fix format

Author: cn-kali-team

cve/src/api/mod.rs

@@ -1,6 +1,6 @@
 use crate::impact::ImpactMetrics;
 use crate::v4::configurations::Node;
-use crate::v4::{DescriptionData, ProblemTypeDataItem, Reference};
+use crate::v4::{Description, Weaknesses, Reference};
 use chrono::NaiveDateTime;
 use serde::{Deserialize, Serialize};
 
@@ -13,10 +13,10 @@ pub struct CVE {
   // 最后修改时间
   pub last_modified: NaiveDateTime,
   pub vuln_status: VulnStatus,
-  pub descriptions: Vec<DescriptionData>,
+  pub descriptions: Vec<Description>,
   pub metrics: ImpactMetrics,
   #[serde(default)]
-  pub weaknesses: Vec<ProblemTypeDataItem>,
+  pub weaknesses: Vec<Weaknesses>,
   #[serde(default)]
   pub configurations: Vec<Node>,
   pub references: Vec<Reference>,

cve/src/impact.rs

@@ -35,6 +35,15 @@ impl<T> Default for OneOrMany<T> {
   }
 }
 
+impl<T> OneOrMany<T> {
+  pub fn inner(&self) -> Option<&T> {
+    match self {
+      OneOrMany::One(o) => Some(o),
+      OneOrMany::Many(l) => l.iter().next(),
+      OneOrMany::None => None,
+    }
+  }
+}
 impl<T> From<OneOrMany<T>> for Vec<T> {
   fn from(from: OneOrMany<T>) -> Self {
     match from {

cve/src/v4/configurations.rs

@@ -2,7 +2,6 @@
 //!
 use serde::{Deserialize, Serialize};
 use std::collections::HashSet;
-
 ///  A configuration is a container that holds a set of nodes which then contain CPE Name Match Criteria. Configurations consist of three different types.
 ///
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone, Eq)]

cve/src/v4/mod.rs

@@ -64,7 +64,7 @@ pub struct CVE {
   // 参考
   pub references: References,
   // 描述
-  pub description: Description,
+  pub description: Descriptions,
   // 问题类型 关联：CWE
   #[serde(rename(deserialize = "problemtype"))]
   pub problem_type: ProblemType,
@@ -92,13 +92,13 @@ pub struct Reference {
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[serde(deny_unknown_fields)]
-pub struct Description {
-  pub description_data: Vec<DescriptionData>,
+pub struct Descriptions {
+  pub description_data: Vec<Description>,
 }
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[serde(deny_unknown_fields)]
-pub struct DescriptionData {
+pub struct Description {
   pub lang: String,
   pub value: String,
 }
@@ -122,20 +122,13 @@ pub struct Meta {
 #[serde(deny_unknown_fields)]
 pub struct ProblemType {
   #[serde(rename = "problemtype_data")]
-  pub problem_type_data: Vec<ProblemTypeDataItem>,
+  pub problem_type_data: Vec<Weaknesses>,
 }
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
 #[serde(deny_unknown_fields)]
-pub struct ProblemTypeDataItem {
+pub struct Weaknesses {
   pub source: Option<String>,
   pub r#type: Option<String>,
-  pub description: Vec<ProblemTypeDescription>,
-}
-
-#[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(deny_unknown_fields)]
-pub struct ProblemTypeDescription {
-  pub lang: String,
-  pub value: String,
+  pub description: Vec<Description>,
 }

nvd-server/migrations/nvd-db.sql

@@ -1,5 +1,5 @@
 -- MySQL Script generated by MySQL Workbench
--- 2023年09月17日 星期日 17时30分23秒
+-- 2023年12月03日 星期日 17时38分53秒
 -- Model: New Model    Version: 1.0
 -- MySQL Workbench Forward Engineering
 
@@ -68,14 +68,13 @@ CREATE TABLE IF NOT EXISTS `nvd`.`cves` (
   `id` VARCHAR(32) NOT NULL COMMENT 'CVE编号',
   `year` INT(4) NOT NULL DEFAULT 0 COMMENT 'cve年份',
   `assigner` VARCHAR(64) NOT NULL COMMENT '分配者',
-  `references` JSON NOT NULL COMMENT '参考链接',
   `description` JSON NOT NULL COMMENT '描述',
-  `problem_type` JSON NOT NULL COMMENT '通用弱点枚举',
-  `cvss3_vector` VARCHAR(64) NOT NULL COMMENT '通用漏洞评分系统',
-  `cvss3_score` FLOAT NOT NULL DEFAULT 0.0 COMMENT 'cvss3评分',
-  `cvss2_vector` VARCHAR(64) NOT NULL COMMENT '通用漏洞评分系统',
-  `cvss2_score` FLOAT NOT NULL DEFAULT 0.0 COMMENT 'cvss2评分',
+  `severity` VARCHAR(32) NOT NULL,
+  `metrics` JSON NOT NULL,
+  `weaknesses` JSON NOT NULL COMMENT '通用弱点枚举',
   `configurations` JSON NOT NULL COMMENT 'cpe匹配',
+  `references` JSON NOT NULL COMMENT '参考链接',
+  `timeline` JSON NOT NULL,
   `created_at` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
   `updated_at` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '最后更新时间',
   PRIMARY KEY (`id`),

nvd-server/nvd-er.mwb

@@ -16,14 +16,13 @@ pub struct CreateCve {
   pub id: String,
   pub year: i32,
   pub assigner: String,
-  pub references: Value,
   pub description: Value,
-  pub problem_type: Value,
-  pub cvss3_vector: String,
-  pub cvss3_score: f32,
-  pub cvss2_vector: String,
-  pub cvss2_score: f32,
+  pub severity: String,
+  pub metrics: Value,
+  pub weaknesses: Value,
   pub configurations: Value,
+  pub references: Value,
+  pub timeline: Value,
   pub created_at: NaiveDateTime,
   pub updated_at: NaiveDateTime,
 }
@@ -87,33 +86,7 @@ impl QueryCve {
       query = query.filter(cves::id.eq_any(cve_ids));
     }
     if let Some(severity) = &self.severity {
-      match severity.to_lowercase().as_str() {
-        "low" => {
-          query = query.filter(
-            cves::cvss3_score
-              .between(0.1, 3.9)
-              .or(cves::cvss2_score.between(0.1, 3.9)),
-          );
-        }
-        "medium" => {
-          query = query.filter(
-            cves::cvss3_score
-              .between(4.0, 6.9)
-              .or(cves::cvss2_score.between(4.0, 6.9)),
-          );
-        }
-        "high" => {
-          query = query.filter(
-            cves::cvss3_score
-              .between(7.0, 8.9)
-              .or(cves::cvss2_score.gt(7.0)),
-          );
-        }
-        "critical" => {
-          query = query.filter(cves::cvss3_score.gt(9.0));
-        }
-        _ => {}
-      }
+      query = query.filter(cves::severity.eq(severity.to_lowercase()));
     }
     Ok(query)
   }

nvd-server/src/modules/cve_db.rs

@@ -25,14 +25,13 @@ pub struct Cve {
   pub id: String,
   pub year: i32,
   pub assigner: String,
-  pub references: Value,
   pub description: Value,
-  pub problem_type: Value,
-  pub cvss3_vector: String,
-  pub cvss3_score: f32,
-  pub cvss2_vector: String,
-  pub cvss2_score: f32,
+  pub severity:String,
+  pub metrics:Value,
+  pub weaknesses: Value,
   pub configurations: Value,
+  pub references: Value,
+  pub timeline: Value,
   pub created_at: NaiveDateTime,
   pub updated_at: NaiveDateTime,
 }

nvd-server/src/modules/mod.rs

@@ -16,16 +16,14 @@ diesel::table! {
         year -> Integer,
         #[max_length = 64]
         assigner -> Varchar,
-        references -> Json,
         description -> Json,
-        problem_type -> Json,
-        #[max_length = 64]
-        cvss3_vector -> Varchar,
-        cvss3_score -> Float,
-        #[max_length = 64]
-        cvss2_vector -> Varchar,
-        cvss2_score -> Float,
+        #[max_length = 32]
+        severity -> Varchar,
+        metrics -> Json,
+        weaknesses -> Json,
         configurations -> Json,
+        references -> Json,
+        timeline -> Json,
         created_at -> Timestamp,
         updated_at -> Timestamp,
     }

nvd-server/src/schema.rs

@@ -19,6 +19,7 @@ web-sys = { version = "0.3.63", features = [
 wasm-bindgen = { version = "0.2.87", features = ["serde"] }
 cvss = { path = "../cvss" }
 cve = { path = "../cve" }
+cpe = { path = "../cpe" }
 chrono = { version = "0.4", default-features = false, features = ["serde", "wasmbind", "clock"] }
 js-sys = "0.3.65"
 reqwest = { version = "0.11", features = ["json", "cookies"] }

nvd-yew/Cargo.toml

@@ -3,7 +3,7 @@ use cve::v4::configurations::Operator;
 use yew::prelude::*;
 #[derive(PartialEq, Clone, Properties)]
 pub struct CVEConfigurationProps {
-  pub props: cve::v4::configurations::Configurations,
+  pub props: Vec<cve::v4::configurations::Node>,
 }
 pub struct CVEConfiguration;
 impl Component for CVEConfiguration {
@@ -35,7 +35,7 @@ impl Component for CVEConfiguration {
                   </tr>
                 </thead>
                 <tbody>
-                {self.node(configuration.nodes)}
+                {self.node(configuration)}
                 </tbody>
               </table>
             </div>

nvd-yew/src/component/cve_configuration.rs

@@ -31,24 +31,23 @@ impl Component for CVERow {
     let cve_id = props.id;
     let description = props
       .description
-      .description_data
       .iter()
       .map(|d| d.value.clone())
       .collect::<Vec<String>>();
     let update = props.created_at.to_string();
     let cwe: Vec<String> = props
-      .problem_type
-      .problem_type_data
+      .weaknesses
       .iter()
       .map(|p| p.description.iter().map(|d| d.value.clone()).collect())
       .collect();
-    let vendor_product = props.configurations.unique_vendor_product();
+    let vendor_product = unique_vendor_product(props.configurations);
     let vendor: HashSet<String> = HashSet::from_iter(
       vendor_product
         .iter()
         .map(|v| v.vendor.clone())
         .collect::<Vec<String>>(),
     );
+    let metrics = props.metrics.clone();
     html! {
     <>
         <tr class="table-group-divider">
@@ -87,10 +86,10 @@ impl Component for CVERow {
             {cwe}
           </td>
           <td>
-            {cvss2(props.cvss2_score)}
+            {cvss2(metrics.base_metric_v2.inner())}
           </td>
           <td>
-            {cvss3(props.cvss3_score)}
+            {cvss3(metrics.base_metric_v3.inner())}
           </td>
           <td>
             {update}
@@ -103,3 +102,9 @@ impl Component for CVERow {
     }
   }
 }
+pub fn unique_vendor_product(nodes: Vec<cve::v4::configurations::Node>) -> Vec<cpe::Product> {
+  nodes
+    .iter()
+    .flat_map(|node| node.vendor_product())
+    .collect()
+}

nvd-yew/src/component/cve_row.rs

@@ -3,36 +3,38 @@ use cvss::metric::{Help, Worth};
 use cvss::severity::{SeverityType, SeverityTypeV2};
 use yew::prelude::*;
 
-pub fn cvss2(score: f32) -> Html {
-  let severity = cvss::severity::SeverityTypeV2::from(score);
-  let severity_class = match severity {
-    SeverityTypeV2::None => "bg-secondary",
-    SeverityTypeV2::Low => "bg-info",
-    SeverityTypeV2::Medium => "bg-warning",
-    SeverityTypeV2::High => "bg-danger",
-  };
-  let score_str = if score == 0.0 {
-    String::from("N/A")
-  } else {
-    score.to_string()
+pub fn cvss2(metric: Option<&cvss::v2::ImpactMetricV2>) -> Html {
+  let mut score = 0.0;
+  let severity_class = match metric {
+    None =>  "bg-secondary",
+    Some(m) => {
+      score = m.cvss_v2.base_score;
+      match m.severity {
+        SeverityTypeV2::None => "bg-secondary",
+        SeverityTypeV2::Low => "bg-info",
+        SeverityTypeV2::Medium => "bg-warning",
+        SeverityTypeV2::High => "bg-danger",
+      }
+    }
   };
-  html!(<span class={classes!(["badge",severity_class])}><b style="font-size:larger">{score_str}</b></span>)
+  html!(<span class={classes!(["badge",severity_class])}><b style="font-size:larger">{score}</b></span>)
 }
-pub fn cvss3(score: f32) -> Html {
-  let severity = cvss::severity::SeverityType::from(score);
-  let severity_class = match severity {
-    SeverityType::None => "bg-secondary",
-    SeverityType::Low => "bg-info",
-    SeverityType::Medium => "bg-warning",
-    SeverityType::High => "bg-danger",
-    SeverityType::Critical => "bg-dark",
-  };
-  let score_str = if score == 0.0 {
-    String::from("N/A")
-  } else {
-    format!("{} {}", score, severity)
+pub fn cvss3(metric: Option<&cvss::v3::ImpactMetricV3>) -> Html {
+  let mut score = 0.0;
+  let severity_class = match metric {
+    None =>  "bg-secondary",
+    Some(m) => {
+      score = m.cvss_v3.base_score;
+      match m.cvss_v3.base_severity {
+        SeverityType::None => "bg-secondary",
+        SeverityType::Low => "bg-info",
+        SeverityType::Medium => "bg-warning",
+        SeverityType::High => "bg-danger",
+        SeverityType::Critical => "bg-dark",
+      }
+    }
   };
-  html!(<span class={classes!(["badge",severity_class])}><b style="font-size:larger">{score_str}</b></span>)
+  html!(<span class={classes!(["badge",severity_class])}><b style="font-size:larger">{score}</b></span>)
 }
 pub enum V3Card {
   AV(cvss::v3::attack_vector::AttackVectorType),

nvd-yew/src/component/cvss_tags.rs

@@ -6,14 +6,12 @@ pub struct Cve {
   pub id: String,
   pub year: i32,
   pub assigner: String,
-  pub references: cve::v4::References,
-  pub description: cve::v4::Description,
-  pub problem_type: cve::v4::ProblemType,
-  pub cvss3_vector: String,
-  pub cvss3_score: f32,
-  pub cvss2_vector: String,
-  pub cvss2_score: f32,
-  pub configurations: cve::v4::configurations::Configurations,
+  pub description: Vec<cve::v4::Description>,
+  pub severity: String,
+  pub metrics: cve::impact::ImpactMetrics,
+  pub weaknesses: Vec<cve::v4::Weaknesses>,
+  pub configurations: Vec<cve::v4::configurations::Node>,
+  pub references: Vec<cve::v4::Reference>,
   pub created_at: NaiveDateTime,
   pub updated_at: NaiveDateTime,
 }