feat: Add container.create_time, vulnerability.offending_package, vul…

…nerability.fixed_package, vulnerability.security_bulletin, vulnerability.cve.impact, vulnerability.cve.exploitation_activity, vulnerability.cve.observed_in_the_wild, vulnerability.cve.zero_day to finding's list of attributes PiperOrigin-RevId: 611114785
googleapis · Feb 28, 2024 · 4bde689 · 4bde689
1 parent da4e23d
commit 4bde689
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 1 deletion.
diff --git a/google/cloud/securitycenter/v1/container.proto b/google/cloud/securitycenter/v1/container.proto
@@ -17,6 +17,7 @@ syntax = "proto3";
 package google.cloud.securitycenter.v1;
 
 import "google/cloud/securitycenter/v1/label.proto";
+import "google/protobuf/timestamp.proto";
 
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
 option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
@@ -41,4 +42,7 @@ message Container {
 
   // Container labels, as provided by the container runtime.
   repeated Label labels = 4;
+
+  // The time that the container was created.
+  google.protobuf.Timestamp create_time = 5;
 }
diff --git a/google/cloud/securitycenter/v1/vulnerability.proto b/google/cloud/securitycenter/v1/vulnerability.proto
@@ -16,6 +16,8 @@ syntax = "proto3";
 
 package google.cloud.securitycenter.v1;
 
+import "google/protobuf/timestamp.proto";
+
 option csharp_namespace = "Google.Cloud.SecurityCenter.V1";
 option go_package = "cloud.google.com/go/securitycenter/apiv1/securitycenterpb;securitycenterpb";
 option java_multiple_files = true;
@@ -29,11 +31,68 @@ message Vulnerability {
   // CVE stands for Common Vulnerabilities and Exposures
   // (https://cve.mitre.org/about/)
   Cve cve = 1;
+
+  // The offending package is relevant to the finding.
+  Package offending_package = 2;
+
+  // The fixed package is relevant to the finding.
+  Package fixed_package = 3;
+
+  // The security bulletin is relevant to this finding.
+  SecurityBulletin security_bulletin = 4;
 }
 
 // CVE stands for Common Vulnerabilities and Exposures.
-// More information: https://cve.mitre.org
+// Information from the [CVE
+// record](https://www.cve.org/ResourcesSupport/Glossary) that describes this
+// vulnerability.
 message Cve {
+  // The possible values of impact of the vulnerability if it was to be
+  // exploited.
+  enum RiskRating {
+    // Invalid or empty value.
+    RISK_RATING_UNSPECIFIED = 0;
+
+    // Exploitation would have little to no security impact.
+    LOW = 1;
+
+    // Exploitation would enable attackers to perform activities, or could allow
+    // attackers to have a direct impact, but would require additional steps.
+    MEDIUM = 2;
+
+    // Exploitation would enable attackers to have a notable direct impact
+    // without needing to overcome any major mitigating factors.
+    HIGH = 3;
+
+    // Exploitation would fundamentally undermine the security of affected
+    // systems, enable actors to perform significant attacks with minimal
+    // effort, with little to no mitigating factors to overcome.
+    CRITICAL = 4;
+  }
+
+  // The possible values of exploitation activity of the vulnerability in the
+  // wild.
+  enum ExploitationActivity {
+    // Invalid or empty value.
+    EXPLOITATION_ACTIVITY_UNSPECIFIED = 0;
+
+    // Exploitation has been reported or confirmed to widely occur.
+    WIDE = 1;
+
+    // Limited reported or confirmed exploitation activities.
+    CONFIRMED = 2;
+
+    // Exploit is publicly available.
+    AVAILABLE = 3;
+
+    // No known exploitation activity, but has a high potential for
+    // exploitation.
+    ANTICIPATED = 4;
+
+    // No known exploitation activity.
+    NO_KNOWN = 5;
+  }
+
   // The unique identifier for the vulnerability. e.g. CVE-2021-34527
   string id = 1;
 
@@ -47,6 +106,19 @@ message Cve {
 
   // Whether upstream fix is available for the CVE.
   bool upstream_fix_available = 4;
+
+  // The potential impact of the vulnerability if it was to be exploited.
+  RiskRating impact = 5;
+
+  // The exploitation activity of the vulnerability in the wild.
+  ExploitationActivity exploitation_activity = 6;
+
+  // Whether or not the vulnerability has been observed in the wild.
+  bool observed_in_the_wild = 7;
+
+  // Whether or not the vulnerability was zero day when the finding was
+  // published.
+  bool zero_day = 8;
 }
 
 // Additional Links
@@ -214,3 +286,31 @@ message Cvssv3 {
   // component resulting from a successfully exploited vulnerability.
   Impact availability_impact = 12;
 }
+
+// Package is a generic definition of a package.
+message Package {
+  // The name of the package where the vulnerability was detected.
+  string package_name = 1;
+
+  // The CPE URI where the vulnerability was detected.
+  string cpe_uri = 2;
+
+  // Type of package, for example, os, maven, or go.
+  string package_type = 3;
+
+  // The version of the package.
+  string package_version = 4;
+}
+
+// SecurityBulletin are notifications of vulnerabilities of Google products.
+message SecurityBulletin {
+  // ID of the bulletin corresponding to the vulnerability.
+  string bulletin_id = 1;
+
+  // Submission time of this Security Bulletin.
+  google.protobuf.Timestamp submission_time = 2;
+
+  // This represents a version that the cluster receiving this notification
+  // should be upgraded to, based on its current version. For example, 1.15.0
+  string suggested_upgrade_version = 3;
+}