Add protos as an artifact to library (#7205)

packages/google-cloud-websecurityscanner/google/cloud/websecurityscanner_v1alpha/proto/crawled_url.proto

@@ -0,0 +1,43 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.websecurityscanner.v1alpha;
+
+import "google/api/annotations.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1alpha;websecurityscanner";
+option java_multiple_files = true;
+option java_outer_classname = "CrawledUrlProto";
+option java_package = "com.google.cloud.websecurityscanner.v1alpha";
+
+
+// A CrawledUrl resource represents a URL that was crawled during a ScanRun. Web
+// Security Scanner Service crawls the web applications, following all links
+// within the scope of sites, to find the URLs to test against.
+message CrawledUrl {
+  // Output only.
+  // The http method of the request that was used to visit the URL, in
+  // uppercase.
+  string http_method = 1;
+
+  // Output only.
+  // The URL that was crawled.
+  string url = 2;
+
+  // Output only.
+  // The body of the request that was used to visit the URL.
+  string body = 3;
+}

packages/google-cloud-websecurityscanner/google/cloud/websecurityscanner_v1alpha/proto/finding.proto

@@ -0,0 +1,141 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.websecurityscanner.v1alpha;
+
+import "google/api/annotations.proto";
+import "google/cloud/websecurityscanner/v1alpha/finding_addon.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1alpha;websecurityscanner";
+option java_multiple_files = true;
+option java_outer_classname = "FindingProto";
+option java_package = "com.google.cloud.websecurityscanner.v1alpha";
+
+
+// A Finding resource represents a vulnerability instance identified during a
+// ScanRun.
+message Finding {
+  // Types of Findings.
+  enum FindingType {
+    // The invalid finding type.
+    FINDING_TYPE_UNSPECIFIED = 0;
+
+    // A page that was served over HTTPS also resources over HTTP. A
+    // man-in-the-middle attacker could tamper with the HTTP resource and gain
+    // full access to the website that loads the resource or to monitor the
+    // actions taken by the user.
+    MIXED_CONTENT = 1;
+
+    // The version of an included library is known to contain a security issue.
+    // The scanner checks the version of library in use against a known list of
+    // vulnerable libraries. False positives are possible if the version
+    // detection fails or if the library has been manually patched.
+    OUTDATED_LIBRARY = 2;
+
+    // This type of vulnerability occurs when the value of a request parameter
+    // is reflected at the beginning of the response, for example, in requests
+    // using JSONP. Under certain circumstances, an attacker may be able to
+    // supply an alphanumeric-only Flash file in the vulnerable parameter
+    // causing the browser to execute the Flash file as if it originated on the
+    // vulnerable server.
+    ROSETTA_FLASH = 5;
+
+    // A cross-site scripting (XSS) bug is found via JavaScript callback. For
+    // detailed explanations on XSS, see
+    // https://www.google.com/about/appsecurity/learning/xss/.
+    XSS_CALLBACK = 3;
+
+    // A potential cross-site scripting (XSS) bug due to JavaScript breakage.
+    // In some circumstances, the application under test might modify the test
+    // string before it is parsed by the browser. When the browser attempts to
+    // runs this modified test string, it will likely break and throw a
+    // JavaScript execution error, thus an injection issue is occurring.
+    // However, it may not be exploitable. Manual verification is needed to see
+    // if the test string modifications can be evaded and confirm that the issue
+    // is in fact an XSS vulnerability. For detailed explanations on XSS, see
+    // https://www.google.com/about/appsecurity/learning/xss/.
+    XSS_ERROR = 4;
+
+    // An application appears to be transmitting a password field in clear text.
+    // An attacker can eavesdrop network traffic and sniff the password field.
+    CLEAR_TEXT_PASSWORD = 6;
+  }
+
+  // Output only.
+  // The resource name of the Finding. The name follows the format of
+  // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'.
+  // The finding IDs are generated by the system.
+  string name = 1;
+
+  // Output only.
+  // The type of the Finding.
+  FindingType finding_type = 2;
+
+  // Output only.
+  // The http method of the request that triggered the vulnerability, in
+  // uppercase.
+  string http_method = 3;
+
+  // Output only.
+  // The URL produced by the server-side fuzzer and used in the request that
+  // triggered the vulnerability.
+  string fuzzed_url = 4;
+
+  // Output only.
+  // The body of the request that triggered the vulnerability.
+  string body = 5;
+
+  // Output only.
+  // The description of the vulnerability.
+  string description = 6;
+
+  // Output only.
+  // The URL containing human-readable payload that user can leverage to
+  // reproduce the vulnerability.
+  string reproduction_url = 7;
+
+  // Output only.
+  // If the vulnerability was originated from nested IFrame, the immediate
+  // parent IFrame is reported.
+  string frame_url = 8;
+
+  // Output only.
+  // The URL where the browser lands when the vulnerability is detected.
+  string final_url = 9;
+
+  // Output only.
+  // The tracking ID uniquely identifies a vulnerability instance across
+  // multiple ScanRuns.
+  string tracking_id = 10;
+
+  // Output only.
+  // An addon containing information about outdated libraries.
+  OutdatedLibrary outdated_library = 11;
+
+  // Output only.
+  // An addon containing detailed information regarding any resource causing the
+  // vulnerability such as JavaScript sources, image, audio files, etc.
+  ViolatingResource violating_resource = 12;
+
+  // Output only.
+  // An addon containing information about request parameters which were found
+  // to be vulnerable.
+  VulnerableParameters vulnerable_parameters = 13;
+
+  // Output only.
+  // An addon containing information reported for an XSS, if any.
+  Xss xss = 14;
+}

packages/google-cloud-websecurityscanner/google/cloud/websecurityscanner_v1alpha/proto/finding_addon.proto

@@ -0,0 +1,62 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.websecurityscanner.v1alpha;
+
+import "google/api/annotations.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1alpha;websecurityscanner";
+option java_multiple_files = true;
+option java_outer_classname = "FindingAddonProto";
+option java_package = "com.google.cloud.websecurityscanner.v1alpha";
+
+
+// Information reported for an outdated library.
+message OutdatedLibrary {
+  // The name of the outdated library.
+  string library_name = 1;
+
+  // The version number.
+  string version = 2;
+
+  // URLs to learn more information about the vulnerabilities in the library.
+  repeated string learn_more_urls = 3;
+}
+
+// Information regarding any resource causing the vulnerability such
+// as JavaScript sources, image, audio files, etc.
+message ViolatingResource {
+  // The MIME type of this resource.
+  string content_type = 1;
+
+  // URL of this violating resource.
+  string resource_url = 2;
+}
+
+// Information about vulnerable request parameters.
+message VulnerableParameters {
+  // The vulnerable parameter names.
+  repeated string parameter_names = 1;
+}
+
+// Information reported for an XSS.
+message Xss {
+  // Stack traces leading to the point where the XSS occurred.
+  repeated string stack_traces = 1;
+
+  // An error message generated by a javascript breakage.
+  string error_message = 2;
+}

packages/google-cloud-websecurityscanner/google/cloud/websecurityscanner_v1alpha/proto/finding_type_stats.proto

@@ -0,0 +1,38 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.websecurityscanner.v1alpha;
+
+import "google/api/annotations.proto";
+import "google/cloud/websecurityscanner/v1alpha/finding.proto";
+
+option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1alpha;websecurityscanner";
+option java_multiple_files = true;
+option java_outer_classname = "FindingTypeStatsProto";
+option java_package = "com.google.cloud.websecurityscanner.v1alpha";
+
+
+// A FindingTypeStats resource represents stats regarding a specific FindingType
+// of Findings under a given ScanRun.
+message FindingTypeStats {
+  // Output only.
+  // The finding type associated with the stats.
+  Finding.FindingType finding_type = 1;
+
+  // Output only.
+  // The count of findings belonging to this finding type.
+  int32 finding_count = 2;
+}