From a233f7a0d85ba1a2932a1ee8305e48eda5aafa75 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 8 Oct 2021 19:16:21 +0000 Subject: [PATCH] feat: Added vulnerability field to Finding (#235) - [ ] Regenerate this pull request now. PiperOrigin-RevId: 401787368 Source-Link: https://github.com/googleapis/googleapis/commit/a7a3440103e7821aae4a3531756f2ad22a270e77 Source-Link: https://github.com/googleapis/googleapis-gen/commit/169ba7febf00ee030446a0534ac77ad57f0bf83a Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMTY5YmE3ZmViZjAwZWUwMzA0NDZhMDUzNGFjNzdhZDU3ZjBiZjgzYSJ9 feat: Added type field to the resource which is surfaced in NotificationMessage --- google/cloud/securitycenter/__init__.py | 8 + google/cloud/securitycenter_v1/__init__.py | 8 + .../services/security_center/async_client.py | 1 + .../services/security_center/client.py | 1 + .../cloud/securitycenter_v1/types/__init__.py | 10 + .../cloud/securitycenter_v1/types/finding.py | 9 + .../cloud/securitycenter_v1/types/resource.py | 3 + .../securitycenter_v1/types/vulnerability.py | 191 ++++++++++++++++++ .../securitycenter_v1/test_security_center.py | 1 + 9 files changed, 232 insertions(+) create mode 100644 google/cloud/securitycenter_v1/types/vulnerability.py diff --git a/google/cloud/securitycenter/__init__.py b/google/cloud/securitycenter/__init__.py index 152da218..8b715d74 100644 --- a/google/cloud/securitycenter/__init__.py +++ b/google/cloud/securitycenter/__init__.py @@ -115,6 +115,10 @@ UpdateSourceRequest, ) from google.cloud.securitycenter_v1.types.source import Source +from google.cloud.securitycenter_v1.types.vulnerability import Cve +from google.cloud.securitycenter_v1.types.vulnerability import Cvssv3 +from google.cloud.securitycenter_v1.types.vulnerability import Reference +from google.cloud.securitycenter_v1.types.vulnerability import Vulnerability __all__ = ( "SecurityCenterClient", @@ -157,4 +161,8 @@ "UpdateSecurityMarksRequest", "UpdateSourceRequest", "Source", + "Cve", + "Cvssv3", + "Reference", + "Vulnerability", ) diff --git a/google/cloud/securitycenter_v1/__init__.py b/google/cloud/securitycenter_v1/__init__.py index 3c579dae..c1e8ab0e 100644 --- a/google/cloud/securitycenter_v1/__init__.py +++ b/google/cloud/securitycenter_v1/__init__.py @@ -55,6 +55,10 @@ from .types.securitycenter_service import UpdateSecurityMarksRequest from .types.securitycenter_service import UpdateSourceRequest from .types.source import Source +from .types.vulnerability import Cve +from .types.vulnerability import Cvssv3 +from .types.vulnerability import Reference +from .types.vulnerability import Vulnerability __all__ = ( "SecurityCenterAsyncClient", @@ -62,6 +66,8 @@ "CreateFindingRequest", "CreateNotificationConfigRequest", "CreateSourceRequest", + "Cve", + "Cvssv3", "DeleteNotificationConfigRequest", "Finding", "Folder", @@ -85,6 +91,7 @@ "NotificationConfig", "NotificationMessage", "OrganizationSettings", + "Reference", "Resource", "RunAssetDiscoveryRequest", "RunAssetDiscoveryResponse", @@ -97,4 +104,5 @@ "UpdateOrganizationSettingsRequest", "UpdateSecurityMarksRequest", "UpdateSourceRequest", + "Vulnerability", ) diff --git a/google/cloud/securitycenter_v1/services/security_center/async_client.py b/google/cloud/securitycenter_v1/services/security_center/async_client.py index fbe22cc0..ec6ffd95 100644 --- a/google/cloud/securitycenter_v1/services/security_center/async_client.py +++ b/google/cloud/securitycenter_v1/services/security_center/async_client.py @@ -46,6 +46,7 @@ from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source from google.cloud.securitycenter_v1.types import source as gcs_source +from google.cloud.securitycenter_v1.types import vulnerability from google.iam.v1 import iam_policy_pb2 # type: ignore from google.iam.v1 import policy_pb2 # type: ignore from google.protobuf import empty_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/services/security_center/client.py b/google/cloud/securitycenter_v1/services/security_center/client.py index b1785db9..5e7c6216 100644 --- a/google/cloud/securitycenter_v1/services/security_center/client.py +++ b/google/cloud/securitycenter_v1/services/security_center/client.py @@ -50,6 +50,7 @@ from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source from google.cloud.securitycenter_v1.types import source as gcs_source +from google.cloud.securitycenter_v1.types import vulnerability from google.iam.v1 import iam_policy_pb2 # type: ignore from google.iam.v1 import policy_pb2 # type: ignore from google.protobuf import empty_pb2 # type: ignore diff --git a/google/cloud/securitycenter_v1/types/__init__.py b/google/cloud/securitycenter_v1/types/__init__.py index 5602ea30..d5eba377 100644 --- a/google/cloud/securitycenter_v1/types/__init__.py +++ b/google/cloud/securitycenter_v1/types/__init__.py @@ -53,6 +53,12 @@ UpdateSourceRequest, ) from .source import Source +from .vulnerability import ( + Cve, + Cvssv3, + Reference, + Vulnerability, +) __all__ = ( "Asset", @@ -93,4 +99,8 @@ "UpdateSecurityMarksRequest", "UpdateSourceRequest", "Source", + "Cve", + "Cvssv3", + "Reference", + "Vulnerability", ) diff --git a/google/cloud/securitycenter_v1/types/finding.py b/google/cloud/securitycenter_v1/types/finding.py index 6a3c3071..16a78faf 100644 --- a/google/cloud/securitycenter_v1/types/finding.py +++ b/google/cloud/securitycenter_v1/types/finding.py @@ -17,6 +17,7 @@ from google.cloud.securitycenter_v1.types import indicator as gcs_indicator from google.cloud.securitycenter_v1.types import security_marks as gcs_security_marks +from google.cloud.securitycenter_v1.types import vulnerability as gcs_vulnerability from google.protobuf import struct_pb2 # type: ignore from google.protobuf import timestamp_pb2 # type: ignore @@ -109,6 +110,11 @@ class Finding(proto.Message): observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Reference: https://en.wikipedia.org/wiki/Indicator_of_compromise + vulnerability (google.cloud.securitycenter_v1.types.Vulnerability): + Represents vulnerability specific fields like + cve, cvss scores etc. CVE stands for Common + Vulnerabilities and Exposures + (https://cve.mitre.org/about/) """ class State(proto.Enum): @@ -153,6 +159,9 @@ class FindingClass(proto.Enum): canonical_name = proto.Field(proto.STRING, number=14,) finding_class = proto.Field(proto.ENUM, number=17, enum=FindingClass,) indicator = proto.Field(proto.MESSAGE, number=18, message=gcs_indicator.Indicator,) + vulnerability = proto.Field( + proto.MESSAGE, number=20, message=gcs_vulnerability.Vulnerability, + ) __all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/google/cloud/securitycenter_v1/types/resource.py b/google/cloud/securitycenter_v1/types/resource.py index 20799d7e..b1b58044 100644 --- a/google/cloud/securitycenter_v1/types/resource.py +++ b/google/cloud/securitycenter_v1/types/resource.py @@ -40,6 +40,8 @@ class Resource(proto.Message): The full resource name of resource's parent. parent_display_name (str): The human readable name of resource's parent. + type_ (str): + The full resource type of the resource. folders (Sequence[google.cloud.securitycenter_v1.types.Folder]): Output only. Contains a Folder message for each folder in the assets ancestry. The first @@ -53,6 +55,7 @@ class Resource(proto.Message): project_display_name = proto.Field(proto.STRING, number=3,) parent = proto.Field(proto.STRING, number=4,) parent_display_name = proto.Field(proto.STRING, number=5,) + type_ = proto.Field(proto.STRING, number=6,) folders = proto.RepeatedField(proto.MESSAGE, number=7, message=folder.Folder,) diff --git a/google/cloud/securitycenter_v1/types/vulnerability.py b/google/cloud/securitycenter_v1/types/vulnerability.py new file mode 100644 index 00000000..a21ffab5 --- /dev/null +++ b/google/cloud/securitycenter_v1/types/vulnerability.py @@ -0,0 +1,191 @@ +# -*- coding: utf-8 -*- +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +import proto # type: ignore + + +__protobuf__ = proto.module( + package="google.cloud.securitycenter.v1", + manifest={"Vulnerability", "Cve", "Reference", "Cvssv3",}, +) + + +class Vulnerability(proto.Message): + r"""Refers to common vulnerability fields e.g. cve, cvss, cwe + etc. + + Attributes: + cve (google.cloud.securitycenter_v1.types.Cve): + CVE stands for Common Vulnerabilities and + Exposures (https://cve.mitre.org/about/) + """ + + cve = proto.Field(proto.MESSAGE, number=1, message="Cve",) + + +class Cve(proto.Message): + r"""CVE stands for Common Vulnerabilities and Exposures. + More information: https://cve.mitre.org + + Attributes: + id (str): + The unique identifier for the vulnerability. + e.g. CVE-2021-34527 + references (Sequence[google.cloud.securitycenter_v1.types.Reference]): + Additional information about the CVE. + e.g. https://cve.mitre.org/cgi- + bin/cvename.cgi?name=CVE-2021-34527 + cvssv3 (google.cloud.securitycenter_v1.types.Cvssv3): + Describe Common Vulnerability Scoring System + specified at + https://www.first.org/cvss/v3.1/specification- + document + """ + + id = proto.Field(proto.STRING, number=1,) + references = proto.RepeatedField(proto.MESSAGE, number=2, message="Reference",) + cvssv3 = proto.Field(proto.MESSAGE, number=3, message="Cvssv3",) + + +class Reference(proto.Message): + r"""Additional Links + + Attributes: + source (str): + Source of the reference e.g. NVD + uri (str): + Uri for the mentioned source e.g. + https://cve.mitre.org/cgi- + bin/cvename.cgi?name=CVE-2021-34527. + """ + + source = proto.Field(proto.STRING, number=1,) + uri = proto.Field(proto.STRING, number=2,) + + +class Cvssv3(proto.Message): + r"""Common Vulnerability Scoring System version 3. + + Attributes: + base_score (float): + The base score is a function of the base + metric scores. + attack_vector (google.cloud.securitycenter_v1.types.Cvssv3.AttackVector): + Base Metrics + Represents the intrinsic characteristics of a + vulnerability that are constant over time and + across user environments. This metric reflects + the context by which vulnerability exploitation + is possible. + attack_complexity (google.cloud.securitycenter_v1.types.Cvssv3.AttackComplexity): + This metric describes the conditions beyond + the attacker's control that must exist in order + to exploit the vulnerability. + privileges_required (google.cloud.securitycenter_v1.types.Cvssv3.PrivilegesRequired): + This metric describes the level of privileges + an attacker must possess before successfully + exploiting the vulnerability. + user_interaction (google.cloud.securitycenter_v1.types.Cvssv3.UserInteraction): + This metric captures the requirement for a + human user, other than the attacker, to + participate in the successful compromise of the + vulnerable component. + scope (google.cloud.securitycenter_v1.types.Cvssv3.Scope): + The Scope metric captures whether a + vulnerability in one vulnerable component + impacts resources in components beyond its + security scope. + confidentiality_impact (google.cloud.securitycenter_v1.types.Cvssv3.Impact): + This metric measures the impact to the + confidentiality of the information resources + managed by a software component due to a + successfully exploited vulnerability. + integrity_impact (google.cloud.securitycenter_v1.types.Cvssv3.Impact): + This metric measures the impact to integrity + of a successfully exploited vulnerability. + availability_impact (google.cloud.securitycenter_v1.types.Cvssv3.Impact): + This metric measures the impact to the + availability of the impacted component resulting + from a successfully exploited vulnerability. + """ + + class AttackVector(proto.Enum): + r"""This metric reflects the context by which vulnerability + exploitation is possible. + """ + ATTACK_VECTOR_UNSPECIFIED = 0 + ATTACK_VECTOR_NETWORK = 1 + ATTACK_VECTOR_ADJACENT = 2 + ATTACK_VECTOR_LOCAL = 3 + ATTACK_VECTOR_PHYSICAL = 4 + + class AttackComplexity(proto.Enum): + r"""This metric describes the conditions beyond the attacker's + control that must exist in order to exploit the vulnerability. + """ + ATTACK_COMPLEXITY_UNSPECIFIED = 0 + ATTACK_COMPLEXITY_LOW = 1 + ATTACK_COMPLEXITY_HIGH = 2 + + class PrivilegesRequired(proto.Enum): + r"""This metric describes the level of privileges an attacker + must possess before successfully exploiting the vulnerability. + """ + PRIVILEGES_REQUIRED_UNSPECIFIED = 0 + PRIVILEGES_REQUIRED_NONE = 1 + PRIVILEGES_REQUIRED_LOW = 2 + PRIVILEGES_REQUIRED_HIGH = 3 + + class UserInteraction(proto.Enum): + r"""This metric captures the requirement for a human user, other + than the attacker, to participate in the successful compromise + of the vulnerable component. + """ + USER_INTERACTION_UNSPECIFIED = 0 + USER_INTERACTION_NONE = 1 + USER_INTERACTION_REQUIRED = 2 + + class Scope(proto.Enum): + r"""The Scope metric captures whether a vulnerability in one + vulnerable component impacts resources in components beyond its + security scope. + """ + SCOPE_UNSPECIFIED = 0 + SCOPE_UNCHANGED = 1 + SCOPE_CHANGED = 2 + + class Impact(proto.Enum): + r"""The Impact metrics capture the effects of a successfully + exploited vulnerability on the component that suffers the worst + outcome that is most directly and predictably associated with + the attack. + """ + IMPACT_UNSPECIFIED = 0 + IMPACT_HIGH = 1 + IMPACT_LOW = 2 + IMPACT_NONE = 3 + + base_score = proto.Field(proto.DOUBLE, number=1,) + attack_vector = proto.Field(proto.ENUM, number=5, enum=AttackVector,) + attack_complexity = proto.Field(proto.ENUM, number=6, enum=AttackComplexity,) + privileges_required = proto.Field(proto.ENUM, number=7, enum=PrivilegesRequired,) + user_interaction = proto.Field(proto.ENUM, number=8, enum=UserInteraction,) + scope = proto.Field(proto.ENUM, number=9, enum=Scope,) + confidentiality_impact = proto.Field(proto.ENUM, number=10, enum=Impact,) + integrity_impact = proto.Field(proto.ENUM, number=11, enum=Impact,) + availability_impact = proto.Field(proto.ENUM, number=12, enum=Impact,) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/tests/unit/gapic/securitycenter_v1/test_security_center.py b/tests/unit/gapic/securitycenter_v1/test_security_center.py index 6834f803..54222717 100644 --- a/tests/unit/gapic/securitycenter_v1/test_security_center.py +++ b/tests/unit/gapic/securitycenter_v1/test_security_center.py @@ -61,6 +61,7 @@ from google.cloud.securitycenter_v1.types import securitycenter_service from google.cloud.securitycenter_v1.types import source from google.cloud.securitycenter_v1.types import source as gcs_source +from google.cloud.securitycenter_v1.types import vulnerability from google.iam.v1 import iam_policy_pb2 # type: ignore from google.iam.v1 import options_pb2 # type: ignore from google.iam.v1 import policy_pb2 # type: ignore