Class: Grafeas::V1::VulnerabilityNote

Inherits:

Object

• Object
• Grafeas::V1::VulnerabilityNote

Extended by:

Google::Protobuf::MessageExts::ClassMethods

Includes:

Google::Protobuf::MessageExts

Defined in:

proto_docs/grafeas/v1/vulnerability.rb

Overview

A security vulnerability that can be found in resources.

Defined Under Namespace

Classes: Detail, WindowsDetail

Instance Attribute Summary

• #cvss_score ⇒ ::Float

  The CVSS score of this vulnerability.

• #cvss_v2 ⇒ ::Grafeas::V1::CVSS

  The full description of the v2 CVSS for this vulnerability.

• #cvss_v3 ⇒ ::Grafeas::V1::CVSSv3

  The full description of the CVSSv3 for this vulnerability.

• #cvss_version ⇒ ::Grafeas::V1::CVSSVersion

  CVSS version used to populate cvss_score and severity.

• #details ⇒ ::Array<::Grafeas::V1::VulnerabilityNote::Detail>

  Details of all known distros and packages affected by this vulnerability.

• #severity ⇒ ::Grafeas::V1::Severity

  The note provider assigned severity of this vulnerability.

• #source_update_time ⇒ ::Google::Protobuf::Timestamp

  The time this information was last changed at the source.

• #windows_details ⇒ ::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>

  Windows details get their own format because the information format and model don't match a normal detail.

Instance Attribute Details

#cvss_score ⇒ ::Float

Returns The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

Returns:

• (::Float) —

  The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.

# File 'proto_docs/grafeas/v1/vulnerability.rb', line 53

class VulnerabilityNote
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [::String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] affected_version_start
  #   @return [::Grafeas::V1::Version]
  #     The version number at the start of an interval in which this
  #     vulnerability exists. A vulnerability can affect a package between
  #     version numbers that are disjoint sets of intervals (example:
  #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
  #     represented in its own Detail. If a specific affected version is provided
  #     by a vulnerability database, affected_version_start and
  #     affected_version_end will be the same in that Detail.
  # @!attribute [rw] affected_version_end
  #   @return [::Grafeas::V1::Version]
  #     The version number at the end of an interval in which this vulnerability
  #     exists. A vulnerability can affect a package between version numbers
  #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
  #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
  #     own Detail. If a specific affected version is provided by a vulnerability
  #     database, affected_version_start and affected_version_end will be the
  #     same in that Detail.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
  #     to update to that contains a fix for this vulnerability. It is possible
  #     for this to be different from the affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The distro recommended package to update to that contains a fix for this
  #     vulnerability. It is possible for this to be different from the
  #     affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     The distro recommended version to update to that contains a
  #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
  #     such version is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [::Boolean]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  # @!attribute [rw] source_update_time
  #   @return [::Google::Protobuf::Timestamp]
  #     The time this information was last changed at the source. This is an
  #     upstream timestamp from the underlying information source - e.g. Ubuntu
  #     security tracker.
  # @!attribute [rw] source
  #   @return [::String]
  #     The source from which the information in this Detail was obtained.
  # @!attribute [rw] vendor
  #   @return [::String]
  #     The name of the vendor of the product.
  class Detail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [::String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] name
    #   @return [::String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [::String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#cvss_v2 ⇒ ::Grafeas::V1::CVSS

Returns The full description of the v2 CVSS for this vulnerability.

Returns:

• (::Grafeas::V1::CVSS) —

  The full description of the v2 CVSS for this vulnerability.

# File 'proto_docs/grafeas/v1/vulnerability.rb', line 53

class VulnerabilityNote
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [::String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] affected_version_start
  #   @return [::Grafeas::V1::Version]
  #     The version number at the start of an interval in which this
  #     vulnerability exists. A vulnerability can affect a package between
  #     version numbers that are disjoint sets of intervals (example:
  #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
  #     represented in its own Detail. If a specific affected version is provided
  #     by a vulnerability database, affected_version_start and
  #     affected_version_end will be the same in that Detail.
  # @!attribute [rw] affected_version_end
  #   @return [::Grafeas::V1::Version]
  #     The version number at the end of an interval in which this vulnerability
  #     exists. A vulnerability can affect a package between version numbers
  #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
  #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
  #     own Detail. If a specific affected version is provided by a vulnerability
  #     database, affected_version_start and affected_version_end will be the
  #     same in that Detail.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
  #     to update to that contains a fix for this vulnerability. It is possible
  #     for this to be different from the affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The distro recommended package to update to that contains a fix for this
  #     vulnerability. It is possible for this to be different from the
  #     affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     The distro recommended version to update to that contains a
  #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
  #     such version is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [::Boolean]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  # @!attribute [rw] source_update_time
  #   @return [::Google::Protobuf::Timestamp]
  #     The time this information was last changed at the source. This is an
  #     upstream timestamp from the underlying information source - e.g. Ubuntu
  #     security tracker.
  # @!attribute [rw] source
  #   @return [::String]
  #     The source from which the information in this Detail was obtained.
  # @!attribute [rw] vendor
  #   @return [::String]
  #     The name of the vendor of the product.
  class Detail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [::String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] name
    #   @return [::String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [::String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#cvss_v3 ⇒ ::Grafeas::V1::CVSSv3

Returns The full description of the CVSSv3 for this vulnerability.

Returns:

• (::Grafeas::V1::CVSSv3) —

  The full description of the CVSSv3 for this vulnerability.

# File 'proto_docs/grafeas/v1/vulnerability.rb', line 53

class VulnerabilityNote
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [::String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] affected_version_start
  #   @return [::Grafeas::V1::Version]
  #     The version number at the start of an interval in which this
  #     vulnerability exists. A vulnerability can affect a package between
  #     version numbers that are disjoint sets of intervals (example:
  #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
  #     represented in its own Detail. If a specific affected version is provided
  #     by a vulnerability database, affected_version_start and
  #     affected_version_end will be the same in that Detail.
  # @!attribute [rw] affected_version_end
  #   @return [::Grafeas::V1::Version]
  #     The version number at the end of an interval in which this vulnerability
  #     exists. A vulnerability can affect a package between version numbers
  #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
  #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
  #     own Detail. If a specific affected version is provided by a vulnerability
  #     database, affected_version_start and affected_version_end will be the
  #     same in that Detail.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
  #     to update to that contains a fix for this vulnerability. It is possible
  #     for this to be different from the affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The distro recommended package to update to that contains a fix for this
  #     vulnerability. It is possible for this to be different from the
  #     affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     The distro recommended version to update to that contains a
  #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
  #     such version is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [::Boolean]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  # @!attribute [rw] source_update_time
  #   @return [::Google::Protobuf::Timestamp]
  #     The time this information was last changed at the source. This is an
  #     upstream timestamp from the underlying information source - e.g. Ubuntu
  #     security tracker.
  # @!attribute [rw] source
  #   @return [::String]
  #     The source from which the information in this Detail was obtained.
  # @!attribute [rw] vendor
  #   @return [::String]
  #     The name of the vendor of the product.
  class Detail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [::String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] name
    #   @return [::String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [::String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#cvss_version ⇒ ::Grafeas::V1::CVSSVersion

Returns CVSS version used to populate cvss_score and severity.

Returns:

• (::Grafeas::V1::CVSSVersion) —

  CVSS version used to populate cvss_score and severity.

# File 'proto_docs/grafeas/v1/vulnerability.rb', line 53

class VulnerabilityNote
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [::String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] affected_version_start
  #   @return [::Grafeas::V1::Version]
  #     The version number at the start of an interval in which this
  #     vulnerability exists. A vulnerability can affect a package between
  #     version numbers that are disjoint sets of intervals (example:
  #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
  #     represented in its own Detail. If a specific affected version is provided
  #     by a vulnerability database, affected_version_start and
  #     affected_version_end will be the same in that Detail.
  # @!attribute [rw] affected_version_end
  #   @return [::Grafeas::V1::Version]
  #     The version number at the end of an interval in which this vulnerability
  #     exists. A vulnerability can affect a package between version numbers
  #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
  #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
  #     own Detail. If a specific affected version is provided by a vulnerability
  #     database, affected_version_start and affected_version_end will be the
  #     same in that Detail.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
  #     to update to that contains a fix for this vulnerability. It is possible
  #     for this to be different from the affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The distro recommended package to update to that contains a fix for this
  #     vulnerability. It is possible for this to be different from the
  #     affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     The distro recommended version to update to that contains a
  #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
  #     such version is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [::Boolean]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  # @!attribute [rw] source_update_time
  #   @return [::Google::Protobuf::Timestamp]
  #     The time this information was last changed at the source. This is an
  #     upstream timestamp from the underlying information source - e.g. Ubuntu
  #     security tracker.
  # @!attribute [rw] source
  #   @return [::String]
  #     The source from which the information in this Detail was obtained.
  # @!attribute [rw] vendor
  #   @return [::String]
  #     The name of the vendor of the product.
  class Detail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [::String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] name
    #   @return [::String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [::String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#details ⇒ ::Array<::Grafeas::V1::VulnerabilityNote::Detail>

Returns Details of all known distros and packages affected by this vulnerability.

Returns:

• (::Array<::Grafeas::V1::VulnerabilityNote::Detail>) —

  Details of all known distros and packages affected by this vulnerability.

# File 'proto_docs/grafeas/v1/vulnerability.rb', line 53

class VulnerabilityNote
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [::String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] affected_version_start
  #   @return [::Grafeas::V1::Version]
  #     The version number at the start of an interval in which this
  #     vulnerability exists. A vulnerability can affect a package between
  #     version numbers that are disjoint sets of intervals (example:
  #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
  #     represented in its own Detail. If a specific affected version is provided
  #     by a vulnerability database, affected_version_start and
  #     affected_version_end will be the same in that Detail.
  # @!attribute [rw] affected_version_end
  #   @return [::Grafeas::V1::Version]
  #     The version number at the end of an interval in which this vulnerability
  #     exists. A vulnerability can affect a package between version numbers
  #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
  #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
  #     own Detail. If a specific affected version is provided by a vulnerability
  #     database, affected_version_start and affected_version_end will be the
  #     same in that Detail.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
  #     to update to that contains a fix for this vulnerability. It is possible
  #     for this to be different from the affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The distro recommended package to update to that contains a fix for this
  #     vulnerability. It is possible for this to be different from the
  #     affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     The distro recommended version to update to that contains a
  #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
  #     such version is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [::Boolean]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  # @!attribute [rw] source_update_time
  #   @return [::Google::Protobuf::Timestamp]
  #     The time this information was last changed at the source. This is an
  #     upstream timestamp from the underlying information source - e.g. Ubuntu
  #     security tracker.
  # @!attribute [rw] source
  #   @return [::String]
  #     The source from which the information in this Detail was obtained.
  # @!attribute [rw] vendor
  #   @return [::String]
  #     The name of the vendor of the product.
  class Detail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [::String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] name
    #   @return [::String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [::String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#severity ⇒ ::Grafeas::V1::Severity

Returns The note provider assigned severity of this vulnerability.

Returns:

• (::Grafeas::V1::Severity) —

  The note provider assigned severity of this vulnerability.

# File 'proto_docs/grafeas/v1/vulnerability.rb', line 53

class VulnerabilityNote
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [::String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] affected_version_start
  #   @return [::Grafeas::V1::Version]
  #     The version number at the start of an interval in which this
  #     vulnerability exists. A vulnerability can affect a package between
  #     version numbers that are disjoint sets of intervals (example:
  #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
  #     represented in its own Detail. If a specific affected version is provided
  #     by a vulnerability database, affected_version_start and
  #     affected_version_end will be the same in that Detail.
  # @!attribute [rw] affected_version_end
  #   @return [::Grafeas::V1::Version]
  #     The version number at the end of an interval in which this vulnerability
  #     exists. A vulnerability can affect a package between version numbers
  #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
  #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
  #     own Detail. If a specific affected version is provided by a vulnerability
  #     database, affected_version_start and affected_version_end will be the
  #     same in that Detail.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
  #     to update to that contains a fix for this vulnerability. It is possible
  #     for this to be different from the affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The distro recommended package to update to that contains a fix for this
  #     vulnerability. It is possible for this to be different from the
  #     affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     The distro recommended version to update to that contains a
  #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
  #     such version is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [::Boolean]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  # @!attribute [rw] source_update_time
  #   @return [::Google::Protobuf::Timestamp]
  #     The time this information was last changed at the source. This is an
  #     upstream timestamp from the underlying information source - e.g. Ubuntu
  #     security tracker.
  # @!attribute [rw] source
  #   @return [::String]
  #     The source from which the information in this Detail was obtained.
  # @!attribute [rw] vendor
  #   @return [::String]
  #     The name of the vendor of the product.
  class Detail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [::String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] name
    #   @return [::String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [::String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#source_update_time ⇒ ::Google::Protobuf::Timestamp

Returns The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

Returns:

• (::Google::Protobuf::Timestamp) —

  The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.

# File 'proto_docs/grafeas/v1/vulnerability.rb', line 53

class VulnerabilityNote
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [::String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] affected_version_start
  #   @return [::Grafeas::V1::Version]
  #     The version number at the start of an interval in which this
  #     vulnerability exists. A vulnerability can affect a package between
  #     version numbers that are disjoint sets of intervals (example:
  #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
  #     represented in its own Detail. If a specific affected version is provided
  #     by a vulnerability database, affected_version_start and
  #     affected_version_end will be the same in that Detail.
  # @!attribute [rw] affected_version_end
  #   @return [::Grafeas::V1::Version]
  #     The version number at the end of an interval in which this vulnerability
  #     exists. A vulnerability can affect a package between version numbers
  #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
  #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
  #     own Detail. If a specific affected version is provided by a vulnerability
  #     database, affected_version_start and affected_version_end will be the
  #     same in that Detail.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
  #     to update to that contains a fix for this vulnerability. It is possible
  #     for this to be different from the affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The distro recommended package to update to that contains a fix for this
  #     vulnerability. It is possible for this to be different from the
  #     affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     The distro recommended version to update to that contains a
  #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
  #     such version is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [::Boolean]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  # @!attribute [rw] source_update_time
  #   @return [::Google::Protobuf::Timestamp]
  #     The time this information was last changed at the source. This is an
  #     upstream timestamp from the underlying information source - e.g. Ubuntu
  #     security tracker.
  # @!attribute [rw] source
  #   @return [::String]
  #     The source from which the information in this Detail was obtained.
  # @!attribute [rw] vendor
  #   @return [::String]
  #     The name of the vendor of the product.
  class Detail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [::String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] name
    #   @return [::String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [::String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end

#windows_details ⇒ ::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>

Returns Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

Returns:

• (::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>) —

  Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.

# File 'proto_docs/grafeas/v1/vulnerability.rb', line 53

class VulnerabilityNote
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # A detail for a distro and package affected by this vulnerability and its
  # associated fix (if one is available).
  # @!attribute [rw] severity_name
  #   @return [::String]
  #     The distro assigned severity of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     A vendor-specific description of this vulnerability.
  # @!attribute [rw] package_type
  #   @return [::String]
  #     The type of package; whether native or non native (e.g., ruby gems,
  #     node.js packages, etc.).
  # @!attribute [rw] affected_cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] affected_package
  #   @return [::String]
  #     Required. The package this vulnerability affects.
  # @!attribute [rw] affected_version_start
  #   @return [::Grafeas::V1::Version]
  #     The version number at the start of an interval in which this
  #     vulnerability exists. A vulnerability can affect a package between
  #     version numbers that are disjoint sets of intervals (example:
  #     [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
  #     represented in its own Detail. If a specific affected version is provided
  #     by a vulnerability database, affected_version_start and
  #     affected_version_end will be the same in that Detail.
  # @!attribute [rw] affected_version_end
  #   @return [::Grafeas::V1::Version]
  #     The version number at the end of an interval in which this vulnerability
  #     exists. A vulnerability can affect a package between version numbers
  #     that are disjoint sets of intervals (example: [1.0.0-1.1.0],
  #     [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
  #     own Detail. If a specific affected version is provided by a vulnerability
  #     database, affected_version_start and affected_version_end will be the
  #     same in that Detail.
  # @!attribute [rw] fixed_cpe_uri
  #   @return [::String]
  #     The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
  #     to update to that contains a fix for this vulnerability. It is possible
  #     for this to be different from the affected_cpe_uri.
  # @!attribute [rw] fixed_package
  #   @return [::String]
  #     The distro recommended package to update to that contains a fix for this
  #     vulnerability. It is possible for this to be different from the
  #     affected_package.
  # @!attribute [rw] fixed_version
  #   @return [::Grafeas::V1::Version]
  #     The distro recommended version to update to that contains a
  #     fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
  #     such version is yet available.
  # @!attribute [rw] is_obsolete
  #   @return [::Boolean]
  #     Whether this detail is obsolete. Occurrences are expected not to point to
  #     obsolete details.
  # @!attribute [rw] source_update_time
  #   @return [::Google::Protobuf::Timestamp]
  #     The time this information was last changed at the source. This is an
  #     upstream timestamp from the underlying information source - e.g. Ubuntu
  #     security tracker.
  # @!attribute [rw] source
  #   @return [::String]
  #     The source from which the information in this Detail was obtained.
  # @!attribute [rw] vendor
  #   @return [::String]
  #     The name of the vendor of the product.
  class Detail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] cpe_uri
  #   @return [::String]
  #     Required. The [CPE URI](https://cpe.mitre.org/specification/) this
  #     vulnerability affects.
  # @!attribute [rw] name
  #   @return [::String]
  #     Required. The name of this vulnerability.
  # @!attribute [rw] description
  #   @return [::String]
  #     The description of this vulnerability.
  # @!attribute [rw] fixing_kbs
  #   @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
  #     Required. The names of the KBs which have hotfixes to mitigate this
  #     vulnerability. Note that there may be multiple hotfixes (and thus
  #     multiple KBs) that mitigate a given vulnerability. Currently any listed
  #     KBs presence is considered a fix.
  class WindowsDetail
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # @!attribute [rw] name
    #   @return [::String]
    #     The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
    # @!attribute [rw] url
    #   @return [::String]
    #     A link to the KB in the [Windows update catalog]
    #     (https://www.catalog.update.microsoft.com/).
    class KnowledgeBase
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods
    end
  end
end