// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Note: this file is purely for documentation. Any contents are not expected
// to be loaded as the JS file.
/**
* Vulnerability provides metadata about a security vulnerability.
*
* @property {number} cvssScore
* The CVSS score for this vulnerability.
*
* @property {number} severity
* Note provider assigned impact of the vulnerability.
*
* The number should be among the values of [Severity]{@link grafeas.v1beta1.vulnerability.Severity}
*
* @property {Object[]} details
* All information about the package to specifically identify this
* vulnerability. One entry per (version range and cpe_uri) the package
* vulnerability has manifested in.
*
* This object should have the same structure as [Detail]{@link grafeas.v1beta1.vulnerability.Detail}
*
* @typedef Vulnerability
* @memberof grafeas.v1beta1.vulnerability
* @see [grafeas.v1beta1.vulnerability.Vulnerability definition in proto format]{@link https://github.com/googleapis/googleapis/blob/master/google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto}
*/
const Vulnerability = {
// This is for documentation. Actual contents will be loaded by gRPC.
/**
* Identifies all occurrences of this vulnerability in the package for a
* specific distro/location. For example: glibc in
* cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
*
* @property {string} cpeUri
* The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
* which the vulnerability manifests. Examples include distro or storage
* location for vulnerable jar.
*
* @property {string} package
* The name of the package where the vulnerability was found.
*
* @property {Object} minAffectedVersion
* The min version of the package in which the vulnerability exists.
*
* This object should have the same structure as [Version]{@link grafeas.v1beta1.package.Version}
*
* @property {Object} maxAffectedVersion
* The max version of the package in which the vulnerability exists.
*
* This object should have the same structure as [Version]{@link grafeas.v1beta1.package.Version}
*
* @property {string} severityName
* The severity (eg: distro assigned severity) for this vulnerability.
*
* @property {string} description
* A vendor-specific description of this note.
*
* @property {Object} fixedLocation
* The fix for this specific package version.
*
* This object should have the same structure as [VulnerabilityLocation]{@link grafeas.v1beta1.vulnerability.VulnerabilityLocation}
*
* @property {string} packageType
* The type of package; whether native or non native(ruby gems, node.js
* packages etc).
*
* @property {boolean} isObsolete
* Whether this detail is obsolete. Occurrences are expected not to point to
* obsolete details.
*
* @typedef Detail
* @memberof grafeas.v1beta1.vulnerability
* @see [grafeas.v1beta1.vulnerability.Vulnerability.Detail definition in proto format]{@link https://github.com/googleapis/googleapis/blob/master/google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto}
*/
Detail: {
// This is for documentation. Actual contents will be loaded by gRPC.
}
};
/**
* Details of a vulnerability occurrence.
*
* @property {string} type
* The type of package; whether native or non native(ruby gems, node.js
* packages etc)
*
* @property {number} severity
* Output only. The note provider assigned Severity of the vulnerability.
*
* The number should be among the values of [Severity]{@link grafeas.v1beta1.vulnerability.Severity}
*
* @property {number} cvssScore
* Output only. The CVSS score of this vulnerability. CVSS score is on a
* scale of 0-10 where 0 indicates low severity and 10 indicates high
* severity.
*
* @property {Object[]} packageIssue
* The set of affected locations and their fixes (if available) within the
* associated resource.
*
* This object should have the same structure as [PackageIssue]{@link grafeas.v1beta1.vulnerability.PackageIssue}
*
* @property {string} shortDescription
* Output only. A one sentence description of this vulnerability.
*
* @property {string} longDescription
* Output only. A detailed description of this vulnerability.
*
* @property {Object[]} relatedUrls
* Output only. URLs related to this vulnerability.
*
* This object should have the same structure as [RelatedUrl]{@link grafeas.v1beta1.RelatedUrl}
*
* @typedef Details
* @memberof grafeas.v1beta1.vulnerability
* @see [grafeas.v1beta1.vulnerability.Details definition in proto format]{@link https://github.com/googleapis/googleapis/blob/master/google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto}
*/
const Details = {
// This is for documentation. Actual contents will be loaded by gRPC.
};
/**
* This message wraps a location affected by a vulnerability and its
* associated fix (if one is available).
*
* @property {Object} affectedLocation
* The location of the vulnerability.
*
* This object should have the same structure as [VulnerabilityLocation]{@link grafeas.v1beta1.vulnerability.VulnerabilityLocation}
*
* @property {Object} fixedLocation
* The location of the available fix for vulnerability.
*
* This object should have the same structure as [VulnerabilityLocation]{@link grafeas.v1beta1.vulnerability.VulnerabilityLocation}
*
* @property {string} severityName
* The severity (e.g., distro assigned severity) for this vulnerability.
*
* @typedef PackageIssue
* @memberof grafeas.v1beta1.vulnerability
* @see [grafeas.v1beta1.vulnerability.PackageIssue definition in proto format]{@link https://github.com/googleapis/googleapis/blob/master/google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto}
*/
const PackageIssue = {
// This is for documentation. Actual contents will be loaded by gRPC.
};
/**
* The location of the vulnerability.
*
* @property {string} cpeUri
* The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
* format. Examples include distro or storage location for vulnerable jar.
*
* @property {string} package
* The package being described.
*
* @property {Object} version
* The version of the package being described.
*
* This object should have the same structure as [Version]{@link grafeas.v1beta1.package.Version}
*
* @typedef VulnerabilityLocation
* @memberof grafeas.v1beta1.vulnerability
* @see [grafeas.v1beta1.vulnerability.VulnerabilityLocation definition in proto format]{@link https://github.com/googleapis/googleapis/blob/master/google/devtools/containeranalysis/v1beta1/vulnerability/vulnerability.proto}
*/
const VulnerabilityLocation = {
// This is for documentation. Actual contents will be loaded by gRPC.
};
/**
* Note provider-assigned severity/impact ranking.
*
* @enum {number}
* @memberof grafeas.v1beta1.vulnerability
*/
const Severity = {
/**
* Unknown.
*/
SEVERITY_UNSPECIFIED: 0,
/**
* Minimal severity.
*/
MINIMAL: 1,
/**
* Low severity.
*/
LOW: 2,
/**
* Medium severity.
*/
MEDIUM: 3,
/**
* High severity.
*/
HIGH: 4,
/**
* Critical severity.
*/
CRITICAL: 5
};