J%JdZddlmZddlmZddlmZddlmZddlmZddl mZ ddl m Z ddl mZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZej0ej2ej4j6Gddej8Zy)zCImplements the command to upload Generic artifacts to a repository.)absolute_import)division)unicode_literals) exceptions) list_pager)apis)base) docker_util) endpoint_util)flags)requests)vex_util) propertiescVeZdZdZdddZdZdZedZdZ dZ d Z d Z d Z d Zy) LoadVexaLoad VEX data from a CSAF file into Artifact Analysis. Command loads VEX data from a Common Security Advisory Framework (CSAF) file into Artifact Analysis as VulnerabilityAssessment Notes. VEX data tells Artifact Analysis whether vulnerabilities are relevant and how. z {description}a To load a CSAF security advisory file given an artifact in Artifact Registry and the file on disk, run: $ {command} --uri=us-east1-docker.pkg.dev/project123/repository123/someimage@sha256:49765698074d6d7baa82f --source=/path/to/vex/file To load a CSAF security advisory file given an artifact with a tag and a file on disk, run: $ {command} --uri=us-east1-docker.pkg.dev/project123/repository123/someimage:latest --source=/path/to/vex/file ) DESCRIPTIONEXAMPLESNc|jddd|jddd|jddd tjj|y) Nz--uriTaThe path of the artifact in Artifact Registry. A 'gcr.io' image can also be used if redirection is enabled in Artifact Registry. Make sure 'artifactregistry.projectsettings.get' permission is granted to the current gcloud user to verify the redirection status.)requiredhelpz--sourcezThe path of the VEX file.z --projectFz2The parent project to load security advisory into.) add_argumentr GetOptionalAALocationFlag AddToParser)parsers 1lib/surface/artifacts/vulnerabilities/load_vex.pyArgsz LoadVex.Args;sx      (   A  ##%11&9 ctj|j5tjdd|_|j j |_ddd|j}tj|}tj|rItj|\}}|j}|r|jnd}|j}ntj |rtj"|\}}}t%j&}t%j(|} | j*|j,j.j0k7r9t3j4dt3j4dj7||jxs|} |j8} tj:| ||\} } |j=| | | |jy#1swYxYw)z(Run the generic artifact upload command.containeranalysisv1NzyThis command only supports Artifact Registry. You can enable redirection to use gcr.io repositories in Artifact Registry.z%{} is not an Artifact Registry image.)r WithRegionlocationrGetClientInstance ca_clientMESSAGES_MODULE ca_messagesurir RemoveHTTPSr IsARDockerImageDockerUrlToImageGetDockerStringproject IsGCRImage ParseGCRUrl ar_requests GetMessagesGetProjectSettingslegacyRedirectionStateProjectSettings%LegacyRedirectionStateValueValuesEnumREDIRECTION_FROM_GCR_IO_ENABLED ar_exceptionsInvalidInputValueErrorformatsource ParseVexFile writeNotes)selfargsr'imageversion image_uri version_uri image_projectmessagessettingsr,filenamenotes generic_uris rRunz LoadVex.RunUs  ! !$-- 0--.A4Hdn77d 1 ((C   s #C""3'"33C8neW'')i18G++-dkmmm    $.6.B.B3.G+mY ((*h// >h  ) )  % % K K k k l22 L   0 0 1 8 8 = ll+mG{{H!..xKPE;OOE7K? ? 1 0s 7G00G:cg}g}|j||}|D]}|jjdj||j} |j j j| d} | r|j|u|j||j||||j||||j||||y#tj$rd} YywxYw)N {}/notes/{}nameTF)parentr&(ContaineranalysisProjectsNotesGetRequestr8keyr$projects_notesGetapitools_exceptionsHttpNotFoundErrorappendbatchWriteNotes updateNotes deleteNotes) r<rFr,r'r"notes_to_createnotes_to_updaterMnote get_request note_existss rr;zLoadVex.writeNotesxsOO [[( +F$$MM##FDHH5Nk %%))+6  t$t$ '8<_gx8  UGS(3! 2 2 s'CC43C4c d} fd}|tjjjj  ||D]}|sy|j j j}||_|j j |}|j j|j|||} |jjj| y)Nc t|}|dks|dkDrtjd|S#t$rtjdwxYw)Nz.max_notes_per_batch_request must be an integeriz6max_notes_per_batch_request must be between 1 and 1000)int ValueErrorr6r7)note_limit_strmax_notes_per_batch_requests r$validate_max_notes_per_batch_requestzELoadVex.batchWriteNotes..validate_max_notes_per_batch_requestsi &).&9# %q (,G$,N22 D  )( 22 <   s .A c3zKg}|D](}|j|t|k(s#|g}*|r|yyw)N)rTlen)rF notes_chunkrZrcs rchunkedz(LoadVex.batchWriteNotes..chunkedsMk$4 { : : +   s';;)rF)rMbatchCreateNotesRequest)rVALUES artifactsrcrQr&BatchCreateNotesRequest NotesValueadditionalProperties0ContaineranalysisProjectsNotesBatchCreateRequestrMr$rP BatchCreate) r<rFr,r"rdrhrg note_value batch_requestrequestrcs @rrUzLoadVex.batchWriteNotess ) #G##??CCE# u~ ##;;FFHj(3j%&&>>?m    K K[[(3&3 L   nn##//8&rc|sy|j||}|D]h}|jjdj||j|j }|j jj|jy)NrJ)rLrZ) rMr&*ContaineranalysisProjectsNotesPatchRequestr8rOvaluer$rPPatch)r<rFr,r"rMrZ patch_requests rrVzLoadVex.updateNotessv  [[( +F    E E ''9:: F   nn##))-8rc|jjdj||j||}t j |j j|dd}t}|D]m}|jjjj} |jjjj} | |k(s]|j| o|D]r} | jjj} | |vs(|jj!| j"} |j jj%| ty)Nz1vulnerability_assessment.product.generic_uri="{}")filterrMrFpageSize)servicersfieldbatch_size_attributerK)r&)ContaineranalysisProjectsNotesListRequestr8rMr YieldFromListr$rPsetrvvulnerabilityAssessmentproduct genericUri assessmentvulnerabilityIdadd+ContaineranalysisProjectsNotesDeleteRequestrLDelete)r< file_notesr,r'r" list_requestdb_notes cves_in_file file_notefile_urifile_vulnerabilitydb_notedb_vulnerabilitydelete_requests rrWzLoadVex.deleteNotess6##MMBII#N{{7H-NL''--' H5L 88@@KKh // 1 1 < < L L S+,    ) ) 4 4 D D  -    H H\\ I   %%,,^<rcL|dj||Sdj|S)Nzprojects/{}/locations/{}z projects/{})r8)r<r,r"s rrMzLoadVex.parents, ' . .w AA    ((r)__name__ __module__ __qualname____doc__ detailed_helpr$r& staticmethodrrHr;rUrVrWrMrrrr"sW% -)+  2! F4249l 9=B)rrN)r __future__rrrapitools.base.pyrrRr googlecloudsdk.api_lib.artifactsr6googlecloudsdk.api_lib.utilrgooglecloudsdk.callioper $googlecloudsdk.command_lib.artifactsr r r r r/rgooglecloudsdk.corerDefaultUniverseOnly ReleaseTracks ReleaseTrackGACommandrrrrrs~J&'>'H,(<>6H9*D%%(()T)dllT)*T)r