grafeas 0.3.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +3 -3
- data/LICENSE.md +203 -0
- data/MIGRATING.md +366 -0
- data/README.md +28 -25
- data/lib/grafeas.rb +36 -117
- data/lib/grafeas/version.rb +6 -2
- metadata +49 -80
- data/AUTHENTICATION.md +0 -172
- data/LICENSE +0 -201
- data/lib/grafeas/v1.rb +0 -155
- data/lib/grafeas/v1/attestation_pb.rb +0 -27
- data/lib/grafeas/v1/build_pb.rb +0 -23
- data/lib/grafeas/v1/common_pb.rb +0 -35
- data/lib/grafeas/v1/credentials.rb +0 -37
- data/lib/grafeas/v1/cvss_pb.rb +0 -67
- data/lib/grafeas/v1/deployment_pb.rb +0 -35
- data/lib/grafeas/v1/discovery_pb.rb +0 -43
- data/lib/grafeas/v1/doc/google/protobuf/any.rb +0 -131
- data/lib/grafeas/v1/doc/google/protobuf/empty.rb +0 -29
- data/lib/grafeas/v1/doc/google/protobuf/field_mask.rb +0 -222
- data/lib/grafeas/v1/doc/google/protobuf/timestamp.rb +0 -113
- data/lib/grafeas/v1/doc/google/rpc/status.rb +0 -39
- data/lib/grafeas/v1/doc/grafeas/v1/attestation.rb +0 -64
- data/lib/grafeas/v1/doc/grafeas/v1/build.rb +0 -44
- data/lib/grafeas/v1/doc/grafeas/v1/common.rb +0 -108
- data/lib/grafeas/v1/doc/grafeas/v1/cvss.rb +0 -104
- data/lib/grafeas/v1/doc/grafeas/v1/deployment.rb +0 -64
- data/lib/grafeas/v1/doc/grafeas/v1/discovery.rb +0 -82
- data/lib/grafeas/v1/doc/grafeas/v1/grafeas.rb +0 -328
- data/lib/grafeas/v1/doc/grafeas/v1/image.rb +0 -79
- data/lib/grafeas/v1/doc/grafeas/v1/package.rb +0 -125
- data/lib/grafeas/v1/doc/grafeas/v1/provenance.rb +0 -248
- data/lib/grafeas/v1/doc/grafeas/v1/upgrade.rb +0 -126
- data/lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb +0 -223
- data/lib/grafeas/v1/grafeas_client.rb +0 -964
- data/lib/grafeas/v1/grafeas_client_config.json +0 -96
- data/lib/grafeas/v1/grafeas_pb.rb +0 -168
- data/lib/grafeas/v1/grafeas_services_pb.rb +0 -86
- data/lib/grafeas/v1/image_pb.rb +0 -36
- data/lib/grafeas/v1/package_pb.rb +0 -59
- data/lib/grafeas/v1/provenance_pb.rb +0 -116
- data/lib/grafeas/v1/upgrade_pb.rb +0 -56
- data/lib/grafeas/v1/vulnerability_pb.rb +0 -84
@@ -1,113 +0,0 @@
|
|
1
|
-
# Copyright 2020 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
|
16
|
-
module Google
|
17
|
-
module Protobuf
|
18
|
-
# A Timestamp represents a point in time independent of any time zone or local
|
19
|
-
# calendar, encoded as a count of seconds and fractions of seconds at
|
20
|
-
# nanosecond resolution. The count is relative to an epoch at UTC midnight on
|
21
|
-
# January 1, 1970, in the proleptic Gregorian calendar which extends the
|
22
|
-
# Gregorian calendar backwards to year one.
|
23
|
-
#
|
24
|
-
# All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
|
25
|
-
# second table is needed for interpretation, using a [24-hour linear
|
26
|
-
# smear](https://developers.google.com/time/smear).
|
27
|
-
#
|
28
|
-
# The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
|
29
|
-
# restricting to that range, we ensure that we can convert to and from [RFC
|
30
|
-
# 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
|
31
|
-
#
|
32
|
-
# = Examples
|
33
|
-
#
|
34
|
-
# Example 1: Compute Timestamp from POSIX `time()`.
|
35
|
-
#
|
36
|
-
# Timestamp timestamp;
|
37
|
-
# timestamp.set_seconds(time(NULL));
|
38
|
-
# timestamp.set_nanos(0);
|
39
|
-
#
|
40
|
-
# Example 2: Compute Timestamp from POSIX `gettimeofday()`.
|
41
|
-
#
|
42
|
-
# struct timeval tv;
|
43
|
-
# gettimeofday(&tv, NULL);
|
44
|
-
#
|
45
|
-
# Timestamp timestamp;
|
46
|
-
# timestamp.set_seconds(tv.tv_sec);
|
47
|
-
# timestamp.set_nanos(tv.tv_usec * 1000);
|
48
|
-
#
|
49
|
-
# Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.
|
50
|
-
#
|
51
|
-
# FILETIME ft;
|
52
|
-
# GetSystemTimeAsFileTime(&ft);
|
53
|
-
# UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;
|
54
|
-
#
|
55
|
-
# // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
|
56
|
-
# // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
|
57
|
-
# Timestamp timestamp;
|
58
|
-
# timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
|
59
|
-
# timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
|
60
|
-
#
|
61
|
-
# Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
|
62
|
-
#
|
63
|
-
# long millis = System.currentTimeMillis();
|
64
|
-
#
|
65
|
-
# Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
|
66
|
-
# .setNanos((int) ((millis % 1000) * 1000000)).build();
|
67
|
-
#
|
68
|
-
#
|
69
|
-
# Example 5: Compute Timestamp from current time in Python.
|
70
|
-
#
|
71
|
-
# timestamp = Timestamp()
|
72
|
-
# timestamp.GetCurrentTime()
|
73
|
-
#
|
74
|
-
# = JSON Mapping
|
75
|
-
#
|
76
|
-
# In JSON format, the Timestamp type is encoded as a string in the
|
77
|
-
# [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the
|
78
|
-
# format is "\\{year}-\\{month}-\\{day}T\\{hour}:\\{min}:\\{sec}[.\\{frac_sec}]Z"
|
79
|
-
# where \\{year} is always expressed using four digits while \\{month}, \\{day},
|
80
|
-
# \\{hour}, \\{min}, and \\{sec} are zero-padded to two digits each. The fractional
|
81
|
-
# seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
|
82
|
-
# are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
|
83
|
-
# is required. A proto3 JSON serializer should always use UTC (as indicated by
|
84
|
-
# "Z") when printing the Timestamp type and a proto3 JSON parser should be
|
85
|
-
# able to accept both UTC and other timezones (as indicated by an offset).
|
86
|
-
#
|
87
|
-
# For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
|
88
|
-
# 01:30 UTC on January 15, 2017.
|
89
|
-
#
|
90
|
-
# In JavaScript, one can convert a Date object to this format using the
|
91
|
-
# standard
|
92
|
-
# [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
|
93
|
-
# method. In Python, a standard `datetime.datetime` object can be converted
|
94
|
-
# to this format using
|
95
|
-
# [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
|
96
|
-
# the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
|
97
|
-
# the Joda Time's [`ISODateTimeFormat.dateTime()`](
|
98
|
-
# http://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime%2D%2D
|
99
|
-
# ) to obtain a formatter capable of generating timestamps in this format.
|
100
|
-
# @!attribute [rw] seconds
|
101
|
-
# @return [Integer]
|
102
|
-
# Represents seconds of UTC time since Unix epoch
|
103
|
-
# 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
|
104
|
-
# 9999-12-31T23:59:59Z inclusive.
|
105
|
-
# @!attribute [rw] nanos
|
106
|
-
# @return [Integer]
|
107
|
-
# Non-negative fractions of a second at nanosecond resolution. Negative
|
108
|
-
# second values with fractions must still have non-negative nanos values
|
109
|
-
# that count forward in time. Must be from 0 to 999,999,999
|
110
|
-
# inclusive.
|
111
|
-
class Timestamp; end
|
112
|
-
end
|
113
|
-
end
|
@@ -1,39 +0,0 @@
|
|
1
|
-
# Copyright 2020 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
|
16
|
-
module Google
|
17
|
-
module Rpc
|
18
|
-
# The `Status` type defines a logical error model that is suitable for
|
19
|
-
# different programming environments, including REST APIs and RPC APIs. It is
|
20
|
-
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
|
21
|
-
# three pieces of data: error code, error message, and error details.
|
22
|
-
#
|
23
|
-
# You can find out more about this error model and how to work with it in the
|
24
|
-
# [API Design Guide](https://cloud.google.com/apis/design/errors).
|
25
|
-
# @!attribute [rw] code
|
26
|
-
# @return [Integer]
|
27
|
-
# The status code, which should be an enum value of {Google::Rpc::Code}.
|
28
|
-
# @!attribute [rw] message
|
29
|
-
# @return [String]
|
30
|
-
# A developer-facing error message, which should be in English. Any
|
31
|
-
# user-facing error message should be localized and sent in the
|
32
|
-
# {Google::Rpc::Status#details} field, or localized by the client.
|
33
|
-
# @!attribute [rw] details
|
34
|
-
# @return [Array<Google::Protobuf::Any>]
|
35
|
-
# A list of messages that carry the error details. There is a common set of
|
36
|
-
# message types for APIs to use.
|
37
|
-
class Status; end
|
38
|
-
end
|
39
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
# Copyright 2020 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
|
16
|
-
module Grafeas
|
17
|
-
module V1
|
18
|
-
# Note kind that represents a logical attestation "role" or "authority". For
|
19
|
-
# example, an organization might have one `Authority` for "QA" and one for
|
20
|
-
# "build". This note is intended to act strictly as a grouping mechanism for
|
21
|
-
# the attached occurrences (Attestations). This grouping mechanism also
|
22
|
-
# provides a security boundary, since IAM ACLs gate the ability for a principle
|
23
|
-
# to attach an occurrence to a given note. It also provides a single point of
|
24
|
-
# lookup to find all attached attestation occurrences, even if they don't all
|
25
|
-
# live in the same project.
|
26
|
-
# @!attribute [rw] hint
|
27
|
-
# @return [Grafeas::V1::AttestationNote::Hint]
|
28
|
-
# Hint hints at the purpose of the attestation authority.
|
29
|
-
class AttestationNote
|
30
|
-
# This submessage provides human-readable hints about the purpose of the
|
31
|
-
# authority. Because the name of a note acts as its resource reference, it is
|
32
|
-
# important to disambiguate the canonical name of the Note (which might be a
|
33
|
-
# UUID for security purposes) from "readable" names more suitable for debug
|
34
|
-
# output. Note that these hints should not be used to look up authorities in
|
35
|
-
# security sensitive contexts, such as when looking up attestations to
|
36
|
-
# verify.
|
37
|
-
# @!attribute [rw] human_readable_name
|
38
|
-
# @return [String]
|
39
|
-
# Required. The human readable name of this attestation authority, for
|
40
|
-
# example "qa".
|
41
|
-
class Hint; end
|
42
|
-
end
|
43
|
-
|
44
|
-
# Occurrence that represents a single "attestation". The authenticity of an
|
45
|
-
# attestation can be verified using the attached signature. If the verifier
|
46
|
-
# trusts the public key of the signer, then verifying the signature is
|
47
|
-
# sufficient to establish trust. In this circumstance, the authority to which
|
48
|
-
# this attestation is attached is primarily useful for lookup (how to find
|
49
|
-
# this attestation if you already know the authority and artifact to be
|
50
|
-
# verified) and intent (for which authority this attestation was intended to
|
51
|
-
# sign.
|
52
|
-
# @!attribute [rw] serialized_payload
|
53
|
-
# @return [String]
|
54
|
-
# Required. The serialized payload that is verified by one or more
|
55
|
-
# `signatures`.
|
56
|
-
# @!attribute [rw] signatures
|
57
|
-
# @return [Array<Grafeas::V1::Signature>]
|
58
|
-
# One or more signatures over `serialized_payload`. Verifier implementations
|
59
|
-
# should consider this attestation message verified if at least one
|
60
|
-
# `signature` verifies `serialized_payload`. See `Signature` in common.proto
|
61
|
-
# for more details on signature structure and verification.
|
62
|
-
class AttestationOccurrence; end
|
63
|
-
end
|
64
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
# Copyright 2020 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
|
16
|
-
module Grafeas
|
17
|
-
module V1
|
18
|
-
# Note holding the version of the provider's builder and the signature of the
|
19
|
-
# provenance message in the build details occurrence.
|
20
|
-
# @!attribute [rw] builder_version
|
21
|
-
# @return [String]
|
22
|
-
# Required. Immutable. Version of the builder which produced this build.
|
23
|
-
class BuildNote; end
|
24
|
-
|
25
|
-
# Details of a build occurrence.
|
26
|
-
# @!attribute [rw] provenance
|
27
|
-
# @return [Grafeas::V1::BuildProvenance]
|
28
|
-
# Required. The actual provenance for the build.
|
29
|
-
# @!attribute [rw] provenance_bytes
|
30
|
-
# @return [String]
|
31
|
-
# Serialized JSON representation of the provenance, used in generating the
|
32
|
-
# build signature in the corresponding build note. After verifying the
|
33
|
-
# signature, `provenance_bytes` can be unmarshalled and compared to the
|
34
|
-
# provenance to confirm that it is unchanged. A base64-encoded string
|
35
|
-
# representation of the provenance bytes is used for the signature in order
|
36
|
-
# to interoperate with openssl which expects this format for signature
|
37
|
-
# verification.
|
38
|
-
#
|
39
|
-
# The serialized form is captured both to avoid ambiguity in how the
|
40
|
-
# provenance is marshalled to json as well to prevent incompatibilities with
|
41
|
-
# future changes.
|
42
|
-
class BuildOccurrence; end
|
43
|
-
end
|
44
|
-
end
|
@@ -1,108 +0,0 @@
|
|
1
|
-
# Copyright 2020 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
|
16
|
-
module Grafeas
|
17
|
-
module V1
|
18
|
-
# Metadata for any related URL information.
|
19
|
-
# @!attribute [rw] url
|
20
|
-
# @return [String]
|
21
|
-
# Specific URL associated with the resource.
|
22
|
-
# @!attribute [rw] label
|
23
|
-
# @return [String]
|
24
|
-
# Label to describe usage of the URL.
|
25
|
-
class RelatedUrl; end
|
26
|
-
|
27
|
-
# Verifiers (e.g. Kritis implementations) MUST verify signatures
|
28
|
-
# with respect to the trust anchors defined in policy (e.g. a Kritis policy).
|
29
|
-
# Typically this means that the verifier has been configured with a map from
|
30
|
-
# `public_key_id` to public key material (and any required parameters, e.g.
|
31
|
-
# signing algorithm).
|
32
|
-
#
|
33
|
-
# In particular, verification implementations MUST NOT treat the signature
|
34
|
-
# `public_key_id` as anything more than a key lookup hint. The `public_key_id`
|
35
|
-
# DOES NOT validate or authenticate a public key; it only provides a mechanism
|
36
|
-
# for quickly selecting a public key ALREADY CONFIGURED on the verifier through
|
37
|
-
# a trusted channel. Verification implementations MUST reject signatures in any
|
38
|
-
# of the following circumstances:
|
39
|
-
# * The `public_key_id` is not recognized by the verifier.
|
40
|
-
# * The public key that `public_key_id` refers to does not verify the
|
41
|
-
# signature with respect to the payload.
|
42
|
-
#
|
43
|
-
# The `signature` contents SHOULD NOT be "attached" (where the payload is
|
44
|
-
# included with the serialized `signature` bytes). Verifiers MUST ignore any
|
45
|
-
# "attached" payload and only verify signatures with respect to explicitly
|
46
|
-
# provided payload (e.g. a `payload` field on the proto message that holds
|
47
|
-
# this Signature, or the canonical serialization of the proto message that
|
48
|
-
# holds this signature).
|
49
|
-
# @!attribute [rw] signature
|
50
|
-
# @return [String]
|
51
|
-
# The content of the signature, an opaque bytestring.
|
52
|
-
# The payload that this signature verifies MUST be unambiguously provided
|
53
|
-
# with the Signature during verification. A wrapper message might provide
|
54
|
-
# the payload explicitly. Alternatively, a message might have a canonical
|
55
|
-
# serialization that can always be unambiguously computed to derive the
|
56
|
-
# payload.
|
57
|
-
# @!attribute [rw] public_key_id
|
58
|
-
# @return [String]
|
59
|
-
# The identifier for the public key that verifies this signature.
|
60
|
-
# * The `public_key_id` is required.
|
61
|
-
# * The `public_key_id` MUST be an RFC3986 conformant URI.
|
62
|
-
# * When possible, the `public_key_id` SHOULD be an immutable reference,
|
63
|
-
# such as a cryptographic digest.
|
64
|
-
#
|
65
|
-
# Examples of valid `public_key_id`s:
|
66
|
-
#
|
67
|
-
# OpenPGP V4 public key fingerprint:
|
68
|
-
# * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
|
69
|
-
# See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
|
70
|
-
# details on this scheme.
|
71
|
-
#
|
72
|
-
# RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
|
73
|
-
# serialization):
|
74
|
-
# * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
|
75
|
-
# * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
|
76
|
-
class Signature; end
|
77
|
-
|
78
|
-
# Kind represents the kinds of notes supported.
|
79
|
-
module NoteKind
|
80
|
-
# Unknown.
|
81
|
-
NOTE_KIND_UNSPECIFIED = 0
|
82
|
-
|
83
|
-
# The note and occurrence represent a package vulnerability.
|
84
|
-
VULNERABILITY = 1
|
85
|
-
|
86
|
-
# The note and occurrence assert build provenance.
|
87
|
-
BUILD = 2
|
88
|
-
|
89
|
-
# This represents an image basis relationship.
|
90
|
-
IMAGE = 3
|
91
|
-
|
92
|
-
# This represents a package installed via a package manager.
|
93
|
-
PACKAGE = 4
|
94
|
-
|
95
|
-
# The note and occurrence track deployment events.
|
96
|
-
DEPLOYMENT = 5
|
97
|
-
|
98
|
-
# The note and occurrence track the initial discovery status of a resource.
|
99
|
-
DISCOVERY = 6
|
100
|
-
|
101
|
-
# This represents a logical "role" that can attest to artifacts.
|
102
|
-
ATTESTATION = 7
|
103
|
-
|
104
|
-
# This represents an available package upgrade.
|
105
|
-
UPGRADE = 8
|
106
|
-
end
|
107
|
-
end
|
108
|
-
end
|
@@ -1,104 +0,0 @@
|
|
1
|
-
# Copyright 2020 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
|
16
|
-
module Grafeas
|
17
|
-
module V1
|
18
|
-
# Common Vulnerability Scoring System version 3.
|
19
|
-
# For details, see https://www.first.org/cvss/specification-document
|
20
|
-
# @!attribute [rw] base_score
|
21
|
-
# @return [Float]
|
22
|
-
# The base score is a function of the base metric scores.
|
23
|
-
# @!attribute [rw] exploitability_score
|
24
|
-
# @return [Float]
|
25
|
-
# @!attribute [rw] impact_score
|
26
|
-
# @return [Float]
|
27
|
-
# @!attribute [rw] attack_vector
|
28
|
-
# @return [Grafeas::V1::CVSSv3::AttackVector]
|
29
|
-
# Base Metrics
|
30
|
-
# Represents the intrinsic characteristics of a vulnerability that are
|
31
|
-
# constant over time and across user environments.
|
32
|
-
# @!attribute [rw] attack_complexity
|
33
|
-
# @return [Grafeas::V1::CVSSv3::AttackComplexity]
|
34
|
-
# @!attribute [rw] privileges_required
|
35
|
-
# @return [Grafeas::V1::CVSSv3::PrivilegesRequired]
|
36
|
-
# @!attribute [rw] user_interaction
|
37
|
-
# @return [Grafeas::V1::CVSSv3::UserInteraction]
|
38
|
-
# @!attribute [rw] scope
|
39
|
-
# @return [Grafeas::V1::CVSSv3::Scope]
|
40
|
-
# @!attribute [rw] confidentiality_impact
|
41
|
-
# @return [Grafeas::V1::CVSSv3::Impact]
|
42
|
-
# @!attribute [rw] integrity_impact
|
43
|
-
# @return [Grafeas::V1::CVSSv3::Impact]
|
44
|
-
# @!attribute [rw] availability_impact
|
45
|
-
# @return [Grafeas::V1::CVSSv3::Impact]
|
46
|
-
class CVSSv3
|
47
|
-
module AttackComplexity
|
48
|
-
ATTACK_COMPLEXITY_UNSPECIFIED = 0
|
49
|
-
|
50
|
-
ATTACK_COMPLEXITY_LOW = 1
|
51
|
-
|
52
|
-
ATTACK_COMPLEXITY_HIGH = 2
|
53
|
-
end
|
54
|
-
|
55
|
-
module AttackVector
|
56
|
-
ATTACK_VECTOR_UNSPECIFIED = 0
|
57
|
-
|
58
|
-
ATTACK_VECTOR_NETWORK = 1
|
59
|
-
|
60
|
-
ATTACK_VECTOR_ADJACENT = 2
|
61
|
-
|
62
|
-
ATTACK_VECTOR_LOCAL = 3
|
63
|
-
|
64
|
-
ATTACK_VECTOR_PHYSICAL = 4
|
65
|
-
end
|
66
|
-
|
67
|
-
module Impact
|
68
|
-
IMPACT_UNSPECIFIED = 0
|
69
|
-
|
70
|
-
IMPACT_HIGH = 1
|
71
|
-
|
72
|
-
IMPACT_LOW = 2
|
73
|
-
|
74
|
-
IMPACT_NONE = 3
|
75
|
-
end
|
76
|
-
|
77
|
-
module PrivilegesRequired
|
78
|
-
PRIVILEGES_REQUIRED_UNSPECIFIED = 0
|
79
|
-
|
80
|
-
PRIVILEGES_REQUIRED_NONE = 1
|
81
|
-
|
82
|
-
PRIVILEGES_REQUIRED_LOW = 2
|
83
|
-
|
84
|
-
PRIVILEGES_REQUIRED_HIGH = 3
|
85
|
-
end
|
86
|
-
|
87
|
-
module Scope
|
88
|
-
SCOPE_UNSPECIFIED = 0
|
89
|
-
|
90
|
-
SCOPE_UNCHANGED = 1
|
91
|
-
|
92
|
-
SCOPE_CHANGED = 2
|
93
|
-
end
|
94
|
-
|
95
|
-
module UserInteraction
|
96
|
-
USER_INTERACTION_UNSPECIFIED = 0
|
97
|
-
|
98
|
-
USER_INTERACTION_NONE = 1
|
99
|
-
|
100
|
-
USER_INTERACTION_REQUIRED = 2
|
101
|
-
end
|
102
|
-
end
|
103
|
-
end
|
104
|
-
end
|