xref: /aosp_15_r20/external/googleapis/google/devtools/containeranalysis/v1beta1/cvss/cvss.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2018 The Grafeas Authors. All rights reserved.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//    http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package grafeas.v1beta1.vulnerability;
18
19option go_package = "cloud.google.com/go/containeranalysis/apiv1beta1/containeranalysispb;containeranalysispb";
20option java_multiple_files = true;
21option java_package = "io.grafeas.v1beta1.vulnerability";
22option objc_class_prefix = "GRA";
23
24// Common Vulnerability Scoring System version 3.
25// For details, see https://www.first.org/cvss/specification-document
26message CVSSv3 {
27  // The base score is a function of the base metric scores.
28  float base_score = 1;
29
30  float exploitability_score = 2;
31
32  float impact_score = 3;
33
34  // Base Metrics
35  // Represents the intrinsic characteristics of a vulnerability that are
36  // constant over time and across user environments.
37  AttackVector attack_vector = 5;
38  AttackComplexity attack_complexity = 6;
39  PrivilegesRequired privileges_required = 7;
40  UserInteraction user_interaction = 8;
41  Scope scope = 9;
42  Impact confidentiality_impact = 10;
43  Impact integrity_impact = 11;
44  Impact availability_impact = 12;
45
46  enum AttackVector {
47    ATTACK_VECTOR_UNSPECIFIED = 0;
48    ATTACK_VECTOR_NETWORK = 1;
49    ATTACK_VECTOR_ADJACENT = 2;
50    ATTACK_VECTOR_LOCAL = 3;
51    ATTACK_VECTOR_PHYSICAL = 4;
52  }
53
54  enum AttackComplexity {
55    ATTACK_COMPLEXITY_UNSPECIFIED = 0;
56    ATTACK_COMPLEXITY_LOW = 1;
57    ATTACK_COMPLEXITY_HIGH = 2;
58  }
59
60  enum PrivilegesRequired {
61    PRIVILEGES_REQUIRED_UNSPECIFIED = 0;
62    PRIVILEGES_REQUIRED_NONE = 1;
63    PRIVILEGES_REQUIRED_LOW = 2;
64    PRIVILEGES_REQUIRED_HIGH = 3;
65  }
66
67  enum UserInteraction {
68    USER_INTERACTION_UNSPECIFIED = 0;
69    USER_INTERACTION_NONE = 1;
70    USER_INTERACTION_REQUIRED = 2;
71  }
72
73  enum Scope {
74    SCOPE_UNSPECIFIED = 0;
75    SCOPE_UNCHANGED = 1;
76    SCOPE_CHANGED = 2;
77  }
78
79  enum Impact {
80    IMPACT_UNSPECIFIED = 0;
81    IMPACT_HIGH = 1;
82    IMPACT_LOW = 2;
83    IMPACT_NONE = 3;
84  }
85}
86