// Copyright 2019 Google LLC. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // syntax = "proto3"; package google.cloud.websecurityscanner.v1beta; import "google/api/annotations.proto"; import "google/cloud/websecurityscanner/v1beta/finding_addon.proto"; option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1beta;websecurityscanner"; option java_multiple_files = true; option java_outer_classname = "FindingProto"; option java_package = "com.google.cloud.websecurityscanner.v1beta"; // A Finding resource represents a vulnerability instance identified during a // ScanRun. message Finding { // Output only. // The resource name of the Finding. The name follows the format of // 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. // The finding IDs are generated by the system. string name = 1; // Output only. // The type of the Finding. // Detailed and up-to-date information on findings can be found here: // https://cloud.google.com/security-scanner/docs/scan-result-details string finding_type = 2; // Output only. // The http method of the request that triggered the vulnerability, in // uppercase. string http_method = 3; // Output only. // The URL produced by the server-side fuzzer and used in the request that // triggered the vulnerability. string fuzzed_url = 4; // Output only. // The body of the request that triggered the vulnerability. string body = 5; // Output only. // The description of the vulnerability. string description = 6; // Output only. // The URL containing human-readable payload that user can leverage to // reproduce the vulnerability. string reproduction_url = 7; // Output only. // If the vulnerability was originated from nested IFrame, the immediate // parent IFrame is reported. string frame_url = 8; // Output only. // The URL where the browser lands when the vulnerability is detected. string final_url = 9; // Output only. // The tracking ID uniquely identifies a vulnerability instance across // multiple ScanRuns. string tracking_id = 10; // Output only. // An addon containing information reported for a vulnerability with an HTML // form, if any. Form form = 16; // Output only. // An addon containing information about outdated libraries. OutdatedLibrary outdated_library = 11; // Output only. // An addon containing detailed information regarding any resource causing the // vulnerability such as JavaScript sources, image, audio files, etc. ViolatingResource violating_resource = 12; // Output only. // An addon containing information about vulnerable or missing HTTP headers. VulnerableHeaders vulnerable_headers = 15; // Output only. // An addon containing information about request parameters which were found // to be vulnerable. VulnerableParameters vulnerable_parameters = 13; // Output only. // An addon containing information reported for an XSS, if any. Xss xss = 14; }