# frozen_string_literal: true
# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
module Grafeas
module V1
# A single VulnerabilityAssessmentNote represents
# one particular product's vulnerability assessment for one CVE.
# @!attribute [rw] title
# @return [::String]
# The title of the note. E.g. `Vex-Debian-11.4`
# @!attribute [rw] short_description
# @return [::String]
# A one sentence description of this Vex.
# @!attribute [rw] long_description
# @return [::String]
# A detailed description of this Vex.
# @!attribute [rw] language_code
# @return [::String]
# Identifies the language used by this document,
# corresponding to IETF BCP 47 / RFC 5646.
# @!attribute [rw] publisher
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Publisher]
# Publisher details of this Note.
# @!attribute [rw] product
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Product]
# The product affected by this vex.
# @!attribute [rw] assessment
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment]
# Represents a vulnerability assessment for the product.
class VulnerabilityAssessmentNote
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
# Publisher contains information about the publisher of
# this Note.
# (-- api-linter: core::0123::resource-annotation=disabled
# aip.dev/not-precedent: Publisher is not a separate resource. --)
# @!attribute [rw] name
# @return [::String]
# Name of the publisher.
# Examples: 'Google', 'Google Cloud Platform'.
# @!attribute [rw] issuing_authority
# @return [::String]
# Provides information about the authority of the issuing party to
# release the document, in particular, the party's constituency and
# responsibilities or other obligations.
# @!attribute [rw] publisher_namespace
# @return [::String]
# The context or namespace.
# Contains a URL which is under control of the issuing party and can
# be used as a globally unique identifier for that issuing party.
# Example: https://csaf.io
class Publisher
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
# Product contains information about a product and how to uniquely identify
# it.
# (-- api-linter: core::0123::resource-annotation=disabled
# aip.dev/not-precedent: Product is not a separate resource. --)
# @!attribute [rw] name
# @return [::String]
# Name of the product.
# @!attribute [rw] id
# @return [::String]
# Token that identifies a product so that it can be referred to from other
# parts in the document. There is no predefined format as long as it
# uniquely identifies a group in the context of the current document.
# @!attribute [rw] generic_uri
# @return [::String]
# Contains a URI which is vendor-specific.
# Example: The artifact repository URL of an image.
class Product
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
end
# Assessment provides all information that is related to a single
# vulnerability for this product.
# @!attribute [rw] cve
# @return [::String]
# Holds the MITRE standard Common Vulnerabilities and Exposures (CVE)
# tracking number for the vulnerability.
# @!attribute [rw] short_description
# @return [::String]
# A one sentence description of this Vex.
# @!attribute [rw] long_description
# @return [::String]
# A detailed description of this Vex.
# @!attribute [rw] related_uris
# @return [::Array<::Grafeas::V1::RelatedUrl>]
# Holds a list of references associated with this vulnerability item and
# assessment. These uris have additional information about the
# vulnerability and the assessment itself. E.g. Link to a document which
# details how this assessment concluded the state of this vulnerability.
# @!attribute [rw] state
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::State]
# Provides the state of this Vulnerability assessment.
# @!attribute [rw] impacts
# @return [::Array<::String>]
# Contains information about the impact of this vulnerability,
# this will change with time.
# @!attribute [rw] justification
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification]
# Justification provides the justification when the state of the
# assessment if NOT_AFFECTED.
# @!attribute [rw] remediations
# @return [::Array<::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation>]
# Specifies details on how to handle (and presumably, fix) a vulnerability.
class Assessment
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
# Justification provides the justification when the state of the
# assessment if NOT_AFFECTED.
# @!attribute [rw] justification_type
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Justification::JustificationType]
# The justification type for this vulnerability.
# @!attribute [rw] details
# @return [::String]
# Additional details on why this justification was chosen.
class Justification
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
# Provides the type of justification.
module JustificationType
# JUSTIFICATION_TYPE_UNSPECIFIED.
JUSTIFICATION_TYPE_UNSPECIFIED = 0
# The vulnerable component is not present in the product.
COMPONENT_NOT_PRESENT = 1
# The vulnerable code is not present. Typically this case
# occurs when source code is configured or built in a way that excludes
# the vulnerable code.
VULNERABLE_CODE_NOT_PRESENT = 2
# The vulnerable code can not be executed.
# Typically this case occurs when the product includes the vulnerable
# code but does not call or use the vulnerable code.
VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3
# The vulnerable code cannot be controlled by an attacker to exploit
# the vulnerability.
VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4
# The product includes built-in protections or features that prevent
# exploitation of the vulnerability. These built-in protections cannot
# be subverted by the attacker and cannot be configured or disabled by
# the user. These mitigations completely prevent exploitation based on
# known attack vectors.
INLINE_MITIGATIONS_ALREADY_EXIST = 5
end
end
# Specifies details on how to handle (and presumably, fix) a vulnerability.
# @!attribute [rw] remediation_type
# @return [::Grafeas::V1::VulnerabilityAssessmentNote::Assessment::Remediation::RemediationType]
# The type of remediation that can be applied.
# @!attribute [rw] details
# @return [::String]
# Contains a comprehensive human-readable discussion of the remediation.
# @!attribute [rw] remediation_uri
# @return [::Grafeas::V1::RelatedUrl]
# Contains the URL where to obtain the remediation.
class Remediation
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
# The type of remediation that can be applied.
module RemediationType
# No remediation type specified.
REMEDIATION_TYPE_UNSPECIFIED = 0
# A MITIGATION is available.
MITIGATION = 1
# No fix is planned.
NO_FIX_PLANNED = 2
# Not available.
NONE_AVAILABLE = 3
# A vendor fix is available.
VENDOR_FIX = 4
# A workaround is available.
WORKAROUND = 5
end
end
# Provides the state of this Vulnerability assessment.
module State
# No state is specified.
STATE_UNSPECIFIED = 0
# This product is known to be affected by this vulnerability.
AFFECTED = 1
# This product is known to be not affected by this vulnerability.
NOT_AFFECTED = 2
# This product contains a fix for this vulnerability.
FIXED = 3
# It is not known yet whether these versions are or are not affected
# by the vulnerability. However, it is still under investigation.
UNDER_INVESTIGATION = 4
end
end
end
end
end