// Copyright 2022 Luca Casonato. All rights reserved. MIT license. /** * Web Security Scanner API Client for Deno * ======================================== * * Scans your Compute and App Engine apps for common web vulnerabilities. * * Docs: https://cloud.google.com/security-command-center/docs/concepts-web-security-scanner-overview/ * Source: https://googleapis.deno.dev/v1/websecurityscanner:v1.ts */ import { auth, CredentialsClient, GoogleAuth, request } from "/_/base@v1/mod.ts"; export { auth, GoogleAuth }; export type { CredentialsClient }; /** * Scans your Compute and App Engine apps for common web vulnerabilities. */ export class WebSecurityScanner { #client: CredentialsClient | undefined; #baseUrl: string; constructor(client?: CredentialsClient, baseUrl: string = "https://websecurityscanner.googleapis.com/") { this.#client = client; this.#baseUrl = baseUrl; } /** * Creates a new ScanConfig. * * @param parent Required. The parent resource name where the scan is created, which should be a project resource name in the format 'projects/{projectId}'. */ async projectsScanConfigsCreate(parent: string, req: ScanConfig): Promise { req = serializeScanConfig(req); const url = new URL(`${this.#baseUrl}v1/${ parent }/scanConfigs`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeScanConfig(data); } /** * Deletes an existing ScanConfig and its child resources. * * @param name Required. The resource name of the ScanConfig to be deleted. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. */ async projectsScanConfigsDelete(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "DELETE", }); return data as Empty; } /** * Gets a ScanConfig. * * @param name Required. The resource name of the ScanConfig to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. */ async projectsScanConfigsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeScanConfig(data); } /** * Lists ScanConfigs under a given project. * * @param parent Required. The parent resource name, which should be a project resource name in the format 'projects/{projectId}'. */ async projectsScanConfigsList(parent: string, opts: ProjectsScanConfigsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/scanConfigs`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListScanConfigsResponse(data); } /** * Updates a ScanConfig. This method support partial update of a ScanConfig. * * @param name The resource name of the ScanConfig. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are generated by the system. */ async projectsScanConfigsPatch(name: string, req: ScanConfig, opts: ProjectsScanConfigsPatchOptions = {}): Promise { req = serializeScanConfig(req); opts = serializeProjectsScanConfigsPatchOptions(opts); const url = new URL(`${this.#baseUrl}v1/${ name }`); if (opts.updateMask !== undefined) { url.searchParams.append("updateMask", String(opts.updateMask)); } const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "PATCH", body, }); return deserializeScanConfig(data); } /** * List CrawledUrls under a given ScanRun. * * @param parent Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. */ async projectsScanConfigsScanRunsCrawledUrlsList(parent: string, opts: ProjectsScanConfigsScanRunsCrawledUrlsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/crawledUrls`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListCrawledUrlsResponse; } /** * Gets a Finding. * * @param name Required. The resource name of the Finding to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'. */ async projectsScanConfigsScanRunsFindingsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as Finding; } /** * List Findings under a given ScanRun. * * @param parent Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. */ async projectsScanConfigsScanRunsFindingsList(parent: string, opts: ProjectsScanConfigsScanRunsFindingsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/findings`); if (opts.filter !== undefined) { url.searchParams.append("filter", String(opts.filter)); } if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListFindingsResponse; } /** * List all FindingTypeStats under a given ScanRun. * * @param parent Required. The parent resource name, which should be a scan run resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. */ async projectsScanConfigsScanRunsFindingTypeStatsList(parent: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/findingTypeStats`); const data = await request(url.href, { client: this.#client, method: "GET", }); return data as ListFindingTypeStatsResponse; } /** * Gets a ScanRun. * * @param name Required. The resource name of the ScanRun to be returned. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. */ async projectsScanConfigsScanRunsGet(name: string): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }`); const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeScanRun(data); } /** * Lists ScanRuns under a given ScanConfig, in descending order of ScanRun * stop time. * * @param parent Required. The parent resource name, which should be a scan resource name in the format 'projects/{projectId}/scanConfigs/{scanConfigId}'. */ async projectsScanConfigsScanRunsList(parent: string, opts: ProjectsScanConfigsScanRunsListOptions = {}): Promise { const url = new URL(`${this.#baseUrl}v1/${ parent }/scanRuns`); if (opts.pageSize !== undefined) { url.searchParams.append("pageSize", String(opts.pageSize)); } if (opts.pageToken !== undefined) { url.searchParams.append("pageToken", String(opts.pageToken)); } const data = await request(url.href, { client: this.#client, method: "GET", }); return deserializeListScanRunsResponse(data); } /** * Stops a ScanRun. The stopped ScanRun is returned. * * @param name Required. The resource name of the ScanRun to be stopped. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. */ async projectsScanConfigsScanRunsStop(name: string, req: StopScanRunRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:stop`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeScanRun(data); } /** * Start a ScanRun according to the given ScanConfig. * * @param name Required. The resource name of the ScanConfig to be used. The name follows the format of 'projects/{projectId}/scanConfigs/{scanConfigId}'. */ async projectsScanConfigsStart(name: string, req: StartScanRunRequest): Promise { const url = new URL(`${this.#baseUrl}v1/${ name }:start`); const body = JSON.stringify(req); const data = await request(url.href, { client: this.#client, method: "POST", body, }); return deserializeScanRun(data); } } /** * Scan authentication configuration. */ export interface Authentication { /** * Authentication using a custom account. */ customAccount?: CustomAccount; /** * Authentication using a Google account. */ googleAccount?: GoogleAccount; /** * Authentication using Identity-Aware-Proxy (IAP). */ iapCredential?: IapCredential; } /** * A CrawledUrl resource represents a URL that was crawled during a ScanRun. * Web Security Scanner Service crawls the web applications, following all links * within the scope of sites, to find the URLs to test against. */ export interface CrawledUrl { /** * Output only. The body of the request that was used to visit the URL. */ body?: string; /** * Output only. The http method of the request that was used to visit the * URL, in uppercase. */ httpMethod?: string; /** * Output only. The URL that was crawled. */ url?: string; } /** * Describes authentication configuration that uses a custom account. */ export interface CustomAccount { /** * Required. The login form URL of the website. */ loginUrl?: string; /** * Required. Input only. The password of the custom account. The credential * is stored encrypted and not returned in any response nor included in audit * logs. */ password?: string; /** * Required. The user name of the custom account. */ username?: string; } /** * A generic empty message that you can re-use to avoid defining duplicated * empty messages in your APIs. A typical example is to use it as the request or * the response type of an API method. For instance: service Foo { rpc * Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } */ export interface Empty { } /** * A Finding resource represents a vulnerability instance identified during a * ScanRun. */ export interface Finding { /** * Output only. The body of the request that triggered the vulnerability. */ body?: string; /** * Output only. The description of the vulnerability. */ description?: string; /** * Output only. The URL where the browser lands when the vulnerability is * detected. */ finalUrl?: string; /** * Output only. The type of the Finding. Detailed and up-to-date information * on findings can be found here: * https://cloud.google.com/security-command-center/docs/how-to-remediate-web-security-scanner-findings */ findingType?: string; /** * Output only. An addon containing information reported for a vulnerability * with an HTML form, if any. */ form?: Form; /** * Output only. If the vulnerability was originated from nested IFrame, the * immediate parent IFrame is reported. */ frameUrl?: string; /** * Output only. The URL produced by the server-side fuzzer and used in the * request that triggered the vulnerability. */ fuzzedUrl?: string; /** * Output only. The http method of the request that triggered the * vulnerability, in uppercase. */ httpMethod?: string; /** * Output only. The resource name of the Finding. The name follows the format * of * 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'. * The finding IDs are generated by the system. */ name?: string; /** * Output only. An addon containing information about outdated libraries. */ outdatedLibrary?: OutdatedLibrary; /** * Output only. The URL containing human-readable payload that user can * leverage to reproduce the vulnerability. */ reproductionUrl?: string; /** * Output only. The severity level of the reported vulnerability. */ readonly severity?: | "SEVERITY_UNSPECIFIED" | "CRITICAL" | "HIGH" | "MEDIUM" | "LOW"; /** * Output only. The tracking ID uniquely identifies a vulnerability instance * across multiple ScanRuns. */ trackingId?: string; /** * Output only. An addon containing detailed information regarding any * resource causing the vulnerability such as JavaScript sources, image, audio * files, etc. */ violatingResource?: ViolatingResource; /** * Output only. An addon containing information about vulnerable or missing * HTTP headers. */ vulnerableHeaders?: VulnerableHeaders; /** * Output only. An addon containing information about request parameters * which were found to be vulnerable. */ vulnerableParameters?: VulnerableParameters; /** * Output only. An addon containing information reported for an XSS, if any. */ xss?: Xss; /** * Output only. An addon containing information reported for an XXE, if any. */ readonly xxe?: Xxe; } /** * A FindingTypeStats resource represents stats regarding a specific * FindingType of Findings under a given ScanRun. */ export interface FindingTypeStats { /** * Output only. The count of findings belonging to this finding type. */ findingCount?: number; /** * Output only. The finding type associated with the stats. */ findingType?: string; } /** * ! Information about a vulnerability with an HTML. */ export interface Form { /** * ! The URI where to send the form when it's submitted. */ actionUri?: string; /** * ! The names of form fields related to the vulnerability. */ fields?: string[]; } /** * Describes authentication configuration that uses a Google account. */ export interface GoogleAccount { /** * Required. Input only. The password of the Google account. The credential * is stored encrypted and not returned in any response nor included in audit * logs. */ password?: string; /** * Required. The user name of the Google account. */ username?: string; } /** * Describes a HTTP Header. */ export interface Header { /** * Header name. */ name?: string; /** * Header value. */ value?: string; } /** * Describes authentication configuration for Identity-Aware-Proxy (IAP). */ export interface IapCredential { /** * Authentication configuration when Web-Security-Scanner service account is * added in Identity-Aware-Proxy (IAP) access policies. */ iapTestServiceAccountInfo?: IapTestServiceAccountInfo; } /** * Describes authentication configuration when Web-Security-Scanner service * account is added in Identity-Aware-Proxy (IAP) access policies. */ export interface IapTestServiceAccountInfo { /** * Required. Describes OAuth2 client id of resources protected by * Identity-Aware-Proxy (IAP). */ targetAudienceClientId?: string; } /** * Response for the `ListCrawledUrls` method. */ export interface ListCrawledUrlsResponse { /** * The list of CrawledUrls returned. */ crawledUrls?: CrawledUrl[]; /** * Token to retrieve the next page of results, or empty if there are no more * results in the list. */ nextPageToken?: string; } /** * Response for the `ListFindings` method. */ export interface ListFindingsResponse { /** * The list of Findings returned. */ findings?: Finding[]; /** * Token to retrieve the next page of results, or empty if there are no more * results in the list. */ nextPageToken?: string; } /** * Response for the `ListFindingTypeStats` method. */ export interface ListFindingTypeStatsResponse { /** * The list of FindingTypeStats returned. */ findingTypeStats?: FindingTypeStats[]; } /** * Response for the `ListScanConfigs` method. */ export interface ListScanConfigsResponse { /** * Token to retrieve the next page of results, or empty if there are no more * results in the list. */ nextPageToken?: string; /** * The list of ScanConfigs returned. */ scanConfigs?: ScanConfig[]; } function serializeListScanConfigsResponse(data: any): ListScanConfigsResponse { return { ...data, scanConfigs: data["scanConfigs"] !== undefined ? data["scanConfigs"].map((item: any) => (serializeScanConfig(item))) : undefined, }; } function deserializeListScanConfigsResponse(data: any): ListScanConfigsResponse { return { ...data, scanConfigs: data["scanConfigs"] !== undefined ? data["scanConfigs"].map((item: any) => (deserializeScanConfig(item))) : undefined, }; } /** * Response for the `ListScanRuns` method. */ export interface ListScanRunsResponse { /** * Token to retrieve the next page of results, or empty if there are no more * results in the list. */ nextPageToken?: string; /** * The list of ScanRuns returned. */ scanRuns?: ScanRun[]; } function serializeListScanRunsResponse(data: any): ListScanRunsResponse { return { ...data, scanRuns: data["scanRuns"] !== undefined ? data["scanRuns"].map((item: any) => (serializeScanRun(item))) : undefined, }; } function deserializeListScanRunsResponse(data: any): ListScanRunsResponse { return { ...data, scanRuns: data["scanRuns"] !== undefined ? data["scanRuns"].map((item: any) => (deserializeScanRun(item))) : undefined, }; } /** * Information reported for an outdated library. */ export interface OutdatedLibrary { /** * URLs to learn more information about the vulnerabilities in the library. */ learnMoreUrls?: string[]; /** * The name of the outdated library. */ libraryName?: string; /** * The version number. */ version?: string; } /** * Additional options for WebSecurityScanner#projectsScanConfigsList. */ export interface ProjectsScanConfigsListOptions { /** * The maximum number of ScanConfigs to return, can be limited by server. If * not specified or not positive, the implementation will select a reasonable * value. */ pageSize?: number; /** * A token identifying a page of results to be returned. This should be a * `next_page_token` value returned from a previous List request. If * unspecified, the first page of results is returned. */ pageToken?: string; } /** * Additional options for WebSecurityScanner#projectsScanConfigsPatch. */ export interface ProjectsScanConfigsPatchOptions { /** * Required. The update mask applies to the resource. For the `FieldMask` * definition, see * https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask */ updateMask?: string /* FieldMask */; } function serializeProjectsScanConfigsPatchOptions(data: any): ProjectsScanConfigsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } function deserializeProjectsScanConfigsPatchOptions(data: any): ProjectsScanConfigsPatchOptions { return { ...data, updateMask: data["updateMask"] !== undefined ? data["updateMask"] : undefined, }; } /** * Additional options for * WebSecurityScanner#projectsScanConfigsScanRunsCrawledUrlsList. */ export interface ProjectsScanConfigsScanRunsCrawledUrlsListOptions { /** * The maximum number of CrawledUrls to return, can be limited by server. If * not specified or not positive, the implementation will select a reasonable * value. */ pageSize?: number; /** * A token identifying a page of results to be returned. This should be a * `next_page_token` value returned from a previous List request. If * unspecified, the first page of results is returned. */ pageToken?: string; } /** * Additional options for * WebSecurityScanner#projectsScanConfigsScanRunsFindingsList. */ export interface ProjectsScanConfigsScanRunsFindingsListOptions { /** * The filter expression. The expression must be in the format: . Supported * field: 'finding_type'. Supported operator: '='. */ filter?: string; /** * The maximum number of Findings to return, can be limited by server. If not * specified or not positive, the implementation will select a reasonable * value. */ pageSize?: number; /** * A token identifying a page of results to be returned. This should be a * `next_page_token` value returned from a previous List request. If * unspecified, the first page of results is returned. */ pageToken?: string; } /** * Additional options for WebSecurityScanner#projectsScanConfigsScanRunsList. */ export interface ProjectsScanConfigsScanRunsListOptions { /** * The maximum number of ScanRuns to return, can be limited by server. If not * specified or not positive, the implementation will select a reasonable * value. */ pageSize?: number; /** * A token identifying a page of results to be returned. This should be a * `next_page_token` value returned from a previous List request. If * unspecified, the first page of results is returned. */ pageToken?: string; } /** * A ScanConfig resource contains the configurations to launch a scan. */ export interface ScanConfig { /** * The authentication configuration. If specified, service will use the * authentication configuration during scanning. */ authentication?: Authentication; /** * The excluded URL patterns as described in * https://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner#excluding_urls */ blacklistPatterns?: string[]; /** * Required. The user provided display name of the ScanConfig. */ displayName?: string; /** * Controls export of scan configurations and results to Security Command * Center. */ exportToSecurityCommandCenter?: | "EXPORT_TO_SECURITY_COMMAND_CENTER_UNSPECIFIED" | "ENABLED" | "DISABLED"; /** * Whether to keep scanning even if most requests return HTTP error codes. */ ignoreHttpStatusErrors?: boolean; /** * Whether the scan config is managed by Web Security Scanner, output only. */ managedScan?: boolean; /** * The maximum QPS during scanning. A valid value ranges from 5 to 20 * inclusively. If the field is unspecified or its value is set 0, server will * default to 15. Other values outside of [5, 20] range will be rejected with * INVALID_ARGUMENT error. */ maxQps?: number; /** * The resource name of the ScanConfig. The name follows the format of * 'projects/{projectId}/scanConfigs/{scanConfigId}'. The ScanConfig IDs are * generated by the system. */ name?: string; /** * The risk level selected for the scan */ riskLevel?: | "RISK_LEVEL_UNSPECIFIED" | "NORMAL" | "LOW"; /** * The schedule of the ScanConfig. */ schedule?: Schedule; /** * Required. The starting URLs from which the scanner finds site pages. */ startingUrls?: string[]; /** * Whether the scan configuration has enabled static IP address scan feature. * If enabled, the scanner will access applications from static IP addresses. */ staticIpScan?: boolean; /** * The user agent used during scanning. */ userAgent?: | "USER_AGENT_UNSPECIFIED" | "CHROME_LINUX" | "CHROME_ANDROID" | "SAFARI_IPHONE"; } function serializeScanConfig(data: any): ScanConfig { return { ...data, schedule: data["schedule"] !== undefined ? serializeSchedule(data["schedule"]) : undefined, }; } function deserializeScanConfig(data: any): ScanConfig { return { ...data, schedule: data["schedule"] !== undefined ? deserializeSchedule(data["schedule"]) : undefined, }; } /** * Defines a custom error message used by CreateScanConfig and UpdateScanConfig * APIs when scan configuration validation fails. It is also reported as part of * a ScanRunErrorTrace message if scan validation fails due to a scan * configuration error. */ export interface ScanConfigError { /** * Output only. Indicates the reason code for a configuration failure. */ code?: | "CODE_UNSPECIFIED" | "OK" | "INTERNAL_ERROR" | "APPENGINE_API_BACKEND_ERROR" | "APPENGINE_API_NOT_ACCESSIBLE" | "APPENGINE_DEFAULT_HOST_MISSING" | "CANNOT_USE_GOOGLE_COM_ACCOUNT" | "CANNOT_USE_OWNER_ACCOUNT" | "COMPUTE_API_BACKEND_ERROR" | "COMPUTE_API_NOT_ACCESSIBLE" | "CUSTOM_LOGIN_URL_DOES_NOT_BELONG_TO_CURRENT_PROJECT" | "CUSTOM_LOGIN_URL_MALFORMED" | "CUSTOM_LOGIN_URL_MAPPED_TO_NON_ROUTABLE_ADDRESS" | "CUSTOM_LOGIN_URL_MAPPED_TO_UNRESERVED_ADDRESS" | "CUSTOM_LOGIN_URL_HAS_NON_ROUTABLE_IP_ADDRESS" | "CUSTOM_LOGIN_URL_HAS_UNRESERVED_IP_ADDRESS" | "DUPLICATE_SCAN_NAME" | "INVALID_FIELD_VALUE" | "FAILED_TO_AUTHENTICATE_TO_TARGET" | "FINDING_TYPE_UNSPECIFIED" | "FORBIDDEN_TO_SCAN_COMPUTE" | "FORBIDDEN_UPDATE_TO_MANAGED_SCAN" | "MALFORMED_FILTER" | "MALFORMED_RESOURCE_NAME" | "PROJECT_INACTIVE" | "REQUIRED_FIELD" | "RESOURCE_NAME_INCONSISTENT" | "SCAN_ALREADY_RUNNING" | "SCAN_NOT_RUNNING" | "SEED_URL_DOES_NOT_BELONG_TO_CURRENT_PROJECT" | "SEED_URL_MALFORMED" | "SEED_URL_MAPPED_TO_NON_ROUTABLE_ADDRESS" | "SEED_URL_MAPPED_TO_UNRESERVED_ADDRESS" | "SEED_URL_HAS_NON_ROUTABLE_IP_ADDRESS" | "SEED_URL_HAS_UNRESERVED_IP_ADDRESS" | "SERVICE_ACCOUNT_NOT_CONFIGURED" | "TOO_MANY_SCANS" | "UNABLE_TO_RESOLVE_PROJECT_INFO" | "UNSUPPORTED_BLACKLIST_PATTERN_FORMAT" | "UNSUPPORTED_FILTER" | "UNSUPPORTED_FINDING_TYPE" | "UNSUPPORTED_URL_SCHEME"; /** * Output only. Indicates the full name of the ScanConfig field that triggers * this error, for example "scan_config.max_qps". This field is provided for * troubleshooting purposes only and its actual value can change in the * future. */ fieldName?: string; } /** * A ScanRun is a output-only resource representing an actual run of the scan. * Next id: 12 */ export interface ScanRun { /** * Output only. The time at which the ScanRun reached termination state - * that the ScanRun is either finished or stopped by user. */ endTime?: Date; /** * Output only. If result_state is an ERROR, this field provides the primary * reason for scan's termination and more details, if such are available. */ errorTrace?: ScanRunErrorTrace; /** * Output only. The execution state of the ScanRun. */ executionState?: | "EXECUTION_STATE_UNSPECIFIED" | "QUEUED" | "SCANNING" | "FINISHED"; /** * Output only. Whether the scan run has found any vulnerabilities. */ hasVulnerabilities?: boolean; /** * Output only. The resource name of the ScanRun. The name follows the format * of 'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'. * The ScanRun IDs are generated by the system. */ name?: string; /** * Output only. The percentage of total completion ranging from 0 to 100. If * the scan is in queue, the value is 0. If the scan is running, the value * ranges from 0 to 100. If the scan is finished, the value is 100. */ progressPercent?: number; /** * Output only. The result state of the ScanRun. This field is only available * after the execution state reaches "FINISHED". */ resultState?: | "RESULT_STATE_UNSPECIFIED" | "SUCCESS" | "ERROR" | "KILLED"; /** * Output only. The time at which the ScanRun started. */ startTime?: Date; /** * Output only. The number of URLs crawled during this ScanRun. If the scan * is in progress, the value represents the number of URLs crawled up to now. */ urlsCrawledCount?: bigint; /** * Output only. The number of URLs tested during this ScanRun. If the scan is * in progress, the value represents the number of URLs tested up to now. The * number of URLs tested is usually larger than the number URLS crawled * because typically a crawled URL is tested with multiple test payloads. */ urlsTestedCount?: bigint; /** * Output only. A list of warnings, if such are encountered during this scan * run. */ warningTraces?: ScanRunWarningTrace[]; } function serializeScanRun(data: any): ScanRun { return { ...data, endTime: data["endTime"] !== undefined ? data["endTime"].toISOString() : undefined, startTime: data["startTime"] !== undefined ? data["startTime"].toISOString() : undefined, urlsCrawledCount: data["urlsCrawledCount"] !== undefined ? String(data["urlsCrawledCount"]) : undefined, urlsTestedCount: data["urlsTestedCount"] !== undefined ? String(data["urlsTestedCount"]) : undefined, }; } function deserializeScanRun(data: any): ScanRun { return { ...data, endTime: data["endTime"] !== undefined ? new Date(data["endTime"]) : undefined, startTime: data["startTime"] !== undefined ? new Date(data["startTime"]) : undefined, urlsCrawledCount: data["urlsCrawledCount"] !== undefined ? BigInt(data["urlsCrawledCount"]) : undefined, urlsTestedCount: data["urlsTestedCount"] !== undefined ? BigInt(data["urlsTestedCount"]) : undefined, }; } /** * Output only. Defines an error trace message for a ScanRun. */ export interface ScanRunErrorTrace { /** * Output only. Indicates the error reason code. */ code?: | "CODE_UNSPECIFIED" | "INTERNAL_ERROR" | "SCAN_CONFIG_ISSUE" | "AUTHENTICATION_CONFIG_ISSUE" | "TIMED_OUT_WHILE_SCANNING" | "TOO_MANY_REDIRECTS" | "TOO_MANY_HTTP_ERRORS" | "STARTING_URLS_CRAWL_HTTP_ERRORS"; /** * Output only. If the scan encounters TOO_MANY_HTTP_ERRORS, this field * indicates the most common HTTP error code, if such is available. For * example, if this code is 404, the scan has encountered too many NOT_FOUND * responses. */ mostCommonHttpErrorCode?: number; /** * Output only. If the scan encounters SCAN_CONFIG_ISSUE error, this field * has the error message encountered during scan configuration validation that * is performed before each scan run. */ scanConfigError?: ScanConfigError; } /** * Output only. Defines a warning trace message for ScanRun. Warning traces * provide customers with useful information that helps make the scanning * process more effective. */ export interface ScanRunWarningTrace { /** * Output only. Indicates the warning code. */ code?: | "CODE_UNSPECIFIED" | "INSUFFICIENT_CRAWL_RESULTS" | "TOO_MANY_CRAWL_RESULTS" | "TOO_MANY_FUZZ_TASKS" | "BLOCKED_BY_IAP" | "NO_STARTING_URL_FOUND_FOR_MANAGED_SCAN"; } /** * Scan schedule configuration. */ export interface Schedule { /** * Required. The duration of time between executions in days. */ intervalDurationDays?: number; /** * A timestamp indicates when the next run will be scheduled. The value is * refreshed by the server after each run. If unspecified, it will default to * current server time, which means the scan will be scheduled to start * immediately. */ scheduleTime?: Date; } function serializeSchedule(data: any): Schedule { return { ...data, scheduleTime: data["scheduleTime"] !== undefined ? data["scheduleTime"].toISOString() : undefined, }; } function deserializeSchedule(data: any): Schedule { return { ...data, scheduleTime: data["scheduleTime"] !== undefined ? new Date(data["scheduleTime"]) : undefined, }; } /** * Request for the `StartScanRun` method. */ export interface StartScanRunRequest { } /** * Request for the `StopScanRun` method. */ export interface StopScanRunRequest { } /** * Information regarding any resource causing the vulnerability such as * JavaScript sources, image, audio files, etc. */ export interface ViolatingResource { /** * The MIME type of this resource. */ contentType?: string; /** * URL of this violating resource. */ resourceUrl?: string; } /** * Information about vulnerable or missing HTTP Headers. */ export interface VulnerableHeaders { /** * List of vulnerable headers. */ headers?: Header[]; /** * List of missing headers. */ missingHeaders?: Header[]; } /** * Information about vulnerable request parameters. */ export interface VulnerableParameters { /** * The vulnerable parameter names. */ parameterNames?: string[]; } /** * Information reported for an XSS. */ export interface Xss { /** * The attack vector of the payload triggering this XSS. */ attackVector?: | "ATTACK_VECTOR_UNSPECIFIED" | "LOCAL_STORAGE" | "SESSION_STORAGE" | "WINDOW_NAME" | "REFERRER" | "FORM_INPUT" | "COOKIE" | "POST_MESSAGE" | "GET_PARAMETERS" | "URL_FRAGMENT" | "HTML_COMMENT" | "POST_PARAMETERS" | "PROTOCOL" | "STORED_XSS" | "SAME_ORIGIN" | "USER_CONTROLLABLE_URL"; /** * An error message generated by a javascript breakage. */ errorMessage?: string; /** * Stack traces leading to the point where the XSS occurred. */ stackTraces?: string[]; /** * The reproduction url for the seeding POST request of a Stored XSS. */ storedXssSeedingUrl?: string; } /** * Information reported for an XXE. */ export interface Xxe { /** * Location within the request where the payload was placed. */ payloadLocation?: | "LOCATION_UNSPECIFIED" | "COMPLETE_REQUEST_BODY"; /** * The XML string that triggered the XXE vulnerability. Non-payload values * might be redacted. */ payloadValue?: string; }