "errorMessage": "A String", # An error message generated by a javascript breakage.
        "stackTraces": [ # Stack traces leading to the point where the XSS occurred.
          "A String",
        ],
        "storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS.
      },
      "xxe": { # Information reported for an XXE. # Output only. An addon containing information reported for an XXE, if any.
        "payloadLocation": "A String", # Location within the request where the payload was placed.
        "payloadValue": "A String", # The XML string that triggered the XXE vulnerability. Non-payload values might be redacted.
      },
    },
  ],
  "nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more results in the list.
}
list_next() 
Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call 'execute()' on to request the next
          page. Returns None if there are no more items in the collection.