Enum value maps for Severity.
var (
Severity_name = map[int32]string{
0: "SEVERITY_UNSPECIFIED",
1: "MINIMAL",
2: "LOW",
3: "MEDIUM",
4: "HIGH",
5: "CRITICAL",
}
Severity_value = map[string]int32{
"SEVERITY_UNSPECIFIED": 0,
"MINIMAL": 1,
"LOW": 2,
"MEDIUM": 3,
"HIGH": 4,
"CRITICAL": 5,
}
)
var File_google_devtools_containeranalysis_v1beta1_vulnerability_vulnerability_proto protoreflect.FileDescriptor
Details of a vulnerability Occurrence.
type Details struct {
// The type of package; whether native or non native(ruby gems, node.js
// packages etc)
Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
// Output only. The note provider assigned Severity of the vulnerability.
Severity Severity `protobuf:"varint,2,opt,name=severity,proto3,enum=grafeas.v1beta1.vulnerability.Severity" json:"severity,omitempty"`
// Output only. The CVSS score of this vulnerability. CVSS score is on a
// scale of 0-10 where 0 indicates low severity and 10 indicates high
// severity.
CvssScore float32 `protobuf:"fixed32,3,opt,name=cvss_score,json=cvssScore,proto3" json:"cvss_score,omitempty"`
// Required. The set of affected locations and their fixes (if available)
// within the associated resource.
PackageIssue []*PackageIssue `protobuf:"bytes,4,rep,name=package_issue,json=packageIssue,proto3" json:"package_issue,omitempty"`
// Output only. A one sentence description of this vulnerability.
ShortDescription string `protobuf:"bytes,5,opt,name=short_description,json=shortDescription,proto3" json:"short_description,omitempty"`
// Output only. A detailed description of this vulnerability.
LongDescription string `protobuf:"bytes,6,opt,name=long_description,json=longDescription,proto3" json:"long_description,omitempty"`
// Output only. URLs related to this vulnerability.
RelatedUrls []*common.RelatedUrl `protobuf:"bytes,7,rep,name=related_urls,json=relatedUrls,proto3" json:"related_urls,omitempty"`
// The distro assigned severity for this vulnerability when it is
// available, and note provider assigned severity when distro has not yet
// assigned a severity for this vulnerability.
EffectiveSeverity Severity `protobuf:"varint,8,opt,name=effective_severity,json=effectiveSeverity,proto3,enum=grafeas.v1beta1.vulnerability.Severity" json:"effective_severity,omitempty"`
// contains filtered or unexported fields
}
func (*Details) Descriptor() ([]byte, []int)
Deprecated: Use Details.ProtoReflect.Descriptor instead.
func (x *Details) GetCvssScore() float32
func (x *Details) GetEffectiveSeverity() Severity
func (x *Details) GetLongDescription() string
func (x *Details) GetPackageIssue() []*PackageIssue
func (x *Details) GetRelatedUrls() []*common.RelatedUrl
func (x *Details) GetSeverity() Severity
func (x *Details) GetShortDescription() string
func (x *Details) GetType() string
func (*Details) ProtoMessage()
func (x *Details) ProtoReflect() protoreflect.Message
func (x *Details) Reset()
func (x *Details) String() string
This message wraps a location affected by a vulnerability and its associated fix (if one is available).
type PackageIssue struct {
// Required. The location of the vulnerability.
AffectedLocation *VulnerabilityLocation `protobuf:"bytes,1,opt,name=affected_location,json=affectedLocation,proto3" json:"affected_location,omitempty"`
// The location of the available fix for vulnerability.
FixedLocation *VulnerabilityLocation `protobuf:"bytes,2,opt,name=fixed_location,json=fixedLocation,proto3" json:"fixed_location,omitempty"`
// Deprecated, use Details.effective_severity instead
// The severity (e.g., distro assigned severity) for this vulnerability.
SeverityName string `protobuf:"bytes,3,opt,name=severity_name,json=severityName,proto3" json:"severity_name,omitempty"`
// contains filtered or unexported fields
}
func (*PackageIssue) Descriptor() ([]byte, []int)
Deprecated: Use PackageIssue.ProtoReflect.Descriptor instead.
func (x *PackageIssue) GetAffectedLocation() *VulnerabilityLocation
func (x *PackageIssue) GetFixedLocation() *VulnerabilityLocation
func (x *PackageIssue) GetSeverityName() string
func (*PackageIssue) ProtoMessage()
func (x *PackageIssue) ProtoReflect() protoreflect.Message
func (x *PackageIssue) Reset()
func (x *PackageIssue) String() string
Note provider-assigned severity/impact ranking.
type Severity int32
const (
// Unknown.
Severity_SEVERITY_UNSPECIFIED Severity = 0
// Minimal severity.
Severity_MINIMAL Severity = 1
// Low severity.
Severity_LOW Severity = 2
// Medium severity.
Severity_MEDIUM Severity = 3
// High severity.
Severity_HIGH Severity = 4
// Critical severity.
Severity_CRITICAL Severity = 5
)
func (Severity) Descriptor() protoreflect.EnumDescriptor
func (x Severity) Enum() *Severity
func (Severity) EnumDescriptor() ([]byte, []int)
Deprecated: Use Severity.Descriptor instead.
func (x Severity) Number() protoreflect.EnumNumber
func (x Severity) String() string
func (Severity) Type() protoreflect.EnumType
Vulnerability provides metadata about a security vulnerability in a Note.
type Vulnerability struct {
// The CVSS score for this vulnerability.
CvssScore float32 `protobuf:"fixed32,1,opt,name=cvss_score,json=cvssScore,proto3" json:"cvss_score,omitempty"`
// Note provider assigned impact of the vulnerability.
Severity Severity `protobuf:"varint,2,opt,name=severity,proto3,enum=grafeas.v1beta1.vulnerability.Severity" json:"severity,omitempty"`
// All information about the package to specifically identify this
// vulnerability. One entry per (version range and cpe_uri) the package
// vulnerability has manifested in.
Details []*Vulnerability_Detail `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"`
// The full description of the CVSSv3.
CvssV3 *cvss.CVSSv3 `protobuf:"bytes,4,opt,name=cvss_v3,json=cvssV3,proto3" json:"cvss_v3,omitempty"`
// Windows details get their own format because the information format and
// model don't match a normal detail. Specifically Windows updates are done as
// patches, thus Windows vulnerabilities really are a missing package, rather
// than a package being at an incorrect version.
WindowsDetails []*Vulnerability_WindowsDetail `protobuf:"bytes,5,rep,name=windows_details,json=windowsDetails,proto3" json:"windows_details,omitempty"`
// The time this information was last changed at the source. This is an
// upstream timestamp from the underlying information source - e.g. Ubuntu
// security tracker.
SourceUpdateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=source_update_time,json=sourceUpdateTime,proto3" json:"source_update_time,omitempty"`
// contains filtered or unexported fields
}
func (*Vulnerability) Descriptor() ([]byte, []int)
Deprecated: Use Vulnerability.ProtoReflect.Descriptor instead.
func (x *Vulnerability) GetCvssScore() float32
func (x *Vulnerability) GetCvssV3() *cvss.CVSSv3
func (x *Vulnerability) GetDetails() []*Vulnerability_Detail
func (x *Vulnerability) GetSeverity() Severity
func (x *Vulnerability) GetSourceUpdateTime() *timestamppb.Timestamp
func (x *Vulnerability) GetWindowsDetails() []*Vulnerability_WindowsDetail
func (*Vulnerability) ProtoMessage()
func (x *Vulnerability) ProtoReflect() protoreflect.Message
func (x *Vulnerability) Reset()
func (x *Vulnerability) String() string
The location of the vulnerability.
type VulnerabilityLocation struct {
// Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
// format. Examples include distro or storage location for vulnerable jar.
CpeUri string `protobuf:"bytes,1,opt,name=cpe_uri,json=cpeUri,proto3" json:"cpe_uri,omitempty"`
// Required. The package being described.
Package string `protobuf:"bytes,2,opt,name=package,proto3" json:"package,omitempty"`
// Required. The version of the package being described.
Version *_package.Version `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
// contains filtered or unexported fields
}
func (*VulnerabilityLocation) Descriptor() ([]byte, []int)
Deprecated: Use VulnerabilityLocation.ProtoReflect.Descriptor instead.
func (x *VulnerabilityLocation) GetCpeUri() string
func (x *VulnerabilityLocation) GetPackage() string
func (x *VulnerabilityLocation) GetVersion() *_package.Version
func (*VulnerabilityLocation) ProtoMessage()
func (x *VulnerabilityLocation) ProtoReflect() protoreflect.Message
func (x *VulnerabilityLocation) Reset()
func (x *VulnerabilityLocation) String() string
Identifies all appearances of this vulnerability in the package for a specific distro/location. For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
type Vulnerability_Detail struct {
// Required. The CPE URI in
// [cpe format](https://cpe.mitre.org/specification/) in which the
// vulnerability manifests. Examples include distro or storage location for
// vulnerable jar.
CpeUri string `protobuf:"bytes,1,opt,name=cpe_uri,json=cpeUri,proto3" json:"cpe_uri,omitempty"`
// Required. The name of the package where the vulnerability was found.
Package string `protobuf:"bytes,2,opt,name=package,proto3" json:"package,omitempty"`
// The min version of the package in which the vulnerability exists.
MinAffectedVersion *_package.Version `protobuf:"bytes,3,opt,name=min_affected_version,json=minAffectedVersion,proto3" json:"min_affected_version,omitempty"`
// The max version of the package in which the vulnerability exists.
MaxAffectedVersion *_package.Version `protobuf:"bytes,4,opt,name=max_affected_version,json=maxAffectedVersion,proto3" json:"max_affected_version,omitempty"`
// The severity (eg: distro assigned severity) for this vulnerability.
SeverityName string `protobuf:"bytes,5,opt,name=severity_name,json=severityName,proto3" json:"severity_name,omitempty"`
// A vendor-specific description of this note.
Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
// The fix for this specific package version.
FixedLocation *VulnerabilityLocation `protobuf:"bytes,7,opt,name=fixed_location,json=fixedLocation,proto3" json:"fixed_location,omitempty"`
// The type of package; whether native or non native(ruby gems, node.js
// packages etc).
PackageType string `protobuf:"bytes,8,opt,name=package_type,json=packageType,proto3" json:"package_type,omitempty"`
// Whether this detail is obsolete. Occurrences are expected not to point to
// obsolete details.
IsObsolete bool `protobuf:"varint,9,opt,name=is_obsolete,json=isObsolete,proto3" json:"is_obsolete,omitempty"`
// The time this information was last changed at the source. This is an
// upstream timestamp from the underlying information source - e.g. Ubuntu
// security tracker.
SourceUpdateTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=source_update_time,json=sourceUpdateTime,proto3" json:"source_update_time,omitempty"`
// contains filtered or unexported fields
}
func (*Vulnerability_Detail) Descriptor() ([]byte, []int)
Deprecated: Use Vulnerability_Detail.ProtoReflect.Descriptor instead.
func (x *Vulnerability_Detail) GetCpeUri() string
func (x *Vulnerability_Detail) GetDescription() string
func (x *Vulnerability_Detail) GetFixedLocation() *VulnerabilityLocation
func (x *Vulnerability_Detail) GetIsObsolete() bool
func (x *Vulnerability_Detail) GetMaxAffectedVersion() *_package.Version
func (x *Vulnerability_Detail) GetMinAffectedVersion() *_package.Version
func (x *Vulnerability_Detail) GetPackage() string
func (x *Vulnerability_Detail) GetPackageType() string
func (x *Vulnerability_Detail) GetSeverityName() string
func (x *Vulnerability_Detail) GetSourceUpdateTime() *timestamppb.Timestamp
func (*Vulnerability_Detail) ProtoMessage()
func (x *Vulnerability_Detail) ProtoReflect() protoreflect.Message
func (x *Vulnerability_Detail) Reset()
func (x *Vulnerability_Detail) String() string
type Vulnerability_WindowsDetail struct {
// Required. The CPE URI in
// [cpe format](https://cpe.mitre.org/specification/) in which the
// vulnerability manifests. Examples include distro or storage location for
// vulnerable jar.
CpeUri string `protobuf:"bytes,1,opt,name=cpe_uri,json=cpeUri,proto3" json:"cpe_uri,omitempty"`
// Required. The name of the vulnerability.
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
// The description of the vulnerability.
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// Required. The names of the KBs which have hotfixes to mitigate this
// vulnerability. Note that there may be multiple hotfixes (and thus
// multiple KBs) that mitigate a given vulnerability. Currently any listed
// kb's presence is considered a fix.
FixingKbs []*Vulnerability_WindowsDetail_KnowledgeBase `protobuf:"bytes,4,rep,name=fixing_kbs,json=fixingKbs,proto3" json:"fixing_kbs,omitempty"`
// contains filtered or unexported fields
}
func (*Vulnerability_WindowsDetail) Descriptor() ([]byte, []int)
Deprecated: Use Vulnerability_WindowsDetail.ProtoReflect.Descriptor instead.
func (x *Vulnerability_WindowsDetail) GetCpeUri() string
func (x *Vulnerability_WindowsDetail) GetDescription() string
func (x *Vulnerability_WindowsDetail) GetFixingKbs() []*Vulnerability_WindowsDetail_KnowledgeBase
func (x *Vulnerability_WindowsDetail) GetName() string
func (*Vulnerability_WindowsDetail) ProtoMessage()
func (x *Vulnerability_WindowsDetail) ProtoReflect() protoreflect.Message
func (x *Vulnerability_WindowsDetail) Reset()
func (x *Vulnerability_WindowsDetail) String() string
type Vulnerability_WindowsDetail_KnowledgeBase struct {
// The KB name (generally of the form KB[0-9]+ i.e. KB123456).
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// A link to the KB in the Windows update catalog -
// https://www.catalog.update.microsoft.com/
Url string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
// contains filtered or unexported fields
}
func (*Vulnerability_WindowsDetail_KnowledgeBase) Descriptor() ([]byte, []int)
Deprecated: Use Vulnerability_WindowsDetail_KnowledgeBase.ProtoReflect.Descriptor instead.
func (x *Vulnerability_WindowsDetail_KnowledgeBase) GetName() string
func (x *Vulnerability_WindowsDetail_KnowledgeBase) GetUrl() string
func (*Vulnerability_WindowsDetail_KnowledgeBase) ProtoMessage()
func (x *Vulnerability_WindowsDetail_KnowledgeBase) ProtoReflect() protoreflect.Message
func (x *Vulnerability_WindowsDetail_KnowledgeBase) Reset()
func (x *Vulnerability_WindowsDetail_KnowledgeBase) String() string