xref: /aosp_15_r20/external/googleapis/google/cloud/websecurityscanner/v1/finding.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1*d5c09012SAndroid Build Coastguard Worker// Copyright 2022 Google LLC
2*d5c09012SAndroid Build Coastguard Worker//
3*d5c09012SAndroid Build Coastguard Worker// Licensed under the Apache License, Version 2.0 (the "License");
4*d5c09012SAndroid Build Coastguard Worker// you may not use this file except in compliance with the License.
5*d5c09012SAndroid Build Coastguard Worker// You may obtain a copy of the License at
6*d5c09012SAndroid Build Coastguard Worker//
7*d5c09012SAndroid Build Coastguard Worker//     http://www.apache.org/licenses/LICENSE-2.0
8*d5c09012SAndroid Build Coastguard Worker//
9*d5c09012SAndroid Build Coastguard Worker// Unless required by applicable law or agreed to in writing, software
10*d5c09012SAndroid Build Coastguard Worker// distributed under the License is distributed on an "AS IS" BASIS,
11*d5c09012SAndroid Build Coastguard Worker// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*d5c09012SAndroid Build Coastguard Worker// See the License for the specific language governing permissions and
13*d5c09012SAndroid Build Coastguard Worker// limitations under the License.
14*d5c09012SAndroid Build Coastguard Worker
15*d5c09012SAndroid Build Coastguard Workersyntax = "proto3";
16*d5c09012SAndroid Build Coastguard Worker
17*d5c09012SAndroid Build Coastguard Workerpackage google.cloud.websecurityscanner.v1;
18*d5c09012SAndroid Build Coastguard Worker
19*d5c09012SAndroid Build Coastguard Workerimport "google/api/field_behavior.proto";
20*d5c09012SAndroid Build Coastguard Workerimport "google/api/resource.proto";
21*d5c09012SAndroid Build Coastguard Workerimport "google/cloud/websecurityscanner/v1/finding_addon.proto";
22*d5c09012SAndroid Build Coastguard Worker
23*d5c09012SAndroid Build Coastguard Workeroption csharp_namespace = "Google.Cloud.WebSecurityScanner.V1";
24*d5c09012SAndroid Build Coastguard Workeroption go_package = "cloud.google.com/go/websecurityscanner/apiv1/websecurityscannerpb;websecurityscannerpb";
25*d5c09012SAndroid Build Coastguard Workeroption java_multiple_files = true;
26*d5c09012SAndroid Build Coastguard Workeroption java_outer_classname = "FindingProto";
27*d5c09012SAndroid Build Coastguard Workeroption java_package = "com.google.cloud.websecurityscanner.v1";
28*d5c09012SAndroid Build Coastguard Workeroption php_namespace = "Google\\Cloud\\WebSecurityScanner\\V1";
29*d5c09012SAndroid Build Coastguard Workeroption ruby_package = "Google::Cloud::WebSecurityScanner::V1";
30*d5c09012SAndroid Build Coastguard Worker
31*d5c09012SAndroid Build Coastguard Worker// A Finding resource represents a vulnerability instance identified during a
32*d5c09012SAndroid Build Coastguard Worker// ScanRun.
33*d5c09012SAndroid Build Coastguard Workermessage Finding {
34*d5c09012SAndroid Build Coastguard Worker  option (google.api.resource) = {
35*d5c09012SAndroid Build Coastguard Worker    type: "websecurityscanner.googleapis.com/Finding"
36*d5c09012SAndroid Build Coastguard Worker    pattern: "projects/{project}/scanConfigs/{scan_config}/scanRuns/{scan_run}/findings/{finding}"
37*d5c09012SAndroid Build Coastguard Worker  };
38*d5c09012SAndroid Build Coastguard Worker
39*d5c09012SAndroid Build Coastguard Worker  // The severity level of a vulnerability.
40*d5c09012SAndroid Build Coastguard Worker  enum Severity {
41*d5c09012SAndroid Build Coastguard Worker    // No severity specified. The default value.
42*d5c09012SAndroid Build Coastguard Worker    SEVERITY_UNSPECIFIED = 0;
43*d5c09012SAndroid Build Coastguard Worker
44*d5c09012SAndroid Build Coastguard Worker    // Critical severity.
45*d5c09012SAndroid Build Coastguard Worker    CRITICAL = 1;
46*d5c09012SAndroid Build Coastguard Worker
47*d5c09012SAndroid Build Coastguard Worker    // High severity.
48*d5c09012SAndroid Build Coastguard Worker    HIGH = 2;
49*d5c09012SAndroid Build Coastguard Worker
50*d5c09012SAndroid Build Coastguard Worker    // Medium severity.
51*d5c09012SAndroid Build Coastguard Worker    MEDIUM = 3;
52*d5c09012SAndroid Build Coastguard Worker
53*d5c09012SAndroid Build Coastguard Worker    // Low severity.
54*d5c09012SAndroid Build Coastguard Worker    LOW = 4;
55*d5c09012SAndroid Build Coastguard Worker  }
56*d5c09012SAndroid Build Coastguard Worker
57*d5c09012SAndroid Build Coastguard Worker  // Output only. The resource name of the Finding. The name follows the format of
58*d5c09012SAndroid Build Coastguard Worker  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'.
59*d5c09012SAndroid Build Coastguard Worker  // The finding IDs are generated by the system.
60*d5c09012SAndroid Build Coastguard Worker  string name = 1;
61*d5c09012SAndroid Build Coastguard Worker
62*d5c09012SAndroid Build Coastguard Worker  // Output only. The type of the Finding.
63*d5c09012SAndroid Build Coastguard Worker  // Detailed and up-to-date information on findings can be found here:
64*d5c09012SAndroid Build Coastguard Worker  // https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings
65*d5c09012SAndroid Build Coastguard Worker  string finding_type = 2;
66*d5c09012SAndroid Build Coastguard Worker
67*d5c09012SAndroid Build Coastguard Worker  // Output only. The severity level of the reported vulnerability.
68*d5c09012SAndroid Build Coastguard Worker  Severity severity = 17 [(google.api.field_behavior) = OUTPUT_ONLY];
69*d5c09012SAndroid Build Coastguard Worker
70*d5c09012SAndroid Build Coastguard Worker  // Output only. The http method of the request that triggered the vulnerability, in
71*d5c09012SAndroid Build Coastguard Worker  // uppercase.
72*d5c09012SAndroid Build Coastguard Worker  string http_method = 3;
73*d5c09012SAndroid Build Coastguard Worker
74*d5c09012SAndroid Build Coastguard Worker  // Output only. The URL produced by the server-side fuzzer and used in the request that
75*d5c09012SAndroid Build Coastguard Worker  // triggered the vulnerability.
76*d5c09012SAndroid Build Coastguard Worker  string fuzzed_url = 4;
77*d5c09012SAndroid Build Coastguard Worker
78*d5c09012SAndroid Build Coastguard Worker  // Output only. The body of the request that triggered the vulnerability.
79*d5c09012SAndroid Build Coastguard Worker  string body = 5;
80*d5c09012SAndroid Build Coastguard Worker
81*d5c09012SAndroid Build Coastguard Worker  // Output only. The description of the vulnerability.
82*d5c09012SAndroid Build Coastguard Worker  string description = 6;
83*d5c09012SAndroid Build Coastguard Worker
84*d5c09012SAndroid Build Coastguard Worker  // Output only. The URL containing human-readable payload that user can leverage to
85*d5c09012SAndroid Build Coastguard Worker  // reproduce the vulnerability.
86*d5c09012SAndroid Build Coastguard Worker  string reproduction_url = 7;
87*d5c09012SAndroid Build Coastguard Worker
88*d5c09012SAndroid Build Coastguard Worker  // Output only. If the vulnerability was originated from nested IFrame, the immediate
89*d5c09012SAndroid Build Coastguard Worker  // parent IFrame is reported.
90*d5c09012SAndroid Build Coastguard Worker  string frame_url = 8;
91*d5c09012SAndroid Build Coastguard Worker
92*d5c09012SAndroid Build Coastguard Worker  // Output only. The URL where the browser lands when the vulnerability is detected.
93*d5c09012SAndroid Build Coastguard Worker  string final_url = 9;
94*d5c09012SAndroid Build Coastguard Worker
95*d5c09012SAndroid Build Coastguard Worker  // Output only. The tracking ID uniquely identifies a vulnerability instance across
96*d5c09012SAndroid Build Coastguard Worker  // multiple ScanRuns.
97*d5c09012SAndroid Build Coastguard Worker  string tracking_id = 10;
98*d5c09012SAndroid Build Coastguard Worker
99*d5c09012SAndroid Build Coastguard Worker  // Output only. An addon containing information reported for a vulnerability with an HTML
100*d5c09012SAndroid Build Coastguard Worker  // form, if any.
101*d5c09012SAndroid Build Coastguard Worker  Form form = 16;
102*d5c09012SAndroid Build Coastguard Worker
103*d5c09012SAndroid Build Coastguard Worker  // Output only. An addon containing information about outdated libraries.
104*d5c09012SAndroid Build Coastguard Worker  OutdatedLibrary outdated_library = 11;
105*d5c09012SAndroid Build Coastguard Worker
106*d5c09012SAndroid Build Coastguard Worker  // Output only. An addon containing detailed information regarding any resource causing the
107*d5c09012SAndroid Build Coastguard Worker  // vulnerability such as JavaScript sources, image, audio files, etc.
108*d5c09012SAndroid Build Coastguard Worker  ViolatingResource violating_resource = 12;
109*d5c09012SAndroid Build Coastguard Worker
110*d5c09012SAndroid Build Coastguard Worker  // Output only. An addon containing information about vulnerable or missing HTTP headers.
111*d5c09012SAndroid Build Coastguard Worker  VulnerableHeaders vulnerable_headers = 15;
112*d5c09012SAndroid Build Coastguard Worker
113*d5c09012SAndroid Build Coastguard Worker  // Output only. An addon containing information about request parameters which were found
114*d5c09012SAndroid Build Coastguard Worker  // to be vulnerable.
115*d5c09012SAndroid Build Coastguard Worker  VulnerableParameters vulnerable_parameters = 13;
116*d5c09012SAndroid Build Coastguard Worker
117*d5c09012SAndroid Build Coastguard Worker  // Output only. An addon containing information reported for an XSS, if any.
118*d5c09012SAndroid Build Coastguard Worker  Xss xss = 14;
119*d5c09012SAndroid Build Coastguard Worker
120*d5c09012SAndroid Build Coastguard Worker  // Output only. An addon containing information reported for an XXE, if any.
121*d5c09012SAndroid Build Coastguard Worker  Xxe xxe = 18 [(google.api.field_behavior) = OUTPUT_ONLY];
122*d5c09012SAndroid Build Coastguard Worker}
123