\0SrSSKrSSKrSSKrSSKJr SSKJr SSK J r SSK J r SSKJr SSKJr /S Qr/S Qr/S QrS rS rSrSrSrSrSrSrSrg)z/Utility for interacting with vex command group.N) exceptions)util)apis) docker_util)log) FileReader)component_not_presentvulnerable_code_not_present1vulnerable_code_cannot_be_controlled_by_adversary#vulnerable_code_not_in_execute_path inline_mitigations_already_exist)known_affectedknown_not_affectedfixedunder_investigation) mitigationno_fix_plannednone_available vendor_fix workaroundz ^[^:@\/]+$c [R"SS5n[U5n[R"U5nSSS5 [W5 SnSnURS5nUb6URS5n U b"U RS5nU RS 5nURUUS 9n U(aUOUn 0n US S HMn U Sn [U 5n X:waMU S nUSnSRU 5n URUSUU S9nUX'MO /nUSHnUSHnUSUHsnU RU5nUcM[UUXX5unnUcSRU5nURR R#UUS9nUR%U5 Mu M M UU 4$!,(df  GN{=f![ a [ R"S5ef=f)aReads a vex file and extracts notes. Args: filename: str, path to the vex file. image_uri: uri of the whole image version_uri: uri of a specific version Returns: A list of notes. Raises: ar_exceptions.InvalidInputValueError if user input is invalid. containeranalysisv1NzReading json file has faileddocument publishername namespace)rpublisherNamespace product_treebranchesproduct product_idz https://{})rid genericUrivulnerabilitiesproduct_statuszimage-{})keyvalue)rGetMessagesModulerjsonload ValueError ar_exceptionsInvalidInputValueError _Validateget Publisher RemoveHTTPSformatProduct _MakeNoteBatchCreateNotesRequest NotesValueAdditionalPropertyappend)filename image_uri version_uri ca_messagesfilevexrrrr generic_uriproductid_to_product_proto_map product_info artifact_urir"r# product_protonotesvulnstatusnoteidnotes 4lib/googlecloudsdk/command_lib/artifacts/vex_util.py ParseVexFilerL5s3&&':DA+ H  IIdOc   C. $) WWZ (  [)I ]]6 "d-- ,i## "$) + +#% .)*5l'L|,L 9%G&J%%k2K'' V_ (M 2?".6 %#$d'(-.v6*044Z@ ?  &'h   $$V,&  / / : : M M$ N   T7)%"  q     . .& s' GF/G/ F>9G>G!G"cURS5nUc[R"S5eURS5nUc[R"S5e[U5S:a[R"S5eUHanURS5nUc[R"S 5e[UR S 55S :dMM[R"S 5e URS 5nUc[R"S5e[U5S:a[ R "S5 UHn[U5 M g)zValidates vex file has all needed fields. Args: vex: json representing a vex document Raises: ar_exceptions.InvalidInputValueError if user input is invalid. r Nz)product_tree is required in csaf documentr!z6branches are required in product tree in csaf documentz@at least one branch is expected in product tree in csaf documentrz1name is required in product tree in csaf document/zWname of product should be artifact path, showing repository, project, and package/imager&z-vulnerabilities are required in csaf documentz7at least one vulnerability is expected in csaf document)r1r.r/lensplitrwarning_ValidateVulnerability)r@r r!r"rr&rGs rKr0r0s?(,  . .3   j )(   . .@  ]Q  . .J g ;;v D |  0 0 =  4::c?a  0 0 ( GG-./  . .7  AKKIJd4 cURS5nUc[R"S5eURS5nUc[R"S5e[U5S:a[R"S5eUH7nU[;dM[R"SR U[55e URS 5nUbNUHHnURS 5nU[ ;dM [R"S R U[ 55e URS 5nUbOUHHnURS 5n U [;dM [R"SR U [55e gg)zValidates vulnerability is structured correctly. Args: vuln: a vulnerability from vex document Raises: ar_exceptions.InvalidInputValueError if user input is invalid. cveNz7cve is required in all vulnerabilities in csaf documentr'zBproduct_status is required in all vulnerabilities in csaf documentrNz5at least one status is expected in each vulnerabilityzHInvalid product status passed in {}. Product status should be one of {}flagslabelz;Invalid flag label passed in {}. Label should be one of {} remediationscategoryzEInvalid remediation category passed in {}. Label should be one of {})r1r.r/rQPOSSIBLE_PRODUCT_STATUSr4POSSIBLE_JUSTIFICATION_FLAGSPOSSIBLE_REMEDIATION_CATEGORIES) rGcve_namer'rHrXflagrYrZ remediationr[s rKrTrTstXXe_(   . .A 88,-.  . .L  1  . .? f ,,  0 0 6&"9:  ((7 % hhwe 2 222 I VE7 8  .),# ,h 8 822 VH&EF  $rUcJSn/nSnSn URS5n U bU Hn U SS:XdMU nM US:Xa-URRRn[ XU5nOUS:Xa-URRR n[ XU5n OMUS:Xa!URRRnO&US:Xa URRRnURURUS UUURUS UbUS OSUbUS OSUUU S 9S 9S9n U RRRU RRR-n [ R""U R%55n U R'5nX4$)zMakes a note. Args: vuln: vulnerability proto status: string of status of vulnerability product: product proto publisher: publisher proto. document: document proto. msgs: container analysis messages Returns: noteid, and note NrFr[ descriptionrrrrtitlerWtext)vulnerabilityIdshortDescriptionlongDescriptionstaterZ justification)rdrr" assessment)vulnerabilityAssessment)r1 AssessmentStateValueValuesEnumAFFECTED_GetRemediations NOT_AFFECTED_GetJustificationsFIXEDUNDER_INVESTIGATIONNoteVulnerabilityAssessmentNoterlr"r%rkrfhashlibmd5encode hexdigest)rGrHr"rrmsgsrirZ desc_noterjrFrJr(resultrIs rKr6r6s %,)- ((7 %  j ] *   OO 0 0 9 9E#D48L %% OO 0 0 = =E&td;M  OO 0 0 6 6E && OO 0 0 D DE ">>!__"5k& )1&(/')%  ?  $( ""**55 $$//??@ ;;szz| $&    & rUc</nURS5nUcU$UH}nUSnUSnURRRUR 55nUSH4n XR :XdMURXS9nUR U5 M6 M U$)zGet remediations. Args: vuln: vulnerability proto product: product proto msgs: container analysis messages Returns: remediations proto rZr[details product_ids)remediationTyper)r1 RemediationRemediationTypeValueValuesEnumlookup_by_nameupperr$r:) rGr"r{rZvuln_remediationsraremediation_typeremediation_detailremediation_enumr#s rKrprps,hh~. &k":.$Y/ 77FF  " " $  "-0 zz !&&,'  K( 1' rUcSnURS5nUcUR5$UH?nURS5nURS5HnXqR:XdMUnM MA URRR 5nXR 5n URRU 5n URU S9n U $)zGet justifications. Args: vuln: vulnerability proto product: product proto msgs: container analysis messages Returns: justification proto justification_type_unspecifiedrXrYr)justificationType)r1 Justificationr$ JustificationTypeValueValuesEnumto_dictr) rGr"r{justification_type_as_stringrXr`rYr# enum_dictnumberjustification_typerjs rKrrrr>s"B ((7 % ]    d HHW Ehh}- zz !',$.  99AAC  779 :& 99&A$$*%- rUc@SSSSS.nSnSnSn[R"[RU5nU(a5XR S5nUR S5nUR S5n[R"[R U5nU(aFXR S5nUR S5R S S S 5nUR S5nU(aU(aU(d[R"S 5e[R"[U5nU(aX0S4$[R"U5n[[U5U]?5nX8[!U54$![Ran[R"S 5UeSnAff=f)zParse GCR URL. Args: url: gcr url for version, tag or whole image Returns: strings of project, image url and version url Raises: ar_exceptions.InvalidInputValueError: If user input is invalid. useuropeasia)z us.gcr.iozgcr.ioz eu.gcr.ioz asia.gcr.ioNrepoprojectimagerO:rNzFailed to parse the GCR image.z)Failed to resolve digest of the GCR image)rematchrGCR_DOCKER_REPO_REGEXgroup#GCR_DOCKER_DOMAIN_SCOPED_REPO_REGEXreplacer.r/WHOLE_IMAGE_REGEXgcr_utilGetDigestFromNameInvalidImageNameErrorsupertype__str__str) url location_maplocationrrmatches docker_digeste image_urls rK ParseGCRUrlr_sm , ( ' % HH[66 <' MM&12HmmI&G MM' "E HH[DDc J' MM&12HmmI&..sC;G MM' "E   . .(  HH& .'   ..s3M D'?A) S/ //  ' '  . .3    s3E--FFFcRSnURU5(aU[U5S$U$)Nzhttps://) startswithrQ)uriprefixs rKr3r3s, &^^F s6{|  *rU)__doc__rwr+r googlecloudsdk.api_lib.artifactsrr.'googlecloudsdk.api_lib.container.imagesrrgooglecloudsdk.api_lib.utilr$googlecloudsdk.command_lib.artifactsrgooglecloudsdk.corergooglecloudsdk.core.util.filesrr]r\r^rrLr0rTr6rprrrr3rUrKrsw6 HD,<#5 2 #"JZ+!\. b:z@B.0b rU