1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="websecurityscanner_v1.html">Web Security Scanner API</a> . <a href="websecurityscanner_v1.projects.html">projects</a> . <a href="websecurityscanner_v1.projects.scanConfigs.html">scanConfigs</a> . <a href="websecurityscanner_v1.projects.scanConfigs.scanRuns.html">scanRuns</a> . <a href="websecurityscanner_v1.projects.scanConfigs.scanRuns.findings.html">findings</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#close">close()</a></code></p> 79<p class="firstline">Close httplib2 connections.</p> 80<p class="toc_element"> 81 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 82<p class="firstline">Gets a Finding.</p> 83<p class="toc_element"> 84 <code><a href="#list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p> 85<p class="firstline">List Findings under a given ScanRun.</p> 86<p class="toc_element"> 87 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 88<p class="firstline">Retrieves the next page of results.</p> 89<h3>Method Details</h3> 90<div class="method"> 91 <code class="details" id="close">close()</code> 92 <pre>Close httplib2 connections.</pre> 93</div> 94 95<div class="method"> 96 <code class="details" id="get">get(name, x__xgafv=None)</code> 97 <pre>Gets a Finding. 98 99Args: 100 name: string, Required. The resource name of the Finding to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'. (required) 101 x__xgafv: string, V1 error format. 102 Allowed values 103 1 - v1 error format 104 2 - v2 error format 105 106Returns: 107 An object of the form: 108 109 { # A Finding resource represents a vulnerability instance identified during a ScanRun. 110 "body": "A String", # Output only. The body of the request that triggered the vulnerability. 111 "description": "A String", # Output only. The description of the vulnerability. 112 "finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected. 113 "findingType": "A String", # Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings 114 "form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML form, if any. 115 "actionUri": "A String", # ! The URI where to send the form when it's submitted. 116 "fields": [ # ! The names of form fields related to the vulnerability. 117 "A String", 118 ], 119 }, 120 "frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported. 121 "fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability. 122 "httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in uppercase. 123 "name": "A String", # Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system. 124 "outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries. 125 "learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library. 126 "A String", 127 ], 128 "libraryName": "A String", # The name of the outdated library. 129 "version": "A String", # The version number. 130 }, 131 "reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability. 132 "severity": "A String", # Output only. The severity level of the reported vulnerability. 133 "trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns. 134 "violatingResource": { # Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. # Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. 135 "contentType": "A String", # The MIME type of this resource. 136 "resourceUrl": "A String", # URL of this violating resource. 137 }, 138 "vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers. 139 "headers": [ # List of vulnerable headers. 140 { # Describes a HTTP Header. 141 "name": "A String", # Header name. 142 "value": "A String", # Header value. 143 }, 144 ], 145 "missingHeaders": [ # List of missing headers. 146 { # Describes a HTTP Header. 147 "name": "A String", # Header name. 148 "value": "A String", # Header value. 149 }, 150 ], 151 }, 152 "vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found to be vulnerable. 153 "parameterNames": [ # The vulnerable parameter names. 154 "A String", 155 ], 156 }, 157 "xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any. 158 "attackVector": "A String", # The attack vector of the payload triggering this XSS. 159 "errorMessage": "A String", # An error message generated by a javascript breakage. 160 "stackTraces": [ # Stack traces leading to the point where the XSS occurred. 161 "A String", 162 ], 163 "storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS. 164 }, 165 "xxe": { # Information reported for an XXE. # Output only. An addon containing information reported for an XXE, if any. 166 "payloadLocation": "A String", # Location within the request where the payload was placed. 167 "payloadValue": "A String", # The XML string that triggered the XXE vulnerability. Non-payload values might be redacted. 168 }, 169}</pre> 170</div> 171 172<div class="method"> 173 <code class="details" id="list">list(parent, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code> 174 <pre>List Findings under a given ScanRun. 175 176Args: 177 parent: string, Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. (required) 178 filter: string, The filter expression. The expression must be in the format: . Supported field: 'finding_type'. Supported operator: '='. 179 pageSize: integer, The maximum number of Findings to return, can be limited by server. If not specified or not positive, the implementation will select a reasonable value. 180 pageToken: string, A token identifying a page of results to be returned. This should be a `next_page_token` value returned from a previous List request. If unspecified, the first page of results is returned. 181 x__xgafv: string, V1 error format. 182 Allowed values 183 1 - v1 error format 184 2 - v2 error format 185 186Returns: 187 An object of the form: 188 189 { # Response for the `ListFindings` method. 190 "findings": [ # The list of Findings returned. 191 { # A Finding resource represents a vulnerability instance identified during a ScanRun. 192 "body": "A String", # Output only. The body of the request that triggered the vulnerability. 193 "description": "A String", # Output only. The description of the vulnerability. 194 "finalUrl": "A String", # Output only. The URL where the browser lands when the vulnerability is detected. 195 "findingType": "A String", # Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings 196 "form": { # ! Information about a vulnerability with an HTML. # Output only. An addon containing information reported for a vulnerability with an HTML form, if any. 197 "actionUri": "A String", # ! The URI where to send the form when it's submitted. 198 "fields": [ # ! The names of form fields related to the vulnerability. 199 "A String", 200 ], 201 }, 202 "frameUrl": "A String", # Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported. 203 "fuzzedUrl": "A String", # Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability. 204 "httpMethod": "A String", # Output only. The http method of the request that triggered the vulnerability, in uppercase. 205 "name": "A String", # Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system. 206 "outdatedLibrary": { # Information reported for an outdated library. # Output only. An addon containing information about outdated libraries. 207 "learnMoreUrls": [ # URLs to learn more information about the vulnerabilities in the library. 208 "A String", 209 ], 210 "libraryName": "A String", # The name of the outdated library. 211 "version": "A String", # The version number. 212 }, 213 "reproductionUrl": "A String", # Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability. 214 "severity": "A String", # Output only. The severity level of the reported vulnerability. 215 "trackingId": "A String", # Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns. 216 "violatingResource": { # Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. # Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc. 217 "contentType": "A String", # The MIME type of this resource. 218 "resourceUrl": "A String", # URL of this violating resource. 219 }, 220 "vulnerableHeaders": { # Information about vulnerable or missing HTTP Headers. # Output only. An addon containing information about vulnerable or missing HTTP headers. 221 "headers": [ # List of vulnerable headers. 222 { # Describes a HTTP Header. 223 "name": "A String", # Header name. 224 "value": "A String", # Header value. 225 }, 226 ], 227 "missingHeaders": [ # List of missing headers. 228 { # Describes a HTTP Header. 229 "name": "A String", # Header name. 230 "value": "A String", # Header value. 231 }, 232 ], 233 }, 234 "vulnerableParameters": { # Information about vulnerable request parameters. # Output only. An addon containing information about request parameters which were found to be vulnerable. 235 "parameterNames": [ # The vulnerable parameter names. 236 "A String", 237 ], 238 }, 239 "xss": { # Information reported for an XSS. # Output only. An addon containing information reported for an XSS, if any. 240 "attackVector": "A String", # The attack vector of the payload triggering this XSS. 241 "errorMessage": "A String", # An error message generated by a javascript breakage. 242 "stackTraces": [ # Stack traces leading to the point where the XSS occurred. 243 "A String", 244 ], 245 "storedXssSeedingUrl": "A String", # The reproduction url for the seeding POST request of a Stored XSS. 246 }, 247 "xxe": { # Information reported for an XXE. # Output only. An addon containing information reported for an XXE, if any. 248 "payloadLocation": "A String", # Location within the request where the payload was placed. 249 "payloadValue": "A String", # The XML string that triggered the XXE vulnerability. Non-payload values might be redacted. 250 }, 251 }, 252 ], 253 "nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more results in the list. 254}</pre> 255</div> 256 257<div class="method"> 258 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 259 <pre>Retrieves the next page of results. 260 261Args: 262 previous_request: The request for the previous page. (required) 263 previous_response: The response from the request for the previous page. (required) 264 265Returns: 266 A request object that you can call 'execute()' on to request the next 267 page. Returns None if there are no more items in the collection. 268 </pre> 269</div> 270 271</body></html>