引入 cusa 并测试完成
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
This commit is contained in:
parent
4859ca680e
commit
d5bbf83a75
|
@ -11,6 +11,7 @@ description = "An xml parser for openEuler cvrf."
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
|
cusa = { git = "https://git.zhgsun.com:8089/jiachao2130/cusa.git", version = "0.1.0" }
|
||||||
serde = { version = "1", features = ["serde_derive"] }
|
serde = { version = "1", features = ["serde_derive"] }
|
||||||
tracing = { version = "0.1" }
|
tracing = { version = "0.1" }
|
||||||
xml-rs = { version = "0.8" }
|
xml-rs = { version = "0.8" }
|
||||||
|
|
90
src/lib.rs
90
src/lib.rs
|
@ -3,11 +3,10 @@
|
||||||
allow(dead_code, unused_imports, unused_variables, unused_mut)
|
allow(dead_code, unused_imports, unused_variables, unused_mut)
|
||||||
)]
|
)]
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
use std::fmt;
|
|
||||||
use std::fs::File;
|
use std::fs::File;
|
||||||
use std::io::{self, BufReader};
|
use std::io::{self, BufReader};
|
||||||
use std::str::FromStr;
|
|
||||||
|
|
||||||
|
use cusa::{CUSA, CVE, ParseSeverityError, Severity};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use tracing::{debug, error, instrument, trace};
|
use tracing::{debug, error, instrument, trace};
|
||||||
use xml::reader::{EventReader, XmlEvent};
|
use xml::reader::{EventReader, XmlEvent};
|
||||||
|
@ -188,7 +187,7 @@ impl CVRF {
|
||||||
note.content.parse::<Severity>()
|
note.content.parse::<Severity>()
|
||||||
} else {
|
} else {
|
||||||
// 正常用不到这里
|
// 正常用不到这里
|
||||||
Ok(Severity::Null)
|
Ok(Severity::None)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -210,13 +209,13 @@ impl CVRF {
|
||||||
|
|
||||||
/// 将之转换成精简的公告格式
|
/// 将之转换成精简的公告格式
|
||||||
#[instrument(skip(self))]
|
#[instrument(skip(self))]
|
||||||
pub fn sainfo(&self) -> SaInfo {
|
pub fn sainfo(&self) -> CUSA {
|
||||||
let mut cves = vec![];
|
let mut cves = vec![];
|
||||||
for v in &self.vulnerabilities {
|
for v in &self.vulnerabilities {
|
||||||
cves.push(v.to_cve());
|
cves.push(v.to_cve());
|
||||||
}
|
}
|
||||||
|
|
||||||
SaInfo {
|
CUSA {
|
||||||
id: self.id().to_string(),
|
id: self.id().to_string(),
|
||||||
url: self.url(),
|
url: self.url(),
|
||||||
title: self.title().to_string(),
|
title: self.title().to_string(),
|
||||||
|
@ -1043,55 +1042,6 @@ impl Threat {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, PartialOrd, Ord, PartialEq, Eq, Hash, Serialize, Deserialize)]
|
|
||||||
pub enum Severity {
|
|
||||||
Null,
|
|
||||||
Low,
|
|
||||||
Moderate,
|
|
||||||
Important,
|
|
||||||
Critical,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl Severity {
|
|
||||||
pub fn new() -> Self {
|
|
||||||
Severity::Null
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// 为枚举 Severity 实现 FromStr trait
|
|
||||||
impl FromStr for Severity {
|
|
||||||
type Err = ParseSeverityError;
|
|
||||||
|
|
||||||
// bug fix: 华为不干人事儿,单词都能拼错,现在只取首字母
|
|
||||||
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
|
||||||
match s.to_lowercase().chars().next() {
|
|
||||||
Some('l') => Ok(Severity::Low),
|
|
||||||
Some('m') => Ok(Severity::Moderate),
|
|
||||||
Some('i') | Some('h') => Ok(Severity::Important),
|
|
||||||
Some('c') => Ok(Severity::Critical),
|
|
||||||
_ => Err(ParseSeverityError::InvalidSeverity),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// 定义 ParseSeverityError 枚举类型来表示解析错误
|
|
||||||
#[derive(Debug, Clone)]
|
|
||||||
pub enum ParseSeverityError {
|
|
||||||
InvalidSeverity,
|
|
||||||
}
|
|
||||||
|
|
||||||
// 为 ParseSeverityError 实现 Display trait,以便更好地显示错误信息
|
|
||||||
impl fmt::Display for ParseSeverityError {
|
|
||||||
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
|
||||||
match self {
|
|
||||||
ParseSeverityError::InvalidSeverity => write!(f, "Invalid severity level"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// 为 ParseSeverityError 实现 std::error::Error trait
|
|
||||||
impl std::error::Error for ParseSeverityError {}
|
|
||||||
|
|
||||||
// depth = 4
|
// depth = 4
|
||||||
// <ScoreSet>
|
// <ScoreSet>
|
||||||
// <BaseScore>7.5</BaseScore>
|
// <BaseScore>7.5</BaseScore>
|
||||||
|
@ -1206,35 +1156,3 @@ impl Remediation {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)]
|
|
||||||
pub struct SaInfo {
|
|
||||||
// sa id
|
|
||||||
pub id: String,
|
|
||||||
|
|
||||||
// sa's url
|
|
||||||
pub url: String,
|
|
||||||
|
|
||||||
// sa title
|
|
||||||
pub title: String,
|
|
||||||
|
|
||||||
// the major severity
|
|
||||||
pub severity: Severity,
|
|
||||||
|
|
||||||
pub description: String,
|
|
||||||
|
|
||||||
// 包含的 cve 列表
|
|
||||||
pub cves: Vec<CVE>,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Debug, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)]
|
|
||||||
pub struct CVE {
|
|
||||||
// cve id
|
|
||||||
pub id: String,
|
|
||||||
|
|
||||||
// cve 官网地址
|
|
||||||
pub url: String,
|
|
||||||
|
|
||||||
// 严重级别
|
|
||||||
pub severity: Severity,
|
|
||||||
}
|
|
||||||
|
|
|
@ -98,7 +98,7 @@ fn cvrf_works() {
|
||||||
let cvrf_vulner_cve = "CVE-2023-45288";
|
let cvrf_vulner_cve = "CVE-2023-45288";
|
||||||
let cvrf_vulner_productstatues_status = "Fixed";
|
let cvrf_vulner_productstatues_status = "Fixed";
|
||||||
let cvrf_vulner_productstatues_product = "openEuler-22.03-LTS";
|
let cvrf_vulner_productstatues_product = "openEuler-22.03-LTS";
|
||||||
let cvrf_vulner_threat = Severity::Important;
|
let cvrf_vulner_threat = cusa::Severity::High;
|
||||||
let cvrf_vulner_basescore = "7.5";
|
let cvrf_vulner_basescore = "7.5";
|
||||||
let cvrf_vulner_vector = "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H";
|
let cvrf_vulner_vector = "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H";
|
||||||
let cvrf_vulner_remedition_type = "Vendor Fix";
|
let cvrf_vulner_remedition_type = "Vendor Fix";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user