Skip to content

Commit abd022f

Browse files
yoshi-automationbusunkim96
yoshi-automation
authored and
busunkim96
committed
feat(websecurityscanner): add finding types; add vulnerable headers; update docstrings (via synth) (googleapis#9380)
1 parent 1826e49 commit abd022f

17 files changed

Lines changed: 756 additions & 373 deletions

websecurityscanner/google/cloud/websecurityscanner_v1alpha/gapic/enums.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,13 @@ class FindingType(enum.IntEnum):
5454
https://www.google.com/about/appsecurity/learning/xss/.
5555
CLEAR_TEXT_PASSWORD (int): An application appears to be transmitting a password field in clear text.
5656
An attacker can eavesdrop network traffic and sniff the password field.
57+
INVALID_CONTENT_TYPE (int): An application returns sensitive content with an invalid content type,
58+
or without an 'X-Content-Type-Options: nosniff' header.
59+
XSS_ANGULAR_CALLBACK (int): A cross-site scripting (XSS) vulnerability in AngularJS module that
60+
occurs when a user-provided string is interpolated by Angular.
61+
INVALID_HEADER (int): A malformed or invalid valued header.
62+
MISSPELLED_SECURITY_HEADER_NAME (int): Misspelled security header name.
63+
MISMATCHING_SECURITY_HEADER_VALUES (int): Mismatching values in a duplicate security header.
5764
"""
5865

5966
FINDING_TYPE_UNSPECIFIED = 0
@@ -63,6 +70,11 @@ class FindingType(enum.IntEnum):
6370
XSS_CALLBACK = 3
6471
XSS_ERROR = 4
6572
CLEAR_TEXT_PASSWORD = 6
73+
INVALID_CONTENT_TYPE = 7
74+
XSS_ANGULAR_CALLBACK = 8
75+
INVALID_HEADER = 9
76+
MISSPELLED_SECURITY_HEADER_NAME = 10
77+
MISMATCHING_SECURITY_HEADER_VALUES = 11
6678

6779

6880
class ScanConfig(object):

websecurityscanner/google/cloud/websecurityscanner_v1alpha/gapic/web_security_scanner_client.py

Lines changed: 16 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -260,11 +260,9 @@ def create_scan_config(
260260
>>> response = client.create_scan_config(parent, scan_config)
261261
262262
Args:
263-
parent (str): Required.
264-
The parent resource name where the scan is created, which should be a
263+
parent (str): Required. The parent resource name where the scan is created, which should be a
265264
project resource name in the format 'projects/{projectId}'.
266-
scan_config (Union[dict, ~google.cloud.websecurityscanner_v1alpha.types.ScanConfig]): Required.
267-
The ScanConfig to be created.
265+
scan_config (Union[dict, ~google.cloud.websecurityscanner_v1alpha.types.ScanConfig]): Required. The ScanConfig to be created.
268266
269267
If a dict is provided, it must be of the same form as the protobuf
270268
message :class:`~google.cloud.websecurityscanner_v1alpha.types.ScanConfig`
@@ -338,8 +336,7 @@ def delete_scan_config(
338336
>>> client.delete_scan_config(name)
339337
340338
Args:
341-
name (str): Required.
342-
The resource name of the ScanConfig to be deleted. The name follows the
339+
name (str): Required. The resource name of the ScanConfig to be deleted. The name follows the
343340
format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
344341
retry (Optional[google.api_core.retry.Retry]): A retry object used
345342
to retry requests. If ``None`` is specified, requests will
@@ -406,8 +403,7 @@ def get_scan_config(
406403
>>> response = client.get_scan_config(name)
407404
408405
Args:
409-
name (str): Required.
410-
The resource name of the ScanConfig to be returned. The name follows the
406+
name (str): Required. The resource name of the ScanConfig to be returned. The name follows the
411407
format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
412408
retry (Optional[google.api_core.retry.Retry]): A retry object used
413409
to retry requests. If ``None`` is specified, requests will
@@ -490,8 +486,7 @@ def list_scan_configs(
490486
... pass
491487
492488
Args:
493-
parent (str): Required.
494-
The parent resource name, which should be a project resource name in the
489+
parent (str): Required. The parent resource name, which should be a project resource name in the
495490
format 'projects/{projectId}'.
496491
page_size (int): The maximum number of resources contained in the
497492
underlying API response. If page streaming is performed per-
@@ -587,8 +582,7 @@ def update_scan_config(
587582
>>> response = client.update_scan_config(scan_config, update_mask)
588583
589584
Args:
590-
scan_config (Union[dict, ~google.cloud.websecurityscanner_v1alpha.types.ScanConfig]): Required.
591-
The ScanConfig to be updated. The name field must be set to identify the
585+
scan_config (Union[dict, ~google.cloud.websecurityscanner_v1alpha.types.ScanConfig]): Required. The ScanConfig to be updated. The name field must be set to identify the
592586
resource to be updated. The values of fields not covered by the mask
593587
will be ignored.
594588
@@ -670,8 +664,7 @@ def start_scan_run(
670664
>>> response = client.start_scan_run(name)
671665
672666
Args:
673-
name (str): Required.
674-
The resource name of the ScanConfig to be used. The name follows the
667+
name (str): Required. The resource name of the ScanConfig to be used. The name follows the
675668
format of 'projects/{projectId}/scanConfigs/{scanConfigId}'.
676669
retry (Optional[google.api_core.retry.Retry]): A retry object used
677670
to retry requests. If ``None`` is specified, requests will
@@ -741,8 +734,7 @@ def get_scan_run(
741734
>>> response = client.get_scan_run(name)
742735
743736
Args:
744-
name (str): Required.
745-
The resource name of the ScanRun to be returned. The name follows the
737+
name (str): Required. The resource name of the ScanRun to be returned. The name follows the
746738
format of
747739
'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
748740
retry (Optional[google.api_core.retry.Retry]): A retry object used
@@ -827,8 +819,7 @@ def list_scan_runs(
827819
... pass
828820
829821
Args:
830-
parent (str): Required.
831-
The parent resource name, which should be a scan resource name in the
822+
parent (str): Required. The parent resource name, which should be a scan resource name in the
832823
format 'projects/{projectId}/scanConfigs/{scanConfigId}'.
833824
page_size (int): The maximum number of resources contained in the
834825
underlying API response. If page streaming is performed per-
@@ -919,8 +910,7 @@ def stop_scan_run(
919910
>>> response = client.stop_scan_run(name)
920911
921912
Args:
922-
name (str): Required.
923-
The resource name of the ScanRun to be stopped. The name follows the
913+
name (str): Required. The resource name of the ScanRun to be stopped. The name follows the
924914
format of
925915
'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
926916
retry (Optional[google.api_core.retry.Retry]): A retry object used
@@ -1004,8 +994,7 @@ def list_crawled_urls(
1004994
... pass
1005995
1006996
Args:
1007-
parent (str): Required.
1008-
The parent resource name, which should be a scan run resource name in the
997+
parent (str): Required. The parent resource name, which should be a scan run resource name in the
1009998
format
1010999
'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
10111000
page_size (int): The maximum number of resources contained in the
@@ -1097,8 +1086,7 @@ def get_finding(
10971086
>>> response = client.get_finding(name)
10981087
10991088
Args:
1100-
name (str): Required.
1101-
The resource name of the Finding to be returned. The name follows the
1089+
name (str): Required. The resource name of the Finding to be returned. The name follows the
11021090
format of
11031091
'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}/findings/{findingId}'.
11041092
retry (Optional[google.api_core.retry.Retry]): A retry object used
@@ -1186,12 +1174,11 @@ def list_findings(
11861174
... pass
11871175
11881176
Args:
1189-
parent (str): Required.
1190-
The parent resource name, which should be a scan run resource name in the
1177+
parent (str): Required. The parent resource name, which should be a scan run resource name in the
11911178
format
11921179
'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
1193-
filter_ (str): The filter expression. The expression must be in the format: . Supported
1194-
field: 'finding\_type'. Supported operator: '='.
1180+
filter_ (str): Required. The filter expression. The expression must be in the format: .
1181+
Supported field: 'finding\_type'. Supported operator: '='.
11951182
page_size (int): The maximum number of resources contained in the
11961183
underlying API response. If page streaming is performed per-
11971184
resource, this parameter does not affect the return value. If page
@@ -1281,8 +1268,7 @@ def list_finding_type_stats(
12811268
>>> response = client.list_finding_type_stats(parent)
12821269
12831270
Args:
1284-
parent (str): Required.
1285-
The parent resource name, which should be a scan run resource name in the
1271+
parent (str): Required. The parent resource name, which should be a scan run resource name in the
12861272
format
12871273
'projects/{projectId}/scanConfigs/{scanConfigId}/scanRuns/{scanRunId}'.
12881274
retry (Optional[google.api_core.retry.Retry]): A retry object used

websecurityscanner/google/cloud/websecurityscanner_v1alpha/proto/crawled_url.proto

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright 2018 Google Inc.
1+
// Copyright 2019 Google LLC.
22
//
33
// Licensed under the Apache License, Version 2.0 (the "License");
44
// you may not use this file except in compliance with the License.
@@ -11,13 +11,12 @@
1111
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1212
// See the License for the specific language governing permissions and
1313
// limitations under the License.
14+
//
1415

1516
syntax = "proto3";
1617

1718
package google.cloud.websecurityscanner.v1alpha;
1819

19-
import "google/api/annotations.proto";
20-
2120
option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1alpha;websecurityscanner";
2221
option java_multiple_files = true;
2322
option java_outer_classname = "CrawledUrlProto";
@@ -27,16 +26,13 @@ option java_package = "com.google.cloud.websecurityscanner.v1alpha";
2726
// Security Scanner Service crawls the web applications, following all links
2827
// within the scope of sites, to find the URLs to test against.
2928
message CrawledUrl {
30-
// Output only.
31-
// The http method of the request that was used to visit the URL, in
29+
// Output only. The http method of the request that was used to visit the URL, in
3230
// uppercase.
3331
string http_method = 1;
3432

35-
// Output only.
36-
// The URL that was crawled.
33+
// Output only. The URL that was crawled.
3734
string url = 2;
3835

39-
// Output only.
40-
// The body of the request that was used to visit the URL.
36+
// Output only. The body of the request that was used to visit the URL.
4137
string body = 3;
4238
}

websecurityscanner/google/cloud/websecurityscanner_v1alpha/proto/crawled_url_pb2.py

Lines changed: 3 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

websecurityscanner/google/cloud/websecurityscanner_v1alpha/proto/finding.proto

Lines changed: 28 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Copyright 2018 Google Inc.
1+
// Copyright 2019 Google LLC.
22
//
33
// Licensed under the Apache License, Version 2.0 (the "License");
44
// you may not use this file except in compliance with the License.
@@ -11,12 +11,13 @@
1111
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1212
// See the License for the specific language governing permissions and
1313
// limitations under the License.
14+
//
1415

1516
syntax = "proto3";
1617

1718
package google.cloud.websecurityscanner.v1alpha;
1819

19-
import "google/api/annotations.proto";
20+
import "google/api/resource.proto";
2021
import "google/cloud/websecurityscanner/v1alpha/finding_addon.proto";
2122

2223
option go_package = "google.golang.org/genproto/googleapis/cloud/websecurityscanner/v1alpha;websecurityscanner";
@@ -27,6 +28,11 @@ option java_package = "com.google.cloud.websecurityscanner.v1alpha";
2728
// A Finding resource represents a vulnerability instance identified during a
2829
// ScanRun.
2930
message Finding {
31+
option (google.api.resource) = {
32+
type: "websecurityscanner.googleapis.com/Finding"
33+
pattern: "projects/{project}/scanConfigs/{scan_config}/scanRuns/{scan_run}/findings/{finding}"
34+
};
35+
3036
// Types of Findings.
3137
enum FindingType {
3238
// The invalid finding type.
@@ -71,70 +77,76 @@ message Finding {
7177
// An application appears to be transmitting a password field in clear text.
7278
// An attacker can eavesdrop network traffic and sniff the password field.
7379
CLEAR_TEXT_PASSWORD = 6;
80+
81+
// An application returns sensitive content with an invalid content type,
82+
// or without an 'X-Content-Type-Options: nosniff' header.
83+
INVALID_CONTENT_TYPE = 7;
84+
85+
// A cross-site scripting (XSS) vulnerability in AngularJS module that
86+
// occurs when a user-provided string is interpolated by Angular.
87+
XSS_ANGULAR_CALLBACK = 8;
88+
89+
// A malformed or invalid valued header.
90+
INVALID_HEADER = 9;
91+
92+
// Misspelled security header name.
93+
MISSPELLED_SECURITY_HEADER_NAME = 10;
94+
95+
// Mismatching values in a duplicate security header.
96+
MISMATCHING_SECURITY_HEADER_VALUES = 11;
7497
}
7598

76-
// Output only.
7799
// The resource name of the Finding. The name follows the format of
78100
// 'projects/{projectId}/scanConfigs/{scanConfigId}/scanruns/{scanRunId}/findings/{findingId}'.
79101
// The finding IDs are generated by the system.
80102
string name = 1;
81103

82-
// Output only.
83104
// The type of the Finding.
84105
FindingType finding_type = 2;
85106

86-
// Output only.
87107
// The http method of the request that triggered the vulnerability, in
88108
// uppercase.
89109
string http_method = 3;
90110

91-
// Output only.
92111
// The URL produced by the server-side fuzzer and used in the request that
93112
// triggered the vulnerability.
94113
string fuzzed_url = 4;
95114

96-
// Output only.
97115
// The body of the request that triggered the vulnerability.
98116
string body = 5;
99117

100-
// Output only.
101118
// The description of the vulnerability.
102119
string description = 6;
103120

104-
// Output only.
105121
// The URL containing human-readable payload that user can leverage to
106122
// reproduce the vulnerability.
107123
string reproduction_url = 7;
108124

109-
// Output only.
110125
// If the vulnerability was originated from nested IFrame, the immediate
111126
// parent IFrame is reported.
112127
string frame_url = 8;
113128

114-
// Output only.
115129
// The URL where the browser lands when the vulnerability is detected.
116130
string final_url = 9;
117131

118-
// Output only.
119132
// The tracking ID uniquely identifies a vulnerability instance across
120133
// multiple ScanRuns.
121134
string tracking_id = 10;
122135

123-
// Output only.
124136
// An addon containing information about outdated libraries.
125137
OutdatedLibrary outdated_library = 11;
126138

127-
// Output only.
128139
// An addon containing detailed information regarding any resource causing the
129140
// vulnerability such as JavaScript sources, image, audio files, etc.
130141
ViolatingResource violating_resource = 12;
131142

132-
// Output only.
143+
// An addon containing information about vulnerable or missing HTTP headers.
144+
VulnerableHeaders vulnerable_headers = 15;
145+
133146
// An addon containing information about request parameters which were found
134147
// to be vulnerable.
135148
VulnerableParameters vulnerable_parameters = 13;
136149

137-
// Output only.
138150
// An addon containing information reported for an XSS, if any.
139151
Xss xss = 14;
140152
}

0 commit comments

Comments
 (0)