Vulnerability Management - Update ListVulnerabilities endpoint query params and response schema (#1082)

Co-authored-by: ci.datadog-api-spec <[email protected]>

Author: api-clients-generation-pipeline[bot]

.generator/schemas/v2/openapi.yaml

@@ -29976,6 +29976,13 @@ components:
     Library:
       description: Vulnerability library.
       properties:
+        additional_names:
+          description: Related library or package names (such as child packages or
+            affected binary paths).
+          items:
+            example: linux-tools-common
+            type: string
+          type: array
         name:
           description: Vulnerability library name.
           example: linux-aws-5.15
@@ -57353,6 +57360,12 @@ components:
           type: array
         risks:
           $ref: '#/components/schemas/VulnerabilityRisks'
+        running_kernel:
+          description: "True if the vulnerability affects a package in the host\u2019s
+            running kernel, false if it affects a non-running kernel, and omit if
+            it is not kernel-related."
+          example: true
+          type: boolean
         status:
           $ref: '#/components/schemas/VulnerabilityStatus'
         title:
@@ -57413,10 +57426,15 @@ components:
       - RubyGems
       - Go
       - Packagist
-      - Ddeb
+      - Deb
       - Rpm
       - Apk
       - Windows
+      - Generic
+      - MacOs
+      - Oci
+      - BottleRocket
+      - None
       type: string
       x-enum-varnames:
       - PYPI
@@ -57426,10 +57444,15 @@ components:
       - RUBY_GEMS
       - GO
       - PACKAGIST
-      - D_DEB
+      - DEB
       - RPM
       - APK
       - WINDOWS
+      - GENERIC
+      - MAC_OS
+      - OCI
+      - BOTTLE_ROCKET
+      - NONE
     VulnerabilityRelationships:
       description: Related entities object.
       properties:
@@ -57530,12 +57553,14 @@ components:
       - IAST
       - SCA
       - Infra
+      - SAST
       example: SCA
       type: string
       x-enum-varnames:
       - IAST
       - SCA
       - INFRA
+      - SAST
     VulnerabilityType:
       description: The vulnerability type.
       enum:
@@ -80296,6 +80321,10 @@ paths:
       summary: List assets SBOMs
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -80367,6 +80396,10 @@ paths:
       summary: Get SBOM
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -80481,6 +80514,10 @@ paths:
       summary: List scanned assets metadata
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -80909,6 +80946,14 @@ paths:
         required: false
         schema:
           type: string
+      - description: Filter for whether the vulnerability affects a running kernel
+          (for vulnerabilities related to a `Host` asset).
+        example: true
+        in: query
+        name: filter[running_kernel]
+        required: false
+        schema:
+          type: boolean
       - description: Filter by asset name. This field supports the usage of wildcards
           (*).
         example: datadog-agent
@@ -81052,6 +81097,10 @@ paths:
       summary: List vulnerabilities
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -81410,6 +81459,10 @@ paths:
       summary: List vulnerable assets
       tags:
       - Security Monitoring
+      x-permission:
+        operator: OR
+        permissions:
+        - appsec_vm_read
       x-unstable: '**Note**: This endpoint is a private preview.
 
         If you are interested in accessing this API, [fill out this form](https://forms.gle/kMYC1sDr6WDUBDsx9).'
@@ -84547,8 +84600,8 @@ paths:
       x-unstable: '**Note**: This endpoint may be subject to changes.'
   /api/v2/static-analysis/secrets/rules:
     get:
-      description: Returns list of Secrets rules with ID, Pattern, Description, Priority,
-        and SDS ID
+      description: Returns a list of Secrets rules with ID, Pattern, Description,
+        Priority, and SDS ID.
       operationId: GetSecretsRules
       responses:
         '200':
@@ -84564,7 +84617,7 @@ paths:
         appKeyAuth: []
       - AuthZ:
         - code_analysis_read
-      summary: Returns list of Secrets rules
+      summary: Returns a list of Secrets rules
       tags:
       - Security Monitoring
       x-unstable: '**Note**: This endpoint may be subject to changes.'

examples/v2_security-monitoring_GetSecretsRules.rs

@@ -1,4 +1,4 @@
-// Returns list of Secrets rules returns "OK" response
+// Returns a list of Secrets rules returns "OK" response
 use datadog_api_client::datadog;
 use datadog_api_client::datadogV2::api_security_monitoring::SecurityMonitoringAPI;
 

src/datadogV2/api/api_security_monitoring.rs

@@ -628,6 +628,8 @@ pub struct ListVulnerabilitiesOptionalParams {
     pub filter_repo_digests: Option<String>,
     /// Filter by origin.
     pub filter_origin: Option<String>,
+    /// Filter for whether the vulnerability affects a running kernel (for vulnerabilities related to a `Host` asset).
+    pub filter_running_kernel: Option<bool>,
     /// Filter by asset name. This field supports the usage of wildcards (*).
     pub filter_asset_name: Option<String>,
     /// Filter by asset type.
@@ -808,6 +810,11 @@ impl ListVulnerabilitiesOptionalParams {
         self.filter_origin = Some(value);
         self
     }
+    /// Filter for whether the vulnerability affects a running kernel (for vulnerabilities related to a `Host` asset).
+    pub fn filter_running_kernel(mut self, value: bool) -> Self {
+        self.filter_running_kernel = Some(value);
+        self
+    }
     /// Filter by asset name. This field supports the usage of wildcards (*).
     pub fn filter_asset_name(mut self, value: String) -> Self {
         self.filter_asset_name = Some(value);
@@ -5729,7 +5736,7 @@ impl SecurityMonitoringAPI {
         }
     }
 
-    /// Returns list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID
+    /// Returns a list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID.
     pub async fn get_secrets_rules(
         &self,
     ) -> Result<crate::datadogV2::model::SecretRuleArray, datadog::Error<GetSecretsRulesError>>
@@ -5748,7 +5755,7 @@ impl SecurityMonitoringAPI {
         }
     }
 
-    /// Returns list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID
+    /// Returns a list of Secrets rules with ID, Pattern, Description, Priority, and SDS ID.
     pub async fn get_secrets_rules_with_http_info(
         &self,
     ) -> Result<
@@ -9383,6 +9390,7 @@ impl SecurityMonitoringAPI {
         let filter_fix_available = params.filter_fix_available;
         let filter_repo_digests = params.filter_repo_digests;
         let filter_origin = params.filter_origin;
+        let filter_running_kernel = params.filter_running_kernel;
         let filter_asset_name = params.filter_asset_name;
         let filter_asset_type = params.filter_asset_type;
         let filter_asset_version_first = params.filter_asset_version_first;
@@ -9543,6 +9551,10 @@ impl SecurityMonitoringAPI {
             local_req_builder =
                 local_req_builder.query(&[("filter[origin]", &local_query_param.to_string())]);
         };
+        if let Some(ref local_query_param) = filter_running_kernel {
+            local_req_builder = local_req_builder
+                .query(&[("filter[running_kernel]", &local_query_param.to_string())]);
+        };
         if let Some(ref local_query_param) = filter_asset_name {
             local_req_builder =
                 local_req_builder.query(&[("filter[asset.name]", &local_query_param.to_string())]);

src/datadogV2/model/model_library.rs

@@ -11,6 +11,9 @@ use std::fmt::{self, Formatter};
 #[skip_serializing_none]
 #[derive(Clone, Debug, PartialEq, Serialize)]
 pub struct Library {
+    /// Related library or package names (such as child packages or affected binary paths).
+    #[serde(rename = "additional_names")]
+    pub additional_names: Option<Vec<String>>,
     /// Vulnerability library name.
     #[serde(rename = "name")]
     pub name: String,
@@ -27,13 +30,19 @@ pub struct Library {
 impl Library {
     pub fn new(name: String) -> Library {
         Library {
+            additional_names: None,
             name,
             version: None,
             additional_properties: std::collections::BTreeMap::new(),
             _unparsed: false,
         }
     }
 
+    pub fn additional_names(mut self, value: Vec<String>) -> Self {
+        self.additional_names = Some(value);
+        self
+    }
+
     pub fn version(mut self, value: String) -> Self {
         self.version = Some(value);
         self
@@ -65,6 +74,7 @@ impl<'de> Deserialize<'de> for Library {
             where
                 M: MapAccess<'a>,
             {
+                let mut additional_names: Option<Vec<String>> = None;
                 let mut name: Option<String> = None;
                 let mut version: Option<String> = None;
                 let mut additional_properties: std::collections::BTreeMap<
@@ -75,6 +85,13 @@ impl<'de> Deserialize<'de> for Library {
 
                 while let Some((k, v)) = map.next_entry::<String, serde_json::Value>()? {
                     match k.as_str() {
+                        "additional_names" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            additional_names =
+                                Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
                         "name" => {
                             name = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
                         }
@@ -94,6 +111,7 @@ impl<'de> Deserialize<'de> for Library {
                 let name = name.ok_or_else(|| M::Error::missing_field("name"))?;
 
                 let content = Library {
+                    additional_names,
                     name,
                     version,
                     additional_properties,

src/datadogV2/model/model_vulnerability_attributes.rs

@@ -65,6 +65,9 @@ pub struct VulnerabilityAttributes {
     /// Vulnerability risks.
     #[serde(rename = "risks")]
     pub risks: crate::datadogV2::model::VulnerabilityRisks,
+    /// True if the vulnerability affects a package in the host’s running kernel, false if it affects a non-running kernel, and omit if it is not kernel-related.
+    #[serde(rename = "running_kernel")]
+    pub running_kernel: Option<bool>,
     /// The vulnerability status.
     #[serde(rename = "status")]
     pub status: crate::datadogV2::model::VulnerabilityStatus,
@@ -121,6 +124,7 @@ impl VulnerabilityAttributes {
             remediations,
             repo_digests: None,
             risks,
+            running_kernel: None,
             status,
             title,
             tool,
@@ -168,6 +172,11 @@ impl VulnerabilityAttributes {
         self
     }
 
+    pub fn running_kernel(mut self, value: bool) -> Self {
+        self.running_kernel = Some(value);
+        self
+    }
+
     pub fn additional_properties(
         mut self,
         value: std::collections::BTreeMap<String, serde_json::Value>,
@@ -214,6 +223,7 @@ impl<'de> Deserialize<'de> for VulnerabilityAttributes {
                 let mut remediations: Option<Vec<crate::datadogV2::model::Remediation>> = None;
                 let mut repo_digests: Option<Vec<String>> = None;
                 let mut risks: Option<crate::datadogV2::model::VulnerabilityRisks> = None;
+                let mut running_kernel: Option<bool> = None;
                 let mut status: Option<crate::datadogV2::model::VulnerabilityStatus> = None;
                 let mut title: Option<String> = None;
                 let mut tool: Option<crate::datadogV2::model::VulnerabilityTool> = None;
@@ -319,6 +329,13 @@ impl<'de> Deserialize<'de> for VulnerabilityAttributes {
                         "risks" => {
                             risks = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
                         }
+                        "running_kernel" => {
+                            if v.is_null() {
+                                continue;
+                            }
+                            running_kernel =
+                                Some(serde_json::from_value(v).map_err(M::Error::custom)?);
+                        }
                         "status" => {
                             status = Some(serde_json::from_value(v).map_err(M::Error::custom)?);
                             if let Some(ref _status) = status {
@@ -407,6 +424,7 @@ impl<'de> Deserialize<'de> for VulnerabilityAttributes {
                     remediations,
                     repo_digests,
                     risks,
+                    running_kernel,
                     status,
                     title,
                     tool,