Search in sources :

Example 6 with Occurrence

use of io.grafeas.v1.Occurrence in project java-docs-samples by GoogleCloudPlatform.

the class SamplesTest method testOccurrencesForImage.

@Test
public void testOccurrencesForImage() throws Exception {
    int newCount;
    int tries = 0;
    int origCount = OccurrencesForImage.getOccurrencesForImage(imageUrl, PROJECT_ID);
    final Occurrence o = CreateOccurrence.createOccurrence(imageUrl, noteId, PROJECT_ID, PROJECT_ID);
    do {
        newCount = OccurrencesForImage.getOccurrencesForImage(imageUrl, PROJECT_ID);
        sleep(SLEEP_TIME);
        tries += 1;
    } while (newCount != 1 && tries < TRY_LIMIT);
    assertEquals(1, newCount);
    assertEquals(0, origCount);
    // clean up
    String[] nameArr = o.getName().split("/");
    String occId = nameArr[nameArr.length - 1];
    DeleteOccurrence.deleteOccurrence(occId, PROJECT_ID);
}
Also used : Occurrence(io.grafeas.v1.Occurrence) VulnerabilityOccurrence(io.grafeas.v1.VulnerabilityOccurrence) DiscoveryOccurrence(io.grafeas.v1.DiscoveryOccurrence) Test(org.junit.Test)

Example 7 with Occurrence

use of io.grafeas.v1.Occurrence in project java-docs-samples by GoogleCloudPlatform.

the class SamplesTest method testFindHighSeverityVulnerabilitiesForImage.

@Test
public void testFindHighSeverityVulnerabilitiesForImage() throws Exception {
    // check before creation
    List<Occurrence> result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
    assertEquals(0, result.size());
    // create low severity occurrence
    Occurrence low;
    low = CreateOccurrence.createOccurrence(imageUrl, noteId, PROJECT_ID, PROJECT_ID);
    result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
    assertEquals(0, result.size());
    // create high severity note
    Note newNote = Note.newBuilder().setVulnerability(VulnerabilityNote.newBuilder().setSeverity(Severity.CRITICAL).addDetails(VulnerabilityNote.Detail.newBuilder().setAffectedCpeUri("your-uri-here").setAffectedPackage("your-package-here").setAffectedVersionStart(Version.newBuilder().setKind(Version.VersionKind.MINIMUM)).setAffectedVersionEnd(Version.newBuilder().setKind(Version.VersionKind.MAXIMUM)))).build();
    String vulnNoteId = "severe-note-" + (new Date()).getTime();
    ContainerAnalysisClient client = ContainerAnalysisClient.create();
    client.getGrafeasClient().createNote(ProjectName.format(PROJECT_ID), vulnNoteId, newNote);
    // create high severity occurrence
    Occurrence critical = Occurrence.newBuilder().setNoteName(NoteName.of(PROJECT_ID, vulnNoteId).toString()).setResourceUri(imageUrl).setVulnerability(VulnerabilityOccurrence.newBuilder().setEffectiveSeverity(Severity.CRITICAL).addPackageIssue(PackageIssue.newBuilder().setAffectedCpeUri("your-uri-here").setAffectedPackage("your-package-here").setAffectedVersion(Version.newBuilder().setKind(Version.VersionKind.MINIMUM)).setFixedVersion(Version.newBuilder().setKind(Version.VersionKind.MAXIMUM)))).build();
    critical = client.getGrafeasClient().createOccurrence(ProjectName.format(PROJECT_ID), critical);
    // check again
    int tries = 0;
    do {
        result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
        sleep(SLEEP_TIME);
        tries += 1;
    } while (result.size() != 1 && tries < TRY_LIMIT);
    assertEquals(1, result.size());
    // clean up
    String[] lowNameArr = low.getName().split("/");
    String lowId = lowNameArr[lowNameArr.length - 1];
    DeleteOccurrence.deleteOccurrence(lowId, PROJECT_ID);
    String[] nameArr = critical.getName().split("/");
    String occId = nameArr[nameArr.length - 1];
    DeleteOccurrence.deleteOccurrence(occId, PROJECT_ID);
    DeleteNote.deleteNote(vulnNoteId, PROJECT_ID);
}
Also used : VulnerabilityNote(io.grafeas.v1.VulnerabilityNote) DiscoveryNote(io.grafeas.v1.DiscoveryNote) Note(io.grafeas.v1.Note) Occurrence(io.grafeas.v1.Occurrence) VulnerabilityOccurrence(io.grafeas.v1.VulnerabilityOccurrence) DiscoveryOccurrence(io.grafeas.v1.DiscoveryOccurrence) ContainerAnalysisClient(com.google.cloud.devtools.containeranalysis.v1.ContainerAnalysisClient) Date(java.util.Date) Test(org.junit.Test)

Example 8 with Occurrence

use of io.grafeas.v1.Occurrence in project java-docs-samples by GoogleCloudPlatform.

the class VulnerabilityFunctionTest method testAccept.

@Test
public void testAccept() throws IOException {
    AtomicInteger occurrenceCallCount = new AtomicInteger();
    Mockito.when(grafeasStub.getOccurrenceCallable()).thenReturn(new UnaryCallable<>() {

        @Override
        public ApiFuture<Occurrence> futureCall(GetOccurrenceRequest request, ApiCallContext context) {
            occurrenceCallCount.incrementAndGet();
            return ApiFutures.immediateFuture(Occurrence.newBuilder().setKind(NoteKind.VULNERABILITY).setResourceUri("gcr.io/test-project/some-image").setVulnerability(VulnerabilityOccurrence.newBuilder().setSeverity(Severity.CRITICAL).setShortDescription("CVE-CRITICAL").build()).build());
        }
    });
    VulnerabilityFunction function = new VulnerabilityFunction(containerAnalysisClient);
    String notificationPayload = "{\"name\":\"projects/test-project/occurrences/some-uuid\",\"kind\":\"VULNERABILITY\"," + "\"notificationTime\":\"2020-09-04T00:38:25.575543Z\"}";
    PubSubMessage msg = new PubSubMessage();
    msg.setData(Base64.getEncoder().encodeToString(notificationPayload.getBytes(StandardCharsets.UTF_8)));
    function.accept(msg, null);
    Assert.assertEquals(1, occurrenceCallCount.get());
}
Also used : ApiFuture(com.google.api.core.ApiFuture) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) GetOccurrenceRequest(io.grafeas.v1.GetOccurrenceRequest) ApiCallContext(com.google.api.gax.rpc.ApiCallContext) Test(org.junit.Test)

Example 9 with Occurrence

use of io.grafeas.v1.Occurrence in project java-docs-samples by GoogleCloudPlatform.

the class CreateOccurrence method createOccurrence.

// Creates and returns a new vulnerability Occurrence associated with an existing Note
public static Occurrence createOccurrence(String resourceUrl, String noteId, String occProjectId, String noteProjectId) throws IOException, InterruptedException {
    // String resourceUrl = "https://gcr.io/project/image@sha256:123";
    // String noteId = "my-note";
    // String occProjectId = "my-project-id";
    // String noteProjectId = "my-project-id";
    final NoteName noteName = NoteName.of(noteProjectId, noteId);
    final String occProjectName = ProjectName.format(occProjectId);
    Occurrence newOcc = Occurrence.newBuilder().setNoteName(noteName.toString()).setResourceUri(resourceUrl).setVulnerability(VulnerabilityOccurrence.newBuilder().addPackageIssue(PackageIssue.newBuilder().setAffectedCpeUri("your-uri-here").setAffectedPackage("your-package-here").setAffectedVersion(Version.newBuilder().setKind(Version.VersionKind.MINIMUM)).setFixedVersion(Version.newBuilder().setKind(Version.VersionKind.MAXIMUM)))).build();
    // Initialize client that will be used to send requests. After completing all of your requests,
    // call the "close" method on the client to safely clean up any remaining background resources.
    GrafeasClient client = ContainerAnalysisClient.create().getGrafeasClient();
    Occurrence result = client.createOccurrence(occProjectName, newOcc);
    return result;
}
Also used : GrafeasClient(io.grafeas.v1.GrafeasClient) NoteName(io.grafeas.v1.NoteName) Occurrence(io.grafeas.v1.Occurrence) VulnerabilityOccurrence(io.grafeas.v1.VulnerabilityOccurrence)

Example 10 with Occurrence

use of io.grafeas.v1.Occurrence in project java-docs-samples by GoogleCloudPlatform.

the class DeleteOccurrence method deleteOccurrence.

// Deletes an existing Occurrence from the server
public static void deleteOccurrence(String occurrenceId, String projectId) throws IOException, InterruptedException {
    // String occurrenceId = "123-456-789";
    // String projectId = "my-project-id";
    final OccurrenceName occurrenceName = OccurrenceName.of(projectId, occurrenceId);
    // Initialize client that will be used to send requests. After completing all of your requests,
    // call the "close" method on the client to safely clean up any remaining background resources.
    GrafeasClient client = ContainerAnalysisClient.create().getGrafeasClient();
    client.deleteOccurrence(occurrenceName);
}
Also used : GrafeasClient(io.grafeas.v1.GrafeasClient) OccurrenceName(io.grafeas.v1.OccurrenceName)

Aggregations

Test (org.junit.Test)24 Occurrence (io.grafeas.v1.Occurrence)17 Occurrence (com.google.containeranalysis.v1alpha1.Occurrence)10 GrafeasClient (io.grafeas.v1.GrafeasClient)10 VulnerabilityOccurrence (io.grafeas.v1.VulnerabilityOccurrence)10 DiscoveryOccurrence (io.grafeas.v1.DiscoveryOccurrence)9 Occurrence (io.grafeas.v1beta1.Occurrence)9 AbstractMessage (com.google.protobuf.AbstractMessage)6 ProjectName (com.google.containeranalysis.v1beta1.ProjectName)5 ContainerAnalysisClient (com.google.cloud.devtools.containeranalysis.v1alpha1.ContainerAnalysisClient)4 InvalidArgumentException (com.google.api.gax.rpc.InvalidArgumentException)3 OccurrenceName (com.google.containeranalysis.v1beta1.OccurrenceName)3 NoteName (io.grafeas.v1.NoteName)3 StatusRuntimeException (io.grpc.StatusRuntimeException)3 ListOccurrencesPagedResponse (com.google.cloud.devtools.containeranalysis.v1alpha1.PagedResponseWrappers.ListOccurrencesPagedResponse)2 Subscriber (com.google.cloud.pubsub.v1.Subscriber)2 ListOccurrencesRequest (com.google.containeranalysis.v1alpha1.ListOccurrencesRequest)2 VulnerabilityDetails (com.google.containeranalysis.v1alpha1.VulnerabilityType.VulnerabilityDetails)2 FieldMask (com.google.protobuf.FieldMask)2 ProjectSubscriptionName (com.google.pubsub.v1.ProjectSubscriptionName)2