Class: Grafeas::V1::VulnerabilityNote

Inherits:
Object
  • Object
show all
Defined in:
lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb

Overview

A security vulnerability that can be found in resources.

Defined Under Namespace

Classes: Detail, WindowsDetail

Instance Attribute Summary collapse

Instance Attribute Details

#cvss_scoreFloat

Returns The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

Returns:

  • (Float)

    The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb', line 38

class VulnerabilityNote
  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] min_affected_version
  #   @return [Grafeas::V1::Version]
  #     Required. The minimum version of the package this vulnerability affects.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [true, false]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  class Detail; end

  # @!attribute [rw] cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [Array<Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    # @!attribute [rw] name
    #   @return [String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase; end
  end
end

#cvss_v3Grafeas::V1::CVSSv3

Returns The full description of the CVSSv3 for this vulnerability.

Returns:



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb', line 38

class VulnerabilityNote
  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] min_affected_version
  #   @return [Grafeas::V1::Version]
  #     Required. The minimum version of the package this vulnerability affects.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [true, false]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  class Detail; end

  # @!attribute [rw] cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [Array<Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    # @!attribute [rw] name
    #   @return [String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase; end
  end
end

#detailsArray<Grafeas::V1::VulnerabilityNote::Detail>

Returns Details of all known distros and packages affected by this vulnerability.

Returns:



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb', line 38

class VulnerabilityNote
  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] min_affected_version
  #   @return [Grafeas::V1::Version]
  #     Required. The minimum version of the package this vulnerability affects.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [true, false]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  class Detail; end

  # @!attribute [rw] cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [Array<Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    # @!attribute [rw] name
    #   @return [String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase; end
  end
end

#severityGrafeas::V1::Severity

Returns The note provider assigned severity of this vulnerability.

Returns:



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb', line 38

class VulnerabilityNote
  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] min_affected_version
  #   @return [Grafeas::V1::Version]
  #     Required. The minimum version of the package this vulnerability affects.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [true, false]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  class Detail; end

  # @!attribute [rw] cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [Array<Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    # @!attribute [rw] name
    #   @return [String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase; end
  end
end

#windows_detailsArray<Grafeas::V1::VulnerabilityNote::WindowsDetail>

Returns Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

Returns:

  • (Array<Grafeas::V1::VulnerabilityNote::WindowsDetail>)

    Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/grafeas/v1/doc/grafeas/v1/vulnerability.rb', line 38

class VulnerabilityNote
  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] min_affected_version
  #   @return [Grafeas::V1::Version]
  #     Required. The minimum version of the package this vulnerability affects.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [String]
  #     The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
  #     was fixed in. It is possible for this to be different from the
  #     affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [String]
  #     The package this vulnerability was fixed in. It is possible for this to
  #     be different from the affected_package.
  # @!attribute [rw] fixed_version
  #   @return [Grafeas::V1::Version]
  #     Required. The version of the package this vulnerability was fixed in.
  #     Setting this to VersionKind.MAXIMUM means no fix is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [true, false]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  class Detail; end

  # @!attribute [rw] cpe_uri
  #   @return [String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [Array<Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    # @!attribute [rw] name
    #   @return [String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase; end
  end
end