Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

GraphQL Scan Query Issues return null values

Peter | Last updated: Jun 05, 2020 06:54PM UTC

I'm trying to grab scan results and include issue information. However, any details about the issue which explain what was found come back null, including description_html, evidence, remediation_html. I've tried for multiple scans. In contrast, querying issues directly does return the information (though evidence always seems to return an empty array, at least for HttpInteraction). Here's the GraphQL request: curl -X POST http://localhost:8090/graphql/v1/ -H 'Authorization: <TOKEN>' -d '{"query": "{ scan(id: 64) { id, start_time, issue_types { type_index, number_of_children, severity, confidence } issues(count: 10, start: 0, type_index: 2097920) { path, severity, description_html, remediation_html, confidence, evidence { ... on DescriptiveEvidence { title } ... on HttpInteraction { title } } } } }" }' -H 'Content-Type: application/json' Response (truncated): { "data" : { "scan" : { "id" : "64", "issues" : [ { "confidence" : "certain", "severity" : "high", "description_html" : null, "path" : "/products", "evidence" : null, "remediation_html" : null } ], "issue_types" : [ { "number_of_children" : 2, "type_index" : "1049088", "severity" : "high", "confidence" : "certain" },

Uthman, PortSwigger Agent | Last updated: Jun 08, 2020 11:27AM UTC

Thank you for reporting this. I have replicated this and reported it to our development team. I will keep you updated on any progress. Are you attempting to query for all the details for a specific scan? (i.e. exactly how it appears in the Enterprise UI). Have you tried including description_html in the DescriptiveEvidence part of your query?

Peter | Last updated: Jun 08, 2020 03:01PM UTC

Hi Uthman, I tried querying a few different options for evidence and it always comes back null. With regards to what I'm querying, I'd love to be able to pull all the issues from a scan in one call like how it appears in the Enterprise UI. However, from what I understand with the graph call, I have to provide the count, start and type_index calling for issues which means I can't, unless that accepts an array of indexes? There was no reference to these parameters in the documentation that I saw, I only got the syntax from the error messages being returned.

Uthman, PortSwigger Agent | Last updated: Jun 08, 2020 03:33PM UTC

Hi Peter, You should be able to retrieve all the issue types for a scan using the below: query GetScan { scan(id: 34) { issue_types(severities: [], novelties: [], confidences: []) { type_index confidence severity number_of_children } } }

Peter | Last updated: Jun 08, 2020 09:07PM UTC

Thanks - yup, I can already grab all the issue_types but I want to grab all the issues and from what I can tell I can't, I have to provide the specific type_index: {"query": "{ scan(id: 64) { id, start_time, issues(count: 10, start: 0, type_index:2097920) { path, severity, description_html, remediation_html, confidence } } }" }

Peter | Last updated: Jun 08, 2020 09:07PM UTC

Thanks - yup, I can already grab all the issue_types but I want to grab all the issues and from what I can tell I can't, I have to provide the specific type_index: {"query": "{ scan(id: 64) { id, start_time, issues(count: 10, start: 0, type_index:2097920) { path, severity, description_html, remediation_html, confidence } } }" }

Uthman, PortSwigger Agent | Last updated: Jun 09, 2020 09:34AM UTC

Thanks for that information - you are right. It looks like you have the option to retrieve all type indexes or issues for a specific type index but not all issues for a scan. I will raise a feature request for you and let you know when this has been added to the API.

Uthman, PortSwigger Agent | Last updated: Jul 23, 2020 03:05PM UTC

Hi Peter, We have made some changes to the GraphQL API that should have resolved the issues you were facing. You should now be able to retrieve all issues for a scan. Please can you double-check that this is working as expected and let me know if you encounter any issues?

Daniel | Last updated: Mar 10, 2021 03:31PM UTC

Hi, I would like to report some issues similar to this post. I need to get the issues (all the issues) for a scan, my query is the next: query GetScan ($id: ID!){ scan(id: $id){ id status issues(count: 10, start: 0, severities:[high, medium]){ issue_type { name } serial_number path origin confidence severity description_html } } } ------------------------------------------------------------------------- Response { "issue_type": null, "serial_number": "6538471311210608640", "path": "/default.jsp", "origin": "[webapp]", "confidence": "certain", "severity": "high", "description_html": null }, I think there are some problems with the API GraphQL because that query return some null values, in this case "description_html" and "issue_type". I need to get the issue type and more information about all the issues in a scan. if there is some error in my query tell me, because the API doesn´t give me any error, only null values.

Uthman, PortSwigger Agent | Last updated: Mar 11, 2021 11:53AM UTC

Thanks, Daniel. We have an issue in our backlog to address this. For now, you will need to return all issue_type_groups for a scan, for example: query ScanInfo { scan(id: 20) { issue_type_groups(severities: [], confidences: [], novelties: []) { issue_type { type_index name } first_child_serial_number } } } Once you have the serial number for an issue, you will need to use the issue object to retrieve further information about it. For example: query Issue { issue(scan_id: 20, serial_number: 8090795065173809152) { issue_type { type_index name description_html remediation_html vulnerability_classifications_html references_html } confidence display_confidence serial_number description_html remediation_html severity path origin novelty evidence { ... on Request { request_index request_count request_segments { ... on DataSegment { data_html } ... on HighlightSegment { highlight_html } ... on SnipSegment { snip_length } } } ... on Response { response_index response_count response_segments { ... on DataSegment { data_html } ... on HighlightSegment { highlight_html } ... on SnipSegment { snip_length } } } ... on HttpInteraction { title description_html request { ... on DataSegment { data_html } ... on HighlightSegment { highlight_html } ... on SnipSegment { snip_length } } response { ... on DataSegment { data_html } ... on HighlightSegment { highlight_html } ... on SnipSegment { snip_length } } } ... on DescriptiveEvidence { title description_html } } } } Alternatively, you could generate the full scan report instead (https://portswigger.net/burp/extensibility/enterprise/graphql-api/ScanReport.html).

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.