xref: /aosp_15_r20/external/googleapis/google/cloud/websecurityscanner/v1beta/web_security_scanner.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2019 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15
16syntax = "proto3";
17
18package google.cloud.websecurityscanner.v1beta;
19
20import "google/api/annotations.proto";
21import "google/api/client.proto";
22import "google/api/field_behavior.proto";
23import "google/api/resource.proto";
24import "google/cloud/websecurityscanner/v1beta/crawled_url.proto";
25import "google/cloud/websecurityscanner/v1beta/finding.proto";
26import "google/cloud/websecurityscanner/v1beta/finding_type_stats.proto";
27import "google/cloud/websecurityscanner/v1beta/scan_config.proto";
28import "google/cloud/websecurityscanner/v1beta/scan_run.proto";
29import "google/protobuf/empty.proto";
30import "google/protobuf/field_mask.proto";
31
32option csharp_namespace = "Google.Cloud.WebSecurityScanner.V1Beta";
33option go_package = "cloud.google.com/go/websecurityscanner/apiv1beta/websecurityscannerpb;websecurityscannerpb";
34option java_multiple_files = true;
35option java_outer_classname = "WebSecurityScannerProto";
36option java_package = "com.google.cloud.websecurityscanner.v1beta";
37option php_namespace = "Google\\Cloud\\WebSecurityScanner\\V1beta";
38option ruby_package = "Google::Cloud::WebSecurityScanner::V1beta";
39
40// Cloud Web Security Scanner Service identifies security vulnerabilities in web
41// applications hosted on Google Cloud Platform. It crawls your application, and
42// attempts to exercise as many user inputs and event handlers as possible.
43service WebSecurityScanner {
44  option (google.api.default_host) = "websecurityscanner.googleapis.com";
45  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
46
47  // Creates a new ScanConfig.
48  rpc CreateScanConfig(CreateScanConfigRequest) returns (ScanConfig) {
49    option (google.api.http) = {
50      post: "/v1beta/{parent=projects/*}/scanConfigs"
51      body: "scan_config"
52    };
53    option (google.api.method_signature) = "parent,scan_config";
54  }
55
56  // Deletes an existing ScanConfig and its child resources.
57  rpc DeleteScanConfig(DeleteScanConfigRequest) returns (google.protobuf.Empty) {
58    option (google.api.http) = {
59      delete: "/v1beta/{name=projects/*/scanConfigs/*}"
60    };
61    option (google.api.method_signature) = "name";
62  }
63
64  // Gets a ScanConfig.
65  rpc GetScanConfig(GetScanConfigRequest) returns (ScanConfig) {
66    option (google.api.http) = {
67      get: "/v1beta/{name=projects/*/scanConfigs/*}"
68    };
69    option (google.api.method_signature) = "name";
70  }
71
72  // Lists ScanConfigs under a given project.
73  rpc ListScanConfigs(ListScanConfigsRequest) returns (ListScanConfigsResponse) {
74    option (google.api.http) = {
75      get: "/v1beta/{parent=projects/*}/scanConfigs"
76    };
77    option (google.api.method_signature) = "parent";
78  }
79
80  // Updates a ScanConfig. This method support partial update of a ScanConfig.
81  rpc UpdateScanConfig(UpdateScanConfigRequest) returns (ScanConfig) {
82    option (google.api.http) = {
83      patch: "/v1beta/{scan_config.name=projects/*/scanConfigs/*}"
84      body: "scan_config"
85    };
86    option (google.api.method_signature) = "scan_config,update_mask";
87  }
88
89  // Start a ScanRun according to the given ScanConfig.
90  rpc StartScanRun(StartScanRunRequest) returns (ScanRun) {
91    option (google.api.http) = {
92      post: "/v1beta/{name=projects/*/scanConfigs/*}:start"
93      body: "*"
94    };
95    option (google.api.method_signature) = "name";
96  }
97
98  // Gets a ScanRun.
99  rpc GetScanRun(GetScanRunRequest) returns (ScanRun) {
100    option (google.api.http) = {
101      get: "/v1beta/{name=projects/*/scanConfigs/*/scanRuns/*}"
102    };
103    option (google.api.method_signature) = "name";
104  }
105
106  // Lists ScanRuns under a given ScanConfig, in descending order of ScanRun
107  // stop time.
108  rpc ListScanRuns(ListScanRunsRequest) returns (ListScanRunsResponse) {
109    option (google.api.http) = {
110      get: "/v1beta/{parent=projects/*/scanConfigs/*}/scanRuns"
111    };
112    option (google.api.method_signature) = "parent";
113  }
114
115  // Stops a ScanRun. The stopped ScanRun is returned.
116  rpc StopScanRun(StopScanRunRequest) returns (ScanRun) {
117    option (google.api.http) = {
118      post: "/v1beta/{name=projects/*/scanConfigs/*/scanRuns/*}:stop"
119      body: "*"
120    };
121    option (google.api.method_signature) = "name";
122  }
123
124  // List CrawledUrls under a given ScanRun.
125  rpc ListCrawledUrls(ListCrawledUrlsRequest) returns (ListCrawledUrlsResponse) {
126    option (google.api.http) = {
127      get: "/v1beta/{parent=projects/*/scanConfigs/*/scanRuns/*}/crawledUrls"
128    };
129    option (google.api.method_signature) = "parent";
130  }
131
132  // Gets a Finding.
133  rpc GetFinding(GetFindingRequest) returns (Finding) {
134    option (google.api.http) = {
135      get: "/v1beta/{name=projects/*/scanConfigs/*/scanRuns/*/findings/*}"
136    };
137    option (google.api.method_signature) = "name";
138  }
139
140  // List Findings under a given ScanRun.
141  rpc ListFindings(ListFindingsRequest) returns (ListFindingsResponse) {
142    option (google.api.http) = {
143      get: "/v1beta/{parent=projects/*/scanConfigs/*/scanRuns/*}/findings"
144    };
145    option (google.api.method_signature) = "parent,filter";
146  }
147
148  // List all FindingTypeStats under a given ScanRun.
149  rpc ListFindingTypeStats(ListFindingTypeStatsRequest) returns (ListFindingTypeStatsResponse) {
150    option (google.api.http) = {
151      get: "/v1beta/{parent=projects/*/scanConfigs/*/scanRuns/*}/findingTypeStats"
152    };
153    option (google.api.method_signature) = "parent";
154  }
155}
156
157// Request for the `CreateScanConfig` method.
158message CreateScanConfigRequest {
159  // Required. The parent resource name where the scan is created, which should be a
160  // project resource name in the format 'projects/{projectId}'.
161  string parent = 1 [
162    (google.api.field_behavior) = REQUIRED,
163    (google.api.resource_reference) = {
164      type: "cloudresourcemanager.googleapis.com/Project"
165    }
166  ];
167
168  // Required. The ScanConfig to be created.
169  ScanConfig scan_config = 2 [(google.api.field_behavior) = REQUIRED];
170}
171
172// Request for the `DeleteScanConfig` method.
173message DeleteScanConfigRequest {
174  // Required. The resource name of the ScanConfig to be deleted. The name follows the
175  // format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
176  string name = 1 [
177    (google.api.field_behavior) = REQUIRED,
178    (google.api.resource_reference) = {
179      type: "websecurityscanner.googleapis.com/ScanConfig"
180    }
181  ];
182}
183
184// Request for the `GetScanConfig` method.
185message GetScanConfigRequest {
186  // Required. The resource name of the ScanConfig to be returned. The name follows the
187  // format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
188  string name = 1 [
189    (google.api.field_behavior) = REQUIRED,
190    (google.api.resource_reference) = {
191      type: "websecurityscanner.googleapis.com/ScanConfig"
192    }
193  ];
194}
195
196// Request for the `ListScanConfigs` method.
197message ListScanConfigsRequest {
198  // Required. The parent resource name, which should be a project resource name in the
199  // format 'projects/{projectId}'.
200  string parent = 1 [
201    (google.api.field_behavior) = REQUIRED,
202    (google.api.resource_reference) = {
203      type: "cloudresourcemanager.googleapis.com/Project"
204    }
205  ];
206
207  // A token identifying a page of results to be returned. This should be a
208  // `next_page_token` value returned from a previous List request.
209  // If unspecified, the first page of results is returned.
210  string page_token = 2;
211
212  // The maximum number of ScanConfigs to return, can be limited by server.
213  // If not specified or not positive, the implementation will select a
214  // reasonable value.
215  int32 page_size = 3;
216}
217
218// Request for the `UpdateScanConfigRequest` method.
219message UpdateScanConfigRequest {
220  // Required. The ScanConfig to be updated. The name field must be set to identify the
221  // resource to be updated. The values of fields not covered by the mask
222  // will be ignored.
223  ScanConfig scan_config = 2 [(google.api.field_behavior) = REQUIRED];
224
225  // Required. The update mask applies to the resource. For the `FieldMask` definition,
226  // see
227  // https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
228  google.protobuf.FieldMask update_mask = 3 [(google.api.field_behavior) = REQUIRED];
229}
230
231// Response for the `ListScanConfigs` method.
232message ListScanConfigsResponse {
233  // The list of ScanConfigs returned.
234  repeated ScanConfig scan_configs = 1;
235
236  // Token to retrieve the next page of results, or empty if there are no
237  // more results in the list.
238  string next_page_token = 2;
239}
240
241// Request for the `StartScanRun` method.
242message StartScanRunRequest {
243  // Required. The resource name of the ScanConfig to be used. The name follows the
244  // format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
245  string name = 1 [
246    (google.api.field_behavior) = REQUIRED,
247    (google.api.resource_reference) = {
248      type: "websecurityscanner.googleapis.com/ScanConfig"
249    }
250  ];
251}
252
253// Request for the `GetScanRun` method.
254message GetScanRunRequest {
255  // Required. The resource name of the ScanRun to be returned. The name follows the
256  // format of
257  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
258  string name = 1 [
259    (google.api.field_behavior) = REQUIRED,
260    (google.api.resource_reference) = {
261      type: "websecurityscanner.googleapis.com/ScanRun"
262    }
263  ];
264}
265
266// Request for the `ListScanRuns` method.
267message ListScanRunsRequest {
268  // Required. The parent resource name, which should be a scan resource name in the
269  // format 'projects/{projectId}/scanConfigs/{scanConfigId}'.
270  string parent = 1 [
271    (google.api.field_behavior) = REQUIRED,
272    (google.api.resource_reference) = {
273      type: "websecurityscanner.googleapis.com/ScanConfig"
274    }
275  ];
276
277  // A token identifying a page of results to be returned. This should be a
278  // `next_page_token` value returned from a previous List request.
279  // If unspecified, the first page of results is returned.
280  string page_token = 2;
281
282  // The maximum number of ScanRuns to return, can be limited by server.
283  // If not specified or not positive, the implementation will select a
284  // reasonable value.
285  int32 page_size = 3;
286}
287
288// Response for the `ListScanRuns` method.
289message ListScanRunsResponse {
290  // The list of ScanRuns returned.
291  repeated ScanRun scan_runs = 1;
292
293  // Token to retrieve the next page of results, or empty if there are no
294  // more results in the list.
295  string next_page_token = 2;
296}
297
298// Request for the `StopScanRun` method.
299message StopScanRunRequest {
300  // Required. The resource name of the ScanRun to be stopped. The name follows the
301  // format of
302  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
303  string name = 1 [
304    (google.api.field_behavior) = REQUIRED,
305    (google.api.resource_reference) = {
306      type: "websecurityscanner.googleapis.com/ScanRun"
307    }
308  ];
309}
310
311// Request for the `ListCrawledUrls` method.
312message ListCrawledUrlsRequest {
313  // Required. The parent resource name, which should be a scan run resource name in the
314  // format
315  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
316  string parent = 1 [
317    (google.api.field_behavior) = REQUIRED,
318    (google.api.resource_reference) = {
319      type: "websecurityscanner.googleapis.com/ScanRun"
320    }
321  ];
322
323  // A token identifying a page of results to be returned. This should be a
324  // `next_page_token` value returned from a previous List request.
325  // If unspecified, the first page of results is returned.
326  string page_token = 2;
327
328  // The maximum number of CrawledUrls to return, can be limited by server.
329  // If not specified or not positive, the implementation will select a
330  // reasonable value.
331  int32 page_size = 3;
332}
333
334// Response for the `ListCrawledUrls` method.
335message ListCrawledUrlsResponse {
336  // The list of CrawledUrls returned.
337  repeated CrawledUrl crawled_urls = 1;
338
339  // Token to retrieve the next page of results, or empty if there are no
340  // more results in the list.
341  string next_page_token = 2;
342}
343
344// Request for the `GetFinding` method.
345message GetFindingRequest {
346  // Required. The resource name of the Finding to be returned. The name follows the
347  // format of
348  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'.
349  string name = 1 [
350    (google.api.field_behavior) = REQUIRED,
351    (google.api.resource_reference) = {
352      type: "websecurityscanner.googleapis.com/Finding"
353    }
354  ];
355}
356
357// Request for the `ListFindings` method.
358message ListFindingsRequest {
359  // Required. The parent resource name, which should be a scan run resource name in the
360  // format
361  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
362  string parent = 1 [
363    (google.api.field_behavior) = REQUIRED,
364    (google.api.resource_reference) = {
365      type: "websecurityscanner.googleapis.com/ScanRun"
366    }
367  ];
368
369  // Required. The filter expression. The expression must be in the format: <field>
370  // <operator> <value>.
371  // Supported field: 'finding_type'.
372  // Supported operator: '='.
373  string filter = 2 [(google.api.field_behavior) = REQUIRED];
374
375  // A token identifying a page of results to be returned. This should be a
376  // `next_page_token` value returned from a previous List request.
377  // If unspecified, the first page of results is returned.
378  string page_token = 3;
379
380  // The maximum number of Findings to return, can be limited by server.
381  // If not specified or not positive, the implementation will select a
382  // reasonable value.
383  int32 page_size = 4;
384}
385
386// Response for the `ListFindings` method.
387message ListFindingsResponse {
388  // The list of Findings returned.
389  repeated Finding findings = 1;
390
391  // Token to retrieve the next page of results, or empty if there are no
392  // more results in the list.
393  string next_page_token = 2;
394}
395
396// Request for the `ListFindingTypeStats` method.
397message ListFindingTypeStatsRequest {
398  // Required. The parent resource name, which should be a scan run resource name in the
399  // format
400  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
401  string parent = 1 [
402    (google.api.field_behavior) = REQUIRED,
403    (google.api.resource_reference) = {
404      type: "websecurityscanner.googleapis.com/ScanRun"
405    }
406  ];
407}
408
409// Response for the `ListFindingTypeStats` method.
410message ListFindingTypeStatsResponse {
411  // The list of FindingTypeStats returned.
412  repeated FindingTypeStats finding_type_stats = 1;
413}
414