Skip to main content

CveDatabase

Struct CveDatabase 

Source
pub struct CveDatabase { /* private fields */ }
Expand description

CVE database for querying known vulnerabilities

Implementations§

Source§

impl CveDatabase

Source

pub fn builtin() -> Result<Self, CveDbError>

Load the built-in CVE database

Source

pub fn from_file(path: &Path) -> Result<Self, CveDbError>

Load CVE database from a JSON file

Source

pub fn from_json(json: &str) -> Result<Self, CveDbError>

Load CVE database from a JSON string

Source

pub fn version(&self) -> &str

Get database version

Source

pub fn updated_at(&self) -> &str

Get last update timestamp

Source

pub fn entries(&self) -> &[CveEntry]

Get all entries

Source

pub fn len(&self) -> usize

Get entry count

Source

pub fn is_empty(&self) -> bool

Check if database is empty

Source

pub fn check_product( &self, vendor: &str, product: &str, version: &str, ) -> Vec<&CveEntry>

Check if a product/version combination is affected by any CVE Returns matching CVE entries

Source

pub fn check_product_by_name( &self, product: &str, version: &str, ) -> Vec<&CveEntry>

Check a product/version against all CVEs, ignoring vendor.

An npm package name uniquely identifies a product, but the same package can be recorded under different vendor strings across databases (the shipped DB uses modelcontextprotocol; a custom DB may use anthropic or geelen). Matching on product name avoids brittle vendor coupling that silently produced zero findings (issue #149).

Source

pub fn create_findings( &self, vendor: &str, product: &str, version: &str, file_path: &str, line: usize, ) -> Vec<Finding>

Create findings for matching CVEs (vendor + product).

Source

pub fn create_findings_by_product( &self, product: &str, version: &str, file_path: &str, line: usize, ) -> Vec<Finding>

Create findings for matching CVEs by product name, ignoring vendor.

Preferred for npm packages, where the package name is the reliable key and the recorded vendor string varies between databases (issue #149).

Trait Implementations§

Source§

impl Default for CveDatabase

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more