google-cloud-os_config-v1 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google/cloud/os_config/v1/os_config_zonal_service/client.rb +653 -0
- data/lib/google/cloud/os_config/v1/os_config_zonal_service/credentials.rb +51 -0
- data/lib/google/cloud/os_config/v1/os_config_zonal_service/paths.rb +114 -0
- data/lib/google/cloud/os_config/v1/os_config_zonal_service.rb +52 -0
- data/lib/google/cloud/os_config/v1/version.rb +1 -1
- data/lib/google/cloud/os_config/v1.rb +1 -0
- data/lib/google/cloud/osconfig/v1/inventory_pb.rb +35 -7
- data/lib/google/cloud/osconfig/v1/osconfig_zonal_service_pb.rb +23 -0
- data/lib/google/cloud/osconfig/v1/osconfig_zonal_service_services_pb.rb +56 -0
- data/lib/google/cloud/osconfig/v1/vulnerability_pb.rb +119 -0
- data/proto_docs/google/cloud/osconfig/v1/inventory.rb +111 -20
- data/proto_docs/google/cloud/osconfig/v1/vulnerability.rb +342 -0
- metadata +10 -2
@@ -21,7 +21,19 @@ module Google
|
|
21
21
|
module Cloud
|
22
22
|
module OsConfig
|
23
23
|
module V1
|
24
|
-
#
|
24
|
+
# This API resource represents the available inventory data for a
|
25
|
+
# Compute Engine virtual machine (VM) instance at a given point in time.
|
26
|
+
#
|
27
|
+
# You can use this API resource to determine the inventory data of your VM.
|
28
|
+
#
|
29
|
+
# For more information, see [Information provided by OS inventory
|
30
|
+
# management](https://cloud.google.com/compute/docs/instances/os-inventory-management#data-collected).
|
31
|
+
# @!attribute [r] name
|
32
|
+
# @return [::String]
|
33
|
+
# Output only. The `Inventory` API resource name.
|
34
|
+
#
|
35
|
+
# Format:
|
36
|
+
# `projects/{project_number}/locations/{location}/instances/{instance_id}/inventory`
|
25
37
|
# @!attribute [rw] os_info
|
26
38
|
# @return [::Google::Cloud::OsConfig::V1::Inventory::OsInfo]
|
27
39
|
# Base level operating system information for the VM.
|
@@ -31,6 +43,9 @@ module Google
|
|
31
43
|
# each inventory item. The identifier is unique to each distinct and
|
32
44
|
# addressable inventory item and will change, when there is a new package
|
33
45
|
# version.
|
46
|
+
# @!attribute [r] update_time
|
47
|
+
# @return [::Google::Protobuf::Timestamp]
|
48
|
+
# Output only. Timestamp of the last reported inventory for the VM.
|
34
49
|
class Inventory
|
35
50
|
include ::Google::Protobuf::MessageExts
|
36
51
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -159,7 +174,7 @@ module Google
|
|
159
174
|
# Details of a COS package.
|
160
175
|
# @!attribute [rw] windows_application
|
161
176
|
# @return [::Google::Cloud::OsConfig::V1::Inventory::WindowsApplication]
|
162
|
-
# Details of
|
177
|
+
# Details of Windows Application.
|
163
178
|
class SoftwarePackage
|
164
179
|
include ::Google::Protobuf::MessageExts
|
165
180
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -181,6 +196,24 @@ module Google
|
|
181
196
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
182
197
|
end
|
183
198
|
|
199
|
+
# Details related to a Zypper Patch.
|
200
|
+
# @!attribute [rw] patch_name
|
201
|
+
# @return [::String]
|
202
|
+
# The name of the patch.
|
203
|
+
# @!attribute [rw] category
|
204
|
+
# @return [::String]
|
205
|
+
# The category of the patch.
|
206
|
+
# @!attribute [rw] severity
|
207
|
+
# @return [::String]
|
208
|
+
# The severity specified for this patch
|
209
|
+
# @!attribute [rw] summary
|
210
|
+
# @return [::String]
|
211
|
+
# Any summary information provided about this patch.
|
212
|
+
class ZypperPatch
|
213
|
+
include ::Google::Protobuf::MessageExts
|
214
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
215
|
+
end
|
216
|
+
|
184
217
|
# Details related to a Windows Update package.
|
185
218
|
# Field data and names are taken from Windows Update API IUpdate Interface:
|
186
219
|
# https://docs.microsoft.com/en-us/windows/win32/api/_wua/
|
@@ -233,24 +266,6 @@ module Google
|
|
233
266
|
end
|
234
267
|
end
|
235
268
|
|
236
|
-
# Details related to a Zypper Patch.
|
237
|
-
# @!attribute [rw] patch_name
|
238
|
-
# @return [::String]
|
239
|
-
# The name of the patch.
|
240
|
-
# @!attribute [rw] category
|
241
|
-
# @return [::String]
|
242
|
-
# The category of the patch.
|
243
|
-
# @!attribute [rw] severity
|
244
|
-
# @return [::String]
|
245
|
-
# The severity specified for this patch
|
246
|
-
# @!attribute [rw] summary
|
247
|
-
# @return [::String]
|
248
|
-
# Any summary information provided about this patch.
|
249
|
-
class ZypperPatch
|
250
|
-
include ::Google::Protobuf::MessageExts
|
251
|
-
extend ::Google::Protobuf::MessageExts::ClassMethods
|
252
|
-
end
|
253
|
-
|
254
269
|
# Information related to a Quick Fix Engineering package.
|
255
270
|
# Fields are taken from Windows QuickFixEngineering Interface and match
|
256
271
|
# the source names:
|
@@ -309,6 +324,82 @@ module Google
|
|
309
324
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
310
325
|
end
|
311
326
|
end
|
327
|
+
|
328
|
+
# A request message for getting inventory data for the specified VM.
|
329
|
+
# @!attribute [rw] name
|
330
|
+
# @return [::String]
|
331
|
+
# Required. API resource name for inventory resource.
|
332
|
+
#
|
333
|
+
# Format:
|
334
|
+
# `projects/{project}/locations/{location}/instances/{instance}/inventory`
|
335
|
+
#
|
336
|
+
# For `{project}`, either `project-number` or `project-id` can be provided.
|
337
|
+
# For `{instance}`, either Compute Engine `instance-id` or `instance-name`
|
338
|
+
# can be provided.
|
339
|
+
# @!attribute [rw] view
|
340
|
+
# @return [::Google::Cloud::OsConfig::V1::InventoryView]
|
341
|
+
# Inventory view indicating what information should be included in the
|
342
|
+
# inventory resource. If unspecified, the default view is BASIC.
|
343
|
+
class GetInventoryRequest
|
344
|
+
include ::Google::Protobuf::MessageExts
|
345
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
346
|
+
end
|
347
|
+
|
348
|
+
# A request message for listing inventory data for all VMs in the specified
|
349
|
+
# location.
|
350
|
+
# @!attribute [rw] parent
|
351
|
+
# @return [::String]
|
352
|
+
# Required. The parent resource name.
|
353
|
+
#
|
354
|
+
# Format: `projects/{project}/locations/{location}/instances/-`
|
355
|
+
#
|
356
|
+
# For `{project}`, either `project-number` or `project-id` can be provided.
|
357
|
+
# @!attribute [rw] view
|
358
|
+
# @return [::Google::Cloud::OsConfig::V1::InventoryView]
|
359
|
+
# Inventory view indicating what information should be included in the
|
360
|
+
# inventory resource. If unspecified, the default view is BASIC.
|
361
|
+
# @!attribute [rw] page_size
|
362
|
+
# @return [::Integer]
|
363
|
+
# The maximum number of results to return.
|
364
|
+
# @!attribute [rw] page_token
|
365
|
+
# @return [::String]
|
366
|
+
# A pagination token returned from a previous call to
|
367
|
+
# `ListInventories` that indicates where this listing
|
368
|
+
# should continue from.
|
369
|
+
# @!attribute [rw] filter
|
370
|
+
# @return [::String]
|
371
|
+
# If provided, this field specifies the criteria that must be met by a
|
372
|
+
# `Inventory` API resource to be included in the response.
|
373
|
+
class ListInventoriesRequest
|
374
|
+
include ::Google::Protobuf::MessageExts
|
375
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
376
|
+
end
|
377
|
+
|
378
|
+
# A response message for listing inventory data for all VMs in a specified
|
379
|
+
# location.
|
380
|
+
# @!attribute [rw] inventories
|
381
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1::Inventory>]
|
382
|
+
# List of inventory objects.
|
383
|
+
# @!attribute [rw] next_page_token
|
384
|
+
# @return [::String]
|
385
|
+
# The pagination token to retrieve the next page of inventory objects.
|
386
|
+
class ListInventoriesResponse
|
387
|
+
include ::Google::Protobuf::MessageExts
|
388
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
389
|
+
end
|
390
|
+
|
391
|
+
# The view for inventory objects.
|
392
|
+
module InventoryView
|
393
|
+
# The default value.
|
394
|
+
# The API defaults to the BASIC view.
|
395
|
+
INVENTORY_VIEW_UNSPECIFIED = 0
|
396
|
+
|
397
|
+
# Returns the basic inventory information that includes `os_info`.
|
398
|
+
BASIC = 1
|
399
|
+
|
400
|
+
# Returns all fields.
|
401
|
+
FULL = 2
|
402
|
+
end
|
312
403
|
end
|
313
404
|
end
|
314
405
|
end
|
@@ -0,0 +1,342 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2021 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module OsConfig
|
23
|
+
module V1
|
24
|
+
# This API resource represents the vulnerability report for a specified
|
25
|
+
# Compute Engine virtual machine (VM) instance at a given point in time.
|
26
|
+
#
|
27
|
+
# For more information, see [Vulnerability
|
28
|
+
# reports](https://cloud.google.com/compute/docs/instances/os-inventory-management#vulnerability-reports).
|
29
|
+
# @!attribute [r] name
|
30
|
+
# @return [::String]
|
31
|
+
# Output only. The `vulnerabilityReport` API resource name.
|
32
|
+
#
|
33
|
+
# Format:
|
34
|
+
# `projects/{project_number}/locations/{location}/instances/{instance_id}/vulnerabilityReport`
|
35
|
+
# @!attribute [r] vulnerabilities
|
36
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1::VulnerabilityReport::Vulnerability>]
|
37
|
+
# Output only. List of vulnerabilities affecting the VM.
|
38
|
+
# @!attribute [r] update_time
|
39
|
+
# @return [::Google::Protobuf::Timestamp]
|
40
|
+
# Output only. The timestamp for when the last vulnerability report was generated for the
|
41
|
+
# VM.
|
42
|
+
class VulnerabilityReport
|
43
|
+
include ::Google::Protobuf::MessageExts
|
44
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
45
|
+
|
46
|
+
# A vulnerability affecting the VM instance.
|
47
|
+
# @!attribute [rw] details
|
48
|
+
# @return [::Google::Cloud::OsConfig::V1::VulnerabilityReport::Vulnerability::Details]
|
49
|
+
# Contains metadata as per the upstream feed of the operating system and
|
50
|
+
# NVD.
|
51
|
+
# @!attribute [rw] installed_inventory_item_ids
|
52
|
+
# @return [::Array<::String>]
|
53
|
+
# Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM.
|
54
|
+
# This field displays the inventory items affected by this vulnerability.
|
55
|
+
# If the vulnerability report was not updated after the VM inventory
|
56
|
+
# update, these values might not display in VM inventory. For some distros,
|
57
|
+
# this field may be empty.
|
58
|
+
# @!attribute [rw] available_inventory_item_ids
|
59
|
+
# @return [::Array<::String>]
|
60
|
+
# Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM.
|
61
|
+
# If the vulnerability report was not updated after the VM inventory
|
62
|
+
# update, these values might not display in VM inventory. If there is no
|
63
|
+
# available fix, the field is empty. The `inventory_item` value specifies
|
64
|
+
# the latest `SoftwarePackage` available to the VM that fixes the
|
65
|
+
# vulnerability.
|
66
|
+
# @!attribute [rw] create_time
|
67
|
+
# @return [::Google::Protobuf::Timestamp]
|
68
|
+
# The timestamp for when the vulnerability was first detected.
|
69
|
+
# @!attribute [rw] update_time
|
70
|
+
# @return [::Google::Protobuf::Timestamp]
|
71
|
+
# The timestamp for when the vulnerability was last modified.
|
72
|
+
class Vulnerability
|
73
|
+
include ::Google::Protobuf::MessageExts
|
74
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
75
|
+
|
76
|
+
# Contains metadata information for the vulnerability. This information is
|
77
|
+
# collected from the upstream feed of the operating system.
|
78
|
+
# @!attribute [rw] cve
|
79
|
+
# @return [::String]
|
80
|
+
# The CVE of the vulnerability. CVE cannot be
|
81
|
+
# empty and the combination of <cve, classification> should be unique
|
82
|
+
# across vulnerabilities for a VM.
|
83
|
+
# @!attribute [rw] cvss_v2_score
|
84
|
+
# @return [::Float]
|
85
|
+
# The CVSS V2 score of this vulnerability. CVSS V2 score is on a scale of
|
86
|
+
# 0 - 10 where 0 indicates low severity and 10 indicates high severity.
|
87
|
+
# @!attribute [rw] cvss_v3
|
88
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3]
|
89
|
+
# The full description of the CVSSv3 for this vulnerability from NVD.
|
90
|
+
# @!attribute [rw] severity
|
91
|
+
# @return [::String]
|
92
|
+
# Assigned severity/impact ranking from the distro.
|
93
|
+
# @!attribute [rw] description
|
94
|
+
# @return [::String]
|
95
|
+
# The note or description describing the vulnerability from the distro.
|
96
|
+
# @!attribute [rw] references
|
97
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1::VulnerabilityReport::Vulnerability::Details::Reference>]
|
98
|
+
# Corresponds to the references attached to the `VulnerabilityDetails`.
|
99
|
+
class Details
|
100
|
+
include ::Google::Protobuf::MessageExts
|
101
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
102
|
+
|
103
|
+
# A reference for this vulnerability.
|
104
|
+
# @!attribute [rw] url
|
105
|
+
# @return [::String]
|
106
|
+
# The url of the reference.
|
107
|
+
# @!attribute [rw] source
|
108
|
+
# @return [::String]
|
109
|
+
# The source of the reference e.g. NVD.
|
110
|
+
class Reference
|
111
|
+
include ::Google::Protobuf::MessageExts
|
112
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
# A request message for getting the vulnerability report for the specified VM.
|
119
|
+
# @!attribute [rw] name
|
120
|
+
# @return [::String]
|
121
|
+
# Required. API resource name for vulnerability resource.
|
122
|
+
#
|
123
|
+
# Format:
|
124
|
+
# `projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport`
|
125
|
+
#
|
126
|
+
# For `{project}`, either `project-number` or `project-id` can be provided.
|
127
|
+
# For `{instance}`, either Compute Engine `instance-id` or `instance-name`
|
128
|
+
# can be provided.
|
129
|
+
class GetVulnerabilityReportRequest
|
130
|
+
include ::Google::Protobuf::MessageExts
|
131
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
132
|
+
end
|
133
|
+
|
134
|
+
# A request message for listing vulnerability reports for all VM instances in
|
135
|
+
# the specified location.
|
136
|
+
# @!attribute [rw] parent
|
137
|
+
# @return [::String]
|
138
|
+
# Required. The parent resource name.
|
139
|
+
#
|
140
|
+
# Format: `projects/{project}/locations/{location}/instances/-`
|
141
|
+
#
|
142
|
+
# For `{project}`, either `project-number` or `project-id` can be provided.
|
143
|
+
# @!attribute [rw] page_size
|
144
|
+
# @return [::Integer]
|
145
|
+
# The maximum number of results to return.
|
146
|
+
# @!attribute [rw] page_token
|
147
|
+
# @return [::String]
|
148
|
+
# A pagination token returned from a previous call to
|
149
|
+
# `ListVulnerabilityReports` that indicates where this listing
|
150
|
+
# should continue from.
|
151
|
+
# @!attribute [rw] filter
|
152
|
+
# @return [::String]
|
153
|
+
# If provided, this field specifies the criteria that must be met by a
|
154
|
+
# `vulnerabilityReport` API resource to be included in the response.
|
155
|
+
class ListVulnerabilityReportsRequest
|
156
|
+
include ::Google::Protobuf::MessageExts
|
157
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
158
|
+
end
|
159
|
+
|
160
|
+
# A response message for listing vulnerability reports for all VM instances in
|
161
|
+
# the specified location.
|
162
|
+
# @!attribute [rw] vulnerability_reports
|
163
|
+
# @return [::Array<::Google::Cloud::OsConfig::V1::VulnerabilityReport>]
|
164
|
+
# List of vulnerabilityReport objects.
|
165
|
+
# @!attribute [rw] next_page_token
|
166
|
+
# @return [::String]
|
167
|
+
# The pagination token to retrieve the next page of vulnerabilityReports
|
168
|
+
# object.
|
169
|
+
class ListVulnerabilityReportsResponse
|
170
|
+
include ::Google::Protobuf::MessageExts
|
171
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
172
|
+
end
|
173
|
+
|
174
|
+
# Common Vulnerability Scoring System version 3.
|
175
|
+
# For details, see https://www.first.org/cvss/specification-document
|
176
|
+
# @!attribute [rw] base_score
|
177
|
+
# @return [::Float]
|
178
|
+
# The base score is a function of the base metric scores.
|
179
|
+
# https://www.first.org/cvss/specification-document#Base-Metrics
|
180
|
+
# @!attribute [rw] exploitability_score
|
181
|
+
# @return [::Float]
|
182
|
+
# The Exploitability sub-score equation is derived from the Base
|
183
|
+
# Exploitability metrics.
|
184
|
+
# https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics
|
185
|
+
# @!attribute [rw] impact_score
|
186
|
+
# @return [::Float]
|
187
|
+
# The Impact sub-score equation is derived from the Base Impact metrics.
|
188
|
+
# @!attribute [rw] attack_vector
|
189
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3::AttackVector]
|
190
|
+
# This metric reflects the context by which vulnerability exploitation is
|
191
|
+
# possible.
|
192
|
+
# @!attribute [rw] attack_complexity
|
193
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3::AttackComplexity]
|
194
|
+
# This metric describes the conditions beyond the attacker's control that
|
195
|
+
# must exist in order to exploit the vulnerability.
|
196
|
+
# @!attribute [rw] privileges_required
|
197
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3::PrivilegesRequired]
|
198
|
+
# This metric describes the level of privileges an attacker must possess
|
199
|
+
# before successfully exploiting the vulnerability.
|
200
|
+
# @!attribute [rw] user_interaction
|
201
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3::UserInteraction]
|
202
|
+
# This metric captures the requirement for a human user, other than the
|
203
|
+
# attacker, to participate in the successful compromise of the vulnerable
|
204
|
+
# component.
|
205
|
+
# @!attribute [rw] scope
|
206
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3::Scope]
|
207
|
+
# The Scope metric captures whether a vulnerability in one vulnerable
|
208
|
+
# component impacts resources in components beyond its security scope.
|
209
|
+
# @!attribute [rw] confidentiality_impact
|
210
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3::Impact]
|
211
|
+
# This metric measures the impact to the confidentiality of the information
|
212
|
+
# resources managed by a software component due to a successfully exploited
|
213
|
+
# vulnerability.
|
214
|
+
# @!attribute [rw] integrity_impact
|
215
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3::Impact]
|
216
|
+
# This metric measures the impact to integrity of a successfully exploited
|
217
|
+
# vulnerability.
|
218
|
+
# @!attribute [rw] availability_impact
|
219
|
+
# @return [::Google::Cloud::OsConfig::V1::CVSSv3::Impact]
|
220
|
+
# This metric measures the impact to the availability of the impacted
|
221
|
+
# component resulting from a successfully exploited vulnerability.
|
222
|
+
class CVSSv3
|
223
|
+
include ::Google::Protobuf::MessageExts
|
224
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
225
|
+
|
226
|
+
# This metric reflects the context by which vulnerability exploitation is
|
227
|
+
# possible.
|
228
|
+
module AttackVector
|
229
|
+
# Invalid value.
|
230
|
+
ATTACK_VECTOR_UNSPECIFIED = 0
|
231
|
+
|
232
|
+
# The vulnerable component is bound to the network stack and the set of
|
233
|
+
# possible attackers extends beyond the other options listed below, up to
|
234
|
+
# and including the entire Internet.
|
235
|
+
ATTACK_VECTOR_NETWORK = 1
|
236
|
+
|
237
|
+
# The vulnerable component is bound to the network stack, but the attack is
|
238
|
+
# limited at the protocol level to a logically adjacent topology.
|
239
|
+
ATTACK_VECTOR_ADJACENT = 2
|
240
|
+
|
241
|
+
# The vulnerable component is not bound to the network stack and the
|
242
|
+
# attacker's path is via read/write/execute capabilities.
|
243
|
+
ATTACK_VECTOR_LOCAL = 3
|
244
|
+
|
245
|
+
# The attack requires the attacker to physically touch or manipulate the
|
246
|
+
# vulnerable component.
|
247
|
+
ATTACK_VECTOR_PHYSICAL = 4
|
248
|
+
end
|
249
|
+
|
250
|
+
# This metric describes the conditions beyond the attacker's control that
|
251
|
+
# must exist in order to exploit the vulnerability.
|
252
|
+
module AttackComplexity
|
253
|
+
# Invalid value.
|
254
|
+
ATTACK_COMPLEXITY_UNSPECIFIED = 0
|
255
|
+
|
256
|
+
# Specialized access conditions or extenuating circumstances do not exist.
|
257
|
+
# An attacker can expect repeatable success when attacking the vulnerable
|
258
|
+
# component.
|
259
|
+
ATTACK_COMPLEXITY_LOW = 1
|
260
|
+
|
261
|
+
# A successful attack depends on conditions beyond the attacker's control.
|
262
|
+
# That is, a successful attack cannot be accomplished at will, but requires
|
263
|
+
# the attacker to invest in some measurable amount of effort in preparation
|
264
|
+
# or execution against the vulnerable component before a successful attack
|
265
|
+
# can be expected.
|
266
|
+
ATTACK_COMPLEXITY_HIGH = 2
|
267
|
+
end
|
268
|
+
|
269
|
+
# This metric describes the level of privileges an attacker must possess
|
270
|
+
# before successfully exploiting the vulnerability.
|
271
|
+
module PrivilegesRequired
|
272
|
+
# Invalid value.
|
273
|
+
PRIVILEGES_REQUIRED_UNSPECIFIED = 0
|
274
|
+
|
275
|
+
# The attacker is unauthorized prior to attack, and therefore does not
|
276
|
+
# require any access to settings or files of the vulnerable system to
|
277
|
+
# carry out an attack.
|
278
|
+
PRIVILEGES_REQUIRED_NONE = 1
|
279
|
+
|
280
|
+
# The attacker requires privileges that provide basic user capabilities
|
281
|
+
# that could normally affect only settings and files owned by a user.
|
282
|
+
# Alternatively, an attacker with Low privileges has the ability to access
|
283
|
+
# only non-sensitive resources.
|
284
|
+
PRIVILEGES_REQUIRED_LOW = 2
|
285
|
+
|
286
|
+
# The attacker requires privileges that provide significant (e.g.,
|
287
|
+
# administrative) control over the vulnerable component allowing access to
|
288
|
+
# component-wide settings and files.
|
289
|
+
PRIVILEGES_REQUIRED_HIGH = 3
|
290
|
+
end
|
291
|
+
|
292
|
+
# This metric captures the requirement for a human user, other than the
|
293
|
+
# attacker, to participate in the successful compromise of the vulnerable
|
294
|
+
# component.
|
295
|
+
module UserInteraction
|
296
|
+
# Invalid value.
|
297
|
+
USER_INTERACTION_UNSPECIFIED = 0
|
298
|
+
|
299
|
+
# The vulnerable system can be exploited without interaction from any user.
|
300
|
+
USER_INTERACTION_NONE = 1
|
301
|
+
|
302
|
+
# Successful exploitation of this vulnerability requires a user to take
|
303
|
+
# some action before the vulnerability can be exploited.
|
304
|
+
USER_INTERACTION_REQUIRED = 2
|
305
|
+
end
|
306
|
+
|
307
|
+
# The Scope metric captures whether a vulnerability in one vulnerable
|
308
|
+
# component impacts resources in components beyond its security scope.
|
309
|
+
module Scope
|
310
|
+
# Invalid value.
|
311
|
+
SCOPE_UNSPECIFIED = 0
|
312
|
+
|
313
|
+
# An exploited vulnerability can only affect resources managed by the same
|
314
|
+
# security authority.
|
315
|
+
SCOPE_UNCHANGED = 1
|
316
|
+
|
317
|
+
# An exploited vulnerability can affect resources beyond the security scope
|
318
|
+
# managed by the security authority of the vulnerable component.
|
319
|
+
SCOPE_CHANGED = 2
|
320
|
+
end
|
321
|
+
|
322
|
+
# The Impact metrics capture the effects of a successfully exploited
|
323
|
+
# vulnerability on the component that suffers the worst outcome that is most
|
324
|
+
# directly and predictably associated with the attack.
|
325
|
+
module Impact
|
326
|
+
# Invalid value.
|
327
|
+
IMPACT_UNSPECIFIED = 0
|
328
|
+
|
329
|
+
# High impact.
|
330
|
+
IMPACT_HIGH = 1
|
331
|
+
|
332
|
+
# Low impact.
|
333
|
+
IMPACT_LOW = 2
|
334
|
+
|
335
|
+
# No impact.
|
336
|
+
IMPACT_NONE = 3
|
337
|
+
end
|
338
|
+
end
|
339
|
+
end
|
340
|
+
end
|
341
|
+
end
|
342
|
+
end
|