1 files changed, 193 insertions, 0 deletions

diff --git a/third_party/googleapis/google/cloud/websecurityscanner/v1/scan_config.proto b/third_party/googleapis/google/cloud/websecurityscanner/v1/scan_config.proto
new file mode 100644
index 0000000..85641af
--- /dev/null
+++ b/third_party/googleapis/google/cloud/websecurityscanner/v1/scan_config.proto
@@ -0,0 +1,193 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.websecurityscanner.v1;
+
+import "google/api/field_behavior.proto";
+import "google/protobuf/timestamp.proto";
+
+option csharp_namespace = "Google.Cloud.WebSecurityScanner.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1;websecurityscanner";
+option java_multiple_files = true;
+option java_outer_classname = "ScanConfigProto";
+option java_package = "com.google.cloud.websecurityscanner.v1";
+option php_namespace = "Google\\Cloud\\WebSecurityScanner\\V1";
+option ruby_package = "Google::Cloud::WebSecurityScanner::V1";
+
+// A ScanConfig resource contains the configurations to launch a scan.
+message ScanConfig {
+  // Scan authentication configuration.
+  message Authentication {
+    // Describes authentication configuration that uses a Google account.
+    message GoogleAccount {
+      option deprecated = true;
+
+      // Required. The user name of the Google account.
+      string username = 1;
+
+      // Required. Input only. The password of the Google account. The credential is stored encrypted
+      // and not returned in any response nor included in audit logs.
+      string password = 2;
+    }
+
+    // Describes authentication configuration that uses a custom account.
+    message CustomAccount {
+      // Required. The user name of the custom account.
+      string username = 1;
+
+      // Required. Input only. The password of the custom account. The credential is stored encrypted
+      // and not returned in any response nor included in audit logs.
+      string password = 2;
+
+      // Required. The login form URL of the website.
+      string login_url = 3;
+    }
+
+    // Describes authentication configuration for Identity-Aware-Proxy (IAP).
+    message IapCredential {
+      // Describes authentication configuration when Web-Security-Scanner
+      // service account is added in Identity-Aware-Proxy (IAP) access policies.
+      message IapTestServiceAccountInfo {
+        // Required. Describes OAuth2 client id of resources protected by
+        // Identity-Aware-Proxy (IAP).
+        string target_audience_client_id = 1 [(google.api.field_behavior) = REQUIRED];
+      }
+
+      // Identity-Aware-Proxy (IAP) Authentication Configuration
+      oneof iap_credentials {
+        // Authentication configuration when Web-Security-Scanner service
+        // account is added in Identity-Aware-Proxy (IAP) access policies.
+        IapTestServiceAccountInfo iap_test_service_account_info = 1;
+      }
+    }
+
+    // Required.
+    // Authentication configuration
+    oneof authentication {
+      // Authentication using a Google account.
+      GoogleAccount google_account = 1 [deprecated = true];
+
+      // Authentication using a custom account.
+      CustomAccount custom_account = 2;
+
+      // Authentication using Identity-Aware-Proxy (IAP).
+      IapCredential iap_credential = 4;
+    }
+  }
+
+  // Scan schedule configuration.
+  message Schedule {
+    // A timestamp indicates when the next run will be scheduled. The value is
+    // refreshed by the server after each run. If unspecified, it will default
+    // to current server time, which means the scan will be scheduled to start
+    // immediately.
+    google.protobuf.Timestamp schedule_time = 1;
+
+    // Required. The duration of time between executions in days.
+    int32 interval_duration_days = 2;
+  }
+
+  // Type of user agents used for scanning.
+  enum UserAgent {
+    // The user agent is unknown. Service will default to CHROME_LINUX.
+    USER_AGENT_UNSPECIFIED = 0;
+
+    // Chrome on Linux. This is the service default if unspecified.
+    CHROME_LINUX = 1;
+
+    // Chrome on Android.
+    CHROME_ANDROID = 2;
+
+    // Safari on IPhone.
+    SAFARI_IPHONE = 3;
+  }
+
+  // Scan risk levels supported by Web Security Scanner. LOW impact
+  // scanning will minimize requests with the potential to modify data. To
+  // achieve the maximum scan coverage, NORMAL risk level is recommended.
+  enum RiskLevel {
+    // Use default, which is NORMAL.
+    RISK_LEVEL_UNSPECIFIED = 0;
+
+    // Normal scanning (Recommended)
+    NORMAL = 1;
+
+    // Lower impact scanning
+    LOW = 2;
+  }
+
+  // Controls export of scan configurations and results to Security
+  // Command Center.
+  enum ExportToSecurityCommandCenter {
+    // Use default, which is ENABLED.
+    EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED = 0;
+
+    // Export results of this scan to Security Command Center.
+    ENABLED = 1;
+
+    // Do not export results of this scan to Security Command Center.
+    DISABLED = 2;
+  }
+
+  // The resource name of the ScanConfig. The name follows the format of
+  // 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are
+  // generated by the system.
+  string name = 1;
+
+  // Required. The user provided display name of the ScanConfig.
+  string display_name = 2;
+
+  // The maximum QPS during scanning. A valid value ranges from 5 to 20
+  // inclusively. If the field is unspecified or its value is set 0, server will
+  // default to 15. Other values outside of [5, 20] range will be rejected with
+  // INVALID_ARGUMENT error.
+  int32 max_qps = 3;
+
+  // Required. The starting URLs from which the scanner finds site pages.
+  repeated string starting_urls = 4;
+
+  // The authentication configuration. If specified, service will use the
+  // authentication configuration during scanning.
+  Authentication authentication = 5;
+
+  // The user agent used during scanning.
+  UserAgent user_agent = 6;
+
+  // The excluded URL patterns as described in
+  // https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls
+  repeated string blacklist_patterns = 7;
+
+  // The schedule of the ScanConfig.
+  Schedule schedule = 8;
+
+  // Controls export of scan configurations and results to Security
+  // Command Center.
+  ExportToSecurityCommandCenter export_to_security_command_center = 10;
+
+  // The risk level selected for the scan
+  RiskLevel risk_level = 12;
+
+  // Whether the scan config is managed by Web Security Scanner, output
+  // only.
+  bool managed_scan = 13;
+
+  // Whether the scan configuration has enabled static IP address scan feature.
+  // If enabled, the scanner will access applications from static IP addresses.
+  bool static_ip_scan = 14;
+
+  // Whether to keep scanning even if most requests return HTTP error codes.
+  bool ignore_http_status_errors = 15;
+}