vulnerability

package
v0.0.0-...-6cb3ea0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Severity_name = map[int32]string{
		0: "SEVERITY_UNSPECIFIED",
		1: "MINIMAL",
		2: "LOW",
		3: "MEDIUM",
		4: "HIGH",
		5: "CRITICAL",
	}
	Severity_value = map[string]int32{
		"SEVERITY_UNSPECIFIED": 0,
		"MINIMAL":              1,
		"LOW":                  2,
		"MEDIUM":               3,
		"HIGH":                 4,
		"CRITICAL":             5,
	}
)

Enum value maps for Severity.

View Source 
var File_google_devtools_containeranalysis_v1beta1_vulnerability_vulnerability_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Details 

type Details struct {

	// The type of package; whether native or non native(ruby gems, node.js
	// packages etc)
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// Output only. The note provider assigned Severity of the vulnerability.
	Severity Severity `protobuf:"varint,2,opt,name=severity,proto3,enum=grafeas.v1beta1.vulnerability.Severity" json:"severity,omitempty"`
	// Output only. The CVSS score of this vulnerability. CVSS score is on a
	// scale of 0-10 where 0 indicates low severity and 10 indicates high
	// severity.
	CvssScore float32 `protobuf:"fixed32,3,opt,name=cvss_score,json=cvssScore,proto3" json:"cvss_score,omitempty"`
	// Required. The set of affected locations and their fixes (if available)
	// within the associated resource.
	PackageIssue []*PackageIssue `protobuf:"bytes,4,rep,name=package_issue,json=packageIssue,proto3" json:"package_issue,omitempty"`
	// Output only. A one sentence description of this vulnerability.
	ShortDescription string `protobuf:"bytes,5,opt,name=short_description,json=shortDescription,proto3" json:"short_description,omitempty"`
	// Output only. A detailed description of this vulnerability.
	LongDescription string `protobuf:"bytes,6,opt,name=long_description,json=longDescription,proto3" json:"long_description,omitempty"`
	// Output only. URLs related to this vulnerability.
	RelatedUrls []*common.RelatedUrl `protobuf:"bytes,7,rep,name=related_urls,json=relatedUrls,proto3" json:"related_urls,omitempty"`
	// The distro assigned severity for this vulnerability when it is
	// available, and note provider assigned severity when distro has not yet
	// assigned a severity for this vulnerability.
	EffectiveSeverity Severity `` /* 157-byte string literal not displayed */
	// contains filtered or unexported fields
}

Details of a vulnerability Occurrence.

func (*Details) Descriptor deprecated 

func (*Details) Descriptor() ([]byte, []int)

Deprecated: Use Details.ProtoReflect.Descriptor instead.

func (*Details) GetCvssScore 

func (x *Details) GetCvssScore() float32

func (*Details) GetEffectiveSeverity 

func (x *Details) GetEffectiveSeverity() Severity

func (*Details) GetLongDescription 

func (x *Details) GetLongDescription() string

func (*Details) GetPackageIssue 

func (x *Details) GetPackageIssue() []*PackageIssue

func (*Details) GetRelatedUrls 

func (x *Details) GetRelatedUrls() []*common.RelatedUrl

func (*Details) GetSeverity 

func (x *Details) GetSeverity() Severity

func (*Details) GetShortDescription 

func (x *Details) GetShortDescription() string

func (*Details) GetType 

func (x *Details) GetType() string

func (*Details) ProtoMessage 

func (*Details) ProtoMessage()

func (*Details) ProtoReflect 

func (x *Details) ProtoReflect() protoreflect.Message

func (*Details) Reset 

func (x *Details) Reset()

func (*Details) String 

func (x *Details) String() string

type PackageIssue 

type PackageIssue struct {

	// Required. The location of the vulnerability.
	AffectedLocation *VulnerabilityLocation `protobuf:"bytes,1,opt,name=affected_location,json=affectedLocation,proto3" json:"affected_location,omitempty"`
	// The location of the available fix for vulnerability.
	FixedLocation *VulnerabilityLocation `protobuf:"bytes,2,opt,name=fixed_location,json=fixedLocation,proto3" json:"fixed_location,omitempty"`
	// Deprecated, use Details.effective_severity instead
	// The severity (e.g., distro assigned severity) for this vulnerability.
	SeverityName string `protobuf:"bytes,3,opt,name=severity_name,json=severityName,proto3" json:"severity_name,omitempty"`
	// contains filtered or unexported fields
}

This message wraps a location affected by a vulnerability and its associated fix (if one is available).

func (*PackageIssue) Descriptor deprecated 

func (*PackageIssue) Descriptor() ([]byte, []int)

Deprecated: Use PackageIssue.ProtoReflect.Descriptor instead.

func (*PackageIssue) GetAffectedLocation 

func (x *PackageIssue) GetAffectedLocation() *VulnerabilityLocation

func (*PackageIssue) GetFixedLocation 

func (x *PackageIssue) GetFixedLocation() *VulnerabilityLocation

func (*PackageIssue) GetSeverityName 

func (x *PackageIssue) GetSeverityName() string

func (*PackageIssue) ProtoMessage 

func (*PackageIssue) ProtoMessage()

func (*PackageIssue) ProtoReflect 

func (x *PackageIssue) ProtoReflect() protoreflect.Message

func (*PackageIssue) Reset 

func (x *PackageIssue) Reset()

func (*PackageIssue) String 

func (x *PackageIssue) String() string

type Severity 

type Severity int32

Note provider-assigned severity/impact ranking. 

const (
	// Unknown.
	Severity_SEVERITY_UNSPECIFIED Severity = 0
	// Minimal severity.
	Severity_MINIMAL Severity = 1
	// Low severity.
	Severity_LOW Severity = 2
	// Medium severity.
	Severity_MEDIUM Severity = 3
	// High severity.
	Severity_HIGH Severity = 4
	// Critical severity.
	Severity_CRITICAL Severity = 5
)

func (Severity) Descriptor 

func (Severity) Descriptor() protoreflect.EnumDescriptor

func (Severity) Enum 

func (x Severity) Enum() *Severity

func (Severity) EnumDescriptor deprecated 

func (Severity) EnumDescriptor() ([]byte, []int)

Deprecated: Use Severity.Descriptor instead.

func (Severity) Number 

func (x Severity) Number() protoreflect.EnumNumber

func (Severity) String 

func (x Severity) String() string

func (Severity) Type 

func (Severity) Type() protoreflect.EnumType

type Vulnerability 

type Vulnerability struct {

	// The CVSS score for this vulnerability.
	CvssScore float32 `protobuf:"fixed32,1,opt,name=cvss_score,json=cvssScore,proto3" json:"cvss_score,omitempty"`
	// Note provider assigned impact of the vulnerability.
	Severity Severity `protobuf:"varint,2,opt,name=severity,proto3,enum=grafeas.v1beta1.vulnerability.Severity" json:"severity,omitempty"`
	// All information about the package to specifically identify this
	// vulnerability. One entry per (version range and cpe_uri) the package
	// vulnerability has manifested in.
	Details []*Vulnerability_Detail `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"`
	// The full description of the CVSSv3.
	CvssV3 *cvss.CVSSv3 `protobuf:"bytes,4,opt,name=cvss_v3,json=cvssV3,proto3" json:"cvss_v3,omitempty"`
	// Windows details get their own format because the information format and
	// model don't match a normal detail. Specifically Windows updates are done as
	// patches, thus Windows vulnerabilities really are a missing package, rather
	// than a package being at an incorrect version.
	WindowsDetails []*Vulnerability_WindowsDetail `protobuf:"bytes,5,rep,name=windows_details,json=windowsDetails,proto3" json:"windows_details,omitempty"`
	// The time this information was last changed at the source. This is an
	// upstream timestamp from the underlying information source - e.g. Ubuntu
	// security tracker.
	SourceUpdateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=source_update_time,json=sourceUpdateTime,proto3" json:"source_update_time,omitempty"`
	// contains filtered or unexported fields
}

Vulnerability provides metadata about a security vulnerability in a Note.

func (*Vulnerability) Descriptor deprecated 

func (*Vulnerability) Descriptor() ([]byte, []int)

Deprecated: Use Vulnerability.ProtoReflect.Descriptor instead.

func (*Vulnerability) GetCvssScore 

func (x *Vulnerability) GetCvssScore() float32

func (*Vulnerability) GetCvssV3 

func (x *Vulnerability) GetCvssV3() *cvss.CVSSv3

func (*Vulnerability) GetDetails 

func (x *Vulnerability) GetDetails() []*Vulnerability_Detail

func (*Vulnerability) GetSeverity 

func (x *Vulnerability) GetSeverity() Severity

func (*Vulnerability) GetSourceUpdateTime 

func (x *Vulnerability) GetSourceUpdateTime() *timestamppb.Timestamp

func (*Vulnerability) GetWindowsDetails 

func (x *Vulnerability) GetWindowsDetails() []*Vulnerability_WindowsDetail

func (*Vulnerability) ProtoMessage 

func (*Vulnerability) ProtoMessage()

func (*Vulnerability) ProtoReflect 

func (x *Vulnerability) ProtoReflect() protoreflect.Message

func (*Vulnerability) Reset 

func (x *Vulnerability) Reset()

func (*Vulnerability) String 

func (x *Vulnerability) String() string

type VulnerabilityLocation 

type VulnerabilityLocation struct {

	// Required. The CPE URI in [cpe format](https://cpe.mitre.org/specification/)
	// format. Examples include distro or storage location for vulnerable jar.
	CpeUri string `protobuf:"bytes,1,opt,name=cpe_uri,json=cpeUri,proto3" json:"cpe_uri,omitempty"`
	// Required. The package being described.
	Package string `protobuf:"bytes,2,opt,name=package,proto3" json:"package,omitempty"`
	// Required. The version of the package being described.
	Version *_package.Version `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	// contains filtered or unexported fields
}

The location of the vulnerability.

func (*VulnerabilityLocation) Descriptor deprecated 

func (*VulnerabilityLocation) Descriptor() ([]byte, []int)

Deprecated: Use VulnerabilityLocation.ProtoReflect.Descriptor instead.

func (*VulnerabilityLocation) GetCpeUri 

func (x *VulnerabilityLocation) GetCpeUri() string

func (*VulnerabilityLocation) GetPackage 

func (x *VulnerabilityLocation) GetPackage() string

func (*VulnerabilityLocation) GetVersion 

func (x *VulnerabilityLocation) GetVersion() *_package.Version

func (*VulnerabilityLocation) ProtoMessage 

func (*VulnerabilityLocation) ProtoMessage()

func (*VulnerabilityLocation) ProtoReflect 

func (x *VulnerabilityLocation) ProtoReflect() protoreflect.Message

func (*VulnerabilityLocation) Reset 

func (x *VulnerabilityLocation) Reset()

func (*VulnerabilityLocation) String 

func (x *VulnerabilityLocation) String() string

type Vulnerability_Detail 

type Vulnerability_Detail struct {

	// Required. The CPE URI in
	// [cpe format](https://cpe.mitre.org/specification/) in which the
	// vulnerability manifests. Examples include distro or storage location for
	// vulnerable jar.
	CpeUri string `protobuf:"bytes,1,opt,name=cpe_uri,json=cpeUri,proto3" json:"cpe_uri,omitempty"`
	// Required. The name of the package where the vulnerability was found.
	Package string `protobuf:"bytes,2,opt,name=package,proto3" json:"package,omitempty"`
	// The min version of the package in which the vulnerability exists.
	MinAffectedVersion *_package.Version `protobuf:"bytes,3,opt,name=min_affected_version,json=minAffectedVersion,proto3" json:"min_affected_version,omitempty"`
	// The max version of the package in which the vulnerability exists.
	MaxAffectedVersion *_package.Version `protobuf:"bytes,4,opt,name=max_affected_version,json=maxAffectedVersion,proto3" json:"max_affected_version,omitempty"`
	// The severity (eg: distro assigned severity) for this vulnerability.
	SeverityName string `protobuf:"bytes,5,opt,name=severity_name,json=severityName,proto3" json:"severity_name,omitempty"`
	// A vendor-specific description of this note.
	Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
	// The fix for this specific package version.
	FixedLocation *VulnerabilityLocation `protobuf:"bytes,7,opt,name=fixed_location,json=fixedLocation,proto3" json:"fixed_location,omitempty"`
	// The type of package; whether native or non native(ruby gems, node.js
	// packages etc).
	PackageType string `protobuf:"bytes,8,opt,name=package_type,json=packageType,proto3" json:"package_type,omitempty"`
	// Whether this detail is obsolete. Occurrences are expected not to point to
	// obsolete details.
	IsObsolete bool `protobuf:"varint,9,opt,name=is_obsolete,json=isObsolete,proto3" json:"is_obsolete,omitempty"`
	// The time this information was last changed at the source. This is an
	// upstream timestamp from the underlying information source - e.g. Ubuntu
	// security tracker.
	SourceUpdateTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=source_update_time,json=sourceUpdateTime,proto3" json:"source_update_time,omitempty"`
	// contains filtered or unexported fields
}

Identifies all appearances of this vulnerability in the package for a specific distro/location. For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2

func (*Vulnerability_Detail) Descriptor deprecated 

func (*Vulnerability_Detail) Descriptor() ([]byte, []int)

Deprecated: Use Vulnerability_Detail.ProtoReflect.Descriptor instead.

func (*Vulnerability_Detail) GetCpeUri 

func (x *Vulnerability_Detail) GetCpeUri() string

func (*Vulnerability_Detail) GetDescription 

func (x *Vulnerability_Detail) GetDescription() string

func (*Vulnerability_Detail) GetFixedLocation 

func (x *Vulnerability_Detail) GetFixedLocation() *VulnerabilityLocation

func (*Vulnerability_Detail) GetIsObsolete 

func (x *Vulnerability_Detail) GetIsObsolete() bool

func (*Vulnerability_Detail) GetMaxAffectedVersion 

func (x *Vulnerability_Detail) GetMaxAffectedVersion() *_package.Version

func (*Vulnerability_Detail) GetMinAffectedVersion 

func (x *Vulnerability_Detail) GetMinAffectedVersion() *_package.Version

func (*Vulnerability_Detail) GetPackage 

func (x *Vulnerability_Detail) GetPackage() string

func (*Vulnerability_Detail) GetPackageType 

func (x *Vulnerability_Detail) GetPackageType() string

func (*Vulnerability_Detail) GetSeverityName 

func (x *Vulnerability_Detail) GetSeverityName() string

func (*Vulnerability_Detail) GetSourceUpdateTime 

func (x *Vulnerability_Detail) GetSourceUpdateTime() *timestamppb.Timestamp

func (*Vulnerability_Detail) ProtoMessage 

func (*Vulnerability_Detail) ProtoMessage()

func (*Vulnerability_Detail) ProtoReflect 

func (x *Vulnerability_Detail) ProtoReflect() protoreflect.Message

func (*Vulnerability_Detail) Reset 

func (x *Vulnerability_Detail) Reset()

func (*Vulnerability_Detail) String 

func (x *Vulnerability_Detail) String() string

type Vulnerability_WindowsDetail 

type Vulnerability_WindowsDetail struct {

	// Required. The CPE URI in
	// [cpe format](https://cpe.mitre.org/specification/) in which the
	// vulnerability manifests. Examples include distro or storage location for
	// vulnerable jar.
	CpeUri string `protobuf:"bytes,1,opt,name=cpe_uri,json=cpeUri,proto3" json:"cpe_uri,omitempty"`
	// Required. The name of the vulnerability.
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// The description of the vulnerability.
	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
	// Required. The names of the KBs which have hotfixes to mitigate this
	// vulnerability. Note that there may be multiple hotfixes (and thus
	// multiple KBs) that mitigate a given vulnerability. Currently any listed
	// kb's presence is considered a fix.
	FixingKbs []*Vulnerability_WindowsDetail_KnowledgeBase `protobuf:"bytes,4,rep,name=fixing_kbs,json=fixingKbs,proto3" json:"fixing_kbs,omitempty"`
	// contains filtered or unexported fields
}

func (*Vulnerability_WindowsDetail) Descriptor deprecated 

func (*Vulnerability_WindowsDetail) Descriptor() ([]byte, []int)

Deprecated: Use Vulnerability_WindowsDetail.ProtoReflect.Descriptor instead.

func (*Vulnerability_WindowsDetail) GetCpeUri 

func (x *Vulnerability_WindowsDetail) GetCpeUri() string

func (*Vulnerability_WindowsDetail) GetDescription 

func (x *Vulnerability_WindowsDetail) GetDescription() string

func (*Vulnerability_WindowsDetail) GetFixingKbs 

func (x *Vulnerability_WindowsDetail) GetFixingKbs() []*Vulnerability_WindowsDetail_KnowledgeBase

func (*Vulnerability_WindowsDetail) GetName 

func (x *Vulnerability_WindowsDetail) GetName() string

func (*Vulnerability_WindowsDetail) ProtoMessage 

func (*Vulnerability_WindowsDetail) ProtoMessage()

func (*Vulnerability_WindowsDetail) ProtoReflect 

func (x *Vulnerability_WindowsDetail) ProtoReflect() protoreflect.Message

func (*Vulnerability_WindowsDetail) Reset 

func (x *Vulnerability_WindowsDetail) Reset()

func (*Vulnerability_WindowsDetail) String 

func (x *Vulnerability_WindowsDetail) String() string

type Vulnerability_WindowsDetail_KnowledgeBase 

type Vulnerability_WindowsDetail_KnowledgeBase struct {

	// The KB name (generally of the form KB[0-9]+ i.e. KB123456).
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// A link to the KB in the Windows update catalog -
	// https://www.catalog.update.microsoft.com/
	Url string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"`
	// contains filtered or unexported fields
}

func (*Vulnerability_WindowsDetail_KnowledgeBase) Descriptor deprecated 

func (*Vulnerability_WindowsDetail_KnowledgeBase) Descriptor() ([]byte, []int)

Deprecated: Use Vulnerability_WindowsDetail_KnowledgeBase.ProtoReflect.Descriptor instead.

func (*Vulnerability_WindowsDetail_KnowledgeBase) GetName 

func (x *Vulnerability_WindowsDetail_KnowledgeBase) GetName() string

func (*Vulnerability_WindowsDetail_KnowledgeBase) GetUrl 

func (x *Vulnerability_WindowsDetail_KnowledgeBase) GetUrl() string

func (*Vulnerability_WindowsDetail_KnowledgeBase) ProtoMessage 

func (*Vulnerability_WindowsDetail_KnowledgeBase) ProtoMessage()

func (*Vulnerability_WindowsDetail_KnowledgeBase) ProtoReflect 

func (x *Vulnerability_WindowsDetail_KnowledgeBase) ProtoReflect() protoreflect.Message

func (*Vulnerability_WindowsDetail_KnowledgeBase) Reset 

func (x *Vulnerability_WindowsDetail_KnowledgeBase) Reset()

func (*Vulnerability_WindowsDetail_KnowledgeBase) String 

func (x *Vulnerability_WindowsDetail_KnowledgeBase) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.