Expand description
A Rust library for representing and deserializing CVSS data.
This crate provides Rust types that map directly to the official JSON schema representations for CVSS versions 2.0, 3.0, 3.1, and 4.0.
§Example
Deserializing a CVSS v3.1 JSON object:
use cvss_rs::v3::AttackVector;
use cvss_rs::{Cvss, Severity, Version};
let json_data = r#"{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}"#;
let cvss: Cvss = serde_json::from_str(json_data).unwrap();
assert_eq!(cvss.version(), Version::V3_1);
assert_eq!(cvss.base_score(), 9.8);
assert_eq!(cvss.base_severity().unwrap(), Severity::Critical);
// We can also get the inner struct and access some of its fields
if let Cvss::V3_1(cvss_v3) = cvss {
assert_eq!(cvss_v3.attack_vector, Some(AttackVector::Network));
} else {
// The example should panic if the if let fails
panic!("Expected Cvss::V3_1 variant");
}Modules§
- v3
- Represents the CVSS v3.0 and v3.1 specifications.
- v2_0
- Represents the CVSS v2.0 specification.
- v4_0
- Represents the CVSS v4.0 specification.
- version
Enums§
- Cvss
- An enum to hold any version of a CVSS object.
- Parse
Error - Errors that can occur when parsing CVSS vector strings.
- Severity
- Represents the qualitative severity rating of a vulnerability.
- Version
- Auto-generated discriminant enum variants