google-cloud-web_security_scanner-v1 0.1.0

data/proto_docs/google/cloud/websecurityscanner/v1/crawled_url.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module WebSecurityScanner
+      module V1
+        # A CrawledUrl resource represents a URL that was crawled during a ScanRun. Web
+        # Security Scanner Service crawls the web applications, following all links
+        # within the scope of sites, to find the URLs to test against.
+        # @!attribute [rw] http_method
+        #   @return [::String]
+        #     Output only. The http method of the request that was used to visit the URL, in
+        #     uppercase.
+        # @!attribute [rw] url
+        #   @return [::String]
+        #     Output only. The URL that was crawled.
+        # @!attribute [rw] body
+        #   @return [::String]
+        #     Output only. The body of the request that was used to visit the URL.
+        class CrawledUrl
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/websecurityscanner/v1/finding.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module WebSecurityScanner
+      module V1
+        # A Finding resource represents a vulnerability instance identified during a
+        # ScanRun.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Output only. The resource name of the Finding. The name follows the format of
+        #     'projects/\\{projectId}/scanConfigs/\\{scanConfigId}/scanruns/\\{scanRunId}/findings/\\{findingId}'.
+        #     The finding IDs are generated by the system.
+        # @!attribute [rw] finding_type
+        #   @return [::String]
+        #     Output only. The type of the Finding.
+        #     Detailed and up-to-date information on findings can be found here:
+        #     https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings
+        # @!attribute [r] severity
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::Finding::Severity]
+        #     Output only. The severity level of the reported vulnerability.
+        # @!attribute [rw] http_method
+        #   @return [::String]
+        #     Output only. The http method of the request that triggered the vulnerability, in
+        #     uppercase.
+        # @!attribute [rw] fuzzed_url
+        #   @return [::String]
+        #     Output only. The URL produced by the server-side fuzzer and used in the request that
+        #     triggered the vulnerability.
+        # @!attribute [rw] body
+        #   @return [::String]
+        #     Output only. The body of the request that triggered the vulnerability.
+        # @!attribute [rw] description
+        #   @return [::String]
+        #     Output only. The description of the vulnerability.
+        # @!attribute [rw] reproduction_url
+        #   @return [::String]
+        #     Output only. The URL containing human-readable payload that user can leverage to
+        #     reproduce the vulnerability.
+        # @!attribute [rw] frame_url
+        #   @return [::String]
+        #     Output only. If the vulnerability was originated from nested IFrame, the immediate
+        #     parent IFrame is reported.
+        # @!attribute [rw] final_url
+        #   @return [::String]
+        #     Output only. The URL where the browser lands when the vulnerability is detected.
+        # @!attribute [rw] tracking_id
+        #   @return [::String]
+        #     Output only. The tracking ID uniquely identifies a vulnerability instance across
+        #     multiple ScanRuns.
+        # @!attribute [rw] form
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::Form]
+        #     Output only. An addon containing information reported for a vulnerability with an HTML
+        #     form, if any.
+        # @!attribute [rw] outdated_library
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::OutdatedLibrary]
+        #     Output only. An addon containing information about outdated libraries.
+        # @!attribute [rw] violating_resource
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::ViolatingResource]
+        #     Output only. An addon containing detailed information regarding any resource causing the
+        #     vulnerability such as JavaScript sources, image, audio files, etc.
+        # @!attribute [rw] vulnerable_headers
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::VulnerableHeaders]
+        #     Output only. An addon containing information about vulnerable or missing HTTP headers.
+        # @!attribute [rw] vulnerable_parameters
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::VulnerableParameters]
+        #     Output only. An addon containing information about request parameters which were found
+        #     to be vulnerable.
+        # @!attribute [rw] xss
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::Xss]
+        #     Output only. An addon containing information reported for an XSS, if any.
+        class Finding
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # The severity level of a vulnerability.
+          module Severity
+            # No severity specified. The default value.
+            SEVERITY_UNSPECIFIED = 0
+
+            # Critical severity.
+            CRITICAL = 1
+
+            # High severity.
+            HIGH = 2
+
+            # Medium severity.
+            MEDIUM = 3
+
+            # Low severity.
+            LOW = 4
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/websecurityscanner/v1/finding_addon.rb

@@ -0,0 +1,169 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module WebSecurityScanner
+      module V1
+        # ! Information about a vulnerability with an HTML.
+        # @!attribute [rw] action_uri
+        #   @return [::String]
+        #     ! The URI where to send the form when it's submitted.
+        # @!attribute [rw] fields
+        #   @return [::Array<::String>]
+        #     ! The names of form fields related to the vulnerability.
+        class Form
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Information reported for an outdated library.
+        # @!attribute [rw] library_name
+        #   @return [::String]
+        #     The name of the outdated library.
+        # @!attribute [rw] version
+        #   @return [::String]
+        #     The version number.
+        # @!attribute [rw] learn_more_urls
+        #   @return [::Array<::String>]
+        #     URLs to learn more information about the vulnerabilities in the library.
+        class OutdatedLibrary
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Information regarding any resource causing the vulnerability such
+        # as JavaScript sources, image, audio files, etc.
+        # @!attribute [rw] content_type
+        #   @return [::String]
+        #     The MIME type of this resource.
+        # @!attribute [rw] resource_url
+        #   @return [::String]
+        #     URL of this violating resource.
+        class ViolatingResource
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Information about vulnerable request parameters.
+        # @!attribute [rw] parameter_names
+        #   @return [::Array<::String>]
+        #     The vulnerable parameter names.
+        class VulnerableParameters
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Information about vulnerable or missing HTTP Headers.
+        # @!attribute [rw] headers
+        #   @return [::Array<::Google::Cloud::WebSecurityScanner::V1::VulnerableHeaders::Header>]
+        #     List of vulnerable headers.
+        # @!attribute [rw] missing_headers
+        #   @return [::Array<::Google::Cloud::WebSecurityScanner::V1::VulnerableHeaders::Header>]
+        #     List of missing headers.
+        class VulnerableHeaders
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Describes a HTTP Header.
+          # @!attribute [rw] name
+          #   @return [::String]
+          #     Header name.
+          # @!attribute [rw] value
+          #   @return [::String]
+          #     Header value.
+          class Header
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+        end
+
+        # Information reported for an XSS.
+        # @!attribute [rw] stack_traces
+        #   @return [::Array<::String>]
+        #     Stack traces leading to the point where the XSS occurred.
+        # @!attribute [rw] error_message
+        #   @return [::String]
+        #     An error message generated by a javascript breakage.
+        # @!attribute [rw] attack_vector
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::Xss::AttackVector]
+        #     The attack vector of the payload triggering this XSS.
+        # @!attribute [rw] stored_xss_seeding_url
+        #   @return [::String]
+        #     The reproduction url for the seeding POST request of a Stored XSS.
+        class Xss
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Types of XSS attack vector.
+          module AttackVector
+            # Unknown attack vector.
+            ATTACK_VECTOR_UNSPECIFIED = 0
+
+            # The attack comes from fuzzing the browser's localStorage.
+            LOCAL_STORAGE = 1
+
+            # The attack comes from fuzzing the browser's sessionStorage.
+            SESSION_STORAGE = 2
+
+            # The attack comes from fuzzing the window's name property.
+            WINDOW_NAME = 3
+
+            # The attack comes from fuzzing the referrer property.
+            REFERRER = 4
+
+            # The attack comes from fuzzing an input element.
+            FORM_INPUT = 5
+
+            # The attack comes from fuzzing the browser's cookies.
+            COOKIE = 6
+
+            # The attack comes from hijacking the post messaging mechanism.
+            POST_MESSAGE = 7
+
+            # The attack comes from fuzzing parameters in the url.
+            GET_PARAMETERS = 8
+
+            # The attack comes from fuzzing the fragment in the url.
+            URL_FRAGMENT = 9
+
+            # The attack comes from fuzzing the HTML comments.
+            HTML_COMMENT = 10
+
+            # The attack comes from fuzzing the POST parameters.
+            POST_PARAMETERS = 11
+
+            # The attack comes from fuzzing the protocol.
+            PROTOCOL = 12
+
+            # The attack comes from the server side and is stored.
+            STORED_XSS = 13
+
+            # The attack is a Same-Origin Method Execution attack via a GET parameter.
+            SAME_ORIGIN = 14
+
+            # The attack payload is received from a third-party host via a URL that is
+            # user-controllable
+            USER_CONTROLLABLE_URL = 15
+          end
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/websecurityscanner/v1/finding_type_stats.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module WebSecurityScanner
+      module V1
+        # A FindingTypeStats resource represents stats regarding a specific FindingType
+        # of Findings under a given ScanRun.
+        # @!attribute [rw] finding_type
+        #   @return [::String]
+        #     Output only. The finding type associated with the stats.
+        # @!attribute [rw] finding_count
+        #   @return [::Integer]
+        #     Output only. The count of findings belonging to this finding type.
+        class FindingTypeStats
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/cloud/websecurityscanner/v1/scan_config.rb

@@ -0,0 +1,200 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module WebSecurityScanner
+      module V1
+        # A ScanConfig resource contains the configurations to launch a scan.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     The resource name of the ScanConfig. The name follows the format of
+        #     'projects/\\{projectId}/scanConfigs/\\{scanConfigId}'. The ScanConfig IDs are
+        #     generated by the system.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     Required. The user provided display name of the ScanConfig.
+        # @!attribute [rw] max_qps
+        #   @return [::Integer]
+        #     The maximum QPS during scanning. A valid value ranges from 5 to 20
+        #     inclusively. If the field is unspecified or its value is set 0, server will
+        #     default to 15. Other values outside of [5, 20] range will be rejected with
+        #     INVALID_ARGUMENT error.
+        # @!attribute [rw] starting_urls
+        #   @return [::Array<::String>]
+        #     Required. The starting URLs from which the scanner finds site pages.
+        # @!attribute [rw] authentication
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::Authentication]
+        #     The authentication configuration. If specified, service will use the
+        #     authentication configuration during scanning.
+        # @!attribute [rw] user_agent
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::UserAgent]
+        #     The user agent used during scanning.
+        # @!attribute [rw] blacklist_patterns
+        #   @return [::Array<::String>]
+        #     The excluded URL patterns as described in
+        #     https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls
+        # @!attribute [rw] schedule
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::Schedule]
+        #     The schedule of the ScanConfig.
+        # @!attribute [rw] export_to_security_command_center
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::ExportToSecurityCommandCenter]
+        #     Controls export of scan configurations and results to Security
+        #     Command Center.
+        # @!attribute [rw] risk_level
+        #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::RiskLevel]
+        #     The risk level selected for the scan
+        # @!attribute [rw] managed_scan
+        #   @return [::Boolean]
+        #     Whether the scan config is managed by Web Security Scanner, output
+        #     only.
+        # @!attribute [rw] static_ip_scan
+        #   @return [::Boolean]
+        #     Whether the scan configuration has enabled static IP address scan feature.
+        #     If enabled, the scanner will access applications from static IP addresses.
+        class ScanConfig
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Scan authentication configuration.
+          # @!attribute [rw] google_account
+          #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::Authentication::GoogleAccount]
+          #     Authentication using a Google account.
+          # @!attribute [rw] custom_account
+          #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::Authentication::CustomAccount]
+          #     Authentication using a custom account.
+          # @!attribute [rw] iap_credential
+          #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::Authentication::IapCredential]
+          #     Authentication using Identity-Aware-Proxy (IAP).
+          class Authentication
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+
+            # Describes authentication configuration that uses a Google account.
+            # @!attribute [rw] username
+            #   @return [::String]
+            #     Required. The user name of the Google account.
+            # @!attribute [rw] password
+            #   @return [::String]
+            #     Required. Input only. The password of the Google account. The credential is stored encrypted
+            #     and not returned in any response nor included in audit logs.
+            class GoogleAccount
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # Describes authentication configuration that uses a custom account.
+            # @!attribute [rw] username
+            #   @return [::String]
+            #     Required. The user name of the custom account.
+            # @!attribute [rw] password
+            #   @return [::String]
+            #     Required. Input only. The password of the custom account. The credential is stored encrypted
+            #     and not returned in any response nor included in audit logs.
+            # @!attribute [rw] login_url
+            #   @return [::String]
+            #     Required. The login form URL of the website.
+            class CustomAccount
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+            end
+
+            # Describes authentication configuration for Identity-Aware-Proxy (IAP).
+            # @!attribute [rw] iap_test_service_account_info
+            #   @return [::Google::Cloud::WebSecurityScanner::V1::ScanConfig::Authentication::IapCredential::IapTestServiceAccountInfo]
+            #     Authentication configuration when Web-Security-Scanner service
+            #     account is added in Identity-Aware-Proxy (IAP) access policies.
+            class IapCredential
+              include ::Google::Protobuf::MessageExts
+              extend ::Google::Protobuf::MessageExts::ClassMethods
+
+              # Describes authentication configuration when Web-Security-Scanner
+              # service account is added in Identity-Aware-Proxy (IAP) access policies.
+              # @!attribute [rw] target_audience_client_id
+              #   @return [::String]
+              #     Required. Describes OAuth2 client id of resources protected by
+              #     Identity-Aware-Proxy (IAP).
+              class IapTestServiceAccountInfo
+                include ::Google::Protobuf::MessageExts
+                extend ::Google::Protobuf::MessageExts::ClassMethods
+              end
+            end
+          end
+
+          # Scan schedule configuration.
+          # @!attribute [rw] schedule_time
+          #   @return [::Google::Protobuf::Timestamp]
+          #     A timestamp indicates when the next run will be scheduled. The value is
+          #     refreshed by the server after each run. If unspecified, it will default
+          #     to current server time, which means the scan will be scheduled to start
+          #     immediately.
+          # @!attribute [rw] interval_duration_days
+          #   @return [::Integer]
+          #     Required. The duration of time between executions in days.
+          class Schedule
+            include ::Google::Protobuf::MessageExts
+            extend ::Google::Protobuf::MessageExts::ClassMethods
+          end
+
+          # Type of user agents used for scanning.
+          module UserAgent
+            # The user agent is unknown. Service will default to CHROME_LINUX.
+            USER_AGENT_UNSPECIFIED = 0
+
+            # Chrome on Linux. This is the service default if unspecified.
+            CHROME_LINUX = 1
+
+            # Chrome on Android.
+            CHROME_ANDROID = 2
+
+            # Safari on IPhone.
+            SAFARI_IPHONE = 3
+          end
+
+          # Scan risk levels supported by Web Security Scanner. LOW impact
+          # scanning will minimize requests with the potential to modify data. To
+          # achieve the maximum scan coverage, NORMAL risk level is recommended.
+          module RiskLevel
+            # Use default, which is NORMAL.
+            RISK_LEVEL_UNSPECIFIED = 0
+
+            # Normal scanning (Recommended)
+            NORMAL = 1
+
+            # Lower impact scanning
+            LOW = 2
+          end
+
+          # Controls export of scan configurations and results to Security
+          # Command Center.
+          module ExportToSecurityCommandCenter
+            # Use default, which is ENABLED.
+            EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED = 0
+
+            # Export results of this scan to Security Command Center.
+            ENABLED = 1
+
+            # Do not export results of this scan to Security Command Center.
+            DISABLED = 2
+          end
+        end
+      end
+    end
+  end
+end