0SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKJ r SSK J r SSKJr SS KJr SS KJr SS KJr /S Qr/S Qr/SQrSrSrSrSrSrSrSrSr Sr!g)z/Utility for interacting with vex command group.)absolute_import)division)unicode_literalsN) exceptions)util)apis) docker_util)log) FileReader)component_not_presentvulnerable_code_not_present1vulnerable_code_cannot_be_controlled_by_adversary#vulnerable_code_not_in_execute_path inline_mitigations_already_exist)known_affectedknown_not_affectedfixedunder_investigation) mitigationno_fix_plannednone_available vendor_fix workaroundz ^[^:@\/]+$c [R"SS5n[U5n[R"U5nSSS5 [W5 SnSnURS5nUb6URS5n U b"U RS5nU RS 5nURUUS 9n U(aUOUn 0n US S HMn U Sn [U 5n X:waMU S nUSnSRU 5n URUSUU S9nUX'MO /nUSHnUSHnUSUHsnU RU5nUcM[UUXX5unnUcSRU5nURR R#UUS9nUR%U5 Mu M M UU 4$!,(df  GN{=f![ a [ R"S5ef=f)aReads a vex file and extracts notes. Args: filename: str, path to the vex file. image_uri: uri of the whole image version_uri: uri of a specific version Returns: A list of notes. Raises: ar_exceptions.InvalidInputValueError if user input is invalid. containeranalysisv1NzReading json file has faileddocument publishername namespace)r publisherNamespace product_treebranchesproduct product_idz https://{})r id genericUrivulnerabilitiesproduct_statuszimage-{})keyvalue)rGetMessagesModuler jsonload ValueError ar_exceptionsInvalidInputValueError _Validateget Publisher RemoveHTTPSformatProduct _MakeNoteBatchCreateNotesRequest NotesValueAdditionalPropertyappend)filename image_uri version_uri ca_messagesfilevexr r!rr generic_uriproductid_to_product_proto_map product_info artifact_urir%r& product_protonotesvulnstatusnoteidnotes 4lib/googlecloudsdk/command_lib/artifacts/vex_util.py ParseVexFilerO8s3&&':DA+ H  IIdOc   C. $) WWZ (  [)I ]]6 "d-- ,i## "$) + +#% .)*5l'L|,L 9%G&J%%k2K'' V_ (M 2?".6 %#$d'(-.v6*044Z@ ?  &'h   $$V,&  / / : : M M$ N   T7)%"  q     . .& s' GF/G/ F>9G>G!G"cURS5nUc[R"S5eURS5nUc[R"S5e[U5S:a[R"S5eUHanURS5nUc[R"S 5e[UR S 55S :dMM[R"S 5e URS 5nUc[R"S5e[U5S:a[ R "S5 UHn[U5 M g)zValidates vex file has all needed fields. Args: vex: json representing a vex document Raises: ar_exceptions.InvalidInputValueError if user input is invalid. r#Nz)product_tree is required in csaf documentr$z6branches are required in product tree in csaf documentz@at least one branch is expected in product tree in csaf documentr z1name is required in product tree in csaf document/zWname of product should be artifact path, showing repository, project, and package/imager)z-vulnerabilities are required in csaf documentz7at least one vulnerability is expected in csaf document)r4r1r2lensplitr warning_ValidateVulnerability)rCr#r$r%r r)rJs rNr3r3s?(,  . .3   j )(   . .@  ]Q  . .J g ;;v D |  0 0 =  4::c?a  0 0 ( GG-./  . .7  AKKIJd4 cURS5nUc[R"S5eURS5nUc[R"S5e[U5S:a[R"S5eUH7nU[;dM[R"SR U[55e URS 5nUbNUHHnURS 5nU[ ;dM [R"S R U[ 55e URS 5nUbOUHHnURS 5n U [;dM [R"SR U [55e gg)zValidates vulnerability is structured correctly. Args: vuln: a vulnerability from vex document Raises: ar_exceptions.InvalidInputValueError if user input is invalid. cveNz7cve is required in all vulnerabilities in csaf documentr*zBproduct_status is required in all vulnerabilities in csaf documentrQz5at least one status is expected in each vulnerabilityzHInvalid product status passed in {}. Product status should be one of {}flagslabelz;Invalid flag label passed in {}. Label should be one of {} remediationscategoryzEInvalid remediation category passed in {}. Label should be one of {})r4r1r2rTPOSSIBLE_PRODUCT_STATUSr7POSSIBLE_JUSTIFICATION_FLAGSPOSSIBLE_REMEDIATION_CATEGORIES) rJcve_namer*rKr[flagr\r] remediationr^s rNrWrWstXXe_(   . .A 88,-.  . .L  1  . .? f ,,  0 0 6&"9:  ((7 % hhwe 2 222 I VE7 8  .),# ,h 8 822 VH&EF  $rXcJSn/nSnSn URS5n U bU Hn U SS:XdMU nM US:Xa-URRRn[ XU5nOUS:Xa-URRR n[ XU5n OMUS:Xa!URRRnO&US:Xa URRRnURURUS UUURUS UbUS OSUbUS OSUUU S 9S 9S9n U RRRU RRR-n [ R""U R%55n U R'5nX4$)zMakes a note. Args: vuln: vulnerability proto status: string of status of vulnerability product: product proto publisher: publisher proto. document: document proto. msgs: container analysis messages Returns: noteid, and note NrIr^ descriptionrrrrtitlerZtext)vulnerabilityIdshortDescriptionlongDescriptionstater] justification)rgrr% assessment)vulnerabilityAssessment)r4 AssessmentStateValueValuesEnumAFFECTED_GetRemediations NOT_AFFECTED_GetJustificationsFIXEDUNDER_INVESTIGATIONNoteVulnerabilityAssessmentNoteror%r(rnrihashlibmd5encode hexdigest)rJrKr%rrmsgsrlr] desc_notermrIrMr+resultrLs rNr9r9s %,)- ((7 %  j ] *   OO 0 0 9 9E#D48L %% OO 0 0 = =E&td;M  OO 0 0 6 6E && OO 0 0 D DE ">>!__"5k& )1&(/')%  ?  $( ""**55 $$//??@ ;;szz| $&    & rXc</nURS5nUcU$UH}nUSnUSnURRRUR 55nUSH4n XR :XdMURXS9nUR U5 M6 M U$)zGet remediations. Args: vuln: vulnerability proto product: product proto msgs: container analysis messages Returns: remediations proto r]r^details product_ids)remediationTyper)r4 RemediationRemediationTypeValueValuesEnumlookup_by_nameupperr'r=) rJr%r~r]vuln_remediationsrdremediation_typeremediation_detailremediation_enumr&s rNrsrs!s,hh~. &k":.$Y/ 77FF  " " $  "-0 zz !&&,'  K( 1' rXcSnURS5nUcUR5$UH?nURS5nURS5HnXqR:XdMUnM MA URRR 5nXR 5n URRU 5n URU S9n U $)zGet justifications. Args: vuln: vulnerability proto product: product proto msgs: container analysis messages Returns: justification proto justification_type_unspecifiedr[r\r)justificationType)r4 Justificationr' JustificationTypeValueValuesEnumto_dictr) rJr%r~justification_type_as_stringr[rcr\r& enum_dictnumberjustification_typerms rNruruAs"B ((7 % ]    d HHW Ehh}- zz !',$.  99AAC  779 :& 99&A$$*%- rXc@SSSSS.nSnSnSn[R"[RU5nU(a5XR S5nUR S5nUR S5n[R"[R U5nU(aFXR S5nUR S5R S S S 5nUR S5nU(aU(aU(d[R"S 5e[R"[U5nU(aX0S4$[R"U5n[[U5U]?5nX8[!U54$![Ran[R"S 5UeSnAff=f)zParse GCR URL. Args: url: gcr url for version, tag or whole image Returns: strings of project, image url and version url Raises: ar_exceptions.InvalidInputValueError: If user input is invalid. useuropeasia)z us.gcr.iozgcr.ioz eu.gcr.ioz asia.gcr.ioNrepoprojectimagerR:rQzFailed to parse the GCR image.z)Failed to resolve digest of the GCR image)rematchr GCR_DOCKER_REPO_REGEXgroup#GCR_DOCKER_DOMAIN_SCOPED_REPO_REGEXreplacer1r2WHOLE_IMAGE_REGEXgcr_utilGetDigestFromNameInvalidImageNameErrorsupertype__str__str) url location_maplocationrrmatches docker_digeste image_urls rN ParseGCRUrlrbsm , ( ' % HH[66 <' MM&12HmmI&G MM' "E HH[DDc J' MM&12HmmI&..sC;G MM' "E   . .(  HH& .'   ..s3M D'?A) S/ //  ' '  . .3    s3E--FFFcRSnURU5(aU[U5S$U$)Nzhttps://) startswithrT)uriprefixs rNr6r6s, &^^F s6{|  *rX)"__doc__ __future__rrrrzr.r googlecloudsdk.api_lib.artifactsrr1'googlecloudsdk.api_lib.container.imagesrrgooglecloudsdk.api_lib.utilr$googlecloudsdk.command_lib.artifactsr googlecloudsdk.corer googlecloudsdk.core.util.filesr r`r_rarrOr3rWr9rsrurr6rXrNrs~6&' HD,<#5 2 #"JZ+!\. b:z@B.0b rX