Ctrl K

Get Vulnerability Finding

Published 4 days ago

Retrieve a single vulnerability finding by its ID, including the CVE details and the affected asset.

Script wiz Verified

Use in Windmill

The script

Submitted by hugo989 Typescript (fetch-only)

Verified 5 days ago

All edits

Permalink

//native

/**
 * Get Vulnerability Finding
 * Retrieve a single vulnerability finding by its ID, including the CVE details and the affected asset.
 */
export async function main(auth: RT.Wiz, finding_id: string) {
  const tokenResponse = await fetch(
    auth.auth_url || "https://auth.app.wiz.io/oauth/token",
    {
      method: "POST",
      headers: { "Content-Type": "application/x-www-form-urlencoded" },
      body: new URLSearchParams({
        grant_type: "client_credentials",
        audience: auth.audience || "wiz-api",
        client_id: auth.client_id,
        client_secret: auth.client_secret,
      }),
    }
  )
  if (!tokenResponse.ok) {
    throw new Error(`${tokenResponse.status} ${await tokenResponse.text()}`)
  }
  const { access_token } = (await tokenResponse.json()) as {
    access_token: string
  }

  const query = `
query GetVulnerabilityFinding($id: ID!) {
  vulnerabilityFinding(id: $id) {
    id
    name
    detailedName
    severity: vendorSeverity
    CVSSSeverity
    CVEDescription
    description
    score
    exploitabilityScore
    impactScore
    hasExploit
    hasCisaKevExploit
    status
    vulnerabilityExternalId
    version
    fixedVersion
    detectionMethod
    firstDetectedAt
    lastDetectedAt
    resolvedAt
    resolutionReason
    remediation
    locationPath
    link
    portalUrl
    vulnerableAsset {
      ... on VulnerableAssetBase {
        id
        type
        name
        cloudPlatform
        subscriptionId
        tags
      }
      ... on VulnerableAssetVirtualMachine {
        id
        type
        name
        cloudPlatform
        subscriptionId
        tags
        operatingSystem
      }
      ... on VulnerableAssetServerless {
        id
        type
        name
        cloudPlatform
        subscriptionId
        tags
      }
      ... on VulnerableAssetContainerImage {
        id
        type
        name
        cloudPlatform
        subscriptionId
        tags
      }
      ... on VulnerableAssetContainer {
        id
        type
        name
        cloudPlatform
        subscriptionId
        tags
      }
    }
  }
}`

  const response = await fetch(auth.api_endpoint, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${access_token}`,
      "Content-Type": "application/json",
      Accept: "application/json",
    },
    body: JSON.stringify({
      query,
      variables: { id: finding_id },
    }),
  })

  if (!response.ok) {
    throw new Error(`${response.status} ${await response.text()}`)
  }

  const result = (await response.json()) as { data?: any; errors?: any }
  if (result.errors) {
    throw new Error(JSON.stringify(result.errors))
  }
  return result.data.vulnerabilityFinding
}


`1`	`//native`
`2`
`3`	`/**`
`4`	`* Get Vulnerability Finding`
`5`	`* Retrieve a single vulnerability finding by its ID, including the CVE details and the affected asset.`
`6`	`*/`
`7`	`export async function main(auth: RT.Wiz, finding_id: string) {`
`8`	`const tokenResponse = await fetch(`
`9`	`auth.auth_url \|\| "https://auth.app.wiz.io/oauth/token",`
`10`	`{`
`11`	`method: "POST",`
`12`	`headers: { "Content-Type": "application/x-www-form-urlencoded" },`
`13`	`body: new URLSearchParams({`
`14`	`grant_type: "client_credentials",`
`15`	`audience: auth.audience \|\| "wiz-api",`
`16`	`client_id: auth.client_id,`
`17`	`client_secret: auth.client_secret,`
`18`	`}),`
`19`	`}`
`20`	`)`
`21`	`if (!tokenResponse.ok) {`
`22`	throw new Error(`${tokenResponse.status} ${await tokenResponse.text()}`)
`23`	`}`
`24`	`const { access_token } = (await tokenResponse.json()) as {`
`25`	`access_token: string`
`26`	`}`
`27`
`28`	const query = `
`29`	`query GetVulnerabilityFinding($id: ID!) {`
`30`	`vulnerabilityFinding(id: $id) {`
`31`	`id`
`32`	`name`
`33`	`detailedName`
`34`	`severity: vendorSeverity`
`35`	`CVSSSeverity`
`36`	`CVEDescription`
`37`	`description`
`38`	`score`
`39`	`exploitabilityScore`
`40`	`impactScore`
`41`	`hasExploit`
`42`	`hasCisaKevExploit`
`43`	`status`
`44`	`vulnerabilityExternalId`
`45`	`version`
`46`	`fixedVersion`
`47`	`detectionMethod`
`48`	`firstDetectedAt`
`49`	`lastDetectedAt`
`50`	`resolvedAt`
`51`	`resolutionReason`
`52`	`remediation`
`53`	`locationPath`
`54`	`link`
`55`	`portalUrl`
`56`	`vulnerableAsset {`
`57`	`... on VulnerableAssetBase {`
`58`	`id`
`59`	`type`
`60`	`name`
`61`	`cloudPlatform`
`62`	`subscriptionId`
`63`	`tags`
`64`	`}`
`65`	`... on VulnerableAssetVirtualMachine {`
`66`	`id`
`67`	`type`
`68`	`name`
`69`	`cloudPlatform`
`70`	`subscriptionId`
`71`	`tags`
`72`	`operatingSystem`
`73`	`}`
`74`	`... on VulnerableAssetServerless {`
`75`	`id`
`76`	`type`
`77`	`name`
`78`	`cloudPlatform`
`79`	`subscriptionId`
`80`	`tags`
`81`	`}`
`82`	`... on VulnerableAssetContainerImage {`
`83`	`id`
`84`	`type`
`85`	`name`
`86`	`cloudPlatform`
`87`	`subscriptionId`
`88`	`tags`
`89`	`}`
`90`	`... on VulnerableAssetContainer {`
`91`	`id`
`92`	`type`
`93`	`name`
`94`	`cloudPlatform`
`95`	`subscriptionId`
`96`	`tags`
`97`	`}`
`98`	`}`
`99`	`}`
`100`	}`
`101`
`102`	`const response = await fetch(auth.api_endpoint, {`
`103`	`method: "POST",`
`104`	`headers: {`
`105`	Authorization: `Bearer ${access_token}`,
`106`	`"Content-Type": "application/json",`
`107`	`Accept: "application/json",`
`108`	`},`
`109`	`body: JSON.stringify({`
`110`	`query,`
`111`	`variables: { id: finding_id },`
`112`	`}),`
`113`	`})`
`114`
`115`	`if (!response.ok) {`
`116`	throw new Error(`${response.status} ${await response.text()}`)
`117`	`}`
`118`
`119`	`const result = (await response.json()) as { data?: any; errors?: any }`
`120`	`if (result.errors) {`
`121`	`throw new Error(JSON.stringify(result.errors))`
`122`	`}`
`123`	`return result.data.vulnerabilityFinding`
`124`	`}`
`125`