1// Copyright 2019 Google LLC. 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15 16syntax = "proto3"; 17 18package google.cloud.websecurityscanner.v1beta; 19 20option csharp_namespace = "Google.Cloud.WebSecurityScanner.V1Beta"; 21option go_package = "cloud.google.com/go/websecurityscanner/apiv1beta/websecurityscannerpb;websecurityscannerpb"; 22option java_multiple_files = true; 23option java_outer_classname = "FindingAddonProto"; 24option java_package = "com.google.cloud.websecurityscanner.v1beta"; 25option php_namespace = "Google\\Cloud\\WebSecurityScanner\\V1beta"; 26option ruby_package = "Google::Cloud::WebSecurityScanner::V1beta"; 27 28// ! Information about a vulnerability with an HTML. 29message Form { 30 // ! The URI where to send the form when it's submitted. 31 string action_uri = 1; 32 33 // ! The names of form fields related to the vulnerability. 34 repeated string fields = 2; 35} 36 37// Information reported for an outdated library. 38message OutdatedLibrary { 39 // The name of the outdated library. 40 string library_name = 1; 41 42 // The version number. 43 string version = 2; 44 45 // URLs to learn more information about the vulnerabilities in the library. 46 repeated string learn_more_urls = 3; 47} 48 49// Information regarding any resource causing the vulnerability such 50// as JavaScript sources, image, audio files, etc. 51message ViolatingResource { 52 // The MIME type of this resource. 53 string content_type = 1; 54 55 // URL of this violating resource. 56 string resource_url = 2; 57} 58 59// Information about vulnerable request parameters. 60message VulnerableParameters { 61 // The vulnerable parameter names. 62 repeated string parameter_names = 1; 63} 64 65// Information about vulnerable or missing HTTP Headers. 66message VulnerableHeaders { 67 // Describes a HTTP Header. 68 message Header { 69 // Header name. 70 string name = 1; 71 72 // Header value. 73 string value = 2; 74 } 75 76 // List of vulnerable headers. 77 repeated Header headers = 1; 78 79 // List of missing headers. 80 repeated Header missing_headers = 2; 81} 82 83// Information reported for an XSS. 84message Xss { 85 // Stack traces leading to the point where the XSS occurred. 86 repeated string stack_traces = 1; 87 88 // An error message generated by a javascript breakage. 89 string error_message = 2; 90} 91