Object
AuditItem
An item that represents a distinct location on the website that needs to be audited. Multiple audit items can be identified for the same URL. There are various factors that determine whether multiple audit items are created. For example, there could be a separate audit item for each combination of insertion points, parameters, and headers in the request. Alternatively, separate audit items might be created based on the state of the application at the time when the request was sent, or the path that the crawler took through the application to arrive at this location.
Fields
error_types():
[ErrorType!]
A list of errors that occurred when auditing this item.
host():
String!
The hostname of the URL where the audit item was found.
id():
ID!
The unique identifier of the audit item.
issue_counts():
IssueCounts!
The number of issues found, sorted by their severity level.
issue_type_groups(severities: [Severity], confidences: [Confidence], novelties: [Novelty], accepted_risks: [Boolean]):
[IssueTypeGroup!]
A list of issues that were found for this audit item, grouped by their issue type.
method():
String
The HTTP method of the audit item.
number_of_errors():
Int!
The number of errors that occurred when auditing this item.
number_of_insertion_points():
Int!
The number of insertion points identified for this audit item. An insertion point represents a piece of
data in a request that might be specifically processed server-side. These can be parameter values, HTTP
headers, cookie values, and so on. In the case of requests containing XML or JSON data, the entire body
could even be an insertion point. Burp Scanner automatically identifies insertion points and injects
payloads into them to probe for vulnerable behavior.
number_of_requests():
Int!
The number of requests sent to an audit item during the auditing phase.
path():
String!
The URL path where the audit item was found.
Example
Query
query GetAuditItem ($scanId: ID!, $auditItemId: ID!) {
scan(id: $scanId) {
audit_item(id: $auditItemId) {
id
host
path
number_of_requests
number_of_errors
number_of_insertion_points
error_types
issue_counts {
total
high {
total
certain
firm
tentative
}
medium {
total
certain
firm
tentative
}
low {
total
certain
firm
tentative
}
info {
total
certain
firm
tentative
}
}
issue_type_groups
{
issue_type {
type_index
name
}
confidence
severity
number_of_children
first_child_serial_number
novelty
jira_ticket_count
trello_card_count
}
}
}
}
Variables
{
"scanId": "2",
"auditItemId": "4"
}
Result
{
"data": {
"scan": {
"audit_item": {
"id": "4",
"host": null,
"path": null,
"number_of_requests": null,
"number_of_errors": null,
"number_of_insertion_points": null,
"error_types": [
],
"issue_counts": {
"total": null,
"high": {
"total": null,
"certain": null,
"firm": null,
"tentative": null
},
"medium": {
"total": null,
"certain": null,
"firm": null,
"tentative": null
},
"low": {
"total": null,
"certain": null,
"firm": null,
"tentative": null
},
"info": {
"total": null,
"certain": null,
"firm": null,
"tentative": null
}
},
"issue_type_groups": [
{
"issue_type": {
"type_index": null,
"name": null
},
"confidence": null,
"severity": null,
"number_of_children": null,
"first_child_serial_number": null,
"novelty": null,
"jira_ticket_count": null,
"trello_card_count": null
}
]
}
}
}
}