引入 cusa 并测试完成
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
This commit is contained in:
parent
4859ca680e
commit
d5bbf83a75
|
@ -11,6 +11,7 @@ description = "An xml parser for openEuler cvrf."
|
|||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
[dependencies]
|
||||
cusa = { git = "https://git.zhgsun.com:8089/jiachao2130/cusa.git", version = "0.1.0" }
|
||||
serde = { version = "1", features = ["serde_derive"] }
|
||||
tracing = { version = "0.1" }
|
||||
xml-rs = { version = "0.8" }
|
||||
|
|
90
src/lib.rs
90
src/lib.rs
|
@ -3,11 +3,10 @@
|
|||
allow(dead_code, unused_imports, unused_variables, unused_mut)
|
||||
)]
|
||||
use std::collections::HashMap;
|
||||
use std::fmt;
|
||||
use std::fs::File;
|
||||
use std::io::{self, BufReader};
|
||||
use std::str::FromStr;
|
||||
|
||||
use cusa::{CUSA, CVE, ParseSeverityError, Severity};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use tracing::{debug, error, instrument, trace};
|
||||
use xml::reader::{EventReader, XmlEvent};
|
||||
|
@ -188,7 +187,7 @@ impl CVRF {
|
|||
note.content.parse::<Severity>()
|
||||
} else {
|
||||
// 正常用不到这里
|
||||
Ok(Severity::Null)
|
||||
Ok(Severity::None)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -210,13 +209,13 @@ impl CVRF {
|
|||
|
||||
/// 将之转换成精简的公告格式
|
||||
#[instrument(skip(self))]
|
||||
pub fn sainfo(&self) -> SaInfo {
|
||||
pub fn sainfo(&self) -> CUSA {
|
||||
let mut cves = vec![];
|
||||
for v in &self.vulnerabilities {
|
||||
cves.push(v.to_cve());
|
||||
}
|
||||
|
||||
SaInfo {
|
||||
CUSA {
|
||||
id: self.id().to_string(),
|
||||
url: self.url(),
|
||||
title: self.title().to_string(),
|
||||
|
@ -1043,55 +1042,6 @@ impl Threat {
|
|||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialOrd, Ord, PartialEq, Eq, Hash, Serialize, Deserialize)]
|
||||
pub enum Severity {
|
||||
Null,
|
||||
Low,
|
||||
Moderate,
|
||||
Important,
|
||||
Critical,
|
||||
}
|
||||
|
||||
impl Severity {
|
||||
pub fn new() -> Self {
|
||||
Severity::Null
|
||||
}
|
||||
}
|
||||
|
||||
// 为枚举 Severity 实现 FromStr trait
|
||||
impl FromStr for Severity {
|
||||
type Err = ParseSeverityError;
|
||||
|
||||
// bug fix: 华为不干人事儿,单词都能拼错,现在只取首字母
|
||||
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
||||
match s.to_lowercase().chars().next() {
|
||||
Some('l') => Ok(Severity::Low),
|
||||
Some('m') => Ok(Severity::Moderate),
|
||||
Some('i') | Some('h') => Ok(Severity::Important),
|
||||
Some('c') => Ok(Severity::Critical),
|
||||
_ => Err(ParseSeverityError::InvalidSeverity),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 定义 ParseSeverityError 枚举类型来表示解析错误
|
||||
#[derive(Debug, Clone)]
|
||||
pub enum ParseSeverityError {
|
||||
InvalidSeverity,
|
||||
}
|
||||
|
||||
// 为 ParseSeverityError 实现 Display trait,以便更好地显示错误信息
|
||||
impl fmt::Display for ParseSeverityError {
|
||||
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||
match self {
|
||||
ParseSeverityError::InvalidSeverity => write!(f, "Invalid severity level"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 为 ParseSeverityError 实现 std::error::Error trait
|
||||
impl std::error::Error for ParseSeverityError {}
|
||||
|
||||
// depth = 4
|
||||
// <ScoreSet>
|
||||
// <BaseScore>7.5</BaseScore>
|
||||
|
@ -1206,35 +1156,3 @@ impl Remediation {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)]
|
||||
pub struct SaInfo {
|
||||
// sa id
|
||||
pub id: String,
|
||||
|
||||
// sa's url
|
||||
pub url: String,
|
||||
|
||||
// sa title
|
||||
pub title: String,
|
||||
|
||||
// the major severity
|
||||
pub severity: Severity,
|
||||
|
||||
pub description: String,
|
||||
|
||||
// 包含的 cve 列表
|
||||
pub cves: Vec<CVE>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)]
|
||||
pub struct CVE {
|
||||
// cve id
|
||||
pub id: String,
|
||||
|
||||
// cve 官网地址
|
||||
pub url: String,
|
||||
|
||||
// 严重级别
|
||||
pub severity: Severity,
|
||||
}
|
||||
|
|
|
@ -98,7 +98,7 @@ fn cvrf_works() {
|
|||
let cvrf_vulner_cve = "CVE-2023-45288";
|
||||
let cvrf_vulner_productstatues_status = "Fixed";
|
||||
let cvrf_vulner_productstatues_product = "openEuler-22.03-LTS";
|
||||
let cvrf_vulner_threat = Severity::Important;
|
||||
let cvrf_vulner_threat = cusa::Severity::High;
|
||||
let cvrf_vulner_basescore = "7.5";
|
||||
let cvrf_vulner_vector = "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H";
|
||||
let cvrf_vulner_remedition_type = "Vendor Fix";
|
||||
|
|
Loading…
Reference in New Issue
Block a user