REST Resource: projects.scanConfigs.scanRuns.findings

Resource: Finding

A Finding resource represents a vulnerability instance identified during a ScanRun.

JSON representation
{
  "name": string,
  "findingType": string,
  "severity": enum (Severity),
  "httpMethod": string,
  "fuzzedUrl": string,
  "body": string,
  "description": string,
  "reproductionUrl": string,
  "frameUrl": string,
  "finalUrl": string,
  "trackingId": string,
  "form": {
    object (Form)
  },
  "outdatedLibrary": {
    object (OutdatedLibrary)
  },
  "violatingResource": {
    object (ViolatingResource)
  },
  "vulnerableHeaders": {
    object (VulnerableHeaders)
  },
  "vulnerableParameters": {
    object (VulnerableParameters)
  },
  "xss": {
    object (Xss)
  },
  "xxe": {
    object (Xxe)
  }
}
Fields
name

string

Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.

findingType

string

Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings

severity

enum (Severity)

Output only. The severity level of the reported vulnerability.

httpMethod

string

Output only. The http method of the request that triggered the vulnerability, in uppercase.

fuzzedUrl

string

Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.

body

string

Output only. The body of the request that triggered the vulnerability.

description

string

Output only. The description of the vulnerability.

reproductionUrl

string

Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.

frameUrl

string

Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.

finalUrl

string

Output only. The URL where the browser lands when the vulnerability is detected.

trackingId

string

Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.

form

object (Form)

Output only. An addon containing information reported for a vulnerability with an HTML form, if any.

outdatedLibrary

object (OutdatedLibrary)

Output only. An addon containing information about outdated libraries.

violatingResource

object (ViolatingResource)

Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.

vulnerableHeaders

object (VulnerableHeaders)

Output only. An addon containing information about vulnerable or missing HTTP headers.

vulnerableParameters

object (VulnerableParameters)

Output only. An addon containing information about request parameters which were found to be vulnerable.

xss

object (Xss)

Output only. An addon containing information reported for an XSS, if any.

xxe

object (Xxe)

Output only. An addon containing information reported for an XXE, if any.

Severity

The severity level of a vulnerability.

Enums
SEVERITY_UNSPECIFIED No severity specified. The default value.
CRITICAL Critical severity.
HIGH High severity.
MEDIUM Medium severity.
LOW Low severity.

Form

! Information about a vulnerability with an HTML.

JSON representation
{
  "actionUri": string,
  "fields": [
    string
  ]
}
Fields
actionUri

string

! The URI where to send the form when it's submitted.

fields[]

string

! The names of form fields related to the vulnerability.

OutdatedLibrary

Information reported for an outdated library.

JSON representation
{
  "libraryName": string,
  "version": string,
  "learnMoreUrls": [
    string
  ]
}
Fields
libraryName

string

The name of the outdated library.

version

string

The version number.

learnMoreUrls[]

string

URLs to learn more information about the vulnerabilities in the library.

ViolatingResource

Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.

JSON representation
{
  "contentType": string,
  "resourceUrl": string
}
Fields
contentType

string

The MIME type of this resource.

resourceUrl

string

URL of this violating resource.

VulnerableHeaders

Information about vulnerable or missing HTTP Headers.

JSON representation
{
  "headers": [
    {
      object (Header)
    }
  ],
  "missingHeaders": [
    {
      object (Header)
    }
  ]
}
Fields
headers[]

object (Header)

List of vulnerable headers.

missingHeaders[]

object (Header)

List of missing headers.

VulnerableParameters

Information about vulnerable request parameters.

JSON representation
{
  "parameterNames": [
    string
  ]
}
Fields
parameterNames[]

string

The vulnerable parameter names.

Xss

Information reported for an XSS.

JSON representation
{
  "stackTraces": [
    string
  ],
  "errorMessage": string,
  "attackVector": enum (AttackVector),
  "storedXssSeedingUrl": string
}
Fields
stackTraces[]

string

Stack traces leading to the point where the XSS occurred.

errorMessage

string

An error message generated by a javascript breakage.

attackVector

enum (AttackVector)

The attack vector of the payload triggering this XSS.

storedXssSeedingUrl

string

The reproduction url for the seeding POST request of a Stored XSS.

AttackVector

Types of XSS attack vector.

Enums
ATTACK_VECTOR_UNSPECIFIED Unknown attack vector.
LOCAL_STORAGE The attack comes from fuzzing the browser's localStorage.
SESSION_STORAGE The attack comes from fuzzing the browser's sessionStorage.
WINDOW_NAME The attack comes from fuzzing the window's name property.
REFERRER The attack comes from fuzzing the referrer property.
FORM_INPUT The attack comes from fuzzing an input element.
COOKIE The attack comes from fuzzing the browser's cookies.
POST_MESSAGE The attack comes from hijacking the post messaging mechanism.
GET_PARAMETERS The attack comes from fuzzing parameters in the url.
URL_FRAGMENT The attack comes from fuzzing the fragment in the url.
HTML_COMMENT The attack comes from fuzzing the HTML comments.
POST_PARAMETERS The attack comes from fuzzing the POST parameters.
PROTOCOL The attack comes from fuzzing the protocol.
STORED_XSS The attack comes from the server side and is stored.
SAME_ORIGIN The attack is a Same-Origin Method Execution attack via a GET parameter.
USER_CONTROLLABLE_URL The attack payload is received from a third-party host via a URL that is user-controllable

Xxe

Information reported for an XXE.

JSON representation
{
  "payloadValue": string,
  "payloadLocation": enum (Location)
}
Fields
payloadValue

string

The XML string that triggered the XXE vulnerability. Non-payload values might be redacted.

payloadLocation

enum (Location)

Location within the request where the payload was placed.

Location

Locations within a request where XML was substituted.

Enums
LOCATION_UNSPECIFIED Unknown Location.
COMPLETE_REQUEST_BODY The XML payload replaced the complete request body.

Methods

get

Gets a Finding.

list

List Findings under a given ScanRun.