diff options
Diffstat (limited to 'third_party/googleapis/google/cloud/osconfig/v1/vulnerability.proto')
| -rw-r--r-- | third_party/googleapis/google/cloud/osconfig/v1/vulnerability.proto | 365 |
1 files changed, 0 insertions, 365 deletions
diff --git a/third_party/googleapis/google/cloud/osconfig/v1/vulnerability.proto b/third_party/googleapis/google/cloud/osconfig/v1/vulnerability.proto deleted file mode 100644 index b8ca517..0000000 --- a/third_party/googleapis/google/cloud/osconfig/v1/vulnerability.proto +++ /dev/null @@ -1,365 +0,0 @@ -// Copyright 2021 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package google.cloud.osconfig.v1; - -import "google/api/field_behavior.proto"; -import "google/api/resource.proto"; -import "google/protobuf/timestamp.proto"; - -option csharp_namespace = "Google.Cloud.OsConfig.V1"; -option go_package = "google.golang.org/genproto/googleapis/cloud/osconfig/v1;osconfig"; -option java_multiple_files = true; -option java_outer_classname = "VulnerabilityProto"; -option java_package = "com.google.cloud.osconfig.v1"; -option php_namespace = "Google\\Cloud\\OsConfig\\V1"; -option ruby_package = "Google::Cloud::OsConfig::V1"; - -// This API resource represents the vulnerability report for a specified -// Compute Engine virtual machine (VM) instance at a given point in time. -// -// For more information, see [Vulnerability -// reports](https://cloud.google.com/compute/docs/instances/os-inventory-management#vulnerability-reports). -message VulnerabilityReport { - option (google.api.resource) = { - type: "osconfig.googleapis.com/VulnerabilityReport" - pattern: "projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport" - }; - - // A vulnerability affecting the VM instance. - message Vulnerability { - // Contains metadata information for the vulnerability. This information is - // collected from the upstream feed of the operating system. - message Details { - // A reference for this vulnerability. - message Reference { - // The url of the reference. - string url = 1; - - // The source of the reference e.g. NVD. - string source = 2; - } - - // The CVE of the vulnerability. CVE cannot be - // empty and the combination of <cve, classification> should be unique - // across vulnerabilities for a VM. - string cve = 1; - - // The CVSS V2 score of this vulnerability. CVSS V2 score is on a scale of - // 0 - 10 where 0 indicates low severity and 10 indicates high severity. - float cvss_v2_score = 2; - - // The full description of the CVSSv3 for this vulnerability from NVD. - CVSSv3 cvss_v3 = 3; - - // Assigned severity/impact ranking from the distro. - string severity = 4; - - // The note or description describing the vulnerability from the distro. - string description = 5; - - // Corresponds to the references attached to the `VulnerabilityDetails`. - repeated Reference references = 6; - } - - // OS inventory item that is affected by a vulnerability or fixed as a - // result of a vulnerability. - message Item { - // Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM. - // This field displays the inventory items affected by this vulnerability. - // If the vulnerability report was not updated after the VM inventory - // update, these values might not display in VM inventory. For some - // operating systems, this field might be empty. - string installed_inventory_item_id = 1; - - // Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM. - // If the vulnerability report was not updated after the VM inventory - // update, these values might not display in VM inventory. If there is no - // available fix, the field is empty. The `inventory_item` value specifies - // the latest `SoftwarePackage` available to the VM that fixes the - // vulnerability. - string available_inventory_item_id = 2; - - // The recommended [CPE URI](https://cpe.mitre.org/specification/) update - // that contains a fix for this vulnerability. - string fixed_cpe_uri = 3; - - // The upstream OS patch, packages or KB that fixes the vulnerability. - string upstream_fix = 4; - } - - // Contains metadata as per the upstream feed of the operating system and - // NVD. - Details details = 1; - - // Corresponds to the `INSTALLED_PACKAGE` inventory item on the VM. - // This field displays the inventory items affected by this vulnerability. - // If the vulnerability report was not updated after the VM inventory - // update, these values might not display in VM inventory. For some distros, - // this field may be empty. - repeated string installed_inventory_item_ids = 2 [deprecated = true]; - - // Corresponds to the `AVAILABLE_PACKAGE` inventory item on the VM. - // If the vulnerability report was not updated after the VM inventory - // update, these values might not display in VM inventory. If there is no - // available fix, the field is empty. The `inventory_item` value specifies - // the latest `SoftwarePackage` available to the VM that fixes the - // vulnerability. - repeated string available_inventory_item_ids = 3 [deprecated = true]; - - // The timestamp for when the vulnerability was first detected. - google.protobuf.Timestamp create_time = 4; - - // The timestamp for when the vulnerability was last modified. - google.protobuf.Timestamp update_time = 5; - - // List of items affected by the vulnerability. - repeated Item items = 6; - } - - // Output only. The `vulnerabilityReport` API resource name. - // - // Format: - // `projects/{project_number}/locations/{location}/instances/{instance_id}/vulnerabilityReport` - string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. List of vulnerabilities affecting the VM. - repeated Vulnerability vulnerabilities = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; - - // Output only. The timestamp for when the last vulnerability report was generated for the - // VM. - google.protobuf.Timestamp update_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; -} - -// A request message for getting the vulnerability report for the specified VM. -message GetVulnerabilityReportRequest { - // Required. API resource name for vulnerability resource. - // - // Format: - // `projects/{project}/locations/{location}/instances/{instance}/vulnerabilityReport` - // - // For `{project}`, either `project-number` or `project-id` can be provided. - // For `{instance}`, either Compute Engine `instance-id` or `instance-name` - // can be provided. - string name = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "osconfig.googleapis.com/VulnerabilityReport" - } - ]; -} - -// A request message for listing vulnerability reports for all VM instances in -// the specified location. -message ListVulnerabilityReportsRequest { - // Required. The parent resource name. - // - // Format: `projects/{project}/locations/{location}/instances/-` - // - // For `{project}`, either `project-number` or `project-id` can be provided. - string parent = 1 [ - (google.api.field_behavior) = REQUIRED, - (google.api.resource_reference) = { - type: "compute.googleapis.com/Instance" - } - ]; - - // The maximum number of results to return. - int32 page_size = 2; - - // A pagination token returned from a previous call to - // `ListVulnerabilityReports` that indicates where this listing - // should continue from. - string page_token = 3; - - // If provided, this field specifies the criteria that must be met by a - // `vulnerabilityReport` API resource to be included in the response. - string filter = 4; -} - -// A response message for listing vulnerability reports for all VM instances in -// the specified location. -message ListVulnerabilityReportsResponse { - // List of vulnerabilityReport objects. - repeated VulnerabilityReport vulnerability_reports = 1; - - // The pagination token to retrieve the next page of vulnerabilityReports - // object. - string next_page_token = 2; -} - -// Common Vulnerability Scoring System version 3. -// For details, see https://www.first.org/cvss/specification-document -message CVSSv3 { - // This metric reflects the context by which vulnerability exploitation is - // possible. - enum AttackVector { - // Invalid value. - ATTACK_VECTOR_UNSPECIFIED = 0; - - // The vulnerable component is bound to the network stack and the set of - // possible attackers extends beyond the other options listed below, up to - // and including the entire Internet. - ATTACK_VECTOR_NETWORK = 1; - - // The vulnerable component is bound to the network stack, but the attack is - // limited at the protocol level to a logically adjacent topology. - ATTACK_VECTOR_ADJACENT = 2; - - // The vulnerable component is not bound to the network stack and the - // attacker's path is via read/write/execute capabilities. - ATTACK_VECTOR_LOCAL = 3; - - // The attack requires the attacker to physically touch or manipulate the - // vulnerable component. - ATTACK_VECTOR_PHYSICAL = 4; - } - - // This metric describes the conditions beyond the attacker's control that - // must exist in order to exploit the vulnerability. - enum AttackComplexity { - // Invalid value. - ATTACK_COMPLEXITY_UNSPECIFIED = 0; - - // Specialized access conditions or extenuating circumstances do not exist. - // An attacker can expect repeatable success when attacking the vulnerable - // component. - ATTACK_COMPLEXITY_LOW = 1; - - // A successful attack depends on conditions beyond the attacker's control. - // That is, a successful attack cannot be accomplished at will, but requires - // the attacker to invest in some measurable amount of effort in preparation - // or execution against the vulnerable component before a successful attack - // can be expected. - ATTACK_COMPLEXITY_HIGH = 2; - } - - // This metric describes the level of privileges an attacker must possess - // before successfully exploiting the vulnerability. - enum PrivilegesRequired { - // Invalid value. - PRIVILEGES_REQUIRED_UNSPECIFIED = 0; - - // The attacker is unauthorized prior to attack, and therefore does not - // require any access to settings or files of the vulnerable system to - // carry out an attack. - PRIVILEGES_REQUIRED_NONE = 1; - - // The attacker requires privileges that provide basic user capabilities - // that could normally affect only settings and files owned by a user. - // Alternatively, an attacker with Low privileges has the ability to access - // only non-sensitive resources. - PRIVILEGES_REQUIRED_LOW = 2; - - // The attacker requires privileges that provide significant (e.g., - // administrative) control over the vulnerable component allowing access to - // component-wide settings and files. - PRIVILEGES_REQUIRED_HIGH = 3; - } - - // This metric captures the requirement for a human user, other than the - // attacker, to participate in the successful compromise of the vulnerable - // component. - enum UserInteraction { - // Invalid value. - USER_INTERACTION_UNSPECIFIED = 0; - - // The vulnerable system can be exploited without interaction from any user. - USER_INTERACTION_NONE = 1; - - // Successful exploitation of this vulnerability requires a user to take - // some action before the vulnerability can be exploited. - USER_INTERACTION_REQUIRED = 2; - } - - // The Scope metric captures whether a vulnerability in one vulnerable - // component impacts resources in components beyond its security scope. - enum Scope { - // Invalid value. - SCOPE_UNSPECIFIED = 0; - - // An exploited vulnerability can only affect resources managed by the same - // security authority. - SCOPE_UNCHANGED = 1; - - // An exploited vulnerability can affect resources beyond the security scope - // managed by the security authority of the vulnerable component. - SCOPE_CHANGED = 2; - } - - // The Impact metrics capture the effects of a successfully exploited - // vulnerability on the component that suffers the worst outcome that is most - // directly and predictably associated with the attack. - enum Impact { - // Invalid value. - IMPACT_UNSPECIFIED = 0; - - // High impact. - IMPACT_HIGH = 1; - - // Low impact. - IMPACT_LOW = 2; - - // No impact. - IMPACT_NONE = 3; - } - - // The base score is a function of the base metric scores. - // https://www.first.org/cvss/specification-document#Base-Metrics - float base_score = 1; - - // The Exploitability sub-score equation is derived from the Base - // Exploitability metrics. - // https://www.first.org/cvss/specification-document#2-1-Exploitability-Metrics - float exploitability_score = 2; - - // The Impact sub-score equation is derived from the Base Impact metrics. - float impact_score = 3; - - // This metric reflects the context by which vulnerability exploitation is - // possible. - AttackVector attack_vector = 5; - - // This metric describes the conditions beyond the attacker's control that - // must exist in order to exploit the vulnerability. - AttackComplexity attack_complexity = 6; - - // This metric describes the level of privileges an attacker must possess - // before successfully exploiting the vulnerability. - PrivilegesRequired privileges_required = 7; - - // This metric captures the requirement for a human user, other than the - // attacker, to participate in the successful compromise of the vulnerable - // component. - UserInteraction user_interaction = 8; - - // The Scope metric captures whether a vulnerability in one vulnerable - // component impacts resources in components beyond its security scope. - Scope scope = 9; - - // This metric measures the impact to the confidentiality of the information - // resources managed by a software component due to a successfully exploited - // vulnerability. - Impact confidentiality_impact = 10; - - // This metric measures the impact to integrity of a successfully exploited - // vulnerability. - Impact integrity_impact = 11; - - // This metric measures the impact to the availability of the impacted - // component resulting from a successfully exploited vulnerability. - Impact availability_impact = 12; -} |