// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.devtools.containeranalysis.v1alpha1;

import "google/api/annotations.proto";
import "google/devtools/containeranalysis/v1alpha1/package_vulnerability.proto";

option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1alpha1;containeranalysis";
option java_multiple_files = true;
option java_package = "com.google.containeranalysis.v1alpha1";
option objc_class_prefix = "GCA";

// PackageManager provides metadata about available / installed packages.
message PackageManager {
  // This represents a particular channel of distribution for a given package.
  // e.g. Debian's jessie-backports dpkg mirror
  message Distribution {
    // The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
    // denoting the package manager version distributing a package.
    string cpe_uri = 1;

    // The CPU architecture for which packages in this distribution
    // channel were built
    Architecture architecture = 2;

    // The latest available version of this package in
    // this distribution channel.
    VulnerabilityType.Version latest_version = 3;

    // A freeform string denoting the maintainer of this package.
    string maintainer = 4;

    // The distribution channel-specific homepage for this package.
    string url = 6;

    // The distribution channel-specific description of this package.
    string description = 7;
  }

  // An occurrence of a particular package installation found within a
  // system's filesystem.
  // e.g. glibc was found in /var/lib/dpkg/status
  message Location {
    // The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
    // denoting the package manager version distributing a package.
    string cpe_uri = 1;

    // The version installed at this location.
    VulnerabilityType.Version version = 2;

    // The path from which we gathered that this package/version is installed.
    string path = 3;
  }

  // This represents a particular package that is distributed over
  // various channels.
  // e.g. glibc (aka libc6) is distributed by many, at various versions.
  message Package {
    // The name of the package.
    string name = 1;

    // The various channels by which a package is distributed.
    repeated Distribution distribution = 10;
  }

  // This represents how a particular software package may be installed on
  // a system.
  message Installation {
    // Output only. The name of the installed package.
    string name = 1;

    // All of the places within the filesystem versions of this package
    // have been found.
    repeated Location location = 2;
  }

  // Instruction set architectures supported by various package managers.
  enum Architecture {
    // Unknown architecture
    ARCHITECTURE_UNSPECIFIED = 0;

    // X86 architecture
    X86 = 1;

    // X64 architecture
    X64 = 2;
  }
}