Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 8019f2f96abc6a4375873becb2f17b399f738654 / . / googleapiclient / discovery_cache / documents / websecurityscanner.v1.json
blob: ff780b1ecb841965886313a6326719e08db01be8 [file] [log] [blame]
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1{
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]2 "auth": {
3 "oauth2": {
4 "scopes": {
5 "https://www.googleapis.com/auth/cloud-platform": {
6 "description": "See, edit, configure, and delete your Google Cloud Platform data"
7 }
8 }
9 }
10 },
11 "basePath": "",
12 "baseUrl": "https://websecurityscanner.googleapis.com/",
13 "batchPath": "batch",
14 "canonicalName": "WebSecurityScanner",
15 "description": "Scans your Compute and App Engine apps for common web vulnerabilities.",
16 "discoveryVersion": "v1",
17 "documentationLink": "https://cloud.google.com/security-command-center/docs/concepts-web-security-scanner-overview/",
18 "fullyEncodeReservedExpansion": true,
19 "icons": {
20 "x16": "http://www.google.com/images/icons/product/search-16.gif",
21 "x32": "http://www.google.com/images/icons/product/search-32.gif"
22 },
23 "id": "websecurityscanner:v1",
24 "kind": "discovery#restDescription",
25 "mtlsRootUrl": "https://websecurityscanner.mtls.googleapis.com/",
26 "name": "websecurityscanner",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]27 "ownerDomain": "google.com",
28 "ownerName": "Google",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]29 "parameters": {
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]30 "$.xgafv": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]31 "description": "V1 error format.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]32 "enum": [
33 "1",
34 "2"
35 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]36 "enumDescriptions": [
37 "v1 error format",
38 "v2 error format"
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]39 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]40 "location": "query",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]41 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]42 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]43 "access_token": {
44 "description": "OAuth access token.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]45 "location": "query",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]46 "type": "string"
47 },
48 "alt": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]49 "default": "json",
50 "description": "Data format for response.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]51 "enum": [
52 "json",
53 "media",
54 "proto"
55 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]56 "enumDescriptions": [
57 "Responses with Content-Type of application/json",
58 "Media download with context-dependent Content-Type",
59 "Responses with Content-Type of application/x-protobuf"
60 ],
61 "location": "query",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]62 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]63 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]64 "callback": {
65 "description": "JSONP",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]66 "location": "query",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]67 "type": "string"
68 },
69 "fields": {
70 "description": "Selector specifying which fields to include in a partial response.",
71 "location": "query",
72 "type": "string"
73 },
74 "key": {
75 "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
76 "location": "query",
77 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]78 },
79 "oauth_token": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]80 "description": "OAuth 2.0 token for the current user.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]81 "location": "query",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]82 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]83 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]84 "prettyPrint": {
85 "default": "true",
86 "description": "Returns response with indentations and line breaks.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]87 "location": "query",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]88 "type": "boolean"
89 },
90 "quotaUser": {
91 "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
92 "location": "query",
93 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]94 },
95 "uploadType": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]96 "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]97 "location": "query",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]98 "type": "string"
99 },
100 "upload_protocol": {
101 "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
102 "location": "query",
103 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]104 }
105 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]106 "protocol": "rest",
107 "resources": {
108 "projects": {
109 "resources": {
110 "scanConfigs": {
111 "methods": {
112 "create": {
113 "description": "Creates a new ScanConfig.",
114 "flatPath": "v1/projects/{projectsId}/scanConfigs",
115 "httpMethod": "POST",
116 "id": "websecurityscanner.projects.scanConfigs.create",
117 "parameterOrder": [
118 "parent"
119 ],
120 "parameters": {
121 "parent": {
122 "description": "Required. The parent resource name where the scan is created, which should be a project resource name in the format 'projects/{projectId}'.",
123 "location": "path",
124 "pattern": "^projects/[^/]+$",
125 "required": true,
126 "type": "string"
127 }
128 },
129 "path": "v1/{+parent}/scanConfigs",
130 "request": {
131 "$ref": "ScanConfig"
132 },
133 "response": {
134 "$ref": "ScanConfig"
135 },
136 "scopes": [
137 "https://www.googleapis.com/auth/cloud-platform"
138 ]
139 },
140 "delete": {
141 "description": "Deletes an existing ScanConfig and its child resources.",
142 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}",
143 "httpMethod": "DELETE",
144 "id": "websecurityscanner.projects.scanConfigs.delete",
145 "parameterOrder": [
146 "name"
147 ],
148 "parameters": {
149 "name": {
150 "description": "Required. The resource name of the ScanConfig to be deleted. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.",
151 "location": "path",
152 "pattern": "^projects/[^/]+/scanConfigs/[^/]+$",
153 "required": true,
154 "type": "string"
155 }
156 },
157 "path": "v1/{+name}",
158 "response": {
159 "$ref": "Empty"
160 },
161 "scopes": [
162 "https://www.googleapis.com/auth/cloud-platform"
163 ]
164 },
165 "get": {
166 "description": "Gets a ScanConfig.",
167 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}",
168 "httpMethod": "GET",
169 "id": "websecurityscanner.projects.scanConfigs.get",
170 "parameterOrder": [
171 "name"
172 ],
173 "parameters": {
174 "name": {
175 "description": "Required. The resource name of the ScanConfig to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.",
176 "location": "path",
177 "pattern": "^projects/[^/]+/scanConfigs/[^/]+$",
178 "required": true,
179 "type": "string"
180 }
181 },
182 "path": "v1/{+name}",
183 "response": {
184 "$ref": "ScanConfig"
185 },
186 "scopes": [
187 "https://www.googleapis.com/auth/cloud-platform"
188 ]
189 },
190 "list": {
191 "description": "Lists ScanConfigs under a given project.",
192 "flatPath": "v1/projects/{projectsId}/scanConfigs",
193 "httpMethod": "GET",
194 "id": "websecurityscanner.projects.scanConfigs.list",
195 "parameterOrder": [
196 "parent"
197 ],
198 "parameters": {
199 "pageSize": {
200 "description": "The maximum number of ScanConfigs to return, can be limited by server. If not specified or not positive, the implementation will select a reasonable value.",
201 "format": "int32",
202 "location": "query",
203 "type": "integer"
204 },
205 "pageToken": {
206 "description": "A token identifying a page of results to be returned. This should be a `next_page_token` value returned from a previous List request. If unspecified, the first page of results is returned.",
207 "location": "query",
208 "type": "string"
209 },
210 "parent": {
211 "description": "Required. The parent resource name, which should be a project resource name in the format 'projects/{projectId}'.",
212 "location": "path",
213 "pattern": "^projects/[^/]+$",
214 "required": true,
215 "type": "string"
216 }
217 },
218 "path": "v1/{+parent}/scanConfigs",
219 "response": {
220 "$ref": "ListScanConfigsResponse"
221 },
222 "scopes": [
223 "https://www.googleapis.com/auth/cloud-platform"
224 ]
225 },
226 "patch": {
227 "description": "Updates a ScanConfig. This method support partial update of a ScanConfig.",
228 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}",
229 "httpMethod": "PATCH",
230 "id": "websecurityscanner.projects.scanConfigs.patch",
231 "parameterOrder": [
232 "name"
233 ],
234 "parameters": {
235 "name": {
236 "description": "The resource name of the ScanConfig. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are generated by the system.",
237 "location": "path",
238 "pattern": "^projects/[^/]+/scanConfigs/[^/]+$",
239 "required": true,
240 "type": "string"
241 },
242 "updateMask": {
243 "description": "Required. The update mask applies to the resource. For the `FieldMask` definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask",
244 "format": "google-fieldmask",
245 "location": "query",
246 "type": "string"
247 }
248 },
249 "path": "v1/{+name}",
250 "request": {
251 "$ref": "ScanConfig"
252 },
253 "response": {
254 "$ref": "ScanConfig"
255 },
256 "scopes": [
257 "https://www.googleapis.com/auth/cloud-platform"
258 ]
259 },
260 "start": {
261 "description": "Start a ScanRun according to the given ScanConfig.",
262 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}:start",
263 "httpMethod": "POST",
264 "id": "websecurityscanner.projects.scanConfigs.start",
265 "parameterOrder": [
266 "name"
267 ],
268 "parameters": {
269 "name": {
270 "description": "Required. The resource name of the ScanConfig to be used. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.",
271 "location": "path",
272 "pattern": "^projects/[^/]+/scanConfigs/[^/]+$",
273 "required": true,
274 "type": "string"
275 }
276 },
277 "path": "v1/{+name}:start",
278 "request": {
279 "$ref": "StartScanRunRequest"
280 },
281 "response": {
282 "$ref": "ScanRun"
283 },
284 "scopes": [
285 "https://www.googleapis.com/auth/cloud-platform"
286 ]
287 }
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]288 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]289 "resources": {
290 "scanRuns": {
291 "methods": {
292 "get": {
293 "description": "Gets a ScanRun.",
294 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}/scanRuns/{scanRunsId}",
295 "httpMethod": "GET",
296 "id": "websecurityscanner.projects.scanConfigs.scanRuns.get",
297 "parameterOrder": [
298 "name"
299 ],
300 "parameters": {
301 "name": {
302 "description": "Required. The resource name of the ScanRun to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.",
303 "location": "path",
304 "pattern": "^projects/[^/]+/scanConfigs/[^/]+/scanRuns/[^/]+$",
305 "required": true,
306 "type": "string"
307 }
308 },
309 "path": "v1/{+name}",
310 "response": {
311 "$ref": "ScanRun"
312 },
313 "scopes": [
314 "https://www.googleapis.com/auth/cloud-platform"
315 ]
316 },
317 "list": {
318 "description": "Lists ScanRuns under a given ScanConfig, in descending order of ScanRun stop time.",
319 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}/scanRuns",
320 "httpMethod": "GET",
321 "id": "websecurityscanner.projects.scanConfigs.scanRuns.list",
322 "parameterOrder": [
323 "parent"
324 ],
325 "parameters": {
326 "pageSize": {
327 "description": "The maximum number of ScanRuns to return, can be limited by server. If not specified or not positive, the implementation will select a reasonable value.",
328 "format": "int32",
329 "location": "query",
330 "type": "integer"
331 },
332 "pageToken": {
333 "description": "A token identifying a page of results to be returned. This should be a `next_page_token` value returned from a previous List request. If unspecified, the first page of results is returned.",
334 "location": "query",
335 "type": "string"
336 },
337 "parent": {
338 "description": "Required. The parent resource name, which should be a scan resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}'.",
339 "location": "path",
340 "pattern": "^projects/[^/]+/scanConfigs/[^/]+$",
341 "required": true,
342 "type": "string"
343 }
344 },
345 "path": "v1/{+parent}/scanRuns",
346 "response": {
347 "$ref": "ListScanRunsResponse"
348 },
349 "scopes": [
350 "https://www.googleapis.com/auth/cloud-platform"
351 ]
352 },
353 "stop": {
354 "description": "Stops a ScanRun. The stopped ScanRun is returned.",
355 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}/scanRuns/{scanRunsId}:stop",
356 "httpMethod": "POST",
357 "id": "websecurityscanner.projects.scanConfigs.scanRuns.stop",
358 "parameterOrder": [
359 "name"
360 ],
361 "parameters": {
362 "name": {
363 "description": "Required. The resource name of the ScanRun to be stopped. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.",
364 "location": "path",
365 "pattern": "^projects/[^/]+/scanConfigs/[^/]+/scanRuns/[^/]+$",
366 "required": true,
367 "type": "string"
368 }
369 },
370 "path": "v1/{+name}:stop",
371 "request": {
372 "$ref": "StopScanRunRequest"
373 },
374 "response": {
375 "$ref": "ScanRun"
376 },
377 "scopes": [
378 "https://www.googleapis.com/auth/cloud-platform"
379 ]
380 }
381 },
382 "resources": {
383 "crawledUrls": {
384 "methods": {
385 "list": {
386 "description": "List CrawledUrls under a given ScanRun.",
387 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}/scanRuns/{scanRunsId}/crawledUrls",
388 "httpMethod": "GET",
389 "id": "websecurityscanner.projects.scanConfigs.scanRuns.crawledUrls.list",
390 "parameterOrder": [
391 "parent"
392 ],
393 "parameters": {
394 "pageSize": {
395 "description": "The maximum number of CrawledUrls to return, can be limited by server. If not specified or not positive, the implementation will select a reasonable value.",
396 "format": "int32",
397 "location": "query",
398 "type": "integer"
399 },
400 "pageToken": {
401 "description": "A token identifying a page of results to be returned. This should be a `next_page_token` value returned from a previous List request. If unspecified, the first page of results is returned.",
402 "location": "query",
403 "type": "string"
404 },
405 "parent": {
406 "description": "Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.",
407 "location": "path",
408 "pattern": "^projects/[^/]+/scanConfigs/[^/]+/scanRuns/[^/]+$",
409 "required": true,
410 "type": "string"
411 }
412 },
413 "path": "v1/{+parent}/crawledUrls",
414 "response": {
415 "$ref": "ListCrawledUrlsResponse"
416 },
417 "scopes": [
418 "https://www.googleapis.com/auth/cloud-platform"
419 ]
420 }
421 }
422 },
423 "findingTypeStats": {
424 "methods": {
425 "list": {
426 "description": "List all FindingTypeStats under a given ScanRun.",
427 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}/scanRuns/{scanRunsId}/findingTypeStats",
428 "httpMethod": "GET",
429 "id": "websecurityscanner.projects.scanConfigs.scanRuns.findingTypeStats.list",
430 "parameterOrder": [
431 "parent"
432 ],
433 "parameters": {
434 "parent": {
435 "description": "Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.",
436 "location": "path",
437 "pattern": "^projects/[^/]+/scanConfigs/[^/]+/scanRuns/[^/]+$",
438 "required": true,
439 "type": "string"
440 }
441 },
442 "path": "v1/{+parent}/findingTypeStats",
443 "response": {
444 "$ref": "ListFindingTypeStatsResponse"
445 },
446 "scopes": [
447 "https://www.googleapis.com/auth/cloud-platform"
448 ]
449 }
450 }
451 },
452 "findings": {
453 "methods": {
454 "get": {
455 "description": "Gets a Finding.",
456 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}/scanRuns/{scanRunsId}/findings/{findingsId}",
457 "httpMethod": "GET",
458 "id": "websecurityscanner.projects.scanConfigs.scanRuns.findings.get",
459 "parameterOrder": [
460 "name"
461 ],
462 "parameters": {
463 "name": {
464 "description": "Required. The resource name of the Finding to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'.",
465 "location": "path",
466 "pattern": "^projects/[^/]+/scanConfigs/[^/]+/scanRuns/[^/]+/findings/[^/]+$",
467 "required": true,
468 "type": "string"
469 }
470 },
471 "path": "v1/{+name}",
472 "response": {
473 "$ref": "Finding"
474 },
475 "scopes": [
476 "https://www.googleapis.com/auth/cloud-platform"
477 ]
478 },
479 "list": {
480 "description": "List Findings under a given ScanRun.",
481 "flatPath": "v1/projects/{projectsId}/scanConfigs/{scanConfigsId}/scanRuns/{scanRunsId}/findings",
482 "httpMethod": "GET",
483 "id": "websecurityscanner.projects.scanConfigs.scanRuns.findings.list",
484 "parameterOrder": [
485 "parent"
486 ],
487 "parameters": {
488 "filter": {
489 "description": "The filter expression. The expression must be in the format: . Supported field: 'finding_type'. Supported operator: '='.",
490 "location": "query",
491 "type": "string"
492 },
493 "pageSize": {
494 "description": "The maximum number of Findings to return, can be limited by server. If not specified or not positive, the implementation will select a reasonable value.",
495 "format": "int32",
496 "location": "query",
497 "type": "integer"
498 },
499 "pageToken": {
500 "description": "A token identifying a page of results to be returned. This should be a `next_page_token` value returned from a previous List request. If unspecified, the first page of results is returned.",
501 "location": "query",
502 "type": "string"
503 },
504 "parent": {
505 "description": "Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.",
506 "location": "path",
507 "pattern": "^projects/[^/]+/scanConfigs/[^/]+/scanRuns/[^/]+$",
508 "required": true,
509 "type": "string"
510 }
511 },
512 "path": "v1/{+parent}/findings",
513 "response": {
514 "$ref": "ListFindingsResponse"
515 },
516 "scopes": [
517 "https://www.googleapis.com/auth/cloud-platform"
518 ]
519 }
520 }
521 }
522 }
523 }
524 }
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]525 }
526 }
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]527 }
528 },
yoshi-code-bot227f8c92021-05-26 00:34:03 -0700[diff] [blame]529 "revision": "20210522",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]530 "rootUrl": "https://websecurityscanner.googleapis.com/",
531 "schemas": {
532 "Authentication": {
533 "description": "Scan authentication configuration.",
534 "id": "Authentication",
535 "properties": {
536 "customAccount": {
537 "$ref": "CustomAccount",
538 "description": "Authentication using a custom account."
539 },
540 "googleAccount": {
541 "$ref": "GoogleAccount",
542 "description": "Authentication using a Google account."
543 },
544 "iapCredential": {
545 "$ref": "IapCredential",
546 "description": "Authentication using Identity-Aware-Proxy (IAP)."
547 }
548 },
549 "type": "object"
550 },
551 "CrawledUrl": {
552 "description": "A CrawledUrl resource represents a URL that was crawled during a ScanRun. Web Security Scanner Service crawls the web applications, following all links within the scope of sites, to find the URLs to test against.",
553 "id": "CrawledUrl",
554 "properties": {
555 "body": {
556 "description": "Output only. The body of the request that was used to visit the URL.",
557 "type": "string"
558 },
559 "httpMethod": {
560 "description": "Output only. The http method of the request that was used to visit the URL, in uppercase.",
561 "type": "string"
562 },
563 "url": {
564 "description": "Output only. The URL that was crawled.",
565 "type": "string"
566 }
567 },
568 "type": "object"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]569 },
570 "CustomAccount": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]571 "description": "Describes authentication configuration that uses a custom account.",
572 "id": "CustomAccount",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]573 "properties": {
574 "loginUrl": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]575 "description": "Required. The login form URL of the website.",
576 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]577 },
578 "password": {
579 "description": "Required. Input only. The password of the custom account. The credential is stored encrypted and not returned in any response nor included in audit logs.",
580 "type": "string"
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]581 },
582 "username": {
583 "description": "Required. The user name of the custom account.",
584 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]585 }
586 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]587 "type": "object"
588 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]589 "Empty": {
590 "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.",
591 "id": "Empty",
592 "properties": {},
593 "type": "object"
594 },
595 "Finding": {
596 "description": "A Finding resource represents a vulnerability instance identified during a ScanRun.",
597 "id": "Finding",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]598 "properties": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]599 "body": {
600 "description": "Output only. The body of the request that triggered the vulnerability.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]601 "type": "string"
602 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]603 "description": {
604 "description": "Output only. The description of the vulnerability.",
605 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]606 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]607 "finalUrl": {
608 "description": "Output only. The URL where the browser lands when the vulnerability is detected.",
609 "type": "string"
610 },
611 "findingType": {
612 "description": "Output only. The type of the Finding. Detailed and up-to-date information on findings can be found here: https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings",
613 "type": "string"
614 },
615 "form": {
616 "$ref": "Form",
617 "description": "Output only. An addon containing information reported for a vulnerability with an HTML form, if any."
618 },
619 "frameUrl": {
620 "description": "Output only. If the vulnerability was originated from nested IFrame, the immediate parent IFrame is reported.",
621 "type": "string"
622 },
623 "fuzzedUrl": {
624 "description": "Output only. The URL produced by the server-side fuzzer and used in the request that triggered the vulnerability.",
625 "type": "string"
626 },
627 "httpMethod": {
628 "description": "Output only. The http method of the request that triggered the vulnerability, in uppercase.",
629 "type": "string"
630 },
631 "name": {
632 "description": "Output only. The resource name of the Finding. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. The finding IDs are generated by the system.",
633 "type": "string"
634 },
635 "outdatedLibrary": {
636 "$ref": "OutdatedLibrary",
637 "description": "Output only. An addon containing information about outdated libraries."
638 },
639 "reproductionUrl": {
640 "description": "Output only. The URL containing human-readable payload that user can leverage to reproduce the vulnerability.",
641 "type": "string"
642 },
643 "severity": {
644 "description": "Output only. The severity level of the reported vulnerability.",
645 "enum": [
646 "SEVERITY_UNSPECIFIED",
647 "CRITICAL",
648 "HIGH",
649 "MEDIUM",
650 "LOW"
651 ],
652 "enumDescriptions": [
653 "No severity specified. The default value.",
654 "Critical severity.",
655 "High severity.",
656 "Medium severity.",
657 "Low severity."
658 ],
659 "readOnly": true,
660 "type": "string"
661 },
662 "trackingId": {
663 "description": "Output only. The tracking ID uniquely identifies a vulnerability instance across multiple ScanRuns.",
664 "type": "string"
665 },
666 "violatingResource": {
667 "$ref": "ViolatingResource",
668 "description": "Output only. An addon containing detailed information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc."
669 },
670 "vulnerableHeaders": {
671 "$ref": "VulnerableHeaders",
672 "description": "Output only. An addon containing information about vulnerable or missing HTTP headers."
673 },
674 "vulnerableParameters": {
675 "$ref": "VulnerableParameters",
676 "description": "Output only. An addon containing information about request parameters which were found to be vulnerable."
677 },
678 "xss": {
679 "$ref": "Xss",
680 "description": "Output only. An addon containing information reported for an XSS, if any."
681 }
682 },
683 "type": "object"
684 },
685 "FindingTypeStats": {
686 "description": "A FindingTypeStats resource represents stats regarding a specific FindingType of Findings under a given ScanRun.",
687 "id": "FindingTypeStats",
688 "properties": {
689 "findingCount": {
690 "description": "Output only. The count of findings belonging to this finding type.",
691 "format": "int32",
692 "type": "integer"
693 },
694 "findingType": {
695 "description": "Output only. The finding type associated with the stats.",
696 "type": "string"
697 }
698 },
699 "type": "object"
700 },
701 "Form": {
702 "description": "! Information about a vulnerability with an HTML.",
703 "id": "Form",
704 "properties": {
705 "actionUri": {
706 "description": "! The URI where to send the form when it's submitted.",
707 "type": "string"
708 },
709 "fields": {
710 "description": "! The names of form fields related to the vulnerability.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]711 "items": {
712 "type": "string"
713 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]714 "type": "array"
715 }
716 },
717 "type": "object"
718 },
719 "GoogleAccount": {
720 "description": "Describes authentication configuration that uses a Google account.",
721 "id": "GoogleAccount",
722 "properties": {
723 "password": {
724 "description": "Required. Input only. The password of the Google account. The credential is stored encrypted and not returned in any response nor included in audit logs.",
725 "type": "string"
726 },
727 "username": {
728 "description": "Required. The user name of the Google account.",
729 "type": "string"
730 }
731 },
732 "type": "object"
733 },
734 "Header": {
735 "description": "Describes a HTTP Header.",
736 "id": "Header",
737 "properties": {
738 "name": {
739 "description": "Header name.",
740 "type": "string"
741 },
742 "value": {
743 "description": "Header value.",
744 "type": "string"
745 }
746 },
747 "type": "object"
748 },
749 "IapCredential": {
750 "description": "Describes authentication configuration for Identity-Aware-Proxy (IAP).",
751 "id": "IapCredential",
752 "properties": {
753 "iapTestServiceAccountInfo": {
754 "$ref": "IapTestServiceAccountInfo",
755 "description": "Authentication configuration when Web-Security-Scanner service account is added in Identity-Aware-Proxy (IAP) access policies."
756 }
757 },
758 "type": "object"
759 },
760 "IapTestServiceAccountInfo": {
761 "description": "Describes authentication configuration when Web-Security-Scanner service account is added in Identity-Aware-Proxy (IAP) access policies.",
762 "id": "IapTestServiceAccountInfo",
763 "properties": {
764 "targetAudienceClientId": {
765 "description": "Required. Describes OAuth2 client id of resources protected by Identity-Aware-Proxy (IAP).",
766 "type": "string"
767 }
768 },
769 "type": "object"
770 },
771 "ListCrawledUrlsResponse": {
772 "description": "Response for the `ListCrawledUrls` method.",
773 "id": "ListCrawledUrlsResponse",
774 "properties": {
775 "crawledUrls": {
776 "description": "The list of CrawledUrls returned.",
777 "items": {
778 "$ref": "CrawledUrl"
779 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]780 "type": "array"
781 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]782 "nextPageToken": {
783 "description": "Token to retrieve the next page of results, or empty if there are no more results in the list.",
784 "type": "string"
785 }
786 },
787 "type": "object"
788 },
789 "ListFindingTypeStatsResponse": {
790 "description": "Response for the `ListFindingTypeStats` method.",
791 "id": "ListFindingTypeStatsResponse",
792 "properties": {
793 "findingTypeStats": {
794 "description": "The list of FindingTypeStats returned.",
795 "items": {
796 "$ref": "FindingTypeStats"
797 },
798 "type": "array"
799 }
800 },
801 "type": "object"
802 },
803 "ListFindingsResponse": {
804 "description": "Response for the `ListFindings` method.",
805 "id": "ListFindingsResponse",
806 "properties": {
807 "findings": {
808 "description": "The list of Findings returned.",
809 "items": {
810 "$ref": "Finding"
811 },
812 "type": "array"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]813 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]814 "nextPageToken": {
815 "description": "Token to retrieve the next page of results, or empty if there are no more results in the list.",
816 "type": "string"
817 }
818 },
819 "type": "object"
820 },
821 "ListScanConfigsResponse": {
822 "description": "Response for the `ListScanConfigs` method.",
823 "id": "ListScanConfigsResponse",
824 "properties": {
825 "nextPageToken": {
826 "description": "Token to retrieve the next page of results, or empty if there are no more results in the list.",
827 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]828 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]829 "scanConfigs": {
830 "description": "The list of ScanConfigs returned.",
831 "items": {
832 "$ref": "ScanConfig"
833 },
834 "type": "array"
835 }
836 },
837 "type": "object"
838 },
839 "ListScanRunsResponse": {
840 "description": "Response for the `ListScanRuns` method.",
841 "id": "ListScanRunsResponse",
842 "properties": {
843 "nextPageToken": {
844 "description": "Token to retrieve the next page of results, or empty if there are no more results in the list.",
845 "type": "string"
846 },
847 "scanRuns": {
848 "description": "The list of ScanRuns returned.",
849 "items": {
850 "$ref": "ScanRun"
851 },
852 "type": "array"
853 }
854 },
855 "type": "object"
856 },
857 "OutdatedLibrary": {
858 "description": "Information reported for an outdated library.",
859 "id": "OutdatedLibrary",
860 "properties": {
861 "learnMoreUrls": {
862 "description": "URLs to learn more information about the vulnerabilities in the library.",
863 "items": {
864 "type": "string"
865 },
866 "type": "array"
867 },
868 "libraryName": {
869 "description": "The name of the outdated library.",
870 "type": "string"
871 },
872 "version": {
873 "description": "The version number.",
874 "type": "string"
875 }
876 },
877 "type": "object"
878 },
879 "ScanConfig": {
880 "description": "A ScanConfig resource contains the configurations to launch a scan.",
881 "id": "ScanConfig",
882 "properties": {
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]883 "authentication": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]884 "$ref": "Authentication",
885 "description": "The authentication configuration. If specified, service will use the authentication configuration during scanning."
886 },
887 "blacklistPatterns": {
888 "description": "The excluded URL patterns as described in https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls",
889 "items": {
890 "type": "string"
891 },
892 "type": "array"
893 },
894 "displayName": {
895 "description": "Required. The user provided display name of the ScanConfig.",
896 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]897 },
898 "exportToSecurityCommandCenter": {
899 "description": "Controls export of scan configurations and results to Security Command Center.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]900 "enum": [
901 "EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED",
902 "ENABLED",
903 "DISABLED"
904 ],
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]905 "enumDescriptions": [
906 "Use default, which is ENABLED.",
907 "Export results of this scan to Security Command Center.",
908 "Do not export results of this scan to Security Command Center."
909 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]910 "type": "string"
911 },
yoshi-code-bot3dd15272021-04-21 15:07:48 -0700[diff] [blame]912 "ignoreHttpStatusErrors": {
913 "description": "Whether to keep scanning even if most requests return HTTP error codes.",
914 "type": "boolean"
915 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]916 "managedScan": {
917 "description": "Whether the scan config is managed by Web Security Scanner, output only.",
918 "type": "boolean"
919 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]920 "maxQps": {
921 "description": "The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. If the field is unspecified or its value is set 0, server will default to 15. Other values outside of [5, 20] range will be rejected with INVALID_ARGUMENT error.",
922 "format": "int32",
923 "type": "integer"
924 },
925 "name": {
926 "description": "The resource name of the ScanConfig. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are generated by the system.",
927 "type": "string"
928 },
929 "riskLevel": {
930 "description": "The risk level selected for the scan",
931 "enum": [
932 "RISK_LEVEL_UNSPECIFIED",
933 "NORMAL",
934 "LOW"
935 ],
936 "enumDescriptions": [
937 "Use default, which is NORMAL.",
938 "Normal scanning (Recommended)",
939 "Lower impact scanning"
940 ],
941 "type": "string"
942 },
943 "schedule": {
944 "$ref": "Schedule",
945 "description": "The schedule of the ScanConfig."
946 },
947 "startingUrls": {
948 "description": "Required. The starting URLs from which the scanner finds site pages.",
949 "items": {
950 "type": "string"
951 },
952 "type": "array"
953 },
954 "staticIpScan": {
955 "description": "Whether the scan configuration has enabled static IP address scan feature. If enabled, the scanner will access applications from static IP addresses.",
956 "type": "boolean"
957 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]958 "userAgent": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]959 "description": "The user agent used during scanning.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]960 "enum": [
961 "USER_AGENT_UNSPECIFIED",
962 "CHROME_LINUX",
963 "CHROME_ANDROID",
964 "SAFARI_IPHONE"
965 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]966 "enumDescriptions": [
967 "The user agent is unknown. Service will default to CHROME_LINUX.",
968 "Chrome on Linux. This is the service default if unspecified.",
969 "Chrome on Android.",
970 "Safari on IPhone."
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]971 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]972 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]973 }
974 },
975 "type": "object"
976 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]977 "ScanConfigError": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]978 "description": "Defines a custom error message used by CreateScanConfig and UpdateScanConfig APIs when scan configuration validation fails. It is also reported as part of a ScanRunErrorTrace message if scan validation fails due to a scan configuration error.",
979 "id": "ScanConfigError",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]980 "properties": {
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]981 "code": {
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]982 "description": "Output only. Indicates the reason code for a configuration failure.",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]983 "enum": [
984 "CODE_UNSPECIFIED",
985 "OK",
986 "INTERNAL_ERROR",
987 "APPENGINE_API_BACKEND_ERROR",
988 "APPENGINE_API_NOT_ACCESSIBLE",
989 "APPENGINE_DEFAULT_HOST_MISSING",
990 "CANNOT_USE_GOOGLE_COM_ACCOUNT",
991 "CANNOT_USE_OWNER_ACCOUNT",
992 "COMPUTE_API_BACKEND_ERROR",
993 "COMPUTE_API_NOT_ACCESSIBLE",
994 "CUSTOM_LOGIN_URL_DOES_NOT_BELONG_TO_CURRENT_PROJECT",
995 "CUSTOM_LOGIN_URL_MALFORMED",
996 "CUSTOM_LOGIN_URL_MAPPED_TO_NON_ROUTABLE_ADDRESS",
997 "CUSTOM_LOGIN_URL_MAPPED_TO_UNRESERVED_ADDRESS",
998 "CUSTOM_LOGIN_URL_HAS_NON_ROUTABLE_IP_ADDRESS",
999 "CUSTOM_LOGIN_URL_HAS_UNRESERVED_IP_ADDRESS",
1000 "DUPLICATE_SCAN_NAME",
1001 "INVALID_FIELD_VALUE",
1002 "FAILED_TO_AUTHENTICATE_TO_TARGET",
1003 "FINDING_TYPE_UNSPECIFIED",
1004 "FORBIDDEN_TO_SCAN_COMPUTE",
1005 "FORBIDDEN_UPDATE_TO_MANAGED_SCAN",
1006 "MALFORMED_FILTER",
1007 "MALFORMED_RESOURCE_NAME",
1008 "PROJECT_INACTIVE",
1009 "REQUIRED_FIELD",
1010 "RESOURCE_NAME_INCONSISTENT",
1011 "SCAN_ALREADY_RUNNING",
1012 "SCAN_NOT_RUNNING",
1013 "SEED_URL_DOES_NOT_BELONG_TO_CURRENT_PROJECT",
1014 "SEED_URL_MALFORMED",
1015 "SEED_URL_MAPPED_TO_NON_ROUTABLE_ADDRESS",
1016 "SEED_URL_MAPPED_TO_UNRESERVED_ADDRESS",
1017 "SEED_URL_HAS_NON_ROUTABLE_IP_ADDRESS",
1018 "SEED_URL_HAS_UNRESERVED_IP_ADDRESS",
1019 "SERVICE_ACCOUNT_NOT_CONFIGURED",
1020 "TOO_MANY_SCANS",
1021 "UNABLE_TO_RESOLVE_PROJECT_INFO",
1022 "UNSUPPORTED_BLACKLIST_PATTERN_FORMAT",
1023 "UNSUPPORTED_FILTER",
1024 "UNSUPPORTED_FINDING_TYPE",
1025 "UNSUPPORTED_URL_SCHEME"
1026 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1027 "enumDescriptions": [
1028 "There is no error.",
1029 "There is no error.",
1030 "Indicates an internal server error. Please DO NOT USE THIS ERROR CODE unless the root cause is truly unknown.",
1031 "One of the seed URLs is an App Engine URL but we cannot validate the scan settings due to an App Engine API backend error.",
1032 "One of the seed URLs is an App Engine URL but we cannot access the App Engine API to validate scan settings.",
1033 "One of the seed URLs is an App Engine URL but the Default Host of the App Engine is not set.",
1034 "Google corporate accounts can not be used for scanning.",
1035 "The account of the scan creator can not be used for scanning.",
1036 "This scan targets Compute Engine, but we cannot validate scan settings due to a Compute Engine API backend error.",
1037 "This scan targets Compute Engine, but we cannot access the Compute Engine API to validate the scan settings.",
1038 "The Custom Login URL does not belong to the current project.",
1039 "The Custom Login URL is malformed (can not be parsed).",
1040 "The Custom Login URL is mapped to a non-routable IP address in DNS.",
1041 "The Custom Login URL is mapped to an IP address which is not reserved for the current project.",
1042 "The Custom Login URL has a non-routable IP address.",
1043 "The Custom Login URL has an IP address which is not reserved for the current project.",
1044 "Another scan with the same name (case-sensitive) already exists.",
1045 "A field is set to an invalid value.",
1046 "There was an error trying to authenticate to the scan target.",
1047 "Finding type value is not specified in the list findings request.",
1048 "Scan targets Compute Engine, yet current project was not whitelisted for Google Compute Engine Scanning Alpha access.",
1049 "User tries to update managed scan",
1050 "The supplied filter is malformed. For example, it can not be parsed, does not have a filter type in expression, or the same filter type appears more than once.",
1051 "The supplied resource name is malformed (can not be parsed).",
1052 "The current project is not in an active state.",
1053 "A required field is not set.",
1054 "Project id, scanconfig id, scanrun id, or finding id are not consistent with each other in resource name.",
1055 "The scan being requested to start is already running.",
1056 "The scan that was requested to be stopped is not running.",
1057 "One of the seed URLs does not belong to the current project.",
1058 "One of the seed URLs is malformed (can not be parsed).",
1059 "One of the seed URLs is mapped to a non-routable IP address in DNS.",
1060 "One of the seed URLs is mapped to an IP address which is not reserved for the current project.",
1061 "One of the seed URLs has on-routable IP address.",
1062 "One of the seed URLs has an IP address that is not reserved for the current project.",
1063 "The Web Security Scanner service account is not configured under the project.",
1064 "A project has reached the maximum number of scans.",
1065 "Resolving the details of the current project fails.",
1066 "One or more blacklist patterns were in the wrong format.",
1067 "The supplied filter is not supported.",
1068 "The supplied finding type is not supported. For example, we do not provide findings of the given finding type.",
1069 "The URL scheme of one or more of the supplied URLs is not supported."
1070 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1071 "type": "string"
1072 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1073 "fieldName": {
1074 "description": "Output only. Indicates the full name of the ScanConfig field that triggers this error, for example \"scan_config.max_qps\". This field is provided for troubleshooting purposes only and its actual value can change in the future.",
1075 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1076 }
1077 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1078 "type": "object"
1079 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1080 "ScanRun": {
1081 "description": "A ScanRun is a output-only resource representing an actual run of the scan. Next id: 12",
1082 "id": "ScanRun",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1083 "properties": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1084 "endTime": {
1085 "description": "Output only. The time at which the ScanRun reached termination state - that the ScanRun is either finished or stopped by user.",
1086 "format": "google-datetime",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1087 "type": "string"
1088 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1089 "errorTrace": {
1090 "$ref": "ScanRunErrorTrace",
1091 "description": "Output only. If result_state is an ERROR, this field provides the primary reason for scan's termination and more details, if such are available."
1092 },
1093 "executionState": {
1094 "description": "Output only. The execution state of the ScanRun.",
1095 "enum": [
1096 "EXECUTION_STATE_UNSPECIFIED",
1097 "QUEUED",
1098 "SCANNING",
1099 "FINISHED"
1100 ],
1101 "enumDescriptions": [
1102 "Represents an invalid state caused by internal server error. This value should never be returned.",
1103 "The scan is waiting in the queue.",
1104 "The scan is in progress.",
1105 "The scan is either finished or stopped by user."
1106 ],
1107 "type": "string"
1108 },
1109 "hasVulnerabilities": {
1110 "description": "Output only. Whether the scan run has found any vulnerabilities.",
1111 "type": "boolean"
1112 },
1113 "name": {
1114 "description": "Output only. The resource name of the ScanRun. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. The ScanRun IDs are generated by the system.",
1115 "type": "string"
1116 },
1117 "progressPercent": {
1118 "description": "Output only. The percentage of total completion ranging from 0 to 100. If the scan is in queue, the value is 0. If the scan is running, the value ranges from 0 to 100. If the scan is finished, the value is 100.",
1119 "format": "int32",
1120 "type": "integer"
1121 },
1122 "resultState": {
1123 "description": "Output only. The result state of the ScanRun. This field is only available after the execution state reaches \"FINISHED\".",
1124 "enum": [
1125 "RESULT_STATE_UNSPECIFIED",
1126 "SUCCESS",
1127 "ERROR",
1128 "KILLED"
1129 ],
1130 "enumDescriptions": [
1131 "Default value. This value is returned when the ScanRun is not yet finished.",
1132 "The scan finished without errors.",
1133 "The scan finished with errors.",
1134 "The scan was terminated by user."
1135 ],
1136 "type": "string"
1137 },
1138 "startTime": {
1139 "description": "Output only. The time at which the ScanRun started.",
1140 "format": "google-datetime",
1141 "type": "string"
1142 },
1143 "urlsCrawledCount": {
1144 "description": "Output only. The number of URLs crawled during this ScanRun. If the scan is in progress, the value represents the number of URLs crawled up to now.",
1145 "format": "int64",
1146 "type": "string"
1147 },
1148 "urlsTestedCount": {
1149 "description": "Output only. The number of URLs tested during this ScanRun. If the scan is in progress, the value represents the number of URLs tested up to now. The number of URLs tested is usually larger than the number URLS crawled because typically a crawled URL is tested with multiple test payloads.",
1150 "format": "int64",
1151 "type": "string"
1152 },
1153 "warningTraces": {
1154 "description": "Output only. A list of warnings, if such are encountered during this scan run.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1155 "items": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1156 "$ref": "ScanRunWarningTrace"
1157 },
1158 "type": "array"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1159 }
1160 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1161 "type": "object"
1162 },
1163 "ScanRunErrorTrace": {
1164 "description": "Output only. Defines an error trace message for a ScanRun.",
1165 "id": "ScanRunErrorTrace",
1166 "properties": {
1167 "code": {
1168 "description": "Output only. Indicates the error reason code.",
1169 "enum": [
1170 "CODE_UNSPECIFIED",
1171 "INTERNAL_ERROR",
1172 "SCAN_CONFIG_ISSUE",
1173 "AUTHENTICATION_CONFIG_ISSUE",
1174 "TIMED_OUT_WHILE_SCANNING",
1175 "TOO_MANY_REDIRECTS",
1176 "TOO_MANY_HTTP_ERRORS"
1177 ],
1178 "enumDescriptions": [
1179 "Default value is never used.",
1180 "Indicates that the scan run failed due to an internal server error.",
1181 "Indicates a scan configuration error, usually due to outdated ScanConfig settings, such as starting_urls or the DNS configuration.",
1182 "Indicates an authentication error, usually due to outdated ScanConfig authentication settings.",
1183 "Indicates a scan operation timeout, usually caused by a very large site.",
1184 "Indicates that a scan encountered excessive redirects, either to authentication or some other page outside of the scan scope.",
1185 "Indicates that a scan encountered numerous errors from the web site pages. When available, most_common_http_error_code field indicates the most common HTTP error code encountered during the scan."
1186 ],
1187 "type": "string"
1188 },
1189 "mostCommonHttpErrorCode": {
1190 "description": "Output only. If the scan encounters TOO_MANY_HTTP_ERRORS, this field indicates the most common HTTP error code, if such is available. For example, if this code is 404, the scan has encountered too many NOT_FOUND responses.",
1191 "format": "int32",
1192 "type": "integer"
1193 },
1194 "scanConfigError": {
1195 "$ref": "ScanConfigError",
1196 "description": "Output only. If the scan encounters SCAN_CONFIG_ISSUE error, this field has the error message encountered during scan configuration validation that is performed before each scan run."
1197 }
1198 },
1199 "type": "object"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1200 },
1201 "ScanRunWarningTrace": {
1202 "description": "Output only. Defines a warning trace message for ScanRun. Warning traces provide customers with useful information that helps make the scanning process more effective.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1203 "id": "ScanRunWarningTrace",
1204 "properties": {
1205 "code": {
1206 "description": "Output only. Indicates the warning code.",
1207 "enum": [
1208 "CODE_UNSPECIFIED",
1209 "INSUFFICIENT_CRAWL_RESULTS",
1210 "TOO_MANY_CRAWL_RESULTS",
1211 "TOO_MANY_FUZZ_TASKS",
1212 "BLOCKED_BY_IAP",
1213 "NO_STARTING_URL_FOUND_FOR_MANAGED_SCAN"
1214 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1215 "enumDescriptions": [
1216 "Default value is never used.",
1217 "Indicates that a scan discovered an unexpectedly low number of URLs. This is sometimes caused by complex navigation features or by using a single URL for numerous pages.",
1218 "Indicates that a scan discovered too many URLs to test, or excessive redundant URLs.",
1219 "Indicates that too many tests have been generated for the scan. Customer should try reducing the number of starting URLs, increasing the QPS rate, or narrowing down the scope of the scan using the excluded patterns.",
1220 "Indicates that a scan is blocked by IAP.",
1221 "Indicates that no seeds is found for a scan"
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1222 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1223 "type": "string"
1224 }
1225 },
1226 "type": "object"
1227 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1228 "Schedule": {
1229 "description": "Scan schedule configuration.",
1230 "id": "Schedule",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1231 "properties": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1232 "intervalDurationDays": {
1233 "description": "Required. The duration of time between executions in days.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1234 "format": "int32",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1235 "type": "integer"
1236 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1237 "scheduleTime": {
1238 "description": "A timestamp indicates when the next run will be scheduled. The value is refreshed by the server after each run. If unspecified, it will default to current server time, which means the scan will be scheduled to start immediately.",
1239 "format": "google-datetime",
1240 "type": "string"
1241 }
1242 },
1243 "type": "object"
1244 },
1245 "StartScanRunRequest": {
1246 "description": "Request for the `StartScanRun` method.",
1247 "id": "StartScanRunRequest",
1248 "properties": {},
1249 "type": "object"
1250 },
1251 "StopScanRunRequest": {
1252 "description": "Request for the `StopScanRun` method.",
1253 "id": "StopScanRunRequest",
1254 "properties": {},
1255 "type": "object"
1256 },
1257 "ViolatingResource": {
1258 "description": "Information regarding any resource causing the vulnerability such as JavaScript sources, image, audio files, etc.",
1259 "id": "ViolatingResource",
1260 "properties": {
1261 "contentType": {
1262 "description": "The MIME type of this resource.",
1263 "type": "string"
1264 },
1265 "resourceUrl": {
1266 "description": "URL of this violating resource.",
1267 "type": "string"
1268 }
1269 },
1270 "type": "object"
1271 },
1272 "VulnerableHeaders": {
1273 "description": "Information about vulnerable or missing HTTP Headers.",
1274 "id": "VulnerableHeaders",
1275 "properties": {
1276 "headers": {
1277 "description": "List of vulnerable headers.",
1278 "items": {
1279 "$ref": "Header"
1280 },
1281 "type": "array"
1282 },
1283 "missingHeaders": {
1284 "description": "List of missing headers.",
1285 "items": {
1286 "$ref": "Header"
1287 },
1288 "type": "array"
1289 }
1290 },
1291 "type": "object"
1292 },
1293 "VulnerableParameters": {
1294 "description": "Information about vulnerable request parameters.",
1295 "id": "VulnerableParameters",
1296 "properties": {
1297 "parameterNames": {
1298 "description": "The vulnerable parameter names.",
1299 "items": {
1300 "type": "string"
1301 },
1302 "type": "array"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1303 }
1304 },
1305 "type": "object"
1306 },
1307 "Xss": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1308 "description": "Information reported for an XSS.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1309 "id": "Xss",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1310 "properties": {
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1311 "attackVector": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1312 "description": "The attack vector of the payload triggering this XSS.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1313 "enum": [
1314 "ATTACK_VECTOR_UNSPECIFIED",
1315 "LOCAL_STORAGE",
1316 "SESSION_STORAGE",
1317 "WINDOW_NAME",
1318 "REFERRER",
1319 "FORM_INPUT",
1320 "COOKIE",
1321 "POST_MESSAGE",
1322 "GET_PARAMETERS",
1323 "URL_FRAGMENT",
1324 "HTML_COMMENT",
1325 "POST_PARAMETERS",
1326 "PROTOCOL",
1327 "STORED_XSS",
1328 "SAME_ORIGIN",
1329 "USER_CONTROLLABLE_URL"
1330 ],
1331 "enumDescriptions": [
1332 "Unknown attack vector.",
1333 "The attack comes from fuzzing the browser's localStorage.",
1334 "The attack comes from fuzzing the browser's sessionStorage.",
1335 "The attack comes from fuzzing the window's name property.",
1336 "The attack comes from fuzzing the referrer property.",
1337 "The attack comes from fuzzing an input element.",
1338 "The attack comes from fuzzing the browser's cookies.",
1339 "The attack comes from hijacking the post messaging mechanism.",
1340 "The attack comes from fuzzing parameters in the url.",
1341 "The attack comes from fuzzing the fragment in the url.",
1342 "The attack comes from fuzzing the HTML comments.",
1343 "The attack comes from fuzzing the POST parameters.",
1344 "The attack comes from fuzzing the protocol.",
1345 "The attack comes from the server side and is stored.",
1346 "The attack is a Same-Origin Method Execution attack via a GET parameter.",
1347 "The attack payload is received from a third-party host via a URL that is user-controllable"
1348 ],
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1349 "type": "string"
1350 },
1351 "errorMessage": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1352 "description": "An error message generated by a javascript breakage.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1353 "type": "string"
1354 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1355 "stackTraces": {
1356 "description": "Stack traces leading to the point where the XSS occurred.",
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1357 "items": {
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1358 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1359 },
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1360 "type": "array"
1361 },
1362 "storedXssSeedingUrl": {
1363 "description": "The reproduction url for the seeding POST request of a Stored XSS.",
1364 "type": "string"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1365 }
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1366 },
1367 "type": "object"
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1368 }
1369 },
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800[diff] [blame]1370 "servicePath": "",
Anthonios Partheniou10f4b672021-04-13 14:47:53 -0400[diff] [blame]1371 "title": "Web Security Scanner API",
1372 "version": "v1",
1373 "version_module": true
1374}