xref: /aosp_15_r20/external/googleapis/google/cloud/websecurityscanner/v1alpha/web_security_scanner.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2019 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15
16syntax = "proto3";
17
18package google.cloud.websecurityscanner.v1alpha;
19
20import "google/api/annotations.proto";
21import "google/api/client.proto";
22import "google/api/field_behavior.proto";
23import "google/api/resource.proto";
24import "google/cloud/websecurityscanner/v1alpha/crawled_url.proto";
25import "google/cloud/websecurityscanner/v1alpha/finding.proto";
26import "google/cloud/websecurityscanner/v1alpha/finding_type_stats.proto";
27import "google/cloud/websecurityscanner/v1alpha/scan_config.proto";
28import "google/cloud/websecurityscanner/v1alpha/scan_run.proto";
29import "google/protobuf/empty.proto";
30import "google/protobuf/field_mask.proto";
31
32option go_package = "cloud.google.com/go/websecurityscanner/apiv1alpha/websecurityscannerpb;websecurityscannerpb";
33option java_multiple_files = true;
34option java_outer_classname = "WebSecurityScannerProto";
35option java_package = "com.google.cloud.websecurityscanner.v1alpha";
36
37// Cloud Web Security Scanner Service identifies security vulnerabilities in web
38// applications hosted on Google Cloud Platform. It crawls your application, and
39// attempts to exercise as many user inputs and event handlers as possible.
40service WebSecurityScanner {
41  option (google.api.default_host) = "websecurityscanner.googleapis.com";
42  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
43
44  // Creates a new ScanConfig.
45  rpc CreateScanConfig(CreateScanConfigRequest) returns (ScanConfig) {
46    option (google.api.http) = {
47      post: "/v1alpha/{parent=projects/*}/scanConfigs"
48      body: "scan_config"
49    };
50    option (google.api.method_signature) = "parent,scan_config";
51  }
52
53  // Deletes an existing ScanConfig and its child resources.
54  rpc DeleteScanConfig(DeleteScanConfigRequest) returns (google.protobuf.Empty) {
55    option (google.api.http) = {
56      delete: "/v1alpha/{name=projects/*/scanConfigs/*}"
57    };
58    option (google.api.method_signature) = "name";
59  }
60
61  // Gets a ScanConfig.
62  rpc GetScanConfig(GetScanConfigRequest) returns (ScanConfig) {
63    option (google.api.http) = {
64      get: "/v1alpha/{name=projects/*/scanConfigs/*}"
65    };
66    option (google.api.method_signature) = "name";
67  }
68
69  // Lists ScanConfigs under a given project.
70  rpc ListScanConfigs(ListScanConfigsRequest) returns (ListScanConfigsResponse) {
71    option (google.api.http) = {
72      get: "/v1alpha/{parent=projects/*}/scanConfigs"
73    };
74    option (google.api.method_signature) = "parent";
75  }
76
77  // Updates a ScanConfig. This method support partial update of a ScanConfig.
78  rpc UpdateScanConfig(UpdateScanConfigRequest) returns (ScanConfig) {
79    option (google.api.http) = {
80      patch: "/v1alpha/{scan_config.name=projects/*/scanConfigs/*}"
81      body: "scan_config"
82    };
83    option (google.api.method_signature) = "scan_config,update_mask";
84  }
85
86  // Start a ScanRun according to the given ScanConfig.
87  rpc StartScanRun(StartScanRunRequest) returns (ScanRun) {
88    option (google.api.http) = {
89      post: "/v1alpha/{name=projects/*/scanConfigs/*}:start"
90      body: "*"
91    };
92    option (google.api.method_signature) = "name";
93  }
94
95  // Gets a ScanRun.
96  rpc GetScanRun(GetScanRunRequest) returns (ScanRun) {
97    option (google.api.http) = {
98      get: "/v1alpha/{name=projects/*/scanConfigs/*/scanRuns/*}"
99    };
100    option (google.api.method_signature) = "name";
101  }
102
103  // Lists ScanRuns under a given ScanConfig, in descending order of ScanRun
104  // stop time.
105  rpc ListScanRuns(ListScanRunsRequest) returns (ListScanRunsResponse) {
106    option (google.api.http) = {
107      get: "/v1alpha/{parent=projects/*/scanConfigs/*}/scanRuns"
108    };
109    option (google.api.method_signature) = "parent";
110  }
111
112  // Stops a ScanRun. The stopped ScanRun is returned.
113  rpc StopScanRun(StopScanRunRequest) returns (ScanRun) {
114    option (google.api.http) = {
115      post: "/v1alpha/{name=projects/*/scanConfigs/*/scanRuns/*}:stop"
116      body: "*"
117    };
118    option (google.api.method_signature) = "name";
119  }
120
121  // List CrawledUrls under a given ScanRun.
122  rpc ListCrawledUrls(ListCrawledUrlsRequest) returns (ListCrawledUrlsResponse) {
123    option (google.api.http) = {
124      get: "/v1alpha/{parent=projects/*/scanConfigs/*/scanRuns/*}/crawledUrls"
125    };
126    option (google.api.method_signature) = "parent";
127  }
128
129  // Gets a Finding.
130  rpc GetFinding(GetFindingRequest) returns (Finding) {
131    option (google.api.http) = {
132      get: "/v1alpha/{name=projects/*/scanConfigs/*/scanRuns/*/findings/*}"
133    };
134    option (google.api.method_signature) = "name";
135  }
136
137  // List Findings under a given ScanRun.
138  rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) {
139    option (google.api.http) = {
140      get: "/v1alpha/{parent=projects/*/scanConfigs/*/scanRuns/*}/findings"
141    };
142    option (google.api.method_signature) = "parent,filter";
143  }
144
145  // List all FindingTypeStats under a given ScanRun.
146  rpc ListFindingTypeStats(ListFindingTypeStatsRequest) returns (ListFindingTypeStatsResponse) {
147    option (google.api.http) = {
148      get: "/v1alpha/{parent=projects/*/scanConfigs/*/scanRuns/*}/findingTypeStats"
149    };
150    option (google.api.method_signature) = "parent";
151  }
152}
153
154// Request for the `CreateScanConfig` method.
155message CreateScanConfigRequest {
156  // Required. The parent resource name where the scan is created, which should be a
157  // project resource name in the format 'projects/{projectId}'.
158  string parent = 1 [
159    (google.api.field_behavior) = REQUIRED,
160    (google.api.resource_reference) = {
161      type: "cloudresourcemanager.googleapis.com/Project"
162    }
163  ];
164
165  // Required. The ScanConfig to be created.
166  ScanConfig scan_config = 2 [(google.api.field_behavior) = REQUIRED];
167}
168
169// Request for the `DeleteScanConfig` method.
170message DeleteScanConfigRequest {
171  // Required. The resource name of the ScanConfig to be deleted. The name follows the
172  // format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
173  string name = 1 [
174    (google.api.field_behavior) = REQUIRED,
175    (google.api.resource_reference) = {
176      type: "websecurityscanner.googleapis.com/ScanConfig"
177    }
178  ];
179}
180
181// Request for the `GetScanConfig` method.
182message GetScanConfigRequest {
183  // Required. The resource name of the ScanConfig to be returned. The name follows the
184  // format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
185  string name = 1 [
186    (google.api.field_behavior) = REQUIRED,
187    (google.api.resource_reference) = {
188      type: "websecurityscanner.googleapis.com/ScanConfig"
189    }
190  ];
191}
192
193// Request for the `ListScanConfigs` method.
194message ListScanConfigsRequest {
195  // Required. The parent resource name, which should be a project resource name in the
196  // format 'projects/{projectId}'.
197  string parent = 1 [
198    (google.api.field_behavior) = REQUIRED,
199    (google.api.resource_reference) = {
200      type: "cloudresourcemanager.googleapis.com/Project"
201    }
202  ];
203
204  // A token identifying a page of results to be returned. This should be a
205  // `next_page_token` value returned from a previous List request.
206  // If unspecified, the first page of results is returned.
207  string page_token = 2;
208
209  // The maximum number of ScanConfigs to return, can be limited by server.
210  // If not specified or not positive, the implementation will select a
211  // reasonable value.
212  int32 page_size = 3;
213}
214
215// Request for the `UpdateScanConfigRequest` method.
216message UpdateScanConfigRequest {
217  // Required. The ScanConfig to be updated. The name field must be set to identify the
218  // resource to be updated. The values of fields not covered by the mask
219  // will be ignored.
220  ScanConfig scan_config = 2 [(google.api.field_behavior) = REQUIRED];
221
222  // Required. The update mask applies to the resource. For the `FieldMask` definition,
223  // see
224  // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
225  google.protobuf.FieldMask update_mask = 3 [(google.api.field_behavior) = REQUIRED];
226}
227
228// Response for the `ListScanConfigs` method.
229message ListScanConfigsResponse {
230  // The list of ScanConfigs returned.
231  repeated ScanConfig scan_configs = 1;
232
233  // Token to retrieve the next page of results, or empty if there are no
234  // more results in the list.
235  string next_page_token = 2;
236}
237
238// Request for the `StartScanRun` method.
239message StartScanRunRequest {
240  // Required. The resource name of the ScanConfig to be used. The name follows the
241  // format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
242  string name = 1 [
243    (google.api.field_behavior) = REQUIRED,
244    (google.api.resource_reference) = {
245      type: "websecurityscanner.googleapis.com/ScanConfig"
246    }
247  ];
248}
249
250// Request for the `GetScanRun` method.
251message GetScanRunRequest {
252  // Required. The resource name of the ScanRun to be returned. The name follows the
253  // format of
254  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
255  string name = 1 [
256    (google.api.field_behavior) = REQUIRED,
257    (google.api.resource_reference) = {
258      type: "websecurityscanner.googleapis.com/ScanRun"
259    }
260  ];
261}
262
263// Request for the `ListScanRuns` method.
264message ListScanRunsRequest {
265  // Required. The parent resource name, which should be a scan resource name in the
266  // format 'projects/{projectId}/scanConfigs/{scanConfigId}'.
267  string parent = 1 [
268    (google.api.field_behavior) = REQUIRED,
269    (google.api.resource_reference) = {
270      type: "websecurityscanner.googleapis.com/ScanConfig"
271    }
272  ];
273
274  // A token identifying a page of results to be returned. This should be a
275  // `next_page_token` value returned from a previous List request.
276  // If unspecified, the first page of results is returned.
277  string page_token = 2;
278
279  // The maximum number of ScanRuns to return, can be limited by server.
280  // If not specified or not positive, the implementation will select a
281  // reasonable value.
282  int32 page_size = 3;
283}
284
285// Response for the `ListScanRuns` method.
286message ListScanRunsResponse {
287  // The list of ScanRuns returned.
288  repeated ScanRun scan_runs = 1;
289
290  // Token to retrieve the next page of results, or empty if there are no
291  // more results in the list.
292  string next_page_token = 2;
293}
294
295// Request for the `StopScanRun` method.
296message StopScanRunRequest {
297  // Required. The resource name of the ScanRun to be stopped. The name follows the
298  // format of
299  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
300  string name = 1 [
301    (google.api.field_behavior) = REQUIRED,
302    (google.api.resource_reference) = {
303      type: "websecurityscanner.googleapis.com/ScanRun"
304    }
305  ];
306}
307
308// Request for the `ListCrawledUrls` method.
309message ListCrawledUrlsRequest {
310  // Required. The parent resource name, which should be a scan run resource name in the
311  // format
312  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
313  string parent = 1 [
314    (google.api.field_behavior) = REQUIRED,
315    (google.api.resource_reference) = {
316      type: "websecurityscanner.googleapis.com/ScanRun"
317    }
318  ];
319
320  // A token identifying a page of results to be returned. This should be a
321  // `next_page_token` value returned from a previous List request.
322  // If unspecified, the first page of results is returned.
323  string page_token = 2;
324
325  // The maximum number of CrawledUrls to return, can be limited by server.
326  // If not specified or not positive, the implementation will select a
327  // reasonable value.
328  int32 page_size = 3;
329}
330
331// Response for the `ListCrawledUrls` method.
332message ListCrawledUrlsResponse {
333  // The list of CrawledUrls returned.
334  repeated CrawledUrl crawled_urls = 1;
335
336  // Token to retrieve the next page of results, or empty if there are no
337  // more results in the list.
338  string next_page_token = 2;
339}
340
341// Request for the `GetFinding` method.
342message GetFindingRequest {
343  // Required. The resource name of the Finding to be returned. The name follows the
344  // format of
345  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'.
346  string name = 1 [
347    (google.api.field_behavior) = REQUIRED,
348    (google.api.resource_reference) = {
349      type: "websecurityscanner.googleapis.com/Finding"
350    }
351  ];
352}
353
354// Request for the `ListFindings` method.
355message ListFindingsRequest {
356  // Required. The parent resource name, which should be a scan run resource name in the
357  // format
358  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
359  string parent = 1 [
360    (google.api.field_behavior) = REQUIRED,
361    (google.api.resource_reference) = {
362      type: "websecurityscanner.googleapis.com/ScanRun"
363    }
364  ];
365
366  // Required. The filter expression. The expression must be in the format: <field>
367  // <operator> <value>.
368  // Supported field: 'finding_type'.
369  // Supported operator: '='.
370  string filter = 2 [(google.api.field_behavior) = REQUIRED];
371
372  // A token identifying a page of results to be returned. This should be a
373  // `next_page_token` value returned from a previous List request.
374  // If unspecified, the first page of results is returned.
375  string page_token = 3;
376
377  // The maximum number of Findings to return, can be limited by server.
378  // If not specified or not positive, the implementation will select a
379  // reasonable value.
380  int32 page_size = 4;
381}
382
383// Response for the `ListFindings` method.
384message ListFindingsResponse {
385  // The list of Findings returned.
386  repeated Finding findings = 1;
387
388  // Token to retrieve the next page of results, or empty if there are no
389  // more results in the list.
390  string next_page_token = 2;
391}
392
393// Request for the `ListFindingTypeStats` method.
394message ListFindingTypeStatsRequest {
395  // Required. The parent resource name, which should be a scan run resource name in the
396  // format
397  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
398  string parent = 1 [
399    (google.api.field_behavior) = REQUIRED,
400    (google.api.resource_reference) = {
401      type: "websecurityscanner.googleapis.com/ScanRun"
402    }
403  ];
404}
405
406// Response for the `ListFindingTypeStats` method.
407message ListFindingTypeStatsResponse {
408  // The list of FindingTypeStats returned.
409  repeated FindingTypeStats finding_type_stats = 1;
410}
411