Class Xss (1.14.0)

Xss(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Information reported for an XSS.

Attributes

NameDescription
stack_traces MutableSequence[str]
Stack traces leading to the point where the XSS occurred.
error_message str
An error message generated by a javascript breakage.
attack_vector google.cloud.websecurityscanner_v1.types.Xss.AttackVector
The attack vector of the payload triggering this XSS.
stored_xss_seeding_url str
The reproduction url for the seeding POST request of a Stored XSS.

Classes

AttackVector

AttackVector(value)

Types of XSS attack vector.

Values: ATTACK_VECTOR_UNSPECIFIED (0): Unknown attack vector. LOCAL_STORAGE (1): The attack comes from fuzzing the browser's localStorage. SESSION_STORAGE (2): The attack comes from fuzzing the browser's sessionStorage. WINDOW_NAME (3): The attack comes from fuzzing the window's name property. REFERRER (4): The attack comes from fuzzing the referrer property. FORM_INPUT (5): The attack comes from fuzzing an input element. COOKIE (6): The attack comes from fuzzing the browser's cookies. POST_MESSAGE (7): The attack comes from hijacking the post messaging mechanism. GET_PARAMETERS (8): The attack comes from fuzzing parameters in the url. URL_FRAGMENT (9): The attack comes from fuzzing the fragment in the url. HTML_COMMENT (10): The attack comes from fuzzing the HTML comments. POST_PARAMETERS (11): The attack comes from fuzzing the POST parameters. PROTOCOL (12): The attack comes from fuzzing the protocol. STORED_XSS (13): The attack comes from the server side and is stored. SAME_ORIGIN (14): The attack is a Same-Origin Method Execution attack via a GET parameter. USER_CONTROLLABLE_URL (15): The attack payload is received from a third-party host via a URL that is user-controllable