• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2019 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15
16syntax = "proto3";
17
18package google.cloud.websecurityscanner.v1alpha;
19
20import "google/api/field_behavior.proto";
21import "google/api/resource.proto";
22import "google/cloud/websecurityscanner/v1alpha/scan_run.proto";
23import "google/protobuf/timestamp.proto";
24
25option go_package = "cloud.google.com/go/websecurityscanner/apiv1alpha/websecurityscannerpb;websecurityscannerpb";
26option java_multiple_files = true;
27option java_outer_classname = "ScanConfigProto";
28option java_package = "com.google.cloud.websecurityscanner.v1alpha";
29
30// A ScanConfig resource contains the configurations to launch a scan.
31// next id: 12
32message ScanConfig {
33  option (google.api.resource) = {
34    type: "websecurityscanner.googleapis.com/ScanConfig"
35    pattern: "projects/{project}/scanConfigs/{scan_config}"
36  };
37
38  // Scan authentication configuration.
39  message Authentication {
40    // Describes authentication configuration that uses a Google account.
41    message GoogleAccount {
42      // Required. The user name of the Google account.
43      string username = 1 [(google.api.field_behavior) = REQUIRED];
44
45      // Required. Input only. The password of the Google account. The credential is stored encrypted
46      // and not returned in any response nor included in audit logs.
47      string password = 2 [
48        (google.api.field_behavior) = REQUIRED,
49        (google.api.field_behavior) = INPUT_ONLY
50      ];
51    }
52
53    // Describes authentication configuration that uses a custom account.
54    message CustomAccount {
55      // Required. The user name of the custom account.
56      string username = 1 [(google.api.field_behavior) = REQUIRED];
57
58      // Required. Input only. The password of the custom account. The credential is stored encrypted
59      // and not returned in any response nor included in audit logs.
60      string password = 2 [
61        (google.api.field_behavior) = REQUIRED,
62        (google.api.field_behavior) = INPUT_ONLY
63      ];
64
65      // Required. The login form URL of the website.
66      string login_url = 3 [(google.api.field_behavior) = REQUIRED];
67    }
68
69    // Required.
70    // Authentication configuration
71    oneof authentication {
72      // Authentication using a Google account.
73      GoogleAccount google_account = 1;
74
75      // Authentication using a custom account.
76      CustomAccount custom_account = 2;
77    }
78  }
79
80  // Scan schedule configuration.
81  message Schedule {
82    // A timestamp indicates when the next run will be scheduled. The value is
83    // refreshed by the server after each run. If unspecified, it will default
84    // to current server time, which means the scan will be scheduled to start
85    // immediately.
86    google.protobuf.Timestamp schedule_time = 1;
87
88    // Required. The duration of time between executions in days.
89    int32 interval_duration_days = 2 [(google.api.field_behavior) = REQUIRED];
90  }
91
92  // Type of user agents used for scanning.
93  enum UserAgent {
94    // The user agent is unknown. Service will default to CHROME_LINUX.
95    USER_AGENT_UNSPECIFIED = 0;
96
97    // Chrome on Linux. This is the service default if unspecified.
98    CHROME_LINUX = 1;
99
100    // Chrome on Android.
101    CHROME_ANDROID = 2;
102
103    // Safari on IPhone.
104    SAFARI_IPHONE = 3;
105  }
106
107  // Cloud platforms supported by Cloud Web Security Scanner.
108  enum TargetPlatform {
109    // The target platform is unknown. Requests with this enum value will be
110    // rejected with INVALID_ARGUMENT error.
111    TARGET_PLATFORM_UNSPECIFIED = 0;
112
113    // Google App Engine service.
114    APP_ENGINE = 1;
115
116    // Google Compute Engine service.
117    COMPUTE = 2;
118  }
119
120  // The resource name of the ScanConfig. The name follows the format of
121  // 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are
122  // generated by the system.
123  string name = 1;
124
125  // Required. The user provided display name of the ScanConfig.
126  string display_name = 2 [(google.api.field_behavior) = REQUIRED];
127
128  // The maximum QPS during scanning. A valid value ranges from 5 to 20
129  // inclusively. If the field is unspecified or its value is set 0, server will
130  // default to 15. Other values outside of [5, 20] range will be rejected with
131  // INVALID_ARGUMENT error.
132  int32 max_qps = 3;
133
134  // Required. The starting URLs from which the scanner finds site pages.
135  repeated string starting_urls = 4 [(google.api.field_behavior) = REQUIRED];
136
137  // The authentication configuration. If specified, service will use the
138  // authentication configuration during scanning.
139  Authentication authentication = 5;
140
141  // The user agent used during scanning.
142  UserAgent user_agent = 6;
143
144  // The blacklist URL patterns as described in
145  // https://cloud.google.com/security-scanner/docs/excluded-urls
146  repeated string blacklist_patterns = 7;
147
148  // The schedule of the ScanConfig.
149  Schedule schedule = 8;
150
151  // Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be
152  // used as a default.
153  repeated TargetPlatform target_platforms = 9;
154
155  // Latest ScanRun if available.
156  ScanRun latest_run = 11;
157}
158