blob: 1be0098783fe10f097c5aaf26f0dbf13355c9995 [file] [log] [blame]
// Copyright 2019 Google LLC.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
syntax = "proto3";
package google.cloud.websecurityscanner.v1beta;
import "google/api/annotations.proto";
import "google/cloud/websecurityscanner/v1beta/scan_run.proto";
import "google/protobuf/timestamp.proto";
option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1beta;websecurityscanner";
option java_multiple_files = true;
option java_outer_classname = "ScanConfigProto";
option java_package = "com.google.cloud.websecurityscanner.v1beta";
// A ScanConfig resource contains the configurations to launch a scan.
message ScanConfig {
// Scan authentication configuration.
message Authentication {
// Describes authentication configuration that uses a Google account.
message GoogleAccount {
// Required.
// The user name of the Google account.
string username = 1;
// Input only.
// Required.
// The password of the Google account. The credential is stored encrypted
// and not returned in any response nor included in audit logs.
string password = 2;
}
// Describes authentication configuration that uses a custom account.
message CustomAccount {
// Required.
// The user name of the custom account.
string username = 1;
// Input only.
// Required.
// The password of the custom account. The credential is stored encrypted
// and not returned in any response nor included in audit logs.
string password = 2;
// Required.
// The login form URL of the website.
string login_url = 3;
}
// Required.
// Authentication configuration
oneof authentication {
// Authentication using a Google account.
GoogleAccount google_account = 1;
// Authentication using a custom account.
CustomAccount custom_account = 2;
}
}
// Scan schedule configuration.
message Schedule {
// A timestamp indicates when the next run will be scheduled. The value is
// refreshed by the server after each run. If unspecified, it will default
// to current server time, which means the scan will be scheduled to start
// immediately.
google.protobuf.Timestamp schedule_time = 1;
// Required.
// The duration of time between executions in days.
int32 interval_duration_days = 2;
}
// Type of user agents used for scanning.
enum UserAgent {
// The user agent is unknown. Service will default to CHROME_LINUX.
USER_AGENT_UNSPECIFIED = 0;
// Chrome on Linux. This is the service default if unspecified.
CHROME_LINUX = 1;
// Chrome on Android.
CHROME_ANDROID = 2;
// Safari on IPhone.
SAFARI_IPHONE = 3;
}
// Cloud platforms supported by Cloud Web Security Scanner.
enum TargetPlatform {
// The target platform is unknown. Requests with this enum value will be
// rejected with INVALID_ARGUMENT error.
TARGET_PLATFORM_UNSPECIFIED = 0;
// Google App Engine service.
APP_ENGINE = 1;
// Google Compute Engine service.
COMPUTE = 2;
}
// Scan risk levels supported by Cloud Web Security Scanner. LOW impact
// scanning will minimize requests with the potential to modify data. To
// achieve the maximum scan coverage, NORMAL risk level is recommended.
enum RiskLevel {
// Use default, which is NORMAL.
RISK_LEVEL_UNSPECIFIED = 0;
// Normal scanning (Recommended)
NORMAL = 1;
// Lower impact scanning
LOW = 2;
}
// Controls export of scan configurations and results to Cloud Security
// Command Center.
enum ExportToSecurityCommandCenter {
// Use default, which is ENABLED.
EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED = 0;
// Export results of this scan to Cloud Security Command Center.
ENABLED = 1;
// Do not export results of this scan to Cloud Security Command Center.
DISABLED = 2;
}
// The resource name of the ScanConfig. The name follows the format of
// 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are
// generated by the system.
string name = 1;
// Required.
// The user provided display name of the ScanConfig.
string display_name = 2;
// The maximum QPS during scanning. A valid value ranges from 5 to 20
// inclusively. If the field is unspecified or its value is set 0, server will
// default to 15. Other values outside of [5, 20] range will be rejected with
// INVALID_ARGUMENT error.
int32 max_qps = 3;
// Required.
// The starting URLs from which the scanner finds site pages.
repeated string starting_urls = 4;
// The authentication configuration. If specified, service will use the
// authentication configuration during scanning.
Authentication authentication = 5;
// The user agent used during scanning.
UserAgent user_agent = 6;
// The blacklist URL patterns as described in
// https://cloud.google.com/security-scanner/docs/excluded-urls
repeated string blacklist_patterns = 7;
// The schedule of the ScanConfig.
Schedule schedule = 8;
// Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be
// used as a default.
repeated TargetPlatform target_platforms = 9;
// Controls export of scan configurations and results to Cloud Security
// Command Center.
ExportToSecurityCommandCenter export_to_security_command_center = 10;
// Latest ScanRun if available.
ScanRun latest_run = 11;
// The risk level selected for the scan
RiskLevel risk_level = 12;
}