xref: /aosp_15_r20/external/google-cloud-java/java-grafeas/src/main/proto/grafeas/v1/cvss.proto (revision 55e87721aa1bc457b326496a7ca40f3ea1a63287) 
1// Copyright 2019 The Grafeas Authors. All rights reserved.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//    http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package grafeas.v1;
18
19option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
20option java_multiple_files = true;
21option java_package = "io.grafeas.v1";
22option objc_class_prefix = "GRA";
23option java_outer_classname = "CVSSProto";
24
25// Common Vulnerability Scoring System version 3.
26// For details, see https://www.first.org/cvss/specification-document
27message CVSSv3 {
28  // The base score is a function of the base metric scores.
29  float base_score = 1;
30
31  float exploitability_score = 2;
32
33  float impact_score = 3;
34
35  // Base Metrics
36  // Represents the intrinsic characteristics of a vulnerability that are
37  // constant over time and across user environments.
38  AttackVector attack_vector = 5;
39  AttackComplexity attack_complexity = 6;
40  PrivilegesRequired privileges_required = 7;
41  UserInteraction user_interaction = 8;
42  Scope scope = 9;
43  Impact confidentiality_impact = 10;
44  Impact integrity_impact = 11;
45  Impact availability_impact = 12;
46
47  enum AttackVector {
48    ATTACK_VECTOR_UNSPECIFIED = 0;
49    ATTACK_VECTOR_NETWORK = 1;
50    ATTACK_VECTOR_ADJACENT = 2;
51    ATTACK_VECTOR_LOCAL = 3;
52    ATTACK_VECTOR_PHYSICAL = 4;
53  }
54
55  enum AttackComplexity {
56    ATTACK_COMPLEXITY_UNSPECIFIED = 0;
57    ATTACK_COMPLEXITY_LOW = 1;
58    ATTACK_COMPLEXITY_HIGH = 2;
59  }
60
61  enum PrivilegesRequired {
62    PRIVILEGES_REQUIRED_UNSPECIFIED = 0;
63    PRIVILEGES_REQUIRED_NONE = 1;
64    PRIVILEGES_REQUIRED_LOW = 2;
65    PRIVILEGES_REQUIRED_HIGH = 3;
66  }
67
68  enum UserInteraction {
69    USER_INTERACTION_UNSPECIFIED = 0;
70    USER_INTERACTION_NONE = 1;
71    USER_INTERACTION_REQUIRED = 2;
72  }
73
74  enum Scope {
75    SCOPE_UNSPECIFIED = 0;
76    SCOPE_UNCHANGED = 1;
77    SCOPE_CHANGED = 2;
78  }
79
80  enum Impact {
81    IMPACT_UNSPECIFIED = 0;
82    IMPACT_HIGH = 1;
83    IMPACT_LOW = 2;
84    IMPACT_NONE = 3;
85  }
86}
87
88// Common Vulnerability Scoring System.
89// For details, see https://www.first.org/cvss/specification-document
90// This is a message we will try to use for storing various versions of CVSS
91// rather than making a separate proto for storing a specific version.
92message CVSS {
93  // The base score is a function of the base metric scores.
94  float base_score = 1;
95
96  float exploitability_score = 2;
97
98  float impact_score = 3;
99
100  // Base Metrics
101  // Represents the intrinsic characteristics of a vulnerability that are
102  // constant over time and across user environments.
103  AttackVector attack_vector = 4;
104  AttackComplexity attack_complexity = 5;
105  Authentication authentication = 6;
106  PrivilegesRequired privileges_required = 7;
107  UserInteraction user_interaction = 8;
108  Scope scope = 9;
109  Impact confidentiality_impact = 10;
110  Impact integrity_impact = 11;
111  Impact availability_impact = 12;
112
113  enum AttackVector {
114    ATTACK_VECTOR_UNSPECIFIED = 0;
115    ATTACK_VECTOR_NETWORK = 1;
116    ATTACK_VECTOR_ADJACENT = 2;
117    ATTACK_VECTOR_LOCAL = 3;
118    ATTACK_VECTOR_PHYSICAL = 4;
119  }
120
121  enum AttackComplexity {
122    ATTACK_COMPLEXITY_UNSPECIFIED = 0;
123    ATTACK_COMPLEXITY_LOW = 1;
124    ATTACK_COMPLEXITY_HIGH = 2;
125    ATTACK_COMPLEXITY_MEDIUM = 3;
126  }
127
128  enum Authentication {
129    AUTHENTICATION_UNSPECIFIED = 0;
130    AUTHENTICATION_MULTIPLE = 1;
131    AUTHENTICATION_SINGLE = 2;
132    AUTHENTICATION_NONE = 3;
133  }
134
135  enum PrivilegesRequired {
136    PRIVILEGES_REQUIRED_UNSPECIFIED = 0;
137    PRIVILEGES_REQUIRED_NONE = 1;
138    PRIVILEGES_REQUIRED_LOW = 2;
139    PRIVILEGES_REQUIRED_HIGH = 3;
140  }
141
142  enum UserInteraction {
143    USER_INTERACTION_UNSPECIFIED = 0;
144    USER_INTERACTION_NONE = 1;
145    USER_INTERACTION_REQUIRED = 2;
146  }
147
148  enum Scope {
149    SCOPE_UNSPECIFIED = 0;
150    SCOPE_UNCHANGED = 1;
151    SCOPE_CHANGED = 2;
152  }
153
154  enum Impact {
155    IMPACT_UNSPECIFIED = 0;
156    IMPACT_HIGH = 1;
157    IMPACT_LOW = 2;
158    IMPACT_NONE = 3;
159    IMPACT_PARTIAL = 4;
160    IMPACT_COMPLETE = 5;
161  }
162}
163
164// CVSS Version.
165enum CVSSVersion {
166  CVSS_VERSION_UNSPECIFIED = 0;
167  CVSS_VERSION_2 = 1;
168  CVSS_VERSION_3 = 2;
169}
170