use of io.grafeas.v1.Severity in project java-docs-samples by GoogleCloudPlatform.
the class SamplesTest method testFindHighSeverityVulnerabilitiesForImage.
@Test
public void testFindHighSeverityVulnerabilitiesForImage() throws Exception {
// check before creation
List<Occurrence> result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
assertEquals(0, result.size());
// create low severity occurrence
Occurrence low;
low = CreateOccurrence.createOccurrence(imageUrl, noteId, PROJECT_ID, PROJECT_ID);
result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
assertEquals(0, result.size());
// create high severity note
Note newNote = Note.newBuilder().setVulnerability(VulnerabilityNote.newBuilder().setSeverity(Severity.CRITICAL).addDetails(VulnerabilityNote.Detail.newBuilder().setAffectedCpeUri("your-uri-here").setAffectedPackage("your-package-here").setAffectedVersionStart(Version.newBuilder().setKind(Version.VersionKind.MINIMUM)).setAffectedVersionEnd(Version.newBuilder().setKind(Version.VersionKind.MAXIMUM)))).build();
String vulnNoteId = "severe-note-" + (new Date()).getTime();
ContainerAnalysisClient client = ContainerAnalysisClient.create();
client.getGrafeasClient().createNote(ProjectName.format(PROJECT_ID), vulnNoteId, newNote);
// create high severity occurrence
Occurrence critical = Occurrence.newBuilder().setNoteName(NoteName.of(PROJECT_ID, vulnNoteId).toString()).setResourceUri(imageUrl).setVulnerability(VulnerabilityOccurrence.newBuilder().setEffectiveSeverity(Severity.CRITICAL).addPackageIssue(PackageIssue.newBuilder().setAffectedCpeUri("your-uri-here").setAffectedPackage("your-package-here").setAffectedVersion(Version.newBuilder().setKind(Version.VersionKind.MINIMUM)).setFixedVersion(Version.newBuilder().setKind(Version.VersionKind.MAXIMUM)))).build();
critical = client.getGrafeasClient().createOccurrence(ProjectName.format(PROJECT_ID), critical);
// check again
int tries = 0;
do {
result = HighVulnerabilitiesForImage.findHighSeverityVulnerabilitiesForImage(imageUrl, PROJECT_ID);
sleep(SLEEP_TIME);
tries += 1;
} while (result.size() != 1 && tries < TRY_LIMIT);
assertEquals(1, result.size());
// clean up
String[] lowNameArr = low.getName().split("/");
String lowId = lowNameArr[lowNameArr.length - 1];
DeleteOccurrence.deleteOccurrence(lowId, PROJECT_ID);
String[] nameArr = critical.getName().split("/");
String occId = nameArr[nameArr.length - 1];
DeleteOccurrence.deleteOccurrence(occId, PROJECT_ID);
DeleteNote.deleteNote(vulnNoteId, PROJECT_ID);
}
use of io.grafeas.v1.Severity in project java-docs-samples by GoogleCloudPlatform.
the class HighVulnerabilitiesForImage method findHighSeverityVulnerabilitiesForImage.
// Retrieve a list of vulnerability occurrences with a severity level of 'HIGH' or greater
public static List<Occurrence> findHighSeverityVulnerabilitiesForImage(String resourceUrl, String projectId) throws IOException {
// String resourceUrl = "https://gcr.io/project/image@sha256:123";
// String projectId = "my-project-id";
final String projectName = ProjectName.format(projectId);
String filterStr = String.format("kind=\"VULNERABILITY\" AND resourceUrl=\"%s\"", resourceUrl);
// Initialize client that will be used to send requests. After completing all of your requests,
// call the "close" method on the client to safely clean up any remaining background resources.
GrafeasClient client = ContainerAnalysisClient.create().getGrafeasClient();
LinkedList<Occurrence> vulnerabilitylist = new LinkedList<Occurrence>();
for (Occurrence o : client.listOccurrences(projectName, filterStr).iterateAll()) {
Severity severity = o.getVulnerability().getEffectiveSeverity();
if (severity == Severity.HIGH || severity == Severity.CRITICAL) {
vulnerabilitylist.add(o);
}
}
return vulnerabilitylist;
}
use of io.grafeas.v1.Severity in project java-docs-samples by GoogleCloudPlatform.
the class VulnerabilityFunction method accept.
@Override
public void accept(PubSubMessage payload, Context context) {
String json = new String(Base64.getDecoder().decode(payload.getData()), StandardCharsets.UTF_8);
OccurrenceNotification notification = gson.fromJson(json, OccurrenceNotification.class);
// Retrieve the occurrence detials from the notification
// https://cloud.google.com/container-registry/docs/reference/rest/v1/projects.occurrences#Occurrence
Occurrence occurrence = grafeasClient.getOccurrence(notification.getName());
// If the occurence is a vulnerability, output the log line base on severity
if (NoteKind.VULNERABILITY.equals(occurrence.getKind())) {
VulnerabilityOccurrence vulnerability = occurrence.getVulnerability();
if (vulnerability.getSeverity().getNumber() >= Severity.HIGH_VALUE) {
logger.warning(String.format("Image: %s, CVE: %s, Severity: %s", occurrence.getResourceUri(), vulnerability.getShortDescription(), vulnerability.getSeverity()));
}
}
}
Aggregations