# Scripts ## List Page Shield scripts `client.PageShield.Scripts.List(ctx, params) (*SinglePage[Script], error)` **get** `/zones/{zone_id}/page_shield/scripts` Lists all scripts detected by Page Shield. ### Parameters - `params ScriptListParams` - `ZoneID param.Field[string]` Path param: Identifier - `Direction param.Field[ScriptListParamsDirection]` Query param: The direction used to sort returned scripts. - `const ScriptListParamsDirectionAsc ScriptListParamsDirection = "asc"` - `const ScriptListParamsDirectionDesc ScriptListParamsDirection = "desc"` - `ExcludeCDNCGI param.Field[bool]` Query param: When true, excludes scripts seen in a `/cdn-cgi` path from the returned scripts. The default value is true. - `ExcludeDuplicates param.Field[bool]` Query param: When true, excludes duplicate scripts. We consider a script duplicate of another if their javascript content matches and they share the same url host and zone hostname. In such case, we return the most recent script for the URL host and zone hostname combination. - `ExcludeURLs param.Field[string]` Query param: Excludes scripts whose URL contains one of the URL-encoded URLs separated by commas. - `Export param.Field[ScriptListParamsExport]` Query param: Export the list of scripts as a file, limited to 50000 entries. - `const ScriptListParamsExportCsv ScriptListParamsExport = "csv"` - `Hosts param.Field[string]` Query param: Includes scripts that match one or more URL-encoded hostnames separated by commas. Wildcards are supported at the start and end of each hostname to support starts with, ends with and contains. If no wildcards are used, results will be filtered by exact match - `OrderBy param.Field[ScriptListParamsOrderBy]` Query param: The field used to sort returned scripts. - `const ScriptListParamsOrderByFirstSeenAt ScriptListParamsOrderBy = "first_seen_at"` - `const ScriptListParamsOrderByLastSeenAt ScriptListParamsOrderBy = "last_seen_at"` - `Page param.Field[string]` Query param: The current page number of the paginated results. We additionally support a special value "all". When "all" is used, the API will return all the scripts with the applied filters in a single page. This feature is best-effort and it may only work for zones with a low number of scripts - `PageURL param.Field[string]` Query param: Includes scripts that match one or more page URLs (separated by commas) where they were last seen Wildcards are supported at the start and end of each page URL to support starts with, ends with and contains. If no wildcards are used, results will be filtered by exact match - `PerPage param.Field[float64]` Query param: The number of results per page. - `PrioritizeMalicious param.Field[bool]` Query param: When true, malicious scripts appear first in the returned scripts. - `Status param.Field[string]` Query param: Filters the returned scripts using a comma-separated list of scripts statuses. Accepted values: `active`, `infrequent`, and `inactive`. The default value is `active`. - `URLs param.Field[string]` Query param: Includes scripts whose URL contain one or more URL-encoded URLs separated by commas. ### Returns - `type Script struct{…}` - `ID string` Identifier - `AddedAt Time` - `FirstSeenAt Time` - `Host string` - `LastSeenAt Time` - `URL string` - `URLContainsCDNCGIPath bool` - `CryptominingScore int64` The cryptomining score of the JavaScript content. - `DataflowScore int64` The dataflow score of the JavaScript content. This field has been deprecated in favour of js_integrity_score. - `DomainReportedMalicious bool` - `FetchedAt string` The timestamp of when the script was last fetched. - `FirstPageURL string` - `Hash string` The computed hash of the analyzed script. - `JSIntegrityScore int64` The integrity score of the JavaScript content. - `MagecartScore int64` The magecart score of the JavaScript content. - `MaliciousDomainCategories []string` - `MaliciousURLCategories []string` - `MalwareScore int64` The malware score of the JavaScript content. - `ObfuscationScore int64` The obfuscation score of the JavaScript content. This field has been deprecated in favour of js_integrity_score. - `PageURLs []string` - `URLReportedMalicious bool` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/page_shield" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) page, err := client.PageShield.Scripts.List(context.TODO(), page_shield.ScriptListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "result": [ { "id": "023e105f4ecef8ad9ca31a8372d0c353", "added_at": "2021-08-18T10:51:10.09615Z", "first_seen_at": "2021-08-18T10:51:08Z", "host": "blog.cloudflare.com", "last_seen_at": "2021-09-02T09:57:54Z", "url": "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js", "url_contains_cdn_cgi_path": false, "cryptomining_score": 1, "dataflow_score": 1, "domain_reported_malicious": false, "fetched_at": "fetched_at", "first_page_url": "blog.cloudflare.com/page", "hash": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "js_integrity_score": 1, "magecart_score": 1, "malicious_domain_categories": [ "Malware" ], "malicious_url_categories": [ "Malware" ], "malware_score": 1, "obfuscation_score": 1, "page_urls": [ "blog.cloudflare.com/page1", "blog.cloudflare.com/page2" ], "url_reported_malicious": false } ], "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000, "total_pages": 100 }, "success": true, "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ] } ``` ## Get a Page Shield script `client.PageShield.Scripts.Get(ctx, scriptID, query) (*ScriptGetResponse, error)` **get** `/zones/{zone_id}/page_shield/scripts/{script_id}` Fetches a script detected by Page Shield by script ID. ### Parameters - `scriptID string` Identifier - `query ScriptGetParams` - `ZoneID param.Field[string]` Identifier ### Returns - `type ScriptGetResponse struct{…}` - `ID string` Identifier - `AddedAt Time` - `FirstSeenAt Time` - `Host string` - `LastSeenAt Time` - `URL string` - `URLContainsCDNCGIPath bool` - `CryptominingScore int64` The cryptomining score of the JavaScript content. - `DataflowScore int64` The dataflow score of the JavaScript content. This field has been deprecated in favour of js_integrity_score. - `DomainReportedMalicious bool` - `FetchedAt string` The timestamp of when the script was last fetched. - `FirstPageURL string` - `Hash string` The computed hash of the analyzed script. - `JSIntegrityScore int64` The integrity score of the JavaScript content. - `MagecartScore int64` The magecart score of the JavaScript content. - `MaliciousDomainCategories []string` - `MaliciousURLCategories []string` - `MalwareScore int64` The malware score of the JavaScript content. - `ObfuscationScore int64` The obfuscation score of the JavaScript content. This field has been deprecated in favour of js_integrity_score. - `PageURLs []string` - `URLReportedMalicious bool` - `Versions []ScriptGetResponseVersion` - `CryptominingScore int64` The cryptomining score of the JavaScript content. - `DataflowScore int64` The dataflow score of the JavaScript content. This field has been deprecated in favour of js_integrity_score. - `FetchedAt string` The timestamp of when the script was last fetched. - `Hash string` The computed hash of the analyzed script. - `JSIntegrityScore int64` The integrity score of the JavaScript content. - `MagecartScore int64` The magecart score of the JavaScript content. - `MalwareScore int64` The malware score of the JavaScript content. - `ObfuscationScore int64` The obfuscation score of the JavaScript content. This field has been deprecated in favour of js_integrity_score. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/option" "github.com/cloudflare/cloudflare-go/page_shield" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) script, err := client.PageShield.Scripts.Get( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", page_shield.ScriptGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", script.ID) } ``` #### Response ```json { "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "added_at": "2021-08-18T10:51:10.09615Z", "first_seen_at": "2021-08-18T10:51:08Z", "host": "blog.cloudflare.com", "last_seen_at": "2021-09-02T09:57:54Z", "url": "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js", "url_contains_cdn_cgi_path": false, "cryptomining_score": 1, "dataflow_score": 1, "domain_reported_malicious": false, "fetched_at": "fetched_at", "first_page_url": "blog.cloudflare.com/page", "hash": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "js_integrity_score": 1, "magecart_score": 1, "malicious_domain_categories": [ "Malware" ], "malicious_url_categories": [ "Malware" ], "malware_score": 1, "obfuscation_score": 1, "page_urls": [ "blog.cloudflare.com/page1", "blog.cloudflare.com/page2" ], "url_reported_malicious": false, "versions": [ { "cryptomining_score": 20, "dataflow_score": 1, "fetched_at": "2021-08-18T10:51:08Z", "hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b423", "js_integrity_score": 2, "magecart_score": 10, "malware_score": 5, "obfuscation_score": 1 } ] }, "success": true, "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ] } ``` ## Domain Types ### Script - `type Script struct{…}` - `ID string` Identifier - `AddedAt Time` - `FirstSeenAt Time` - `Host string` - `LastSeenAt Time` - `URL string` - `URLContainsCDNCGIPath bool` - `CryptominingScore int64` The cryptomining score of the JavaScript content. - `DataflowScore int64` The dataflow score of the JavaScript content. This field has been deprecated in favour of js_integrity_score. - `DomainReportedMalicious bool` - `FetchedAt string` The timestamp of when the script was last fetched. - `FirstPageURL string` - `Hash string` The computed hash of the analyzed script. - `JSIntegrityScore int64` The integrity score of the JavaScript content. - `MagecartScore int64` The magecart score of the JavaScript content. - `MaliciousDomainCategories []string` - `MaliciousURLCategories []string` - `MalwareScore int64` The malware score of the JavaScript content. - `ObfuscationScore int64` The obfuscation score of the JavaScript content. This field has been deprecated in favour of js_integrity_score. - `PageURLs []string` - `URLReportedMalicious bool`