Search in sources :

Example 1 with Severity

use of io.grafeas.v1.Severity in project java-docs-samples by GoogleCloudPlatform.

the class SamplesTest method testFindHighSeverityVulnerabilitiesForImage.

@Test
public void testFindHighSeverityVulnerabilitiesForImage() throws Exception {
    // check before creation
    List<Occurrence> result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
    assertEquals(0, result.size());
    // create low severity occurrence
    Occurrence low;
    low = CreateOccurrence.createOccurrence(imageUrl, noteId, PROJECT_ID, PROJECT_ID);
    result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
    assertEquals(0, result.size());
    // create high severity note
    Note newNote = Note.newBuilder().setVulnerability(VulnerabilityNote.newBuilder().setSeverity(Severity.CRITICAL).addDetails(VulnerabilityNote.Detail.newBuilder().setAffectedCpeUri("your-uri-here").setAffectedPackage("your-package-here").setAffectedVersionStart(Version.newBuilder().setKind(Version.VersionKind.MINIMUM)).setAffectedVersionEnd(Version.newBuilder().setKind(Version.VersionKind.MAXIMUM)))).build();
    String vulnNoteId = "severe-note-" + (new Date()).getTime();
    ContainerAnalysisClient client = ContainerAnalysisClient.create();
    client.getGrafeasClient().createNote(ProjectName.format(PROJECT_ID), vulnNoteId, newNote);
    // create high severity occurrence
    Occurrence critical = Occurrence.newBuilder().setNoteName(NoteName.of(PROJECT_ID, vulnNoteId).toString()).setResourceUri(imageUrl).setVulnerability(VulnerabilityOccurrence.newBuilder().setEffectiveSeverity(Severity.CRITICAL).addPackageIssue(PackageIssue.newBuilder().setAffectedCpeUri("your-uri-here").setAffectedPackage("your-package-here").setAffectedVersion(Version.newBuilder().setKind(Version.VersionKind.MINIMUM)).setFixedVersion(Version.newBuilder().setKind(Version.VersionKind.MAXIMUM)))).build();
    critical = client.getGrafeasClient().createOccurrence(ProjectName.format(PROJECT_ID), critical);
    // check again
    int tries = 0;
    do {
        result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
        sleep(SLEEP_TIME);
        tries += 1;
    } while (result.size() != 1 && tries < TRY_LIMIT);
    assertEquals(1, result.size());
    // clean up
    String[] lowNameArr = low.getName().split("/");
    String lowId = lowNameArr[lowNameArr.length - 1];
    DeleteOccurrence.deleteOccurrence(lowId, PROJECT_ID);
    String[] nameArr = critical.getName().split("/");
    String occId = nameArr[nameArr.length - 1];
    DeleteOccurrence.deleteOccurrence(occId, PROJECT_ID);
    DeleteNote.deleteNote(vulnNoteId, PROJECT_ID);
}
Also used : VulnerabilityNote(io.grafeas.v1.VulnerabilityNote) DiscoveryNote(io.grafeas.v1.DiscoveryNote) Note(io.grafeas.v1.Note) Occurrence(io.grafeas.v1.Occurrence) VulnerabilityOccurrence(io.grafeas.v1.VulnerabilityOccurrence) DiscoveryOccurrence(io.grafeas.v1.DiscoveryOccurrence) ContainerAnalysisClient(com.google.cloud.devtools.containeranalysis.v1.ContainerAnalysisClient) Date(java.util.Date) Test(org.junit.Test)

Example 2 with Severity

use of io.grafeas.v1.Severity in project java-docs-samples by GoogleCloudPlatform.

the class HighVulnerabilitiesForImage method findHighSeverityVulnerabilitiesForImage.

// Retrieve a list of vulnerability occurrences with a severity level of 'HIGH' or greater
public static List<Occurrence> findHighSeverityVulnerabilitiesForImage(String resourceUrl, String projectId) throws IOException {
    // String resourceUrl = "https://gcr.io/project/image@sha256:123";
    // String projectId = "my-project-id";
    final String projectName = ProjectName.format(projectId);
    String filterStr = String.format("kind=\"VULNERABILITY\" AND resourceUrl=\"%s\"", resourceUrl);
    // Initialize client that will be used to send requests. After completing all of your requests,
    // call the "close" method on the client to safely clean up any remaining background resources.
    GrafeasClient client = ContainerAnalysisClient.create().getGrafeasClient();
    LinkedList<Occurrence> vulnerabilitylist = new LinkedList<Occurrence>();
    for (Occurrence o : client.listOccurrences(projectName, filterStr).iterateAll()) {
        Severity severity = o.getVulnerability().getEffectiveSeverity();
        if (severity == Severity.HIGH || severity == Severity.CRITICAL) {
            vulnerabilitylist.add(o);
        }
    }
    return vulnerabilitylist;
}
Also used : GrafeasClient(io.grafeas.v1.GrafeasClient) Severity(io.grafeas.v1.Severity) Occurrence(io.grafeas.v1.Occurrence) LinkedList(java.util.LinkedList)

Example 3 with Severity

use of io.grafeas.v1.Severity in project java-docs-samples by GoogleCloudPlatform.

the class VulnerabilityFunction method accept.

@Override
public void accept(PubSubMessage payload, Context context) {
    String json = new String(Base64.getDecoder().decode(payload.getData()), StandardCharsets.UTF_8);
    OccurrenceNotification notification = gson.fromJson(json, OccurrenceNotification.class);
    // Retrieve the occurrence detials from the notification
    // https://cloud.google.com/container-registry/docs/reference/rest/v1/projects.occurrences#Occurrence
    Occurrence occurrence = grafeasClient.getOccurrence(notification.getName());
    // If the occurence is a vulnerability, output the log line base on severity
    if (NoteKind.VULNERABILITY.equals(occurrence.getKind())) {
        VulnerabilityOccurrence vulnerability = occurrence.getVulnerability();
        if (vulnerability.getSeverity().getNumber() >= Severity.HIGH_VALUE) {
            logger.warning(String.format("Image: %s, CVE: %s, Severity: %s", occurrence.getResourceUri(), vulnerability.getShortDescription(), vulnerability.getSeverity()));
        }
    }
}
Also used : VulnerabilityOccurrence(io.grafeas.v1.VulnerabilityOccurrence) Occurrence(io.grafeas.v1.Occurrence) VulnerabilityOccurrence(io.grafeas.v1.VulnerabilityOccurrence)

Aggregations

Occurrence (io.grafeas.v1.Occurrence)3 VulnerabilityOccurrence (io.grafeas.v1.VulnerabilityOccurrence)2 ContainerAnalysisClient (com.google.cloud.devtools.containeranalysis.v1.ContainerAnalysisClient)1 DiscoveryNote (io.grafeas.v1.DiscoveryNote)1 DiscoveryOccurrence (io.grafeas.v1.DiscoveryOccurrence)1 GrafeasClient (io.grafeas.v1.GrafeasClient)1 Note (io.grafeas.v1.Note)1 Severity (io.grafeas.v1.Severity)1 VulnerabilityNote (io.grafeas.v1.VulnerabilityNote)1 Date (java.util.Date)1 LinkedList (java.util.LinkedList)1 Test (org.junit.Test)1