# frozen_string_literal: true # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Auto-generated by gapic-generator-ruby. DO NOT EDIT! module Grafeas module V1 # A security vulnerability that can be found in resources. # @!attribute [rw] cvss_score # @return [::Float] # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 # where 0 indicates low severity and 10 indicates high severity. # @!attribute [rw] severity # @return [::Grafeas::V1::Severity] # The note provider assigned severity of this vulnerability. # @!attribute [rw] details # @return [::Array<::Grafeas::V1::VulnerabilityNote::Detail>] # Details of all known distros and packages affected by this vulnerability. # @!attribute [rw] cvss_v3 # @return [::Grafeas::V1::CVSSv3] # The full description of the CVSSv3 for this vulnerability. # @!attribute [rw] windows_details # @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>] # Windows details get their own format because the information format and # model don't match a normal detail. Specifically Windows updates are done as # patches, thus Windows vulnerabilities really are a missing package, rather # than a package being at an incorrect version. # @!attribute [rw] source_update_time # @return [::Google::Protobuf::Timestamp] # The time this information was last changed at the source. This is an # upstream timestamp from the underlying information source - e.g. Ubuntu # security tracker. class VulnerabilityNote include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A detail for a distro and package affected by this vulnerability and its # associated fix (if one is available). # @!attribute [rw] severity_name # @return [::String] # The distro assigned severity of this vulnerability. # @!attribute [rw] description # @return [::String] # A vendor-specific description of this vulnerability. # @!attribute [rw] package_type # @return [::String] # The type of package; whether native or non native (e.g., ruby gems, # node.js packages, etc.). # @!attribute [rw] affected_cpe_uri # @return [::String] # Required. The [CPE URI](https://cpe.mitre.org/specification/) this # vulnerability affects. # @!attribute [rw] affected_package # @return [::String] # Required. The package this vulnerability affects. # @!attribute [rw] affected_version_start # @return [::Grafeas::V1::Version] # The version number at the start of an interval in which this # vulnerability exists. A vulnerability can affect a package between # version numbers that are disjoint sets of intervals (example: # [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be # represented in its own Detail. If a specific affected version is provided # by a vulnerability database, affected_version_start and # affected_version_end will be the same in that Detail. # @!attribute [rw] affected_version_end # @return [::Grafeas::V1::Version] # The version number at the end of an interval in which this vulnerability # exists. A vulnerability can affect a package between version numbers # that are disjoint sets of intervals (example: [1.0.0-1.1.0], # [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its # own Detail. If a specific affected version is provided by a vulnerability # database, affected_version_start and affected_version_end will be the # same in that Detail. # @!attribute [rw] fixed_cpe_uri # @return [::String] # The distro recommended [CPE URI](https://cpe.mitre.org/specification/) # to update to that contains a fix for this vulnerability. It is possible # for this to be different from the affected_cpe_uri. # @!attribute [rw] fixed_package # @return [::String] # The distro recommended package to update to that contains a fix for this # vulnerability. It is possible for this to be different from the # affected_package. # @!attribute [rw] fixed_version # @return [::Grafeas::V1::Version] # The distro recommended version to update to that contains a # fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no # such version is yet available. # @!attribute [rw] is_obsolete # @return [::Boolean] # Whether this detail is obsolete. Occurrences are expected not to point to # obsolete details. # @!attribute [rw] source_update_time # @return [::Google::Protobuf::Timestamp] # The time this information was last changed at the source. This is an # upstream timestamp from the underlying information source - e.g. Ubuntu # security tracker. class Detail include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # @!attribute [rw] cpe_uri # @return [::String] # Required. The [CPE URI](https://cpe.mitre.org/specification/) this # vulnerability affects. # @!attribute [rw] name # @return [::String] # Required. The name of this vulnerability. # @!attribute [rw] description # @return [::String] # The description of this vulnerability. # @!attribute [rw] fixing_kbs # @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>] # Required. The names of the KBs which have hotfixes to mitigate this # vulnerability. Note that there may be multiple hotfixes (and thus # multiple KBs) that mitigate a given vulnerability. Currently any listed # KBs presence is considered a fix. class WindowsDetail include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] name # @return [::String] # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)). # @!attribute [rw] url # @return [::String] # A link to the KB in the [Windows update catalog] # (https://www.catalog.update.microsoft.com/). class KnowledgeBase include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end end # An occurrence of a severity vulnerability on a resource. # @!attribute [rw] type # @return [::String] # The type of package; whether native or non native (e.g., ruby gems, node.js # packages, etc.). # @!attribute [rw] severity # @return [::Grafeas::V1::Severity] # Output only. The note provider assigned severity of this vulnerability. # @!attribute [rw] cvss_score # @return [::Float] # Output only. The CVSS score of this vulnerability. CVSS score is on a # scale of 0 - 10 where 0 indicates low severity and 10 indicates high # severity. # @!attribute [rw] package_issue # @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>] # Required. The set of affected locations and their fixes (if available) # within the associated resource. # @!attribute [rw] short_description # @return [::String] # Output only. A one sentence description of this vulnerability. # @!attribute [rw] long_description # @return [::String] # Output only. A detailed description of this vulnerability. # @!attribute [rw] related_urls # @return [::Array<::Grafeas::V1::RelatedUrl>] # Output only. URLs related to this vulnerability. # @!attribute [rw] effective_severity # @return [::Grafeas::V1::Severity] # The distro assigned severity for this vulnerability when it is available, # otherwise this is the note provider assigned severity. # @!attribute [rw] fix_available # @return [::Boolean] # Output only. Whether at least one of the affected packages has a fix # available. class VulnerabilityOccurrence include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A detail for a distro and package this vulnerability occurrence was found # in and its associated fix (if one is available). # @!attribute [rw] affected_cpe_uri # @return [::String] # Required. The [CPE URI](https://cpe.mitre.org/specification/) this # vulnerability was found in. # @!attribute [rw] affected_package # @return [::String] # Required. The package this vulnerability was found in. # @!attribute [rw] affected_version # @return [::Grafeas::V1::Version] # Required. The version of the package that is installed on the resource # affected by this vulnerability. # @!attribute [rw] fixed_cpe_uri # @return [::String] # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability # was fixed in. It is possible for this to be different from the # affected_cpe_uri. # @!attribute [rw] fixed_package # @return [::String] # The package this vulnerability was fixed in. It is possible for this to # be different from the affected_package. # @!attribute [rw] fixed_version # @return [::Grafeas::V1::Version] # Required. The version of the package this vulnerability was fixed in. # Setting this to VersionKind.MAXIMUM means no fix is yet available. # @!attribute [rw] fix_available # @return [::Boolean] # Output only. Whether a fix is available for this package. class PackageIssue include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end end # Note provider assigned severity/impact ranking. module Severity # Unknown. SEVERITY_UNSPECIFIED = 0 # Minimal severity. MINIMAL = 1 # Low severity. LOW = 2 # Medium severity. MEDIUM = 3 # High severity. HIGH = 4 # Critical severity. CRITICAL = 5 end end end