chore: Minimize the impact of code changes

rustsec · Oct 12, 2024 · add6fa1 · add6fa1
1 parent 484e253
commit add6fa1
Show file tree

Hide file tree

Showing 33 changed files with 397 additions and 351 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,2 @@
 platforms/**/Cargo.lock
 target
-.idea/
-.gitignore
diff --git a/cvss/src/metric.rs b/cvss/src/metric.rs
@@ -1,6 +1,5 @@
 //! CVSS metrics.
 
-use crate::v3::Base;
 use crate::{Error, Result};
 use alloc::borrow::ToOwned;
 use core::{
@@ -19,7 +18,7 @@ pub trait Metric: Copy + Clone + Debug + Display + Eq + FromStr + Ord {
     }
 
     /// Get CVSS v3.1 score for this metric.
-    // fn score(self) -> f64;
+    fn score(self) -> f64;
 
     /// Get `str` describing this metric's value
     fn as_str(self) -> &'static str;
@@ -53,7 +52,7 @@ pub enum MetricType {
     /// User Interaction (UI)
     UI,
 
-    /// Exploit Code Maturity (E
+    /// Exploit Code Maturity (E)
     E,
 
     /// Report Confidence (RC)
@@ -191,25 +190,3 @@ impl FromStr for MetricType {
         }
     }
 }
-
-/// Get CVSS v3.1 score for this metric.
-pub trait MetricScore {
-    fn score(self) -> f64;
-}
-
-pub trait ScopedScore {
-    fn scoped_score(self, is_changed: bool) -> f64;
-}
-
-/// Modified Base Metrics
-/// https://www.first.org/cvss/v3.1/specification-document#4-2-Modified-Base-Metrics
-/// These metrics enable the analyst to override individual Base metrics based on specific characteristics of a user’s environment. Characteristics that affect Exploitability, Scope, or Impact can be reflected via an appropriately modified Environmental Score.
-pub trait ModifiedScore {
-    /// Get CVSS v3.1 score for this metric.
-    fn modified_score(self, base: &Base) -> f64;
-}
-
-/// Score when accounting for scope change
-pub trait IsChanged {
-    fn is_changed(self) -> bool;
-}
diff --git a/cvss/src/v3.rs b/cvss/src/v3.rs
@@ -5,9 +5,12 @@
 // TODO(tarcieri): Environmental and Temporal Metrics
 
 pub mod base;
+#[allow(missing_docs)]
 pub mod cvss;
+#[allow(missing_docs)]
 pub mod environmental;
 mod score;
+#[allow(missing_docs)]
 pub mod temporal;
 
 pub use self::{base::Base, score::Score};
diff --git a/cvss/src/v3/base.rs b/cvss/src/v3/base.rs
@@ -14,21 +14,22 @@ pub use self::{
     pr::PrivilegesRequired, s::Scope, ui::UserInteraction,
 };
 
-use crate::{Metric, PREFIX};
-use alloc::borrow::ToOwned;
+use super::Score;
+use crate::{Error, Metric, MetricType, Result, PREFIX};
+use alloc::{borrow::ToOwned, vec::Vec};
 use core::{fmt, str::FromStr};
 
-use crate::metric::{IsChanged, MetricScore, ScopedScore};
 #[cfg(feature = "serde")]
 use {
-    alloc::string::ToString,
-    serde::{Deserialize, Serialize},
+    alloc::string::{String, ToString},
+    serde::{de, ser, Deserialize, Serialize},
 };
 
-use crate::v3::Score;
 #[cfg(feature = "std")]
 use crate::Severity;
 
+pub use crate::v3::base;
+
 /// CVSS v3.1 Base Metric Group
 ///
 /// Described in CVSS v3.1 Specification: Section 2:
@@ -196,3 +197,100 @@ impl fmt::Display for Base {
         Ok(())
     }
 }
+
+impl FromStr for Base {
+    type Err = Error;
+
+    fn from_str(s: &str) -> Result<Self> {
+        let component_vec = s
+            .split('/')
+            .map(|component| {
+                let mut parts = component.split(':');
+
+                let id = parts.next().ok_or_else(|| Error::InvalidComponent {
+                    component: component.to_owned(),
+                })?;
+
+                let value = parts.next().ok_or_else(|| Error::InvalidComponent {
+                    component: component.to_owned(),
+                })?;
+
+                if parts.next().is_some() {
+                    return Err(Error::InvalidComponent {
+                        component: component.to_owned(),
+                    });
+                }
+
+                Ok((id, value))
+            })
+            .collect::<Result<Vec<_>>>()?;
+
+        let mut components = component_vec.iter();
+        let &(id, version_string) = components.next().ok_or(Error::InvalidPrefix {
+            prefix: s.to_owned(),
+        })?;
+
+        if id != PREFIX {
+            return Err(Error::InvalidPrefix {
+                prefix: id.to_owned(),
+            });
+        }
+
+        let mut metrics = Self {
+            minor_version: match version_string {
+                "3.0" => 0,
+                "3.1" => 1,
+                _ => {
+                    return Err(Error::UnsupportedVersion {
+                        version: version_string.to_owned(),
+                    })
+                }
+            },
+            ..Default::default()
+        };
+
+        for &component in components {
+            let id = component.0.to_ascii_uppercase();
+            let value = component.1.to_ascii_uppercase();
+
+            match id.parse::<MetricType>()? {
+                MetricType::AV => metrics.av = Some(value.parse()?),
+                MetricType::AC => metrics.ac = Some(value.parse()?),
+                MetricType::PR => metrics.pr = Some(value.parse()?),
+                MetricType::UI => metrics.ui = Some(value.parse()?),
+                MetricType::S => metrics.s = Some(value.parse()?),
+                MetricType::C => metrics.c = Some(value.parse()?),
+                MetricType::I => metrics.i = Some(value.parse()?),
+                MetricType::A => metrics.a = Some(value.parse()?),
+                _ => {
+                    unimplemented!()
+                }
+            }
+        }
+
+        Ok(metrics)
+    }
+}
+
+#[cfg(feature = "serde")]
+#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
+impl<'de> Deserialize<'de> for Base {
+    fn deserialize<D: de::Deserializer<'de>>(
+        deserializer: D,
+    ) -> core::result::Result<Self, D::Error> {
+        String::deserialize(deserializer)?
+            .parse()
+            .map_err(de::Error::custom)
+    }
+}
+
+#[cfg(feature = "serde")]
+#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
+impl Serialize for Base {
+    fn serialize<S: ser::Serializer>(
+        &self,
+        serializer: S,
+    ) -> core::result::Result<S::Ok, S::Error> {
+        self.to_string().serialize(serializer)
+    }
+}
diff --git a/cvss/src/v3/base/a.rs b/cvss/src/v3/base/a.rs
@@ -1,6 +1,5 @@
 //! Availability Impact (A)
 
-use crate::metric::MetricScore;
 use crate::{Error, Metric, MetricType, Result};
 use alloc::borrow::ToOwned;
 use core::{fmt, str::FromStr};
@@ -60,13 +59,13 @@ pub enum Availability {
 impl Metric for Availability {
     const TYPE: MetricType = MetricType::A;
 
-    // fn score(self) -> f64 {
-    //     match self {
-    //         Availability::None => 0.0,
-    //         Availability::Low => 0.22,
-    //         Availability::High => 0.56,
-    //     }
-    // }
+    fn score(self) -> f64 {
+        match self {
+            Availability::None => 0.0,
+            Availability::Low => 0.22,
+            Availability::High => 0.56,
+        }
+    }
 
     fn as_str(self) -> &'static str {
         match self {
@@ -77,16 +76,6 @@ impl Metric for Availability {
     }
 }
 
-impl MetricScore for Availability {
-    fn score(self) -> f64 {
-        match self {
-            Availability::None => 0.0,
-            Availability::Low => 0.22,
-            Availability::High => 0.56,
-        }
-    }
-}
-
 impl fmt::Display for Availability {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(f, "{}:{}", Self::name(), self.as_str())

diff --git a/cvss/src/v3/base/ac.rs b/cvss/src/v3/base/ac.rs
@@ -1,6 +1,5 @@
 //! Attack Complexity (AC)
 
-use crate::metric::MetricScore;
 use crate::{Error, Metric, MetricType, Result};
 use alloc::borrow::ToOwned;
 use core::{fmt, str::FromStr};
@@ -60,19 +59,17 @@ impl Default for AttackComplexity {
 impl Metric for AttackComplexity {
     const TYPE: MetricType = MetricType::AC;
 
-    fn as_str(self) -> &'static str {
+    fn score(self) -> f64 {
         match self {
-            AttackComplexity::High => "H",
-            AttackComplexity::Low => "L",
+            AttackComplexity::High => 0.44,
+            AttackComplexity::Low => 0.77,
         }
     }
-}
 
-impl MetricScore for AttackComplexity {
-    fn score(self) -> f64 {
+    fn as_str(self) -> &'static str {
         match self {
-            AttackComplexity::High => 0.44,
-            AttackComplexity::Low => 0.77,
+            AttackComplexity::High => "H",
+            AttackComplexity::Low => "L",
         }
     }
 }

diff --git a/cvss/src/v3/base/av.rs b/cvss/src/v3/base/av.rs
@@ -1,6 +1,5 @@
 //! CVSS v3.1 Base Metric Group - Attack Vector (AV)
 
-use crate::metric::MetricScore;
 use crate::{Error, Metric, MetricType};
 use alloc::borrow::ToOwned;
 use core::{fmt, str::FromStr};
@@ -73,17 +72,6 @@ pub enum AttackVector {
 impl Metric for AttackVector {
     const TYPE: MetricType = MetricType::AV;
 
-    fn as_str(self) -> &'static str {
-        match self {
-            AttackVector::Physical => "P",
-            AttackVector::Local => "L",
-            AttackVector::Adjacent => "A",
-            AttackVector::Network => "N",
-        }
-    }
-}
-
-impl MetricScore for AttackVector {
     fn score(self) -> f64 {
         match self {
             AttackVector::Physical => 0.20,
@@ -92,6 +80,15 @@ impl MetricScore for AttackVector {
             AttackVector::Network => 0.85,
         }
     }
+
+    fn as_str(self) -> &'static str {
+        match self {
+            AttackVector::Physical => "P",
+            AttackVector::Local => "L",
+            AttackVector::Adjacent => "A",
+            AttackVector::Network => "N",
+        }
+    }
 }
 
 impl fmt::Display for AttackVector {

diff --git a/cvss/src/v3/base/c.rs b/cvss/src/v3/base/c.rs
@@ -1,6 +1,5 @@
 //! Confidentiality Impact (C)
 
-use crate::metric::MetricScore;
 use crate::{Error, Metric, MetricType};
 use alloc::borrow::ToOwned;
 use core::{fmt, str::FromStr};
@@ -46,23 +45,21 @@ pub enum Confidentiality {
 impl Metric for Confidentiality {
     const TYPE: MetricType = MetricType::C;
 
-    fn as_str(self) -> &'static str {
-        match self {
-            Confidentiality::None => "N",
-            Confidentiality::Low => "L",
-            Confidentiality::High => "H",
-        }
-    }
-}
-
-impl MetricScore for Confidentiality {
     fn score(self) -> f64 {
         match self {
             Confidentiality::None => 0.0,
             Confidentiality::Low => 0.22,
             Confidentiality::High => 0.56,
         }
     }
+
+    fn as_str(self) -> &'static str {
+        match self {
+            Confidentiality::None => "N",
+            Confidentiality::Low => "L",
+            Confidentiality::High => "H",
+        }
+    }
 }
 
 impl fmt::Display for Confidentiality {

diff --git a/cvss/src/v3/base/i.rs b/cvss/src/v3/base/i.rs
@@ -1,6 +1,5 @@
 //! Integrity Impact (I)
 
-use crate::metric::MetricScore;
 use crate::{Error, Metric, MetricType, Result};
 use alloc::borrow::ToOwned;
 use core::{fmt, str::FromStr};
@@ -42,23 +41,21 @@ pub enum Integrity {
 impl Metric for Integrity {
     const TYPE: MetricType = MetricType::I;
 
-    fn as_str(self) -> &'static str {
-        match self {
-            Integrity::None => "N",
-            Integrity::Low => "L",
-            Integrity::High => "H",
-        }
-    }
-}
-
-impl MetricScore for Integrity {
     fn score(self) -> f64 {
         match self {
             Integrity::None => 0.0,
             Integrity::Low => 0.22,
             Integrity::High => 0.56,
         }
     }
+
+    fn as_str(self) -> &'static str {
+        match self {
+            Integrity::None => "N",
+            Integrity::Low => "L",
+            Integrity::High => "H",
+        }
+    }
 }
 
 impl fmt::Display for Integrity {