findings
Creates, updates, deletes, gets or lists a findings resource.
Overview
| Name | findings |
| Type | Resource |
| Id | google.websecurityscanner.findings |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system. |
description | string | Output only. The description of the vulnerability. |
body | string | Output only. The body of the request that triggered the vulnerability. |
finalUrl | string | Output only. The URL where the browser lands when the vulnerability is detected. |
findingType | string | Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings |
form | object | ! Information about a vulnerability with an HTML. |
frameUrl | string | Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported. |
fuzzedUrl | string | Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability. |
httpMethod | string | Output only. The http method of the request that triggered the vulnerability, in uppercase. |
outdatedLibrary | object | Information reported for an outdated library. |
reproductionUrl | string | Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability. |
severity | string | Output only. The severity level of the reported vulnerability. |
trackingId | string | Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns. |
violatingResource | object | Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. |
vulnerableHeaders | object | Information about vulnerable or missing HTTP Headers. |
vulnerableParameters | object | Information about vulnerable request parameters. |
xss | object | Information reported for an XSS. |
xxe | object | Information reported for an XXE. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | findingsId, projectsId, scanConfigsId, scanRunsId | Gets a Finding. |
list | SELECT | projectsId, scanConfigsId, scanRunsId | List Findings under a given ScanRun. |
SELECT examples
List Findings under a given ScanRun.
SELECT
name,
description,
body,
finalUrl,
findingType,
form,
frameUrl,
fuzzedUrl,
httpMethod,
outdatedLibrary,
reproductionUrl,
severity,
trackingId,
violatingResource,
vulnerableHeaders,
vulnerableParameters,
xss,
xxe
FROM google.websecurityscanner.findings
WHERE projectsId = '{{ projectsId }}'
AND scanConfigsId = '{{ scanConfigsId }}'
AND scanRunsId = '{{ scanRunsId }}';