| // Copyright 2019 Google LLC. |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| |
| syntax = "proto3"; |
| |
| package google.cloud.websecurityscanner.v1beta; |
| |
| import "google/api/annotations.proto"; |
| import "google/cloud/websecurityscanner/v1beta/finding_addon.proto"; |
| |
| option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1beta;websecurityscanner"; |
| option java_multiple_files = true; |
| option java_outer_classname = "FindingProto"; |
| option java_package = "com.google.cloud.websecurityscanner.v1beta"; |
| |
| // A Finding resource represents a vulnerability instance identified during a |
| // ScanRun. |
| message Finding { |
| // Output only. |
| // The resource name of the Finding. The name follows the format of |
| // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. |
| // The finding IDs are generated by the system. |
| string name = 1; |
| |
| // Output only. |
| // The type of the Finding. |
| // Detailed and up-to-date information on findings can be found here: |
| // https://cloud.google.com/security-scanner/docs/scan-result-details |
| string finding_type = 2; |
| |
| // Output only. |
| // The http method of the request that triggered the vulnerability, in |
| // uppercase. |
| string http_method = 3; |
| |
| // Output only. |
| // The URL produced by the server-side fuzzer and used in the request that |
| // triggered the vulnerability. |
| string fuzzed_url = 4; |
| |
| // Output only. |
| // The body of the request that triggered the vulnerability. |
| string body = 5; |
| |
| // Output only. |
| // The description of the vulnerability. |
| string description = 6; |
| |
| // Output only. |
| // The URL containing human-readable payload that user can leverage to |
| // reproduce the vulnerability. |
| string reproduction_url = 7; |
| |
| // Output only. |
| // If the vulnerability was originated from nested IFrame, the immediate |
| // parent IFrame is reported. |
| string frame_url = 8; |
| |
| // Output only. |
| // The URL where the browser lands when the vulnerability is detected. |
| string final_url = 9; |
| |
| // Output only. |
| // The tracking ID uniquely identifies a vulnerability instance across |
| // multiple ScanRuns. |
| string tracking_id = 10; |
| |
| // Output only. |
| // An addon containing information reported for a vulnerability with an HTML |
| // form, if any. |
| Form form = 16; |
| |
| // Output only. |
| // An addon containing information about outdated libraries. |
| OutdatedLibrary outdated_library = 11; |
| |
| // Output only. |
| // An addon containing detailed information regarding any resource causing the |
| // vulnerability such as JavaScript sources, image, audio files, etc. |
| ViolatingResource violating_resource = 12; |
| |
| // Output only. |
| // An addon containing information about vulnerable or missing HTTP headers. |
| VulnerableHeaders vulnerable_headers = 15; |
| |
| // Output only. |
| // An addon containing information about request parameters which were found |
| // to be vulnerable. |
| VulnerableParameters vulnerable_parameters = 13; |
| |
| // Output only. |
| // An addon containing information reported for an XSS, if any. |
| Xss xss = 14; |
| } |