189 lines
6.6 KiB
Protocol Buffer
189 lines
6.6 KiB
Protocol Buffer
// Copyright 2020 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
syntax = "proto3";
|
|
|
|
package google.cloud.websecurityscanner.v1;
|
|
|
|
import "google/api/field_behavior.proto";
|
|
import "google/protobuf/timestamp.proto";
|
|
|
|
option csharp_namespace = "Google.Cloud.WebSecurityScanner.V1";
|
|
option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1;websecurityscanner";
|
|
option java_multiple_files = true;
|
|
option java_outer_classname = "ScanConfigProto";
|
|
option java_package = "com.google.cloud.websecurityscanner.v1";
|
|
option php_namespace = "Google\\Cloud\\WebSecurityScanner\\V1";
|
|
option ruby_package = "Google::Cloud::WebSecurityScanner::V1";
|
|
|
|
// A ScanConfig resource contains the configurations to launch a scan.
|
|
message ScanConfig {
|
|
// Scan authentication configuration.
|
|
message Authentication {
|
|
// Describes authentication configuration that uses a Google account.
|
|
message GoogleAccount {
|
|
// Required. The user name of the Google account.
|
|
string username = 1;
|
|
|
|
// Required. Input only. The password of the Google account. The credential is stored encrypted
|
|
// and not returned in any response nor included in audit logs.
|
|
string password = 2;
|
|
}
|
|
|
|
// Describes authentication configuration that uses a custom account.
|
|
message CustomAccount {
|
|
// Required. The user name of the custom account.
|
|
string username = 1;
|
|
|
|
// Required. Input only. The password of the custom account. The credential is stored encrypted
|
|
// and not returned in any response nor included in audit logs.
|
|
string password = 2;
|
|
|
|
// Required. The login form URL of the website.
|
|
string login_url = 3;
|
|
}
|
|
|
|
// Describes authentication configuration for Identity-Aware-Proxy (IAP).
|
|
message IapCredential {
|
|
// Describes authentication configuration when Web-Security-Scanner
|
|
// service account is added in Identity-Aware-Proxy (IAP) access policies.
|
|
message IapTestServiceAccountInfo {
|
|
// Required. Describes OAuth2 client id of resources protected by
|
|
// Identity-Aware-Proxy (IAP).
|
|
string target_audience_client_id = 1 [(google.api.field_behavior) = REQUIRED];
|
|
}
|
|
|
|
// Identity-Aware-Proxy (IAP) Authentication Configuration
|
|
oneof iap_credentials {
|
|
// Authentication configuration when Web-Security-Scanner service
|
|
// account is added in Identity-Aware-Proxy (IAP) access policies.
|
|
IapTestServiceAccountInfo iap_test_service_account_info = 1;
|
|
}
|
|
}
|
|
|
|
// Required.
|
|
// Authentication configuration
|
|
oneof authentication {
|
|
// Authentication using a Google account.
|
|
GoogleAccount google_account = 1;
|
|
|
|
// Authentication using a custom account.
|
|
CustomAccount custom_account = 2;
|
|
|
|
// Authentication using Identity-Aware-Proxy (IAP).
|
|
IapCredential iap_credential = 4;
|
|
}
|
|
}
|
|
|
|
// Scan schedule configuration.
|
|
message Schedule {
|
|
// A timestamp indicates when the next run will be scheduled. The value is
|
|
// refreshed by the server after each run. If unspecified, it will default
|
|
// to current server time, which means the scan will be scheduled to start
|
|
// immediately.
|
|
google.protobuf.Timestamp schedule_time = 1;
|
|
|
|
// Required. The duration of time between executions in days.
|
|
int32 interval_duration_days = 2;
|
|
}
|
|
|
|
// Type of user agents used for scanning.
|
|
enum UserAgent {
|
|
// The user agent is unknown. Service will default to CHROME_LINUX.
|
|
USER_AGENT_UNSPECIFIED = 0;
|
|
|
|
// Chrome on Linux. This is the service default if unspecified.
|
|
CHROME_LINUX = 1;
|
|
|
|
// Chrome on Android.
|
|
CHROME_ANDROID = 2;
|
|
|
|
// Safari on IPhone.
|
|
SAFARI_IPHONE = 3;
|
|
}
|
|
|
|
// Scan risk levels supported by Web Security Scanner. LOW impact
|
|
// scanning will minimize requests with the potential to modify data. To
|
|
// achieve the maximum scan coverage, NORMAL risk level is recommended.
|
|
enum RiskLevel {
|
|
// Use default, which is NORMAL.
|
|
RISK_LEVEL_UNSPECIFIED = 0;
|
|
|
|
// Normal scanning (Recommended)
|
|
NORMAL = 1;
|
|
|
|
// Lower impact scanning
|
|
LOW = 2;
|
|
}
|
|
|
|
// Controls export of scan configurations and results to Security
|
|
// Command Center.
|
|
enum ExportToSecurityCommandCenter {
|
|
// Use default, which is ENABLED.
|
|
EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED = 0;
|
|
|
|
// Export results of this scan to Security Command Center.
|
|
ENABLED = 1;
|
|
|
|
// Do not export results of this scan to Security Command Center.
|
|
DISABLED = 2;
|
|
}
|
|
|
|
// The resource name of the ScanConfig. The name follows the format of
|
|
// 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are
|
|
// generated by the system.
|
|
string name = 1;
|
|
|
|
// Required. The user provided display name of the ScanConfig.
|
|
string display_name = 2;
|
|
|
|
// The maximum QPS during scanning. A valid value ranges from 5 to 20
|
|
// inclusively. If the field is unspecified or its value is set 0, server will
|
|
// default to 15. Other values outside of [5, 20] range will be rejected with
|
|
// INVALID_ARGUMENT error.
|
|
int32 max_qps = 3;
|
|
|
|
// Required. The starting URLs from which the scanner finds site pages.
|
|
repeated string starting_urls = 4;
|
|
|
|
// The authentication configuration. If specified, service will use the
|
|
// authentication configuration during scanning.
|
|
Authentication authentication = 5;
|
|
|
|
// The user agent used during scanning.
|
|
UserAgent user_agent = 6;
|
|
|
|
// The excluded URL patterns as described in
|
|
// https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls
|
|
repeated string blacklist_patterns = 7;
|
|
|
|
// The schedule of the ScanConfig.
|
|
Schedule schedule = 8;
|
|
|
|
// Controls export of scan configurations and results to Security
|
|
// Command Center.
|
|
ExportToSecurityCommandCenter export_to_security_command_center = 10;
|
|
|
|
// The risk level selected for the scan
|
|
RiskLevel risk_level = 12;
|
|
|
|
// Whether the scan config is managed by Web Security Scanner, output
|
|
// only.
|
|
bool managed_scan = 13;
|
|
|
|
// Whether the scan configuration has enabled static IP address scan feature.
|
|
// If enabled, the scanner will access applications from static IP addresses.
|
|
bool static_ip_scan = 14;
|
|
}
|