xref: /aosp_15_r20/external/googleapis/google/cloud/websecurityscanner/v1/scan_config.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2022 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.websecurityscanner.v1;
18
19import "google/api/field_behavior.proto";
20import "google/protobuf/timestamp.proto";
21
22option csharp_namespace = "Google.Cloud.WebSecurityScanner.V1";
23option go_package = "cloud.google.com/go/websecurityscanner/apiv1/websecurityscannerpb;websecurityscannerpb";
24option java_multiple_files = true;
25option java_outer_classname = "ScanConfigProto";
26option java_package = "com.google.cloud.websecurityscanner.v1";
27option php_namespace = "Google\\Cloud\\WebSecurityScanner\\V1";
28option ruby_package = "Google::Cloud::WebSecurityScanner::V1";
29
30// A ScanConfig resource contains the configurations to launch a scan.
31message ScanConfig {
32  // Scan authentication configuration.
33  message Authentication {
34    // Describes authentication configuration that uses a Google account.
35    message GoogleAccount {
36      option deprecated = true;
37
38      // Required. The user name of the Google account.
39      string username = 1;
40
41      // Required. Input only. The password of the Google account. The credential is stored encrypted
42      // and not returned in any response nor included in audit logs.
43      string password = 2;
44    }
45
46    // Describes authentication configuration that uses a custom account.
47    message CustomAccount {
48      // Required. The user name of the custom account.
49      string username = 1;
50
51      // Required. Input only. The password of the custom account. The credential is stored encrypted
52      // and not returned in any response nor included in audit logs.
53      string password = 2;
54
55      // Required. The login form URL of the website.
56      string login_url = 3;
57    }
58
59    // Describes authentication configuration for Identity-Aware-Proxy (IAP).
60    message IapCredential {
61      // Describes authentication configuration when Web-Security-Scanner
62      // service account is added in Identity-Aware-Proxy (IAP) access policies.
63      message IapTestServiceAccountInfo {
64        // Required. Describes OAuth2 client id of resources protected by
65        // Identity-Aware-Proxy (IAP).
66        string target_audience_client_id = 1 [(google.api.field_behavior) = REQUIRED];
67      }
68
69      // Identity-Aware-Proxy (IAP) Authentication Configuration
70      oneof iap_credentials {
71        // Authentication configuration when Web-Security-Scanner service
72        // account is added in Identity-Aware-Proxy (IAP) access policies.
73        IapTestServiceAccountInfo iap_test_service_account_info = 1;
74      }
75    }
76
77    // Required.
78    // Authentication configuration
79    oneof authentication {
80      // Authentication using a Google account.
81      GoogleAccount google_account = 1 [deprecated = true];
82
83      // Authentication using a custom account.
84      CustomAccount custom_account = 2;
85
86      // Authentication using Identity-Aware-Proxy (IAP).
87      IapCredential iap_credential = 4;
88    }
89  }
90
91  // Scan schedule configuration.
92  message Schedule {
93    // A timestamp indicates when the next run will be scheduled. The value is
94    // refreshed by the server after each run. If unspecified, it will default
95    // to current server time, which means the scan will be scheduled to start
96    // immediately.
97    google.protobuf.Timestamp schedule_time = 1;
98
99    // Required. The duration of time between executions in days.
100    int32 interval_duration_days = 2;
101  }
102
103  // Type of user agents used for scanning.
104  enum UserAgent {
105    // The user agent is unknown. Service will default to CHROME_LINUX.
106    USER_AGENT_UNSPECIFIED = 0;
107
108    // Chrome on Linux. This is the service default if unspecified.
109    CHROME_LINUX = 1;
110
111    // Chrome on Android.
112    CHROME_ANDROID = 2;
113
114    // Safari on IPhone.
115    SAFARI_IPHONE = 3;
116  }
117
118  // Scan risk levels supported by Web Security Scanner. LOW impact
119  // scanning will minimize requests with the potential to modify data. To
120  // achieve the maximum scan coverage, NORMAL risk level is recommended.
121  enum RiskLevel {
122    // Use default, which is NORMAL.
123    RISK_LEVEL_UNSPECIFIED = 0;
124
125    // Normal scanning (Recommended)
126    NORMAL = 1;
127
128    // Lower impact scanning
129    LOW = 2;
130  }
131
132  // Controls export of scan configurations and results to Security
133  // Command Center.
134  enum ExportToSecurityCommandCenter {
135    // Use default, which is ENABLED.
136    EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED = 0;
137
138    // Export results of this scan to Security Command Center.
139    ENABLED = 1;
140
141    // Do not export results of this scan to Security Command Center.
142    DISABLED = 2;
143  }
144
145  // The resource name of the ScanConfig. The name follows the format of
146  // 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are
147  // generated by the system.
148  string name = 1;
149
150  // Required. The user provided display name of the ScanConfig.
151  string display_name = 2;
152
153  // The maximum QPS during scanning. A valid value ranges from 5 to 20
154  // inclusively. If the field is unspecified or its value is set 0, server will
155  // default to 15. Other values outside of [5, 20] range will be rejected with
156  // INVALID_ARGUMENT error.
157  int32 max_qps = 3;
158
159  // Required. The starting URLs from which the scanner finds site pages.
160  repeated string starting_urls = 4;
161
162  // The authentication configuration. If specified, service will use the
163  // authentication configuration during scanning.
164  Authentication authentication = 5;
165
166  // The user agent used during scanning.
167  UserAgent user_agent = 6;
168
169  // The excluded URL patterns as described in
170  // https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls
171  repeated string blacklist_patterns = 7;
172
173  // The schedule of the ScanConfig.
174  Schedule schedule = 8;
175
176  // Controls export of scan configurations and results to Security
177  // Command Center.
178  ExportToSecurityCommandCenter export_to_security_command_center = 10;
179
180  // The risk level selected for the scan
181  RiskLevel risk_level = 12;
182
183  // Whether the scan config is managed by Web Security Scanner, output
184  // only.
185  bool managed_scan = 13;
186
187  // Whether the scan configuration has enabled static IP address scan feature.
188  // If enabled, the scanner will access applications from static IP addresses.
189  bool static_ip_scan = 14;
190
191  // Whether to keep scanning even if most requests return HTTP error codes.
192  bool ignore_http_status_errors = 15;
193}
194