Package com.google.cloud.websecurityscanner.v1alpha

Enum Finding.FindingType

  • All Implemented Interfaces:
    com.google.protobuf.Internal.EnumLite, com.google.protobuf.ProtocolMessageEnum, Serializable, Comparable<Finding.FindingType>
    Enclosing class:
    Finding
    public static enum Finding.FindingType
extends Enum<Finding.FindingType>
implements com.google.protobuf.ProtocolMessageEnum
     Types of Findings.
    Protobuf enum google.cloud.websecurityscanner.v1alpha.Finding.FindingType

    • Enum Constant Detail

      • FINDING_TYPE_UNSPECIFIED

        public static final Finding.FindingType FINDING_TYPE_UNSPECIFIED
         The invalid finding type.
        FINDING_TYPE_UNSPECIFIED = 0;

      • MIXED_CONTENT

        public static final Finding.FindingType MIXED_CONTENT
         A page that was served over HTTPS also resources over HTTP. A
 man-in-the-middle attacker could tamper with the HTTP resource and gain
 full access to the website that loads the resource or to monitor the
 actions taken by the user.
        MIXED_CONTENT = 1;

      • OUTDATED_LIBRARY

        public static final Finding.FindingType OUTDATED_LIBRARY
         The version of an included library is known to contain a security issue.
 The scanner checks the version of library in use against a known list of
 vulnerable libraries. False positives are possible if the version
 detection fails or if the library has been manually patched.
        OUTDATED_LIBRARY = 2;

      • ROSETTA_FLASH

        public static final Finding.FindingType ROSETTA_FLASH
         This type of vulnerability occurs when the value of a request parameter
 is reflected at the beginning of the response, for example, in requests
 using JSONP. Under certain circumstances, an attacker may be able to
 supply an alphanumeric-only Flash file in the vulnerable parameter
 causing the browser to execute the Flash file as if it originated on the
 vulnerable server.
        ROSETTA_FLASH = 5;

      • XSS_CALLBACK

        public static final Finding.FindingType XSS_CALLBACK
         A cross-site scripting (XSS) bug is found via JavaScript callback. For
 detailed explanations on XSS, see
 https://www.google.com/about/appsecurity/learning/xss/.
        XSS_CALLBACK = 3;

      • XSS_ERROR

        public static final Finding.FindingType XSS_ERROR
         A potential cross-site scripting (XSS) bug due to JavaScript breakage.
 In some circumstances, the application under test might modify the test
 string before it is parsed by the browser. When the browser attempts to
 runs this modified test string, it will likely break and throw a
 JavaScript execution error, thus an injection issue is occurring.
 However, it may not be exploitable. Manual verification is needed to see
 if the test string modifications can be evaded and confirm that the issue
 is in fact an XSS vulnerability. For detailed explanations on XSS, see
 https://www.google.com/about/appsecurity/learning/xss/.
        XSS_ERROR = 4;

      • CLEAR_TEXT_PASSWORD

        public static final Finding.FindingType CLEAR_TEXT_PASSWORD
         An application appears to be transmitting a password field in clear text.
 An attacker can eavesdrop network traffic and sniff the password field.
        CLEAR_TEXT_PASSWORD = 6;

      • INVALID_CONTENT_TYPE

        public static final Finding.FindingType INVALID_CONTENT_TYPE
         An application returns sensitive content with an invalid content type,
 or without an 'X-Content-Type-Options: nosniff' header.
        INVALID_CONTENT_TYPE = 7;

      • XSS_ANGULAR_CALLBACK

        public static final Finding.FindingType XSS_ANGULAR_CALLBACK
         A cross-site scripting (XSS) vulnerability in AngularJS module that
 occurs when a user-provided string is interpolated by Angular.
        XSS_ANGULAR_CALLBACK = 8;

      • INVALID_HEADER

        public static final Finding.FindingType INVALID_HEADER
         A malformed or invalid valued header.
        INVALID_HEADER = 9;

      • MISSPELLED_SECURITY_HEADER_NAME

        public static final Finding.FindingType MISSPELLED_SECURITY_HEADER_NAME
         Misspelled security header name.
        MISSPELLED_SECURITY_HEADER_NAME = 10;

      • MISMATCHING_SECURITY_HEADER_VALUES

        public static final Finding.FindingType MISMATCHING_SECURITY_HEADER_VALUES
         Mismatching values in a duplicate security header.
        MISMATCHING_SECURITY_HEADER_VALUES = 11;

    • Field Detail

      • FINDING_TYPE_UNSPECIFIED_VALUE

        public static final int FINDING_TYPE_UNSPECIFIED_VALUE
         The invalid finding type.
        FINDING_TYPE_UNSPECIFIED = 0;
        See Also:
        Constant Field Values

      • MIXED_CONTENT_VALUE

        public static final int MIXED_CONTENT_VALUE
         A page that was served over HTTPS also resources over HTTP. A
 man-in-the-middle attacker could tamper with the HTTP resource and gain
 full access to the website that loads the resource or to monitor the
 actions taken by the user.
        MIXED_CONTENT = 1;
        See Also:
        Constant Field Values

      • OUTDATED_LIBRARY_VALUE

        public static final int OUTDATED_LIBRARY_VALUE
         The version of an included library is known to contain a security issue.
 The scanner checks the version of library in use against a known list of
 vulnerable libraries. False positives are possible if the version
 detection fails or if the library has been manually patched.
        OUTDATED_LIBRARY = 2;
        See Also:
        Constant Field Values

      • ROSETTA_FLASH_VALUE

        public static final int ROSETTA_FLASH_VALUE
         This type of vulnerability occurs when the value of a request parameter
 is reflected at the beginning of the response, for example, in requests
 using JSONP. Under certain circumstances, an attacker may be able to
 supply an alphanumeric-only Flash file in the vulnerable parameter
 causing the browser to execute the Flash file as if it originated on the
 vulnerable server.
        ROSETTA_FLASH = 5;
        See Also:
        Constant Field Values

      • XSS_CALLBACK_VALUE

        public static final int XSS_CALLBACK_VALUE
         A cross-site scripting (XSS) bug is found via JavaScript callback. For
 detailed explanations on XSS, see
 https://www.google.com/about/appsecurity/learning/xss/.
        XSS_CALLBACK = 3;
        See Also:
        Constant Field Values

      • XSS_ERROR_VALUE

        public static final int XSS_ERROR_VALUE
         A potential cross-site scripting (XSS) bug due to JavaScript breakage.
 In some circumstances, the application under test might modify the test
 string before it is parsed by the browser. When the browser attempts to
 runs this modified test string, it will likely break and throw a
 JavaScript execution error, thus an injection issue is occurring.
 However, it may not be exploitable. Manual verification is needed to see
 if the test string modifications can be evaded and confirm that the issue
 is in fact an XSS vulnerability. For detailed explanations on XSS, see
 https://www.google.com/about/appsecurity/learning/xss/.
        XSS_ERROR = 4;
        See Also:
        Constant Field Values

      • CLEAR_TEXT_PASSWORD_VALUE

        public static final int CLEAR_TEXT_PASSWORD_VALUE
         An application appears to be transmitting a password field in clear text.
 An attacker can eavesdrop network traffic and sniff the password field.
        CLEAR_TEXT_PASSWORD = 6;
        See Also:
        Constant Field Values

      • INVALID_CONTENT_TYPE_VALUE

        public static final int INVALID_CONTENT_TYPE_VALUE
         An application returns sensitive content with an invalid content type,
 or without an 'X-Content-Type-Options: nosniff' header.
        INVALID_CONTENT_TYPE = 7;
        See Also:
        Constant Field Values

      • XSS_ANGULAR_CALLBACK_VALUE

        public static final int XSS_ANGULAR_CALLBACK_VALUE
         A cross-site scripting (XSS) vulnerability in AngularJS module that
 occurs when a user-provided string is interpolated by Angular.
        XSS_ANGULAR_CALLBACK = 8;
        See Also:
        Constant Field Values

      • INVALID_HEADER_VALUE

        public static final int INVALID_HEADER_VALUE
         A malformed or invalid valued header.
        INVALID_HEADER = 9;
        See Also:
        Constant Field Values

      • MISSPELLED_SECURITY_HEADER_NAME_VALUE

        public static final int MISSPELLED_SECURITY_HEADER_NAME_VALUE
         Misspelled security header name.
        MISSPELLED_SECURITY_HEADER_NAME = 10;
        See Also:
        Constant Field Values

      • MISMATCHING_SECURITY_HEADER_VALUES_VALUE

        public static final int MISMATCHING_SECURITY_HEADER_VALUES_VALUE
         Mismatching values in a duplicate security header.
        MISMATCHING_SECURITY_HEADER_VALUES = 11;
        See Also:
        Constant Field Values

    • Method Detail

      • values

        public static Finding.FindingType[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (Finding.FindingType c : Finding.FindingType.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static Finding.FindingType valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null

      • getNumber

        public final int getNumber()
        Specified by:
        getNumber in interface com.google.protobuf.Internal.EnumLite
        Specified by:
        getNumber in interface com.google.protobuf.ProtocolMessageEnum

      • valueOf

        @Deprecated
public static Finding.FindingType valueOf​(int value)
        Deprecated.
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        value - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null

      • forNumber

        public static Finding.FindingType forNumber​(int value)
        Parameters:
        value - The numeric wire value of the corresponding enum entry.
        Returns:
        The enum associated with the given numeric wire value.

      • internalGetValueMap

        public static com.google.protobuf.Internal.EnumLiteMap<Finding.FindingType> internalGetValueMap()

      • getValueDescriptor

        public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor()
        Specified by:
        getValueDescriptor in interface com.google.protobuf.ProtocolMessageEnum

      • getDescriptorForType

        public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType()
        Specified by:
        getDescriptorForType in interface com.google.protobuf.ProtocolMessageEnum

      • getDescriptor

        public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor()

      • valueOf

        public static Finding.FindingType valueOf​(com.google.protobuf.Descriptors.EnumValueDescriptor desc)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        desc - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null