From 16848a7041efd25ddb209e242e6bf3af3a5c0936 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 14 Mar 2023 06:58:28 -0400 Subject: [PATCH] feat: Add VULNERABILITY_ASSESSMENT Note type (#238) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Add VULNERABILITY_ASSESSMENT Note type to grafeas v1 API, adds Vex_Assessment derived from the Note to resources' occurrences, VEX notes now be written to add CVE assessments PiperOrigin-RevId: 515727862 Source-Link: https://github.com/googleapis/googleapis/commit/a4e62056b0a8b2464e5b0b8f593b798d99c7817e Source-Link: https://github.com/googleapis/googleapis-gen/commit/3bc42dca2900815c165cf7d3419ff70df05dfb90 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiM2JjNDJkY2EyOTAwODE1YzE2NWNmN2QzNDE5ZmY3MGRmMDVkZmI5MCJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot --- grafeas/grafeas/__init__.py | 2 + grafeas/grafeas_v1/__init__.py | 2 + .../services/grafeas/async_client.py | 1 + grafeas/grafeas_v1/services/grafeas/client.py | 1 + grafeas/grafeas_v1/types/__init__.py | 4 + grafeas/grafeas_v1/types/common.py | 3 + grafeas/grafeas_v1/types/grafeas.py | 11 + grafeas/grafeas_v1/types/vex.py | 383 ++++++++++++++++++ grafeas/grafeas_v1/types/vulnerability.py | 77 ++++ tests/unit/gapic/grafeas_v1/test_grafeas.py | 189 +++++++++ 10 files changed, 673 insertions(+) create mode 100644 grafeas/grafeas_v1/types/vex.py diff --git a/grafeas/grafeas/__init__.py b/grafeas/grafeas/__init__.py index 31cf1d8..023f572 100644 --- a/grafeas/grafeas/__init__.py +++ b/grafeas/grafeas/__init__.py @@ -105,6 +105,7 @@ from grafeas.grafeas_v1.types.upgrade import UpgradeNote from grafeas.grafeas_v1.types.upgrade import UpgradeOccurrence from grafeas.grafeas_v1.types.upgrade import WindowsUpdate +from grafeas.grafeas_v1.types.vex import VulnerabilityAssessmentNote from grafeas.grafeas_v1.types.vulnerability import VulnerabilityNote from grafeas.grafeas_v1.types.vulnerability import VulnerabilityOccurrence @@ -195,6 +196,7 @@ "UpgradeNote", "UpgradeOccurrence", "WindowsUpdate", + "VulnerabilityAssessmentNote", "VulnerabilityNote", "VulnerabilityOccurrence", ) diff --git a/grafeas/grafeas_v1/__init__.py b/grafeas/grafeas_v1/__init__.py index 8e7b564..35535b6 100644 --- a/grafeas/grafeas_v1/__init__.py +++ b/grafeas/grafeas_v1/__init__.py @@ -105,6 +105,7 @@ from .types.upgrade import UpgradeNote from .types.upgrade import UpgradeOccurrence from .types.upgrade import WindowsUpdate +from .types.vex import VulnerabilityAssessmentNote from .types.vulnerability import VulnerabilityNote from .types.vulnerability import VulnerabilityOccurrence @@ -194,6 +195,7 @@ "UpgradeNote", "UpgradeOccurrence", "Version", + "VulnerabilityAssessmentNote", "VulnerabilityNote", "VulnerabilityOccurrence", "WindowsUpdate", diff --git a/grafeas/grafeas_v1/services/grafeas/async_client.py b/grafeas/grafeas_v1/services/grafeas/async_client.py index ae6257d..cfb5a97 100644 --- a/grafeas/grafeas_v1/services/grafeas/async_client.py +++ b/grafeas/grafeas_v1/services/grafeas/async_client.py @@ -56,6 +56,7 @@ from grafeas.grafeas_v1.types import image from grafeas.grafeas_v1.types import package from grafeas.grafeas_v1.types import upgrade +from grafeas.grafeas_v1.types import vex from grafeas.grafeas_v1.types import vulnerability from .transports.base import GrafeasTransport, DEFAULT_CLIENT_INFO from .transports.grpc_asyncio import GrafeasGrpcAsyncIOTransport diff --git a/grafeas/grafeas_v1/services/grafeas/client.py b/grafeas/grafeas_v1/services/grafeas/client.py index ceaed09..78cb5de 100644 --- a/grafeas/grafeas_v1/services/grafeas/client.py +++ b/grafeas/grafeas_v1/services/grafeas/client.py @@ -60,6 +60,7 @@ from grafeas.grafeas_v1.types import image from grafeas.grafeas_v1.types import package from grafeas.grafeas_v1.types import upgrade +from grafeas.grafeas_v1.types import vex from grafeas.grafeas_v1.types import vulnerability from .transports.base import GrafeasTransport, DEFAULT_CLIENT_INFO from .transports.grpc import GrafeasGrpcTransport diff --git a/grafeas/grafeas_v1/types/__init__.py b/grafeas/grafeas_v1/types/__init__.py index bca1440..09bd0e6 100644 --- a/grafeas/grafeas_v1/types/__init__.py +++ b/grafeas/grafeas_v1/types/__init__.py @@ -130,6 +130,9 @@ UpgradeOccurrence, WindowsUpdate, ) +from .vex import ( + VulnerabilityAssessmentNote, +) from .vulnerability import ( VulnerabilityNote, VulnerabilityOccurrence, @@ -220,6 +223,7 @@ "UpgradeNote", "UpgradeOccurrence", "WindowsUpdate", + "VulnerabilityAssessmentNote", "VulnerabilityNote", "VulnerabilityOccurrence", ) diff --git a/grafeas/grafeas_v1/types/common.py b/grafeas/grafeas_v1/types/common.py index 5fa197d..859dd78 100644 --- a/grafeas/grafeas_v1/types/common.py +++ b/grafeas/grafeas_v1/types/common.py @@ -67,6 +67,8 @@ class NoteKind(proto.Enum): This represents a Compliance Note DSSE_ATTESTATION (10): This represents a DSSE attestation Note + VULNERABILITY_ASSESSMENT (11): + This represents a Vulnerability Assessment. """ NOTE_KIND_UNSPECIFIED = 0 VULNERABILITY = 1 @@ -79,6 +81,7 @@ class NoteKind(proto.Enum): UPGRADE = 8 COMPLIANCE = 9 DSSE_ATTESTATION = 10 + VULNERABILITY_ASSESSMENT = 11 class RelatedUrl(proto.Message): diff --git a/grafeas/grafeas_v1/types/grafeas.py b/grafeas/grafeas_v1/types/grafeas.py index d8442d2..a74e60b 100644 --- a/grafeas/grafeas_v1/types/grafeas.py +++ b/grafeas/grafeas_v1/types/grafeas.py @@ -31,6 +31,7 @@ from grafeas.grafeas_v1.types import image as g_image from grafeas.grafeas_v1.types import package as g_package from grafeas.grafeas_v1.types import upgrade as g_upgrade +from grafeas.grafeas_v1.types import vex from grafeas.grafeas_v1.types import vulnerability as g_vulnerability @@ -327,6 +328,10 @@ class Note(proto.Message): dsse_attestation (grafeas.grafeas_v1.types.DSSEAttestationNote): A note describing a dsse attestation note. + This field is a member of `oneof`_ ``type``. + vulnerability_assessment (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote): + A note describing a vulnerability assessment. + This field is a member of `oneof`_ ``type``. """ @@ -431,6 +436,12 @@ class Note(proto.Message): oneof="type", message=g_dsse_attestation.DSSEAttestationNote, ) + vulnerability_assessment: vex.VulnerabilityAssessmentNote = proto.Field( + proto.MESSAGE, + number=20, + oneof="type", + message=vex.VulnerabilityAssessmentNote, + ) class GetOccurrenceRequest(proto.Message): diff --git a/grafeas/grafeas_v1/types/vex.py b/grafeas/grafeas_v1/types/vex.py new file mode 100644 index 0000000..3219e02 --- /dev/null +++ b/grafeas/grafeas_v1/types/vex.py @@ -0,0 +1,383 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +from __future__ import annotations + +from typing import MutableMapping, MutableSequence + +import proto # type: ignore + +from grafeas.grafeas_v1.types import common + + +__protobuf__ = proto.module( + package="grafeas.v1", + manifest={ + "VulnerabilityAssessmentNote", + }, +) + + +class VulnerabilityAssessmentNote(proto.Message): + r"""A single VulnerabilityAssessmentNote represents + one particular product's vulnerability assessment for one CVE. + + Attributes: + title (str): + The title of the note. E.g. ``Vex-Debian-11.4`` + short_description (str): + A one sentence description of this Vex. + long_description (str): + A detailed description of this Vex. + language_code (str): + Identifies the language used by this + document, corresponding to IETF BCP 47 / RFC + 5646. + publisher (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Publisher): + Publisher details of this Note. + product (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Product): + The product affected by this vex. + assessment (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment): + Represents a vulnerability assessment for the + product. + """ + + class Publisher(proto.Message): + r"""Publisher contains information about the publisher of + this Note. + (-- api-linter: core::0123::resource-annotation=disabled + aip.dev/not-precedent: Publisher is not a separate resource. --) + + Attributes: + name (str): + Name of the publisher. + Examples: 'Google', 'Google Cloud Platform'. + issuing_authority (str): + Provides information about the authority of + the issuing party to release the document, in + particular, the party's constituency and + responsibilities or other obligations. + publisher_namespace (str): + The context or namespace. + Contains a URL which is under control of the + issuing party and can be used as a globally + unique identifier for that issuing party. + Example: https://csaf.io + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + issuing_authority: str = proto.Field( + proto.STRING, + number=2, + ) + publisher_namespace: str = proto.Field( + proto.STRING, + number=3, + ) + + class Product(proto.Message): + r"""Product contains information about a product and how to + uniquely identify it. + (-- api-linter: core::0123::resource-annotation=disabled + aip.dev/not-precedent: Product is not a separate resource. --) + + + .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields + + Attributes: + name (str): + Name of the product. + id (str): + Token that identifies a product so that it + can be referred to from other parts in the + document. There is no predefined format as long + as it uniquely identifies a group in the context + of the current document. + generic_uri (str): + Contains a URI which is vendor-specific. + Example: The artifact repository URL of an + image. + + This field is a member of `oneof`_ ``identifier``. + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + id: str = proto.Field( + proto.STRING, + number=2, + ) + generic_uri: str = proto.Field( + proto.STRING, + number=3, + oneof="identifier", + ) + + class Assessment(proto.Message): + r"""Assessment provides all information that is related to a + single vulnerability for this product. + + Attributes: + cve (str): + Holds the MITRE standard Common + Vulnerabilities and Exposures (CVE) tracking + number for the vulnerability. + short_description (str): + A one sentence description of this Vex. + long_description (str): + A detailed description of this Vex. + related_uris (MutableSequence[grafeas.grafeas_v1.types.RelatedUrl]): + Holds a list of references associated with + this vulnerability item and assessment. These + uris have additional information about the + vulnerability and the assessment itself. E.g. + Link to a document which details how this + assessment concluded the state of this + vulnerability. + state (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment.State): + Provides the state of this Vulnerability + assessment. + impacts (MutableSequence[str]): + Contains information about the impact of this + vulnerability, this will change with time. + justification (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment.Justification): + Justification provides the justification when the state of + the assessment if NOT_AFFECTED. + remediations (MutableSequence[grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment.Remediation]): + Specifies details on how to handle (and + presumably, fix) a vulnerability. + """ + + class State(proto.Enum): + r"""Provides the state of this Vulnerability assessment. + + Values: + STATE_UNSPECIFIED (0): + No state is specified. + AFFECTED (1): + This product is known to be affected by this + vulnerability. + NOT_AFFECTED (2): + This product is known to be not affected by + this vulnerability. + FIXED (3): + This product contains a fix for this + vulnerability. + UNDER_INVESTIGATION (4): + It is not known yet whether these versions + are or are not affected by the vulnerability. + However, it is still under investigation. + """ + STATE_UNSPECIFIED = 0 + AFFECTED = 1 + NOT_AFFECTED = 2 + FIXED = 3 + UNDER_INVESTIGATION = 4 + + class Justification(proto.Message): + r"""Justification provides the justification when the state of the + assessment if NOT_AFFECTED. + + Attributes: + justification_type (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment.Justification.JustificationType): + The justification type for this + vulnerability. + details (str): + Additional details on why this justification + was chosen. + """ + + class JustificationType(proto.Enum): + r"""Provides the type of justification. + + Values: + JUSTIFICATION_TYPE_UNSPECIFIED (0): + JUSTIFICATION_TYPE_UNSPECIFIED. + COMPONENT_NOT_PRESENT (1): + The vulnerable component is not present in + the product. + VULNERABLE_CODE_NOT_PRESENT (2): + The vulnerable code is not present. Typically + this case occurs when source code is configured + or built in a way that excludes the vulnerable + code. + VULNERABLE_CODE_NOT_IN_EXECUTE_PATH (3): + The vulnerable code can not be executed. + Typically this case occurs when the product + includes the vulnerable code but does not call + or use the vulnerable code. + VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY (4): + The vulnerable code cannot be controlled by + an attacker to exploit the vulnerability. + INLINE_MITIGATIONS_ALREADY_EXIST (5): + The product includes built-in protections or + features that prevent exploitation of the + vulnerability. These built-in protections cannot + be subverted by the attacker and cannot be + configured or disabled by the user. These + mitigations completely prevent exploitation + based on known attack vectors. + """ + JUSTIFICATION_TYPE_UNSPECIFIED = 0 + COMPONENT_NOT_PRESENT = 1 + VULNERABLE_CODE_NOT_PRESENT = 2 + VULNERABLE_CODE_NOT_IN_EXECUTE_PATH = 3 + VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY = 4 + INLINE_MITIGATIONS_ALREADY_EXIST = 5 + + justification_type: "VulnerabilityAssessmentNote.Assessment.Justification.JustificationType" = proto.Field( + proto.ENUM, + number=1, + enum="VulnerabilityAssessmentNote.Assessment.Justification.JustificationType", + ) + details: str = proto.Field( + proto.STRING, + number=2, + ) + + class Remediation(proto.Message): + r"""Specifies details on how to handle (and presumably, fix) a + vulnerability. + + Attributes: + remediation_type (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType): + The type of remediation that can be applied. + details (str): + Contains a comprehensive human-readable + discussion of the remediation. + remediation_uri (grafeas.grafeas_v1.types.RelatedUrl): + Contains the URL where to obtain the + remediation. + """ + + class RemediationType(proto.Enum): + r"""The type of remediation that can be applied. + + Values: + REMEDIATION_TYPE_UNSPECIFIED (0): + No remediation type specified. + MITIGATION (1): + A MITIGATION is available. + NO_FIX_PLANNED (2): + No fix is planned. + NONE_AVAILABLE (3): + Not available. + VENDOR_FIX (4): + A vendor fix is available. + WORKAROUND (5): + A workaround is available. + """ + REMEDIATION_TYPE_UNSPECIFIED = 0 + MITIGATION = 1 + NO_FIX_PLANNED = 2 + NONE_AVAILABLE = 3 + VENDOR_FIX = 4 + WORKAROUND = 5 + + remediation_type: "VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType" = proto.Field( + proto.ENUM, + number=1, + enum="VulnerabilityAssessmentNote.Assessment.Remediation.RemediationType", + ) + details: str = proto.Field( + proto.STRING, + number=2, + ) + remediation_uri: common.RelatedUrl = proto.Field( + proto.MESSAGE, + number=3, + message=common.RelatedUrl, + ) + + cve: str = proto.Field( + proto.STRING, + number=1, + ) + short_description: str = proto.Field( + proto.STRING, + number=2, + ) + long_description: str = proto.Field( + proto.STRING, + number=3, + ) + related_uris: MutableSequence[common.RelatedUrl] = proto.RepeatedField( + proto.MESSAGE, + number=4, + message=common.RelatedUrl, + ) + state: "VulnerabilityAssessmentNote.Assessment.State" = proto.Field( + proto.ENUM, + number=5, + enum="VulnerabilityAssessmentNote.Assessment.State", + ) + impacts: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=6, + ) + justification: "VulnerabilityAssessmentNote.Assessment.Justification" = ( + proto.Field( + proto.MESSAGE, + number=7, + message="VulnerabilityAssessmentNote.Assessment.Justification", + ) + ) + remediations: MutableSequence[ + "VulnerabilityAssessmentNote.Assessment.Remediation" + ] = proto.RepeatedField( + proto.MESSAGE, + number=8, + message="VulnerabilityAssessmentNote.Assessment.Remediation", + ) + + title: str = proto.Field( + proto.STRING, + number=1, + ) + short_description: str = proto.Field( + proto.STRING, + number=2, + ) + long_description: str = proto.Field( + proto.STRING, + number=3, + ) + language_code: str = proto.Field( + proto.STRING, + number=4, + ) + publisher: Publisher = proto.Field( + proto.MESSAGE, + number=5, + message=Publisher, + ) + product: Product = proto.Field( + proto.MESSAGE, + number=6, + message=Product, + ) + assessment: Assessment = proto.Field( + proto.MESSAGE, + number=7, + message=Assessment, + ) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/grafeas/grafeas_v1/types/vulnerability.py b/grafeas/grafeas_v1/types/vulnerability.py index 0ea1704..220035a 100644 --- a/grafeas/grafeas_v1/types/vulnerability.py +++ b/grafeas/grafeas_v1/types/vulnerability.py @@ -24,6 +24,7 @@ from grafeas.grafeas_v1.types import cvss from grafeas.grafeas_v1.types import package from grafeas.grafeas_v1.types import severity as g_severity +from grafeas.grafeas_v1.types import vex __protobuf__ = proto.module( @@ -357,6 +358,8 @@ class VulnerabilityOccurrence(proto.Message): severity. cvss_v2 (grafeas.grafeas_v1.types.CVSS): The cvss v2 score for the vulnerability. + vex_assessment (grafeas.grafeas_v1.types.VulnerabilityOccurrence.VexAssessment): + """ class PackageIssue(proto.Message): @@ -447,6 +450,75 @@ class PackageIssue(proto.Message): message=common.FileLocation, ) + class VexAssessment(proto.Message): + r"""VexAssessment provides all publisher provided Vex information + that is related to this vulnerability. + + Attributes: + cve (str): + Holds the MITRE standard Common + Vulnerabilities and Exposures (CVE) tracking + number for the vulnerability. + related_uris (MutableSequence[grafeas.grafeas_v1.types.RelatedUrl]): + Holds a list of references associated with + this vulnerability item and assessment. + note_name (str): + The VulnerabilityAssessment note from which this + VexAssessment was generated. This will be of the form: + ``projects/[PROJECT_ID]/notes/[NOTE_ID]``. (-- api-linter: + core::0122::name-suffix=disabled aip.dev/not-precedent: The + suffix is kept for consistency. --) + state (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment.State): + Provides the state of this Vulnerability + assessment. + impacts (MutableSequence[str]): + Contains information about the impact of this + vulnerability, this will change with time. + remediations (MutableSequence[grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment.Remediation]): + Specifies details on how to handle (and + presumably, fix) a vulnerability. + justification (grafeas.grafeas_v1.types.VulnerabilityAssessmentNote.Assessment.Justification): + Justification provides the justification when the state of + the assessment if NOT_AFFECTED. + """ + + cve: str = proto.Field( + proto.STRING, + number=1, + ) + related_uris: MutableSequence[common.RelatedUrl] = proto.RepeatedField( + proto.MESSAGE, + number=2, + message=common.RelatedUrl, + ) + note_name: str = proto.Field( + proto.STRING, + number=3, + ) + state: vex.VulnerabilityAssessmentNote.Assessment.State = proto.Field( + proto.ENUM, + number=4, + enum=vex.VulnerabilityAssessmentNote.Assessment.State, + ) + impacts: MutableSequence[str] = proto.RepeatedField( + proto.STRING, + number=5, + ) + remediations: MutableSequence[ + vex.VulnerabilityAssessmentNote.Assessment.Remediation + ] = proto.RepeatedField( + proto.MESSAGE, + number=6, + message=vex.VulnerabilityAssessmentNote.Assessment.Remediation, + ) + justification: vex.VulnerabilityAssessmentNote.Assessment.Justification = ( + proto.Field( + proto.MESSAGE, + number=7, + message=vex.VulnerabilityAssessmentNote.Assessment.Justification, + ) + ) + type_: str = proto.Field( proto.STRING, number=1, @@ -502,6 +574,11 @@ class PackageIssue(proto.Message): number=12, message=cvss.CVSS, ) + vex_assessment: VexAssessment = proto.Field( + proto.MESSAGE, + number=13, + message=VexAssessment, + ) __all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/tests/unit/gapic/grafeas_v1/test_grafeas.py b/tests/unit/gapic/grafeas_v1/test_grafeas.py index 07fe036..3d6345f 100644 --- a/tests/unit/gapic/grafeas_v1/test_grafeas.py +++ b/tests/unit/gapic/grafeas_v1/test_grafeas.py @@ -72,6 +72,7 @@ from grafeas.grafeas_v1.types import slsa_provenance from grafeas.grafeas_v1.types import slsa_provenance_zero_two from grafeas.grafeas_v1.types import upgrade +from grafeas.grafeas_v1.types import vex from grafeas.grafeas_v1.types import vulnerability import google.auth @@ -5094,6 +5095,21 @@ def test_create_occurrence_rest(request_type): "fix_available": True, "cvss_version": 1, "cvss_v2": {}, + "vex_assessment": { + "cve": "cve_value", + "related_uris": {}, + "note_name": "note_name_value", + "state": 1, + "impacts": ["impacts_value1", "impacts_value2"], + "remediations": [ + { + "remediation_type": 1, + "details": "details_value", + "remediation_uri": {}, + } + ], + "justification": {"justification_type": 1, "details": "details_value"}, + }, }, "build": { "provenance": { @@ -5576,6 +5592,21 @@ def test_create_occurrence_rest_bad_request( "fix_available": True, "cvss_version": 1, "cvss_v2": {}, + "vex_assessment": { + "cve": "cve_value", + "related_uris": {}, + "note_name": "note_name_value", + "state": 1, + "impacts": ["impacts_value1", "impacts_value2"], + "remediations": [ + { + "remediation_type": 1, + "details": "details_value", + "remediation_uri": {}, + } + ], + "justification": {"justification_type": 1, "details": "details_value"}, + }, }, "build": { "provenance": { @@ -6232,6 +6263,21 @@ def test_update_occurrence_rest(request_type): "fix_available": True, "cvss_version": 1, "cvss_v2": {}, + "vex_assessment": { + "cve": "cve_value", + "related_uris": {}, + "note_name": "note_name_value", + "state": 1, + "impacts": ["impacts_value1", "impacts_value2"], + "remediations": [ + { + "remediation_type": 1, + "details": "details_value", + "remediation_uri": {}, + } + ], + "justification": {"justification_type": 1, "details": "details_value"}, + }, }, "build": { "provenance": { @@ -6716,6 +6762,21 @@ def test_update_occurrence_rest_bad_request( "fix_available": True, "cvss_version": 1, "cvss_v2": {}, + "vex_assessment": { + "cve": "cve_value", + "related_uris": {}, + "note_name": "note_name_value", + "state": 1, + "impacts": ["impacts_value1", "impacts_value2"], + "remediations": [ + { + "remediation_type": 1, + "details": "details_value", + "remediation_uri": {}, + } + ], + "justification": {"justification_type": 1, "details": "details_value"}, + }, }, "build": { "provenance": { @@ -8321,6 +8382,38 @@ def test_create_note_rest(request_type): "dsse_attestation": { "hint": {"human_readable_name": "human_readable_name_value"} }, + "vulnerability_assessment": { + "title": "title_value", + "short_description": "short_description_value", + "long_description": "long_description_value", + "language_code": "language_code_value", + "publisher": { + "name": "name_value", + "issuing_authority": "issuing_authority_value", + "publisher_namespace": "publisher_namespace_value", + }, + "product": { + "name": "name_value", + "id": "id_value", + "generic_uri": "generic_uri_value", + }, + "assessment": { + "cve": "cve_value", + "short_description": "short_description_value", + "long_description": "long_description_value", + "related_uris": {}, + "state": 1, + "impacts": ["impacts_value1", "impacts_value2"], + "justification": {"justification_type": 1, "details": "details_value"}, + "remediations": [ + { + "remediation_type": 1, + "details": "details_value", + "remediation_uri": {}, + } + ], + }, + }, } request = request_type(**request_init) @@ -8682,6 +8775,38 @@ def test_create_note_rest_bad_request( "dsse_attestation": { "hint": {"human_readable_name": "human_readable_name_value"} }, + "vulnerability_assessment": { + "title": "title_value", + "short_description": "short_description_value", + "long_description": "long_description_value", + "language_code": "language_code_value", + "publisher": { + "name": "name_value", + "issuing_authority": "issuing_authority_value", + "publisher_namespace": "publisher_namespace_value", + }, + "product": { + "name": "name_value", + "id": "id_value", + "generic_uri": "generic_uri_value", + }, + "assessment": { + "cve": "cve_value", + "short_description": "short_description_value", + "long_description": "long_description_value", + "related_uris": {}, + "state": 1, + "impacts": ["impacts_value1", "impacts_value2"], + "justification": {"justification_type": 1, "details": "details_value"}, + "remediations": [ + { + "remediation_type": 1, + "details": "details_value", + "remediation_uri": {}, + } + ], + }, + }, } request = request_type(**request_init) @@ -9206,6 +9331,38 @@ def test_update_note_rest(request_type): "dsse_attestation": { "hint": {"human_readable_name": "human_readable_name_value"} }, + "vulnerability_assessment": { + "title": "title_value", + "short_description": "short_description_value", + "long_description": "long_description_value", + "language_code": "language_code_value", + "publisher": { + "name": "name_value", + "issuing_authority": "issuing_authority_value", + "publisher_namespace": "publisher_namespace_value", + }, + "product": { + "name": "name_value", + "id": "id_value", + "generic_uri": "generic_uri_value", + }, + "assessment": { + "cve": "cve_value", + "short_description": "short_description_value", + "long_description": "long_description_value", + "related_uris": {}, + "state": 1, + "impacts": ["impacts_value1", "impacts_value2"], + "justification": {"justification_type": 1, "details": "details_value"}, + "remediations": [ + { + "remediation_type": 1, + "details": "details_value", + "remediation_uri": {}, + } + ], + }, + }, } request = request_type(**request_init) @@ -9553,6 +9710,38 @@ def test_update_note_rest_bad_request( "dsse_attestation": { "hint": {"human_readable_name": "human_readable_name_value"} }, + "vulnerability_assessment": { + "title": "title_value", + "short_description": "short_description_value", + "long_description": "long_description_value", + "language_code": "language_code_value", + "publisher": { + "name": "name_value", + "issuing_authority": "issuing_authority_value", + "publisher_namespace": "publisher_namespace_value", + }, + "product": { + "name": "name_value", + "id": "id_value", + "generic_uri": "generic_uri_value", + }, + "assessment": { + "cve": "cve_value", + "short_description": "short_description_value", + "long_description": "long_description_value", + "related_uris": {}, + "state": 1, + "impacts": ["impacts_value1", "impacts_value2"], + "justification": {"justification_type": 1, "details": "details_value"}, + "remediations": [ + { + "remediation_type": 1, + "details": "details_value", + "remediation_uri": {}, + } + ], + }, + }, } request = request_type(**request_init)