fix format

Author: cn-kali-team

cve/src/api/mod.rs

@@ -1,11 +1,11 @@
 use crate::impact::ImpactMetrics;
 use crate::v4::configurations::Node;
-use crate::v4::{Description, Weaknesses, Reference};
+use crate::v4::{Description, Reference, Weaknesses};
 use chrono::NaiveDateTime;
 use serde::{Deserialize, Serialize};
 
 #[derive(Debug, Serialize, Deserialize, Clone, PartialEq)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct CVE {
   pub id: String,
   pub source_identifier: String,

cve/src/impact.rs

@@ -8,7 +8,7 @@ use serde::{Deserialize, Serialize};
 /// Must contain: At least one entry, can be text, CVSSv2, CVSSv3, others may be added
 ///
 #[derive(Debug, Serialize, Deserialize, Clone, PartialEq)]
-#[serde(rename_all(deserialize = "camelCase"), deny_unknown_fields)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
 pub struct ImpactMetrics {
   // TODO: Implement V1?
   // cvssV2 过期
@@ -20,6 +20,17 @@ pub struct ImpactMetrics {
   // TODO: Implement V4?
 }
 
+impl ImpactMetrics {
+  pub fn severity(&self) -> String {
+    if let Some(m) = self.base_metric_v3.inner() {
+      return m.cvss_v3.base_severity.to_string();
+    }
+    if let Some(m) = self.base_metric_v2.inner() {
+      return m.severity.to_string();
+    }
+    String::from("None")
+  }
+}
 // 为了兼容API接口返回的数据和json归档数据结构
 #[derive(Debug, Serialize, Deserialize, Clone, PartialEq)]
 #[serde(untagged)]

cvss/src/v2/mod.rs

@@ -39,7 +39,7 @@ use crate::version::Version;
 use serde::{Deserialize, Serialize};
 
 #[derive(Debug, Serialize, Deserialize, Clone, PartialEq)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct CVSS {
   // 版本
   pub version: Version,
@@ -164,7 +164,7 @@ impl CVSS {
 /// The CVSSv2 <https://www.first.org/cvss/v2/guide> scoring data, split up into Base Metrics Group (BM), Temporal Metrics Group (TM) and Environmental Metrics Group (EM).
 ///
 #[derive(Debug, Serialize, Deserialize, Clone, PartialEq)]
-#[serde(rename_all(deserialize = "camelCase"), deny_unknown_fields)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
 pub struct ImpactMetricV2 {
   #[serde(default)]
   pub source: Option<String>,

cvss/src/v3/impact_metrics.rs

@@ -291,7 +291,7 @@ impl AvailabilityImpactType {
 ///
 /// If a scope change has not occurred, the Impact metrics should reflect the confidentiality, integrity, and availability (CIA) impact to the vulnerable component. However, if a scope change has occurred, then the Impact metrics should reflect the CIA impact to either the vulnerable component, or the impacted component, whichever suffers the most severe outcome.
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct Impact {
   /// [`ConfidentialityImpactType`] 机密性影响（C）
   pub confidentiality_impact: ConfidentialityImpactType,

cvss/src/v3/mod.rs

@@ -42,7 +42,7 @@ pub mod user_interaction;
 /// As mentioned, the Exploitability metrics reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. Therefore, each of the Exploitability metrics listed below should be scored relative to the vulnerable component, and reflect the properties of the vulnerability that lead to a successful attack.
 ///
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct ExploitAbility {
   /// [`AttackVectorType`] 访问途径（AV）
   pub attack_vector: AttackVectorType,
@@ -75,7 +75,7 @@ impl ExploitAbility {
 /// The benefits of CVSS include the provision of a standardized vendor and platform agnostic vulnerability scoring methodology. It is an open framework, providing transparency to the individual characteristics and methodology used to derive a score.
 ///
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct CVSS {
   /// Version 版本： 3.0 和 3.1
   pub version: Version,
@@ -273,7 +273,7 @@ impl CVSSBuilder {
 ///
 /// The CVSSv3 <https://www.first.org/cvss/specification-document> scoring data.
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"), deny_unknown_fields)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
 pub struct ImpactMetricV3 {
   #[serde(default)]
   pub source: Option<String>,

cvss/src/v4/environmental.rs

@@ -5,7 +5,7 @@ use std::fmt::{Display, Formatter};
 use std::str::FromStr;
 
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct Environmental {
   /// [`ConfidentialityImpactType`] 机密性影响（C）
   pub confidentiality_requirements: ConfidentialityRequirements,

cvss/src/v4/mod.rs

@@ -50,7 +50,7 @@ mod vulnerable_impact_metrics;
 /// As mentioned, the Exploitability metrics reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. Therefore, each of the Exploitability metrics listed below should be scored relative to the vulnerable component, and reflect the properties of the vulnerability that lead to a successful attack.
 ///
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct ExploitAbility {
   /// [`AttackVectorType`] 访问途径（AV）
   pub attack_vector: AttackVectorType,
@@ -124,7 +124,7 @@ impl ExploitAbility {
 /// The benefits of CVSS include the provision of a standardized vendor and platform agnostic vulnerability scoring methodology. It is an open framework, providing transparency to the individual characteristics and methodology used to derive a score.
 ///
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct CVSS {
   /// Version 版本： 4.0
   pub version: Version,

cvss/src/v4/subsequent_impact_metrics.rs

@@ -326,7 +326,7 @@ impl SubsequentAvailabilityImpactType {
   }
 }
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct SubsequentImpact {
   /// [`ConfidentialityImpactType`] 机密性影响（C）
   pub confidentiality_impact: SubsequentConfidentialityImpactType,

cvss/src/v4/vulnerable_impact_metrics.rs

@@ -306,7 +306,7 @@ impl VulnerableAvailabilityImpactType {
 ///
 /// If a scope change has not occurred, the Impact metrics should reflect the confidentiality, integrity, and availability (CIA) impact to the vulnerable component. However, if a scope change has occurred, then the Impact metrics should reflect the CIA impact to either the vulnerable component, or the impacted component, whichever suffers the most severe outcome.
 #[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct VulnerableImpact {
   /// [`ConfidentialityImpactType`] 机密性影响（C）
   pub confidentiality_impact: VulnerableConfidentialityImpactType,

helper/src/bin/cve_to_db.rs

@@ -1,9 +1,6 @@
 use cached::proc_macro::cached;
 use cached::SizedCache;
-use cve::impact::OneOrMany;
 use cve::v4::{CVEContainer, CVEItem};
-use cvss::v2::ImpactMetricV2;
-use cvss::v3::ImpactMetricV3;
 use diesel::mysql::MysqlConnection;
 use helper::init_db_pool;
 use nvd_server::error::DBResult;
@@ -19,27 +16,6 @@ use std::str::FromStr;
 
 // https://cwe.mitre.org/data/downloads.html
 // curl -s -k https://cwe.mitre.org/data/downloads.html |grep  -Eo '(/[^"]*\.xml.zip)'|xargs -I % wget -c https://cwe.mitre.org%
-fn v3(v3: &OneOrMany<ImpactMetricV3>) -> (String, f32) {
-  match v3 {
-    OneOrMany::None => (String::new(), 0.0),
-    OneOrMany::One(v) => (v.cvss_v3.vector_string.to_string(), v.cvss_v3.base_score),
-    OneOrMany::Many(vs) => (
-      vs.first().unwrap().cvss_v3.vector_string.to_string(),
-      vs.first().unwrap().cvss_v3.base_score,
-    ),
-  }
-}
-
-fn v2(v2: &OneOrMany<ImpactMetricV2>) -> (String, f32) {
-  match v2 {
-    OneOrMany::None => (String::new(), 0.0),
-    OneOrMany::One(v) => (v.cvss_v2.vector_string.to_string(), v.cvss_v2.base_score),
-    OneOrMany::Many(vs) => (
-      vs.first().unwrap().cvss_v2.vector_string.to_string(),
-      vs.first().unwrap().cvss_v2.base_score,
-    ),
-  }
-}
 
 fn import_to_db(connection: &mut MysqlConnection, cve_item: CVEItem) -> DBResult<String> {
   let id = cve_item.cve.meta.id;
@@ -48,16 +24,15 @@ fn import_to_db(connection: &mut MysqlConnection, cve_item: CVEItem) -> DBResult
     id: id.clone(),
     created_at: cve_item.published_date,
     updated_at: cve_item.last_modified_date,
-    references: serde_json::json!(cve_item.cve.references),
-    description: serde_json::json!(cve_item.cve.description),
-    problem_type: serde_json::json!(cve_item.cve.problem_type),
-    cvss3_vector: v3(&cve_item.impact.base_metric_v3).0,
-    cvss3_score: v3(&cve_item.impact.base_metric_v3).1,
-    cvss2_vector: v2(&cve_item.impact.base_metric_v2).0,
-    cvss2_score: v2(&cve_item.impact.base_metric_v2).1,
+    references: serde_json::json!(cve_item.cve.references.reference_data),
+    description: serde_json::json!(cve_item.cve.description.description_data),
+    severity: cve_item.impact.severity().to_string(),
+    metrics: serde_json::json!(cve_item.impact),
     assigner: cve_item.cve.meta.assigner,
-    configurations: serde_json::json!(cve_item.configurations),
+    configurations: serde_json::json!(cve_item.configurations.nodes),
     year: i32::from_str(y).unwrap_or_default(),
+    weaknesses: serde_json::json!(cve_item.cve.problem_type.problem_type_data),
+    timeline: Default::default(),
   };
   // 插入到数据库
   match Cve::create(connection, &new_post) {
@@ -179,7 +154,7 @@ pub fn create_product(
 
 fn main() {
   let connection_pool = init_db_pool();
-  for y in 2004..2024 {
+  for y in 2023..2024 {
     let p = format!("helper/examples/nvdcve/nvdcve-1.1-{y}.json.gz");
     println!("{p}");
     let gz_open_file = File::open(p).unwrap();
@@ -189,5 +164,6 @@ fn main() {
     for w in c.CVE_Items {
       import_to_db(connection_pool.get().unwrap().deref_mut(), w).unwrap_or_default();
     }
+    break;
   }
 }

nvd-api/src/pagination.rs

@@ -4,7 +4,7 @@ use crate::v2::vulnerabilities::{CveChanges, Vulnerabilities};
 use chrono::NaiveDateTime;
 use serde::{Deserialize, Serialize};
 #[derive(Serialize, Deserialize, PartialEq, Debug, Clone)]
-#[serde(rename_all(deserialize = "camelCase"))]
+#[serde(rename_all = "camelCase")]
 pub struct ListResponse {
   #[serde(flatten)]
   pub results: Object,

nvd-server/nvd-er.mwb

@@ -26,8 +26,8 @@ pub struct Cve {
   pub year: i32,
   pub assigner: String,
   pub description: Value,
-  pub severity:String,
-  pub metrics:Value,
+  pub severity: String,
+  pub metrics: Value,
   pub weaknesses: Value,
   pub configurations: Value,
   pub references: Value,

nvd-server/src/modules/mod.rs

@@ -4,11 +4,11 @@ use cvss::severity::{SeverityType, SeverityTypeV2};
 use yew::prelude::*;
 
 pub fn cvss2(metric: Option<&cvss::v2::ImpactMetricV2>) -> Html {
-  let mut score = 0.0;
+  let mut score = String::from("N/A");
   let severity_class = match metric {
-    None =>  "bg-secondary",
+    None => "bg-secondary",
     Some(m) => {
-      score = m.cvss_v2.base_score;
+      score = format!("{} {}", m.cvss_v2.base_score, m.severity.to_string());
       match m.severity {
         SeverityTypeV2::None => "bg-secondary",
         SeverityTypeV2::Low => "bg-info",
@@ -20,11 +20,15 @@ pub fn cvss2(metric: Option<&cvss::v2::ImpactMetricV2>) -> Html {
   html!(<span class={classes!(["badge",severity_class])}><b style="font-size:larger">{score}</b></span>)
 }
 pub fn cvss3(metric: Option<&cvss::v3::ImpactMetricV3>) -> Html {
-  let mut score = 0.0;
+  let mut score = String::from("N/A");
   let severity_class = match metric {
-    None =>  "bg-secondary",
+    None => "bg-secondary",
     Some(m) => {
-      score = m.cvss_v3.base_score;
+      score = format!(
+        "{} {}",
+        m.cvss_v3.base_score,
+        m.cvss_v3.base_severity.to_string()
+      );
       match m.cvss_v3.base_severity {
         SeverityType::None => "bg-secondary",
         SeverityType::Low => "bg-info",

nvd-yew/src/component/cvss_tags.rs

@@ -115,24 +115,24 @@ impl CVEDetails {
       <>
       <div class="card-tabs p-1">
       <ul class="nav nav-tabs p-1" role="tablist">
-      if let Some(v3) = cvss_v3.clone(){
+      if let Some(v3) = cvss_v3{
         <li class="nav-item">
           <a href="#tabs-cvss3" class="nav-link" data-bs-toggle="tab" aria-selected="true" role="tab">{format!("CVSS v{}",v3.cvss_v3.version.to_string())} {cvss3(cvss_v3)}</a>
         </li>
       }
-      if let Some(v2) = cvss_v2.clone(){
+      if let Some(v2) = cvss_v2{
         <li class="nav-item">
           <a href="#tabs-cvss2" class="nav-link" data-bs-toggle="tab">{format!("CVSS v{}",v2.cvss_v2.version.to_string())} {cvss2(cvss_v2)}</a>
         </li>
       }
       </ul>
         <div class="tab-content">
-        if let Some(v3) = cvss_v3.clone(){
+        if let Some(v3) = cvss_v3{
           <div class="tab-pane show active" id="tabs-cvss3">
             <CVSS3 v3={Some(v3.clone())}/>
           </div>
         }
-        if let Some(v2) = cvss_v2.clone(){
+        if let Some(v2) = cvss_v2{
           <div class="tab-pane show" id="tabs-cvss2">
             <CVSS2 v2={Some(v2.clone())}/>
           </div>