Object
AuditItem
An item that represents a distinct location on the website that needs to be audited. Multiple audit items can be identified for the same URL. There are various factors that determine whether multiple audit items are created. For example, there could be a separate audit item for each combination of insertion points, parameters, and headers in the request. Alternatively, separate audit items might be created based on the state of the application at the time when the request was sent, or the path that the crawler took through the application to arrive at this location.
Fields
id():
ID!
The unique identifier of the audit item.
host():
String!
The hostname of the URL where the audit item was found.
path():
String!
The URL path where the audit item was found.
method():
String
The HTTP method of the audit item.
error_types():
[ErrorType!]
A list of errors that occurred when auditing this item.
issue_counts():
IssueCounts!
The number of issues found, sorted by their severity level.
number_of_requests():
Int!
The number of requests sent to an audit item during the auditing phase.
number_of_errors():
Int!
The number of errors that occurred when auditing this item.
number_of_insertion_points():
Int!
The number of insertion points identified for this audit item. An insertion point represents a piece of data in a request that might be specifically processed server-side. These can be parameter values, HTTP headers, cookie values, and so on. In the case of requests containing XML or JSON data, the entire body could even be an insertion point. Burp Scanner automatically identifies insertion points and injects payloads into them to probe for vulnerable behavior.
issue_type_groups(severities: [Severity], confidences: [Confidence], novelties: [Novelty], accepted_risks: [Boolean]):
[IssueTypeGroup!]
A list of issues that were found for this audit item, grouped by their issue type.
Example
Query
query GetAuditItem ($scanId: ID!, $auditItemId: ID!) {
scan(id: $scanId) {
audit_item(id: $auditItemId) {
id
host
path
number_of_requests
number_of_errors
number_of_insertion_points
error_types
issue_counts {
total
high {
total
certain
firm
tentative
}
medium {
total
certain
firm
tentative
}
low {
total
certain
firm
tentative
}
info {
total
certain
firm
tentative
}
}
issue_type_groups
{
issue_type {
type_index
name
}
confidence
severity
number_of_children
first_child_serial_number
novelty
jira_ticket_count
trello_card_count
}
}
}
}
Variables
{
"scanId": "2",
"auditItemId": "4"
}
Result
{
"data": {
"scan": {
"audit_item": {
"id": "4",
"host": null,
"path": null,
"number_of_requests": null,
"number_of_errors": null,
"number_of_insertion_points": null,
"error_types": [
],
"issue_counts": {
"total": null,
"high": {
"total": null,
"certain": null,
"firm": null,
"tentative": null
},
"medium": {
"total": null,
"certain": null,
"firm": null,
"tentative": null
},
"low": {
"total": null,
"certain": null,
"firm": null,
"tentative": null
},
"info": {
"total": null,
"certain": null,
"firm": null,
"tentative": null
}
},
"issue_type_groups": [
{
"issue_type": {
"type_index": null,
"name": null
},
"confidence": null,
"severity": null,
"number_of_children": null,
"first_child_serial_number": null,
"novelty": null,
"jira_ticket_count": null,
"trello_card_count": null
}
]
}
}
}
}