Enum Finding.FindingType (2.28.0)

public enum Finding.FindingType extends Enum<Finding.FindingType> implements ProtocolMessageEnum

Types of Findings.

Protobuf enum google.cloud.websecurityscanner.v1alpha.Finding.FindingType

Implements

ProtocolMessageEnum

Static Fields

NameDescription
CLEAR_TEXT_PASSWORD

An application appears to be transmitting a password field in clear text. An attacker can eavesdrop network traffic and sniff the password field.

CLEAR_TEXT_PASSWORD = 6;

CLEAR_TEXT_PASSWORD_VALUE

An application appears to be transmitting a password field in clear text. An attacker can eavesdrop network traffic and sniff the password field.

CLEAR_TEXT_PASSWORD = 6;

FINDING_TYPE_UNSPECIFIED

The invalid finding type.

FINDING_TYPE_UNSPECIFIED = 0;

FINDING_TYPE_UNSPECIFIED_VALUE

The invalid finding type.

FINDING_TYPE_UNSPECIFIED = 0;

INVALID_CONTENT_TYPE

An application returns sensitive content with an invalid content type, or without an 'X-Content-Type-Options: nosniff' header.

INVALID_CONTENT_TYPE = 7;

INVALID_CONTENT_TYPE_VALUE

An application returns sensitive content with an invalid content type, or without an 'X-Content-Type-Options: nosniff' header.

INVALID_CONTENT_TYPE = 7;

INVALID_HEADER

A malformed or invalid valued header.

INVALID_HEADER = 9;

INVALID_HEADER_VALUE

A malformed or invalid valued header.

INVALID_HEADER = 9;

MISMATCHING_SECURITY_HEADER_VALUES

Mismatching values in a duplicate security header.

MISMATCHING_SECURITY_HEADER_VALUES = 11;

MISMATCHING_SECURITY_HEADER_VALUES_VALUE

Mismatching values in a duplicate security header.

MISMATCHING_SECURITY_HEADER_VALUES = 11;

MISSPELLED_SECURITY_HEADER_NAME

Misspelled security header name.

MISSPELLED_SECURITY_HEADER_NAME = 10;

MISSPELLED_SECURITY_HEADER_NAME_VALUE

Misspelled security header name.

MISSPELLED_SECURITY_HEADER_NAME = 10;

MIXED_CONTENT

A page that was served over HTTPS also resources over HTTP. A man-in-the-middle attacker could tamper with the HTTP resource and gain full access to the website that loads the resource or to monitor the actions taken by the user.

MIXED_CONTENT = 1;

MIXED_CONTENT_VALUE

A page that was served over HTTPS also resources over HTTP. A man-in-the-middle attacker could tamper with the HTTP resource and gain full access to the website that loads the resource or to monitor the actions taken by the user.

MIXED_CONTENT = 1;

OUTDATED_LIBRARY

The version of an included library is known to contain a security issue. The scanner checks the version of library in use against a known list of vulnerable libraries. False positives are possible if the version detection fails or if the library has been manually patched.

OUTDATED_LIBRARY = 2;

OUTDATED_LIBRARY_VALUE

The version of an included library is known to contain a security issue. The scanner checks the version of library in use against a known list of vulnerable libraries. False positives are possible if the version detection fails or if the library has been manually patched.

OUTDATED_LIBRARY = 2;

ROSETTA_FLASH

This type of vulnerability occurs when the value of a request parameter is reflected at the beginning of the response, for example, in requests using JSONP. Under certain circumstances, an attacker may be able to supply an alphanumeric-only Flash file in the vulnerable parameter causing the browser to execute the Flash file as if it originated on the vulnerable server.

ROSETTA_FLASH = 5;

ROSETTA_FLASH_VALUE

This type of vulnerability occurs when the value of a request parameter is reflected at the beginning of the response, for example, in requests using JSONP. Under certain circumstances, an attacker may be able to supply an alphanumeric-only Flash file in the vulnerable parameter causing the browser to execute the Flash file as if it originated on the vulnerable server.

ROSETTA_FLASH = 5;

UNRECOGNIZED
XSS_ANGULAR_CALLBACK

A cross-site scripting (XSS) vulnerability in AngularJS module that occurs when a user-provided string is interpolated by Angular.

XSS_ANGULAR_CALLBACK = 8;

XSS_ANGULAR_CALLBACK_VALUE

A cross-site scripting (XSS) vulnerability in AngularJS module that occurs when a user-provided string is interpolated by Angular.

XSS_ANGULAR_CALLBACK = 8;

XSS_CALLBACK

A cross-site scripting (XSS) bug is found via JavaScript callback. For detailed explanations on XSS, see https://www.google.com/about/appsecurity/learning/xss/.

XSS_CALLBACK = 3;

XSS_CALLBACK_VALUE

A cross-site scripting (XSS) bug is found via JavaScript callback. For detailed explanations on XSS, see https://www.google.com/about/appsecurity/learning/xss/.

XSS_CALLBACK = 3;

XSS_ERROR

A potential cross-site scripting (XSS) bug due to JavaScript breakage. In some circumstances, the application under test might modify the test string before it is parsed by the browser. When the browser attempts to runs this modified test string, it will likely break and throw a JavaScript execution error, thus an injection issue is occurring. However, it may not be exploitable. Manual verification is needed to see if the test string modifications can be evaded and confirm that the issue is in fact an XSS vulnerability. For detailed explanations on XSS, see https://www.google.com/about/appsecurity/learning/xss/.

XSS_ERROR = 4;

XSS_ERROR_VALUE

A potential cross-site scripting (XSS) bug due to JavaScript breakage. In some circumstances, the application under test might modify the test string before it is parsed by the browser. When the browser attempts to runs this modified test string, it will likely break and throw a JavaScript execution error, thus an injection issue is occurring. However, it may not be exploitable. Manual verification is needed to see if the test string modifications can be evaded and confirm that the issue is in fact an XSS vulnerability. For detailed explanations on XSS, see https://www.google.com/about/appsecurity/learning/xss/.

XSS_ERROR = 4;

Static Methods

NameDescription
forNumber(int value)
getDescriptor()
internalGetValueMap()
valueOf(Descriptors.EnumValueDescriptor desc)
valueOf(int value)

Deprecated. Use #forNumber(int) instead.

valueOf(String name)
values()

Methods

NameDescription
getDescriptorForType()
getNumber()
getValueDescriptor()