1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.websecurityscanner.v1; 18 19option csharp_namespace = "Google.Cloud.WebSecurityScanner.V1"; 20option go_package = "cloud.google.com/go/websecurityscanner/apiv1/websecurityscannerpb;websecurityscannerpb"; 21option java_multiple_files = true; 22option java_outer_classname = "FindingAddonProto"; 23option java_package = "com.google.cloud.websecurityscanner.v1"; 24option php_namespace = "Google\\Cloud\\WebSecurityScanner\\V1"; 25option ruby_package = "Google::Cloud::WebSecurityScanner::V1"; 26 27// ! Information about a vulnerability with an HTML. 28message Form { 29 // ! The URI where to send the form when it's submitted. 30 string action_uri = 1; 31 32 // ! The names of form fields related to the vulnerability. 33 repeated string fields = 2; 34} 35 36// Information reported for an outdated library. 37message OutdatedLibrary { 38 // The name of the outdated library. 39 string library_name = 1; 40 41 // The version number. 42 string version = 2; 43 44 // URLs to learn more information about the vulnerabilities in the library. 45 repeated string learn_more_urls = 3; 46} 47 48// Information regarding any resource causing the vulnerability such 49// as JavaScript sources, image, audio files, etc. 50message ViolatingResource { 51 // The MIME type of this resource. 52 string content_type = 1; 53 54 // URL of this violating resource. 55 string resource_url = 2; 56} 57 58// Information about vulnerable request parameters. 59message VulnerableParameters { 60 // The vulnerable parameter names. 61 repeated string parameter_names = 1; 62} 63 64// Information about vulnerable or missing HTTP Headers. 65message VulnerableHeaders { 66 // Describes a HTTP Header. 67 message Header { 68 // Header name. 69 string name = 1; 70 71 // Header value. 72 string value = 2; 73 } 74 75 // List of vulnerable headers. 76 repeated Header headers = 1; 77 78 // List of missing headers. 79 repeated Header missing_headers = 2; 80} 81 82// Information reported for an XSS. 83message Xss { 84 // Types of XSS attack vector. 85 enum AttackVector { 86 // Unknown attack vector. 87 ATTACK_VECTOR_UNSPECIFIED = 0; 88 89 // The attack comes from fuzzing the browser's localStorage. 90 LOCAL_STORAGE = 1; 91 92 // The attack comes from fuzzing the browser's sessionStorage. 93 SESSION_STORAGE = 2; 94 95 // The attack comes from fuzzing the window's name property. 96 WINDOW_NAME = 3; 97 98 // The attack comes from fuzzing the referrer property. 99 REFERRER = 4; 100 101 // The attack comes from fuzzing an input element. 102 FORM_INPUT = 5; 103 104 // The attack comes from fuzzing the browser's cookies. 105 COOKIE = 6; 106 107 // The attack comes from hijacking the post messaging mechanism. 108 POST_MESSAGE = 7; 109 110 // The attack comes from fuzzing parameters in the url. 111 GET_PARAMETERS = 8; 112 113 // The attack comes from fuzzing the fragment in the url. 114 URL_FRAGMENT = 9; 115 116 // The attack comes from fuzzing the HTML comments. 117 HTML_COMMENT = 10; 118 119 // The attack comes from fuzzing the POST parameters. 120 POST_PARAMETERS = 11; 121 122 // The attack comes from fuzzing the protocol. 123 PROTOCOL = 12; 124 125 // The attack comes from the server side and is stored. 126 STORED_XSS = 13; 127 128 // The attack is a Same-Origin Method Execution attack via a GET parameter. 129 SAME_ORIGIN = 14; 130 131 // The attack payload is received from a third-party host via a URL that is 132 // user-controllable 133 USER_CONTROLLABLE_URL = 15; 134 } 135 136 // Stack traces leading to the point where the XSS occurred. 137 repeated string stack_traces = 1; 138 139 // An error message generated by a javascript breakage. 140 string error_message = 2; 141 142 // The attack vector of the payload triggering this XSS. 143 AttackVector attack_vector = 3; 144 145 // The reproduction url for the seeding POST request of a Stored XSS. 146 string stored_xss_seeding_url = 4; 147} 148 149// Information reported for an XXE. 150message Xxe { 151 // Locations within a request where XML was substituted. 152 enum Location { 153 // Unknown Location. 154 LOCATION_UNSPECIFIED = 0; 155 156 // The XML payload replaced the complete request body. 157 COMPLETE_REQUEST_BODY = 1; 158 } 159 160 // The XML string that triggered the XXE vulnerability. Non-payload values 161 // might be redacted. 162 string payload_value = 1; 163 164 // Location within the request where the payload was placed. 165 Location payload_location = 2; 166} 167