• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2019 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15
16syntax = "proto3";
17
18package google.cloud.websecurityscanner.v1beta;
19
20import "google/api/field_behavior.proto";
21import "google/api/resource.proto";
22import "google/cloud/websecurityscanner/v1beta/scan_run.proto";
23import "google/protobuf/timestamp.proto";
24
25option csharp_namespace = "Google.Cloud.WebSecurityScanner.V1Beta";
26option go_package = "cloud.google.com/go/websecurityscanner/apiv1beta/websecurityscannerpb;websecurityscannerpb";
27option java_multiple_files = true;
28option java_outer_classname = "ScanConfigProto";
29option java_package = "com.google.cloud.websecurityscanner.v1beta";
30option php_namespace = "Google\\Cloud\\WebSecurityScanner\\V1beta";
31option ruby_package = "Google::Cloud::WebSecurityScanner::V1beta";
32
33// A ScanConfig resource contains the configurations to launch a scan.
34message ScanConfig {
35  option (google.api.resource) = {
36    type: "websecurityscanner.googleapis.com/ScanConfig"
37    pattern: "projects/{project}/scanConfigs/{scan_config}"
38  };
39
40  // Scan authentication configuration.
41  message Authentication {
42    // Describes authentication configuration that uses a Google account.
43    message GoogleAccount {
44      // Required. The user name of the Google account.
45      string username = 1 [(google.api.field_behavior) = REQUIRED];
46
47      // Required. Input only. The password of the Google account. The credential is stored encrypted
48      // and not returned in any response nor included in audit logs.
49      string password = 2 [
50        (google.api.field_behavior) = REQUIRED,
51        (google.api.field_behavior) = INPUT_ONLY
52      ];
53    }
54
55    // Describes authentication configuration that uses a custom account.
56    message CustomAccount {
57      // Required. The user name of the custom account.
58      string username = 1 [(google.api.field_behavior) = REQUIRED];
59
60      // Required. Input only. The password of the custom account. The credential is stored encrypted
61      // and not returned in any response nor included in audit logs.
62      string password = 2 [
63        (google.api.field_behavior) = REQUIRED,
64        (google.api.field_behavior) = INPUT_ONLY
65      ];
66
67      // Required. The login form URL of the website.
68      string login_url = 3 [(google.api.field_behavior) = REQUIRED];
69    }
70
71    // Required.
72    // Authentication configuration
73    oneof authentication {
74      // Authentication using a Google account.
75      GoogleAccount google_account = 1;
76
77      // Authentication using a custom account.
78      CustomAccount custom_account = 2;
79    }
80  }
81
82  // Scan schedule configuration.
83  message Schedule {
84    // A timestamp indicates when the next run will be scheduled. The value is
85    // refreshed by the server after each run. If unspecified, it will default
86    // to current server time, which means the scan will be scheduled to start
87    // immediately.
88    google.protobuf.Timestamp schedule_time = 1;
89
90    // Required. The duration of time between executions in days.
91    int32 interval_duration_days = 2 [(google.api.field_behavior) = REQUIRED];
92  }
93
94  // Type of user agents used for scanning.
95  enum UserAgent {
96    // The user agent is unknown. Service will default to CHROME_LINUX.
97    USER_AGENT_UNSPECIFIED = 0;
98
99    // Chrome on Linux. This is the service default if unspecified.
100    CHROME_LINUX = 1;
101
102    // Chrome on Android.
103    CHROME_ANDROID = 2;
104
105    // Safari on IPhone.
106    SAFARI_IPHONE = 3;
107  }
108
109  // Cloud platforms supported by Cloud Web Security Scanner.
110  enum TargetPlatform {
111    // The target platform is unknown. Requests with this enum value will be
112    // rejected with INVALID_ARGUMENT error.
113    TARGET_PLATFORM_UNSPECIFIED = 0;
114
115    // Google App Engine service.
116    APP_ENGINE = 1;
117
118    // Google Compute Engine service.
119    COMPUTE = 2;
120  }
121
122  // Scan risk levels supported by Cloud Web Security Scanner. LOW impact
123  // scanning will minimize requests with the potential to modify data. To
124  // achieve the maximum scan coverage, NORMAL risk level is recommended.
125  enum RiskLevel {
126    // Use default, which is NORMAL.
127    RISK_LEVEL_UNSPECIFIED = 0;
128
129    // Normal scanning (Recommended)
130    NORMAL = 1;
131
132    // Lower impact scanning
133    LOW = 2;
134  }
135
136  // Controls export of scan configurations and results to Cloud Security
137  // Command Center.
138  enum ExportToSecurityCommandCenter {
139    // Use default, which is ENABLED.
140    EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED = 0;
141
142    // Export results of this scan to Cloud Security Command Center.
143    ENABLED = 1;
144
145    // Do not export results of this scan to Cloud Security Command Center.
146    DISABLED = 2;
147  }
148
149  // The resource name of the ScanConfig. The name follows the format of
150  // 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are
151  // generated by the system.
152  string name = 1;
153
154  // Required. The user provided display name of the ScanConfig.
155  string display_name = 2 [(google.api.field_behavior) = REQUIRED];
156
157  // The maximum QPS during scanning. A valid value ranges from 5 to 20
158  // inclusively. If the field is unspecified or its value is set 0, server will
159  // default to 15. Other values outside of [5, 20] range will be rejected with
160  // INVALID_ARGUMENT error.
161  int32 max_qps = 3;
162
163  // Required. The starting URLs from which the scanner finds site pages.
164  repeated string starting_urls = 4 [(google.api.field_behavior) = REQUIRED];
165
166  // The authentication configuration. If specified, service will use the
167  // authentication configuration during scanning.
168  Authentication authentication = 5;
169
170  // The user agent used during scanning.
171  UserAgent user_agent = 6;
172
173  // The blacklist URL patterns as described in
174  // https://cloud.google.com/security-scanner/docs/excluded-urls
175  repeated string blacklist_patterns = 7;
176
177  // The schedule of the ScanConfig.
178  Schedule schedule = 8;
179
180  // Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be
181  // used as a default.
182  repeated TargetPlatform target_platforms = 9;
183
184  // Controls export of scan configurations and results to Cloud Security
185  // Command Center.
186  ExportToSecurityCommandCenter export_to_security_command_center = 10;
187
188  // Latest ScanRun if available.
189  ScanRun latest_run = 11;
190
191  // The risk level selected for the scan
192  RiskLevel risk_level = 12;
193}
194