Search in sources :

Example 16 with Occurrence

use of io.grafeas.v1.Occurrence in project java-docs-samples by GoogleCloudPlatform.

the class PollDiscoveryOccurrenceFinished method pollDiscoveryOccurrenceFinished.

// Repeatedly query the Container Analysis API for the latest discovery occurrence until it is
// either in a terminal state, or the timeout value has been exceeded
public static Occurrence pollDiscoveryOccurrenceFinished(String resourceUrl, String projectId, long timeoutSeconds) throws IOException, TimeoutException, InterruptedException {
    // String resourceUrl = "https://gcr.io/project/image@sha256:123";
    // String projectId = "my-project-id";
    // long timeoutSeconds = 30;
    final String projectName = ProjectName.format(projectId);
    long deadline = System.currentTimeMillis() + timeoutSeconds * 1000;
    // Initialize client that will be used to send requests. After completing all of your requests,
    // call the "close" method on the client to safely clean up any remaining background resources.
    GrafeasClient client = ContainerAnalysisClient.create().getGrafeasClient();
    // find the discovery occurrence using a filter string
    Occurrence discoveryOccurrence = null;
    // vulbnerability discovery occurrences are always associated with the
    // PACKAGE_VULNERABILITY note in the "goog-analysis" GCP project
    String filter = String.format("resourceUrl=\"%s\" AND noteProjectId=\"%s\" AND noteId=\"%s\"", resourceUrl, "goog-analysis", "PACKAGE_VULNERABILITY");
    // [END containeranalysis_poll_discovery_occurrence_finished]
    // the above filter isn't testable, since it looks for occurrences in a locked down project
    // fall back to a more permissive filter for testing
    filter = String.format("kind=\"DISCOVERY\" AND resourceUrl=\"%s\"", resourceUrl);
    // [START containeranalysis_poll_discovery_occurrence_finished]
    while (discoveryOccurrence == null) {
        for (Occurrence o : client.listOccurrences(projectName, filter).iterateAll()) {
            if (o.getDiscovery() != null) {
                // there should be only one valid discovery occurrence returned by the given filter
                discoveryOccurrence = o;
            }
        }
        TimeUnit.SECONDS.sleep(1);
        // check for timeout
        if (System.currentTimeMillis() > deadline) {
            throw new TimeoutException("discovery occurrence not found");
        }
    }
    // wait for discovery occurrence to enter a terminal state
    AnalysisStatus status = AnalysisStatus.PENDING;
    while (status != AnalysisStatus.FINISHED_SUCCESS && status != AnalysisStatus.FINISHED_FAILED && status != AnalysisStatus.FINISHED_UNSUPPORTED) {
        // update the occurrence state
        discoveryOccurrence = client.getOccurrence(discoveryOccurrence.getName());
        status = discoveryOccurrence.getDiscovery().getAnalysisStatus();
        TimeUnit.SECONDS.sleep(1);
        // check for timeout
        if (System.currentTimeMillis() > deadline) {
            throw new TimeoutException("discovery occurrence not in terminal state");
        }
    }
    return discoveryOccurrence;
}
Also used : GrafeasClient(io.grafeas.v1.GrafeasClient) AnalysisStatus(io.grafeas.v1.DiscoveryOccurrence.AnalysisStatus) Occurrence(io.grafeas.v1.Occurrence) DiscoveryOccurrence(io.grafeas.v1.DiscoveryOccurrence) TimeoutException(java.util.concurrent.TimeoutException)

Example 17 with Occurrence

use of io.grafeas.v1.Occurrence in project java-docs-samples by GoogleCloudPlatform.

the class VulnerabilityOccurrencesForImage method findVulnerabilityOccurrencesForImage.

// Retrieve a list of vulnerability occurrences assoviated with a resource
public static List<Occurrence> findVulnerabilityOccurrencesForImage(String resourceUrl, String projectId) throws IOException {
    // String resourceUrl = "https://gcr.io/project/image@sha256:123";
    // String projectId = "my-project-id";
    final String projectName = ProjectName.format(projectId);
    String filterStr = String.format("kind=\"VULNERABILITY\" AND resourceUrl=\"%s\"", resourceUrl);
    // Initialize client that will be used to send requests. After completing all of your requests,
    // call the "close" method on the client to safely clean up any remaining background resources.
    GrafeasClient client = ContainerAnalysisClient.create().getGrafeasClient();
    LinkedList<Occurrence> vulnerabilitylist = new LinkedList<Occurrence>();
    for (Occurrence o : client.listOccurrences(projectName, filterStr).iterateAll()) {
        vulnerabilitylist.add(o);
    }
    return vulnerabilitylist;
}
Also used : GrafeasClient(io.grafeas.v1.GrafeasClient) Occurrence(io.grafeas.v1.Occurrence) LinkedList(java.util.LinkedList)

Example 18 with Occurrence

use of io.grafeas.v1.Occurrence in project java-docs-samples by GoogleCloudPlatform.

the class VulnerabilityFunction method accept.

@Override
public void accept(PubSubMessage payload, Context context) {
    String json = new String(Base64.getDecoder().decode(payload.getData()), StandardCharsets.UTF_8);
    OccurrenceNotification notification = gson.fromJson(json, OccurrenceNotification.class);
    // Retrieve the occurrence detials from the notification
    // https://cloud.google.com/container-registry/docs/reference/rest/v1/projects.occurrences#Occurrence
    Occurrence occurrence = grafeasClient.getOccurrence(notification.getName());
    // If the occurence is a vulnerability, output the log line base on severity
    if (NoteKind.VULNERABILITY.equals(occurrence.getKind())) {
        VulnerabilityOccurrence vulnerability = occurrence.getVulnerability();
        if (vulnerability.getSeverity().getNumber() >= Severity.HIGH_VALUE) {
            logger.warning(String.format("Image: %s, CVE: %s, Severity: %s", occurrence.getResourceUri(), vulnerability.getShortDescription(), vulnerability.getSeverity()));
        }
    }
}
Also used : VulnerabilityOccurrence(io.grafeas.v1.VulnerabilityOccurrence) Occurrence(io.grafeas.v1.Occurrence) VulnerabilityOccurrence(io.grafeas.v1.VulnerabilityOccurrence)

Example 19 with Occurrence

use of io.grafeas.v1.Occurrence in project java-containeranalysis by googleapis.

the class GrafeasV1Beta1ClientTest method createOccurrenceExceptionTest.

@Test
@SuppressWarnings("all")
public void createOccurrenceExceptionTest() throws Exception {
    StatusRuntimeException exception = new StatusRuntimeException(Status.INVALID_ARGUMENT);
    mockGrafeasV1Beta1.addException(exception);
    try {
        ProjectName parent = ProjectName.of("[PROJECT]");
        Occurrence occurrence = Occurrence.newBuilder().build();
        client.createOccurrence(parent, occurrence);
        Assert.fail("No exception raised");
    } catch (InvalidArgumentException e) {
    // Expected exception
    }
}
Also used : InvalidArgumentException(com.google.api.gax.rpc.InvalidArgumentException) ProjectName(com.google.containeranalysis.v1beta1.ProjectName) StatusRuntimeException(io.grpc.StatusRuntimeException) Occurrence(io.grafeas.v1beta1.Occurrence) Test(org.junit.Test)

Example 20 with Occurrence

use of io.grafeas.v1.Occurrence in project java-containeranalysis by googleapis.

the class GrafeasV1Beta1ClientTest method getOccurrenceTest.

@Test
@SuppressWarnings("all")
public void getOccurrenceTest() {
    String name2 = "name2-1052831874";
    String noteName = "noteName1780787896";
    String remediation = "remediation779381797";
    Occurrence expectedResponse = Occurrence.newBuilder().setName(name2).setNoteName(noteName).setRemediation(remediation).build();
    mockGrafeasV1Beta1.addResponse(expectedResponse);
    OccurrenceName name = OccurrenceName.of("[PROJECT]", "[OCCURRENCE]");
    Occurrence actualResponse = client.getOccurrence(name);
    Assert.assertEquals(expectedResponse, actualResponse);
    List<AbstractMessage> actualRequests = mockGrafeasV1Beta1.getRequests();
    Assert.assertEquals(1, actualRequests.size());
    GetOccurrenceRequest actualRequest = (GetOccurrenceRequest) actualRequests.get(0);
    Assert.assertEquals(name, OccurrenceName.parse(actualRequest.getName()));
    Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used : AbstractMessage(com.google.protobuf.AbstractMessage) OccurrenceName(com.google.containeranalysis.v1beta1.OccurrenceName) GetOccurrenceRequest(io.grafeas.v1beta1.GetOccurrenceRequest) Occurrence(io.grafeas.v1beta1.Occurrence) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)24 Occurrence (io.grafeas.v1.Occurrence)17 Occurrence (com.google.containeranalysis.v1alpha1.Occurrence)10 GrafeasClient (io.grafeas.v1.GrafeasClient)10 VulnerabilityOccurrence (io.grafeas.v1.VulnerabilityOccurrence)10 DiscoveryOccurrence (io.grafeas.v1.DiscoveryOccurrence)9 Occurrence (io.grafeas.v1beta1.Occurrence)9 AbstractMessage (com.google.protobuf.AbstractMessage)6 ProjectName (com.google.containeranalysis.v1beta1.ProjectName)5 ContainerAnalysisClient (com.google.cloud.devtools.containeranalysis.v1alpha1.ContainerAnalysisClient)4 InvalidArgumentException (com.google.api.gax.rpc.InvalidArgumentException)3 OccurrenceName (com.google.containeranalysis.v1beta1.OccurrenceName)3 NoteName (io.grafeas.v1.NoteName)3 StatusRuntimeException (io.grpc.StatusRuntimeException)3 ListOccurrencesPagedResponse (com.google.cloud.devtools.containeranalysis.v1alpha1.PagedResponseWrappers.ListOccurrencesPagedResponse)2 Subscriber (com.google.cloud.pubsub.v1.Subscriber)2 ListOccurrencesRequest (com.google.containeranalysis.v1alpha1.ListOccurrencesRequest)2 VulnerabilityDetails (com.google.containeranalysis.v1alpha1.VulnerabilityType.VulnerabilityDetails)2 FieldMask (com.google.protobuf.FieldMask)2 ProjectSubscriptionName (com.google.pubsub.v1.ProjectSubscriptionName)2