google-cloud-web_security_scanner-v1 0.4.1 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c9a24233cc850f8ffd6b725b57507e3bb09421ba7a94aec16e604cac82c4a42b
4
- data.tar.gz: 2b263ff1c2915839b23f6ce19ba5fbbe5370c2da173c87a6c421432ad5680cb1
3
+ metadata.gz: aa863bbf83b3277121fc42b09ad751b5d0cc9bee8ea2aa53bd95a3900889d618
4
+ data.tar.gz: 28b341fad40c792bc86f9f50344e01509d4aa30d381d7362d90f516b9196faae
5
5
  SHA512:
6
- metadata.gz: 6966d63070a5ea34f2e11f4d56ee049ad664de48dd198e70aa4d321887b95124cde583d7896c36902a90cbedaed553bf7fffbda27c1d1ced14beb5269363b190
7
- data.tar.gz: 1b2303e966c373f2a3973d938ed04778cb57408e64b1d5215e6f38e376bc30e70b5b68c1b06ee62d63508e8d6ec864bb1ea3986e71da56ff352dce28e9f9381f
6
+ metadata.gz: 6a792b63d631653ca66ea93aa43459f9481995dfed267c42b2424790b0f58a1ff2e9c02a53e3a33bd3e5b59bf0c0cc80b94435f4156c770751ee5690a0b5cc96
7
+ data.tar.gz: 0d1b6afb49af0737ab7c67435d3b55746d804bd9865ede25fefc596ec2fc6ba82bb8ecf6153bfa7b420d4c0b4887ad576e4c962c6869146ef76c2ad6eb05ea8c
data/AUTHENTICATION.md CHANGED
@@ -114,7 +114,7 @@ credentials are discovered.
114
114
  To configure your system for this, simply:
115
115
 
116
116
  1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
117
- 2. Authenticate using OAuth 2.0 `$ gcloud auth login`
117
+ 2. Authenticate using OAuth 2.0 `$ gcloud auth application-default login`
118
118
  3. Write code as if already authenticated.
119
119
 
120
120
  **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module WebSecurityScanner
23
23
  module V1
24
- VERSION = "0.4.1"
24
+ VERSION = "0.5.0"
25
25
  end
26
26
  end
27
27
  end
@@ -53,6 +53,14 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
53
53
  value :SAME_ORIGIN, 14
54
54
  value :USER_CONTROLLABLE_URL, 15
55
55
  end
56
+ add_message "google.cloud.websecurityscanner.v1.Xxe" do
57
+ optional :payload_value, :string, 1
58
+ optional :payload_location, :enum, 2, "google.cloud.websecurityscanner.v1.Xxe.Location"
59
+ end
60
+ add_enum "google.cloud.websecurityscanner.v1.Xxe.Location" do
61
+ value :LOCATION_UNSPECIFIED, 0
62
+ value :COMPLETE_REQUEST_BODY, 1
63
+ end
56
64
  end
57
65
  end
58
66
 
@@ -68,6 +76,8 @@ module Google
68
76
  VulnerableHeaders::Header = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.websecurityscanner.v1.VulnerableHeaders.Header").msgclass
69
77
  Xss = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.websecurityscanner.v1.Xss").msgclass
70
78
  Xss::AttackVector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.websecurityscanner.v1.Xss.AttackVector").enummodule
79
+ Xxe = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.websecurityscanner.v1.Xxe").msgclass
80
+ Xxe::Location = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.websecurityscanner.v1.Xxe.Location").enummodule
71
81
  end
72
82
  end
73
83
  end
@@ -27,6 +27,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
27
27
  optional :vulnerable_headers, :message, 15, "google.cloud.websecurityscanner.v1.VulnerableHeaders"
28
28
  optional :vulnerable_parameters, :message, 13, "google.cloud.websecurityscanner.v1.VulnerableParameters"
29
29
  optional :xss, :message, 14, "google.cloud.websecurityscanner.v1.Xss"
30
+ optional :xxe, :message, 18, "google.cloud.websecurityscanner.v1.Xxe"
30
31
  end
31
32
  add_enum "google.cloud.websecurityscanner.v1.Finding.Severity" do
32
33
  value :SEVERITY_UNSPECIFIED, 0
@@ -21,6 +21,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
21
21
  optional :risk_level, :enum, 12, "google.cloud.websecurityscanner.v1.ScanConfig.RiskLevel"
22
22
  optional :managed_scan, :bool, 13
23
23
  optional :static_ip_scan, :bool, 14
24
+ optional :ignore_http_status_errors, :bool, 15
24
25
  end
25
26
  add_message "google.cloud.websecurityscanner.v1.ScanConfig.Authentication" do
26
27
  oneof :authentication do
@@ -14,6 +14,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
14
14
  value :TOO_MANY_CRAWL_RESULTS, 2
15
15
  value :TOO_MANY_FUZZ_TASKS, 3
16
16
  value :BLOCKED_BY_IAP, 4
17
+ value :NO_STARTING_URL_FOUND_FOR_MANAGED_SCAN, 5
17
18
  end
18
19
  end
19
20
  end
@@ -4,6 +4,7 @@
4
4
  require 'google/protobuf'
5
5
 
6
6
  require 'google/api/annotations_pb'
7
+ require 'google/api/client_pb'
7
8
  require 'google/cloud/websecurityscanner/v1/crawled_url_pb'
8
9
  require 'google/cloud/websecurityscanner/v1/finding_pb'
9
10
  require 'google/cloud/websecurityscanner/v1/finding_type_stats_pb'
@@ -11,7 +12,6 @@ require 'google/cloud/websecurityscanner/v1/scan_config_pb'
11
12
  require 'google/cloud/websecurityscanner/v1/scan_run_pb'
12
13
  require 'google/protobuf/empty_pb'
13
14
  require 'google/protobuf/field_mask_pb'
14
- require 'google/api/client_pb'
15
15
 
16
16
  Google::Protobuf::DescriptorPool.generated_pool.build do
17
17
  add_file("google/cloud/websecurityscanner/v1/web_security_scanner.proto", :syntax => :proto3) do
@@ -86,6 +86,9 @@ module Google
86
86
  # @!attribute [rw] xss
87
87
  # @return [::Google::Cloud::WebSecurityScanner::V1::Xss]
88
88
  # Output only. An addon containing information reported for an XSS, if any.
89
+ # @!attribute [r] xxe
90
+ # @return [::Google::Cloud::WebSecurityScanner::V1::Xxe]
91
+ # Output only. An addon containing information reported for an XXE, if any.
89
92
  class Finding
90
93
  include ::Google::Protobuf::MessageExts
91
94
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -163,6 +163,28 @@ module Google
163
163
  USER_CONTROLLABLE_URL = 15
164
164
  end
165
165
  end
166
+
167
+ # Information reported for an XXE.
168
+ # @!attribute [rw] payload_value
169
+ # @return [::String]
170
+ # The XML string that triggered the XXE vulnerability. Non-payload values
171
+ # might be redacted.
172
+ # @!attribute [rw] payload_location
173
+ # @return [::Google::Cloud::WebSecurityScanner::V1::Xxe::Location]
174
+ # Location within the request where the payload was placed.
175
+ class Xxe
176
+ include ::Google::Protobuf::MessageExts
177
+ extend ::Google::Protobuf::MessageExts::ClassMethods
178
+
179
+ # Locations within a request where XML was substituted.
180
+ module Location
181
+ # Unknown Location.
182
+ LOCATION_UNSPECIFIED = 0
183
+
184
+ # The XML payload replaced the complete request body.
185
+ COMPLETE_REQUEST_BODY = 1
186
+ end
187
+ end
166
188
  end
167
189
  end
168
190
  end
@@ -68,6 +68,9 @@ module Google
68
68
  # @return [::Boolean]
69
69
  # Whether the scan configuration has enabled static IP address scan feature.
70
70
  # If enabled, the scanner will access applications from static IP addresses.
71
+ # @!attribute [rw] ignore_http_status_errors
72
+ # @return [::Boolean]
73
+ # Whether to keep scanning even if most requests return HTTP error codes.
71
74
  class ScanConfig
72
75
  include ::Google::Protobuf::MessageExts
73
76
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -42,7 +42,7 @@ module Google
42
42
 
43
43
  # Output only.
44
44
  # Defines an error reason code.
45
- # Next id: 7
45
+ # Next id: 8
46
46
  module Code
47
47
  # Default value is never used.
48
48
  CODE_UNSPECIFIED = 0
@@ -54,6 +54,9 @@ module Google
54
54
 
55
55
  # Indicates that a scan is blocked by IAP.
56
56
  BLOCKED_BY_IAP = 4
57
+
58
+ # Indicates that no seeds is found for a scan
59
+ NO_STARTING_URL_FOUND_FOR_MANAGED_SCAN = 5
57
60
  end
58
61
  end
59
62
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-web_security_scanner-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-01 00:00:00.000000000 Z
11
+ date: 2022-09-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common