271 lines
15 KiB
HTML
271 lines
15 KiB
HTML
<html><body>
|
|
<style>
|
|
|
|
body, h1, h2, h3, div, span, p, pre, a {
|
|
margin: 0;
|
|
padding: 0;
|
|
border: 0;
|
|
font-weight: inherit;
|
|
font-style: inherit;
|
|
font-size: 100%;
|
|
font-family: inherit;
|
|
vertical-align: baseline;
|
|
}
|
|
|
|
body {
|
|
font-size: 13px;
|
|
padding: 1em;
|
|
}
|
|
|
|
h1 {
|
|
font-size: 26px;
|
|
margin-bottom: 1em;
|
|
}
|
|
|
|
h2 {
|
|
font-size: 24px;
|
|
margin-bottom: 1em;
|
|
}
|
|
|
|
h3 {
|
|
font-size: 20px;
|
|
margin-bottom: 1em;
|
|
margin-top: 1em;
|
|
}
|
|
|
|
pre, code {
|
|
line-height: 1.5;
|
|
font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
|
|
}
|
|
|
|
pre {
|
|
margin-top: 0.5em;
|
|
}
|
|
|
|
h1, h2, h3, p {
|
|
font-family: Arial, sans serif;
|
|
}
|
|
|
|
h1, h2, h3 {
|
|
border-bottom: solid #CCC 1px;
|
|
}
|
|
|
|
.toc_element {
|
|
margin-top: 0.5em;
|
|
}
|
|
|
|
.firstline {
|
|
margin-left: 2 em;
|
|
}
|
|
|
|
.method {
|
|
margin-top: 1em;
|
|
border: solid 1px #CCC;
|
|
padding: 1em;
|
|
background: #EEE;
|
|
}
|
|
|
|
.details {
|
|
font-weight: bold;
|
|
font-size: 14px;
|
|
}
|
|
|
|
</style>
|
|
|
|
<h1><a href="websecurityscanner_v1.html">Web Security Scanner API</a> . <a href="websecurityscanner_v1.projects.html">projects</a> . <a href="websecurityscanner_v1.projects.scanConfigs.html">scanConfigs</a> . <a href="websecurityscanner_v1.projects.scanConfigs.scanRuns.html">scanRuns</a> . <a href="websecurityscanner_v1.projects.scanConfigs.scanRuns.findings.html">findings</a></h1>
|
|
<h2>Instance Methods</h2>
|
|
<p class="toc_element">
|
|
<code><a href="#close">close()</a></code></p>
|
|
<p class="firstline">Close httplib2 connections.</p>
|
|
<p class="toc_element">
|
|
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
|
|
<p class="firstline">Gets a Finding.</p>
|
|
<p class="toc_element">
|
|
<code><a href="#list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
|
|
<p class="firstline">List Findings under a given ScanRun.</p>
|
|
<p class="toc_element">
|
|
<code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
|
|
<p class="firstline">Retrieves the next page of results.</p>
|
|
<h3>Method Details</h3>
|
|
<div class="method">
|
|
<code class="details" id="close">close()</code>
|
|
<pre>Close httplib2 connections.</pre>
|
|
</div>
|
|
|
|
<div class="method">
|
|
<code class="details" id="get">get(name, x__xgafv=None)</code>
|
|
<pre>Gets a Finding.
|
|
|
|
Args:
|
|
name: string, Required. The resource name of the Finding to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'. (required)
|
|
x__xgafv: string, V1 error format.
|
|
Allowed values
|
|
1 - v1 error format
|
|
2 - v2 error format
|
|
|
|
Returns:
|
|
An object of the form:
|
|
|
|
{ # A Finding resource represents a vulnerability instance identified during a ScanRun.
|
|
"body": "A String", # Output only. The body of the request that triggered the vulnerability.
|
|
"description": "A String", # Output only. The description of the vulnerability.
|
|
"finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected.
|
|
"findingType": "A String", # Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings
|
|
"form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML form, if any.
|
|
"actionUri": "A String", # ! The URI where to send the form when it's submitted.
|
|
"fields": [ # ! The names of form fields related to the vulnerability.
|
|
"A String",
|
|
],
|
|
},
|
|
"frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.
|
|
"fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.
|
|
"httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in uppercase.
|
|
"name": "A String", # Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.
|
|
"outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries.
|
|
"learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library.
|
|
"A String",
|
|
],
|
|
"libraryName": "A String", # The name of the outdated library.
|
|
"version": "A String", # The version number.
|
|
},
|
|
"reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.
|
|
"severity": "A String", # Output only. The severity level of the reported vulnerability.
|
|
"trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.
|
|
"violatingResource": { # Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. # Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.
|
|
"contentType": "A String", # The MIME type of this resource.
|
|
"resourceUrl": "A String", # URL of this violating resource.
|
|
},
|
|
"vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers.
|
|
"headers": [ # List of vulnerable headers.
|
|
{ # Describes a HTTP Header.
|
|
"name": "A String", # Header name.
|
|
"value": "A String", # Header value.
|
|
},
|
|
],
|
|
"missingHeaders": [ # List of missing headers.
|
|
{ # Describes a HTTP Header.
|
|
"name": "A String", # Header name.
|
|
"value": "A String", # Header value.
|
|
},
|
|
],
|
|
},
|
|
"vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found to be vulnerable.
|
|
"parameterNames": [ # The vulnerable parameter names.
|
|
"A String",
|
|
],
|
|
},
|
|
"xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any.
|
|
"attackVector": "A String", # The attack vector of the payload triggering this XSS.
|
|
"errorMessage": "A String", # An error message generated by a javascript breakage.
|
|
"stackTraces": [ # Stack traces leading to the point where the XSS occurred.
|
|
"A String",
|
|
],
|
|
"storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS.
|
|
},
|
|
"xxe": { # Information reported for an XXE. # Output only. An addon containing information reported for an XXE, if any.
|
|
"payloadLocation": "A String", # Location within the request where the payload was placed.
|
|
"payloadValue": "A String", # The XML string that triggered the XXE vulnerability. Non-payload values might be redacted.
|
|
},
|
|
}</pre>
|
|
</div>
|
|
|
|
<div class="method">
|
|
<code class="details" id="list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
|
|
<pre>List Findings under a given ScanRun.
|
|
|
|
Args:
|
|
parent: string, Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. (required)
|
|
filter: string, The filter expression. The expression must be in the format: . Supported field: 'finding_type'. Supported operator: '='.
|
|
pageSize: integer, The maximum number of Findings to return, can be limited by server. If not specified or not positive, the implementation will select a reasonable value.
|
|
pageToken: string, A token identifying a page of results to be returned. This should be a `next_page_token` value returned from a previous List request. If unspecified, the first page of results is returned.
|
|
x__xgafv: string, V1 error format.
|
|
Allowed values
|
|
1 - v1 error format
|
|
2 - v2 error format
|
|
|
|
Returns:
|
|
An object of the form:
|
|
|
|
{ # Response for the `ListFindings` method.
|
|
"findings": [ # The list of Findings returned.
|
|
{ # A Finding resource represents a vulnerability instance identified during a ScanRun.
|
|
"body": "A String", # Output only. The body of the request that triggered the vulnerability.
|
|
"description": "A String", # Output only. The description of the vulnerability.
|
|
"finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected.
|
|
"findingType": "A String", # Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings
|
|
"form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML form, if any.
|
|
"actionUri": "A String", # ! The URI where to send the form when it's submitted.
|
|
"fields": [ # ! The names of form fields related to the vulnerability.
|
|
"A String",
|
|
],
|
|
},
|
|
"frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.
|
|
"fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.
|
|
"httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in uppercase.
|
|
"name": "A String", # Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.
|
|
"outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries.
|
|
"learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library.
|
|
"A String",
|
|
],
|
|
"libraryName": "A String", # The name of the outdated library.
|
|
"version": "A String", # The version number.
|
|
},
|
|
"reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.
|
|
"severity": "A String", # Output only. The severity level of the reported vulnerability.
|
|
"trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.
|
|
"violatingResource": { # Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. # Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.
|
|
"contentType": "A String", # The MIME type of this resource.
|
|
"resourceUrl": "A String", # URL of this violating resource.
|
|
},
|
|
"vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers.
|
|
"headers": [ # List of vulnerable headers.
|
|
{ # Describes a HTTP Header.
|
|
"name": "A String", # Header name.
|
|
"value": "A String", # Header value.
|
|
},
|
|
],
|
|
"missingHeaders": [ # List of missing headers.
|
|
{ # Describes a HTTP Header.
|
|
"name": "A String", # Header name.
|
|
"value": "A String", # Header value.
|
|
},
|
|
],
|
|
},
|
|
"vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found to be vulnerable.
|
|
"parameterNames": [ # The vulnerable parameter names.
|
|
"A String",
|
|
],
|
|
},
|
|
"xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any.
|
|
"attackVector": "A String", # The attack vector of the payload triggering this XSS.
|
|
"errorMessage": "A String", # An error message generated by a javascript breakage.
|
|
"stackTraces": [ # Stack traces leading to the point where the XSS occurred.
|
|
"A String",
|
|
],
|
|
"storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS.
|
|
},
|
|
"xxe": { # Information reported for an XXE. # Output only. An addon containing information reported for an XXE, if any.
|
|
"payloadLocation": "A String", # Location within the request where the payload was placed.
|
|
"payloadValue": "A String", # The XML string that triggered the XXE vulnerability. Non-payload values might be redacted.
|
|
},
|
|
},
|
|
],
|
|
"nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more results in the list.
|
|
}</pre>
|
|
</div>
|
|
|
|
<div class="method">
|
|
<code class="details" id="list_next">list_next(previous_request, previous_response)</code>
|
|
<pre>Retrieves the next page of results.
|
|
|
|
Args:
|
|
previous_request: The request for the previous page. (required)
|
|
previous_response: The response from the request for the previous page. (required)
|
|
|
|
Returns:
|
|
A request object that you can call 'execute()' on to request the next
|
|
page. Returns None if there are no more items in the collection.
|
|
</pre>
|
|
</div>
|
|
|
|
</body></html> |