google-cloud-security_center-v1 0.8.0 → 0.10.0

data/proto_docs/google/cloud/securitycenter/v1/vulnerability.rb

@@ -0,0 +1,226 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module SecurityCenter
+      module V1
+        # Refers to common vulnerability fields e.g. cve, cvss, cwe etc.
+        # @!attribute [rw] cve
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cve]
+        #     CVE stands for Common Vulnerabilities and Exposures
+        #     (https://cve.mitre.org/about/)
+        class Vulnerability
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # CVE stands for Common Vulnerabilities and Exposures.
+        # More information: https://cve.mitre.org
+        # @!attribute [rw] id
+        #   @return [::String]
+        #     The unique identifier for the vulnerability. e.g. CVE-2021-34527
+        # @!attribute [rw] references
+        #   @return [::Array<::Google::Cloud::SecurityCenter::V1::Reference>]
+        #     Additional information about the CVE.
+        #     e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
+        # @!attribute [rw] cvssv3
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3]
+        #     Describe Common Vulnerability Scoring System specified at
+        #     https://www.first.org/cvss/v3.1/specification-document
+        class Cve
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Additional Links
+        # @!attribute [rw] source
+        #   @return [::String]
+        #     Source of the reference e.g. NVD
+        # @!attribute [rw] uri
+        #   @return [::String]
+        #     Uri for the mentioned source e.g.
+        #     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527.
+        class Reference
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Common Vulnerability Scoring System version 3.
+        # @!attribute [rw] base_score
+        #   @return [::Float]
+        #     The base score is a function of the base metric scores.
+        # @!attribute [rw] attack_vector
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3::AttackVector]
+        #     Base Metrics
+        #     Represents the intrinsic characteristics of a vulnerability that are
+        #     constant over time and across user environments.
+        #     This metric reflects the context by which vulnerability exploitation is
+        #     possible.
+        # @!attribute [rw] attack_complexity
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3::AttackComplexity]
+        #     This metric describes the conditions beyond the attacker's control that
+        #     must exist in order to exploit the vulnerability.
+        # @!attribute [rw] privileges_required
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3::PrivilegesRequired]
+        #     This metric describes the level of privileges an attacker must possess
+        #     before successfully exploiting the vulnerability.
+        # @!attribute [rw] user_interaction
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3::UserInteraction]
+        #     This metric captures the requirement for a human user, other than the
+        #     attacker, to participate in the successful compromise of the vulnerable
+        #     component.
+        # @!attribute [rw] scope
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3::Scope]
+        #     The Scope metric captures whether a vulnerability in one vulnerable
+        #     component impacts resources in components beyond its security scope.
+        # @!attribute [rw] confidentiality_impact
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3::Impact]
+        #     This metric measures the impact to the confidentiality of the information
+        #     resources managed by a software component due to a successfully exploited
+        #     vulnerability.
+        # @!attribute [rw] integrity_impact
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3::Impact]
+        #     This metric measures the impact to integrity of a successfully exploited
+        #     vulnerability.
+        # @!attribute [rw] availability_impact
+        #   @return [::Google::Cloud::SecurityCenter::V1::Cvssv3::Impact]
+        #     This metric measures the impact to the availability of the impacted
+        #     component resulting from a successfully exploited vulnerability.
+        class Cvssv3
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # This metric reflects the context by which vulnerability exploitation is
+          # possible.
+          module AttackVector
+            # Invalid value.
+            ATTACK_VECTOR_UNSPECIFIED = 0
+
+            # The vulnerable component is bound to the network stack and the set of
+            # possible attackers extends beyond the other options listed below, up to
+            # and including the entire Internet.
+            ATTACK_VECTOR_NETWORK = 1
+
+            # The vulnerable component is bound to the network stack, but the attack is
+            # limited at the protocol level to a logically adjacent topology.
+            ATTACK_VECTOR_ADJACENT = 2
+
+            # The vulnerable component is not bound to the network stack and the
+            # attacker's path is via read/write/execute capabilities.
+            ATTACK_VECTOR_LOCAL = 3
+
+            # The attack requires the attacker to physically touch or manipulate the
+            # vulnerable component.
+            ATTACK_VECTOR_PHYSICAL = 4
+          end
+
+          # This metric describes the conditions beyond the attacker's control that
+          # must exist in order to exploit the vulnerability.
+          module AttackComplexity
+            # Invalid value.
+            ATTACK_COMPLEXITY_UNSPECIFIED = 0
+
+            # Specialized access conditions or extenuating circumstances do not exist.
+            # An attacker can expect repeatable success when attacking the vulnerable
+            # component.
+            ATTACK_COMPLEXITY_LOW = 1
+
+            # A successful attack depends on conditions beyond the attacker's control.
+            # That is, a successful attack cannot be accomplished at will, but requires
+            # the attacker to invest in some measurable amount of effort in preparation
+            # or execution against the vulnerable component before a successful attack
+            # can be expected.
+            ATTACK_COMPLEXITY_HIGH = 2
+          end
+
+          # This metric describes the level of privileges an attacker must possess
+          # before successfully exploiting the vulnerability.
+          module PrivilegesRequired
+            # Invalid value.
+            PRIVILEGES_REQUIRED_UNSPECIFIED = 0
+
+            # The attacker is unauthorized prior to attack, and therefore does not
+            # require any access to settings or files of the vulnerable system to
+            # carry out an attack.
+            PRIVILEGES_REQUIRED_NONE = 1
+
+            # The attacker requires privileges that provide basic user capabilities
+            # that could normally affect only settings and files owned by a user.
+            # Alternatively, an attacker with Low privileges has the ability to access
+            # only non-sensitive resources.
+            PRIVILEGES_REQUIRED_LOW = 2
+
+            # The attacker requires privileges that provide significant (e.g.,
+            # administrative) control over the vulnerable component allowing access to
+            # component-wide settings and files.
+            PRIVILEGES_REQUIRED_HIGH = 3
+          end
+
+          # This metric captures the requirement for a human user, other than the
+          # attacker, to participate in the successful compromise of the vulnerable
+          # component.
+          module UserInteraction
+            # Invalid value.
+            USER_INTERACTION_UNSPECIFIED = 0
+
+            # The vulnerable system can be exploited without interaction from any user.
+            USER_INTERACTION_NONE = 1
+
+            # Successful exploitation of this vulnerability requires a user to take
+            # some action before the vulnerability can be exploited.
+            USER_INTERACTION_REQUIRED = 2
+          end
+
+          # The Scope metric captures whether a vulnerability in one vulnerable
+          # component impacts resources in components beyond its security scope.
+          module Scope
+            # Invalid value.
+            SCOPE_UNSPECIFIED = 0
+
+            # An exploited vulnerability can only affect resources managed by the same
+            # security authority.
+            SCOPE_UNCHANGED = 1
+
+            # An exploited vulnerability can affect resources beyond the security scope
+            # managed by the security authority of the vulnerable component.
+            SCOPE_CHANGED = 2
+          end
+
+          # The Impact metrics capture the effects of a successfully exploited
+          # vulnerability on the component that suffers the worst outcome that is most
+          # directly and predictably associated with the attack.
+          module Impact
+            # Invalid value.
+            IMPACT_UNSPECIFIED = 0
+
+            # High impact.
+            IMPACT_HIGH = 1
+
+            # Low impact.
+            IMPACT_LOW = 2
+
+            # No impact.
+            IMPACT_NONE = 3
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-security_center-v1
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-07-29 00:00:00.000000000 Z
+date: 2021-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.7'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.7'
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.a
@@ -210,6 +210,7 @@ files:
 - lib/google/cloud/securitycenter/v1/securitycenter_service_pb.rb
 - lib/google/cloud/securitycenter/v1/securitycenter_service_services_pb.rb
 - lib/google/cloud/securitycenter/v1/source_pb.rb
+- lib/google/cloud/securitycenter/v1/vulnerability_pb.rb
 - proto_docs/README.md
 - proto_docs/google/api/field_behavior.rb
 - proto_docs/google/api/resource.rb
@@ -225,6 +226,7 @@ files:
 - proto_docs/google/cloud/securitycenter/v1/security_marks.rb
 - proto_docs/google/cloud/securitycenter/v1/securitycenter_service.rb
 - proto_docs/google/cloud/securitycenter/v1/source.rb
+- proto_docs/google/cloud/securitycenter/v1/vulnerability.rb
 - proto_docs/google/iam/v1/iam_policy.rb
 - proto_docs/google/iam/v1/options.rb
 - proto_docs/google/iam/v1/policy.rb