Class: Google::Cloud::WebSecurityScanner::V1::Xss

Inherits:

Object

• Object
• Google::Cloud::WebSecurityScanner::V1::Xss

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/websecurityscanner/v1/finding_addon.rb

Overview

Information reported for an XSS.

Defined Under Namespace

Modules: AttackVector

Instance Attribute Summary

• #attack_vector ⇒ ::Google::Cloud::WebSecurityScanner::V1::Xss::AttackVector

  The attack vector of the payload triggering this XSS.

• #error_message ⇒ ::String

  An error message generated by a javascript breakage.

• #stack_traces ⇒ ::Array<::String>

  Stack traces leading to the point where the XSS occurred.

• #stored_xss_seeding_url ⇒ ::String

  The reproduction url for the seeding POST request of a Stored XSS.

Instance Attribute Details

#attack_vector ⇒ ::Google::Cloud::WebSecurityScanner::V1::Xss::AttackVector

Returns The attack vector of the payload triggering this XSS.

Returns:

• (::Google::Cloud::WebSecurityScanner::V1::Xss::AttackVector) —

  The attack vector of the payload triggering this XSS.

# File 'proto_docs/google/cloud/websecurityscanner/v1/finding_addon.rb', line 110

class Xss
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Types of XSS attack vector.
  module AttackVector
    # Unknown attack vector.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The attack comes from fuzzing the browser's localStorage.
    LOCAL_STORAGE = 1

    # The attack comes from fuzzing the browser's sessionStorage.
    SESSION_STORAGE = 2

    # The attack comes from fuzzing the window's name property.
    WINDOW_NAME = 3

    # The attack comes from fuzzing the referrer property.
    REFERRER = 4

    # The attack comes from fuzzing an input element.
    FORM_INPUT = 5

    # The attack comes from fuzzing the browser's cookies.
    COOKIE = 6

    # The attack comes from hijacking the post messaging mechanism.
    POST_MESSAGE = 7

    # The attack comes from fuzzing parameters in the url.
    GET_PARAMETERS = 8

    # The attack comes from fuzzing the fragment in the url.
    URL_FRAGMENT = 9

    # The attack comes from fuzzing the HTML comments.
    HTML_COMMENT = 10

    # The attack comes from fuzzing the POST parameters.
    POST_PARAMETERS = 11

    # The attack comes from fuzzing the protocol.
    PROTOCOL = 12

    # The attack comes from the server side and is stored.
    STORED_XSS = 13

    # The attack is a Same-Origin Method Execution attack via a GET parameter.
    SAME_ORIGIN = 14

    # The attack payload is received from a third-party host via a URL that is
    # user-controllable
    USER_CONTROLLABLE_URL = 15
  end
end

#error_message ⇒ ::String

Returns An error message generated by a javascript breakage.

Returns:

• (::String) —

  An error message generated by a javascript breakage.

# File 'proto_docs/google/cloud/websecurityscanner/v1/finding_addon.rb', line 110

class Xss
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Types of XSS attack vector.
  module AttackVector
    # Unknown attack vector.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The attack comes from fuzzing the browser's localStorage.
    LOCAL_STORAGE = 1

    # The attack comes from fuzzing the browser's sessionStorage.
    SESSION_STORAGE = 2

    # The attack comes from fuzzing the window's name property.
    WINDOW_NAME = 3

    # The attack comes from fuzzing the referrer property.
    REFERRER = 4

    # The attack comes from fuzzing an input element.
    FORM_INPUT = 5

    # The attack comes from fuzzing the browser's cookies.
    COOKIE = 6

    # The attack comes from hijacking the post messaging mechanism.
    POST_MESSAGE = 7

    # The attack comes from fuzzing parameters in the url.
    GET_PARAMETERS = 8

    # The attack comes from fuzzing the fragment in the url.
    URL_FRAGMENT = 9

    # The attack comes from fuzzing the HTML comments.
    HTML_COMMENT = 10

    # The attack comes from fuzzing the POST parameters.
    POST_PARAMETERS = 11

    # The attack comes from fuzzing the protocol.
    PROTOCOL = 12

    # The attack comes from the server side and is stored.
    STORED_XSS = 13

    # The attack is a Same-Origin Method Execution attack via a GET parameter.
    SAME_ORIGIN = 14

    # The attack payload is received from a third-party host via a URL that is
    # user-controllable
    USER_CONTROLLABLE_URL = 15
  end
end

#stack_traces ⇒ ::Array<::String>

Returns Stack traces leading to the point where the XSS occurred.

Returns:

• (::Array<::String>) —

  Stack traces leading to the point where the XSS occurred.

# File 'proto_docs/google/cloud/websecurityscanner/v1/finding_addon.rb', line 110

class Xss
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Types of XSS attack vector.
  module AttackVector
    # Unknown attack vector.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The attack comes from fuzzing the browser's localStorage.
    LOCAL_STORAGE = 1

    # The attack comes from fuzzing the browser's sessionStorage.
    SESSION_STORAGE = 2

    # The attack comes from fuzzing the window's name property.
    WINDOW_NAME = 3

    # The attack comes from fuzzing the referrer property.
    REFERRER = 4

    # The attack comes from fuzzing an input element.
    FORM_INPUT = 5

    # The attack comes from fuzzing the browser's cookies.
    COOKIE = 6

    # The attack comes from hijacking the post messaging mechanism.
    POST_MESSAGE = 7

    # The attack comes from fuzzing parameters in the url.
    GET_PARAMETERS = 8

    # The attack comes from fuzzing the fragment in the url.
    URL_FRAGMENT = 9

    # The attack comes from fuzzing the HTML comments.
    HTML_COMMENT = 10

    # The attack comes from fuzzing the POST parameters.
    POST_PARAMETERS = 11

    # The attack comes from fuzzing the protocol.
    PROTOCOL = 12

    # The attack comes from the server side and is stored.
    STORED_XSS = 13

    # The attack is a Same-Origin Method Execution attack via a GET parameter.
    SAME_ORIGIN = 14

    # The attack payload is received from a third-party host via a URL that is
    # user-controllable
    USER_CONTROLLABLE_URL = 15
  end
end

#stored_xss_seeding_url ⇒ ::String

Returns The reproduction url for the seeding POST request of a Stored XSS.

Returns:

• (::String) —

  The reproduction url for the seeding POST request of a Stored XSS.

# File 'proto_docs/google/cloud/websecurityscanner/v1/finding_addon.rb', line 110

class Xss
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Types of XSS attack vector.
  module AttackVector
    # Unknown attack vector.
    ATTACK_VECTOR_UNSPECIFIED = 0

    # The attack comes from fuzzing the browser's localStorage.
    LOCAL_STORAGE = 1

    # The attack comes from fuzzing the browser's sessionStorage.
    SESSION_STORAGE = 2

    # The attack comes from fuzzing the window's name property.
    WINDOW_NAME = 3

    # The attack comes from fuzzing the referrer property.
    REFERRER = 4

    # The attack comes from fuzzing an input element.
    FORM_INPUT = 5

    # The attack comes from fuzzing the browser's cookies.
    COOKIE = 6

    # The attack comes from hijacking the post messaging mechanism.
    POST_MESSAGE = 7

    # The attack comes from fuzzing parameters in the url.
    GET_PARAMETERS = 8

    # The attack comes from fuzzing the fragment in the url.
    URL_FRAGMENT = 9

    # The attack comes from fuzzing the HTML comments.
    HTML_COMMENT = 10

    # The attack comes from fuzzing the POST parameters.
    POST_PARAMETERS = 11

    # The attack comes from fuzzing the protocol.
    PROTOCOL = 12

    # The attack comes from the server side and is stored.
    STORED_XSS = 13

    # The attack is a Same-Origin Method Execution attack via a GET parameter.
    SAME_ORIGIN = 14

    # The attack payload is received from a third-party host via a URL that is
    # user-controllable
    USER_CONTROLLABLE_URL = 15
  end
end