nvd_cves/v4/
mod.rs

1pub mod configurations;
2
3use crate::date_format;
4use crate::impact::ImpactMetrics;
5use crate::v4::configurations::Configurations;
6use chrono::NaiveDateTime;
7use serde::{Deserialize, Serialize};
8// https://nvd.nist.gov/general/News/JSON-1-1-Vulnerability-Feed-Release
9// https://github.com/CVEProject/cve-schema
10// https://raw.gitmirror.com/CVEProject/cve-schema/master/schema/v4.0/DRAFT-JSON-file-format-v4.md
11// https://www.cve.org/Downloads
12// https://github.com/CVEProject/cvelist
13
14/// These objects can in turn contain more objects, arrays, strings and so on. The reason for this is so that each top level object type can contain self-identifying data such as CVE_Data_version. Most objects can in turn contains virtually any other object. In general, if you traverse into the nested tree of objects you should not encounter any chains that contains more than one instance of a given object container. Simply put you should not for example encounter a chain such as: root, CVE_affects, CVE_configuration, CVE_workaround, CVE_configuration. Please note that this rule may be subject to change as we get new container types and use cases.
15#[derive(Debug, Deserialize, Serialize)]
16#[allow(non_snake_case)]
17#[serde(deny_unknown_fields)]
18pub struct CVEContainer {
19  /// This string identifies what kind of data is held in this JSON file. This is mandatory and designed to prevent problems with attempting to detect what kind of file this is. Valid values for this string are CVE, CNA, CVEMENTOR.
20  pub CVE_data_type: String,
21  /// This string identifies what data format is used in this JSON file. This is mandatory and designed to prevent problems with attempting to detect what format of data is used. Valid values for this string are MITRE, it can also be user defined (e.g. for internal use).
22  pub CVE_data_format: String,
23  /// This identifies which version of the data format is in use. This is mandatory and designed to prevent problems with attempting to detect what format of data is used.
24  pub CVE_data_version: String,
25  /// numberOfCVEs
26  pub CVE_data_numberOfCVEs: String,
27  /// last update time for this entry
28  pub CVE_data_timestamp: String,
29  /// There are several special string values that can exist at the root level of the CVE ID JSON data, and one special one, the CVE_data_version, which can exist in the root or within any container.
30  pub CVE_Items: Vec<CVEItem>,
31}
32
33// 单个CVE信息
34#[derive(Debug, Serialize, Deserialize, Clone)]
35#[serde(rename_all(deserialize = "camelCase"), deny_unknown_fields)]
36#[allow(clippy::upper_case_acronyms)]
37pub struct CVEItem {
38  // CVE 信息
39  pub cve: CVE,
40  // 影响
41  pub impact: ImpactMetrics,
42  // 配置
43  pub configurations: Configurations,
44  // 公开时间
45  #[serde(with = "date_format")]
46  pub published_date: NaiveDateTime,
47  // 最后修改时间
48  #[serde(with = "date_format")]
49  pub last_modified_date: NaiveDateTime,
50}
51
52#[derive(Debug, Serialize, Deserialize, Clone)]
53#[serde(deny_unknown_fields)]
54pub struct CVE {
55  /// This string identifies what kind of data is held in this JSON file. This is mandatory and designed to prevent problems with attempting to detect what kind of file this is. Valid values for this string are CVE, CNA, CVEMENTOR.
56  pub data_type: String,
57  /// This string identifies what data format is used in this JSON file. This is mandatory and designed to prevent problems with attempting to detect what format of data is used. Valid values for this string are MITRE, it can also be user defined (e.g. for internal use).
58  pub data_format: String,
59  /// This identifies which version of the data format is in use. This is mandatory and designed to prevent problems with attempting to detect what format of data is used.
60  pub data_version: String,
61  /// CVE_data_meta
62  #[serde(rename(deserialize = "CVE_data_meta"))]
63  pub meta: Meta,
64  // 参考
65  pub references: References,
66  // 描述
67  pub description: Descriptions,
68  // 问题类型 关联:CWE
69  #[serde(rename(deserialize = "problemtype"))]
70  pub problem_type: ProblemType,
71}
72
73/// These URLs are supplemental information relevant to the vulnerability, which include details that may not be present in the CVE Description. References are given resource tags such as third-party advisory, vendor advisory, technical paper, press/media, VDB entries, etc. These tags can help users quickly categorize the type of information each reference contains. References for a CVE are provided through the CVE list, the NVD does not have direct control over them. If you have concerns with existing CVE references or find other publicly available information that would be useful, then you can submit a request using the form at <https://cveform.mitre.org/> for the CVE Assignment Team to review.
74///
75#[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
76#[serde(deny_unknown_fields)]
77pub struct References {
78  pub reference_data: Vec<Reference>,
79}
80
81#[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
82#[serde(deny_unknown_fields)]
83pub struct Reference {
84  pub url: String,
85  #[serde(default)]
86  pub name: String,
87  #[serde(alias = "refsource")]
88  pub source: String,
89  #[serde(default)]
90  pub tags: Vec<String>,
91}
92
93#[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
94#[serde(deny_unknown_fields)]
95pub struct Descriptions {
96  pub description_data: Vec<Description>,
97}
98
99#[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
100#[serde(deny_unknown_fields)]
101pub struct Description {
102  pub lang: String,
103  pub value: String,
104}
105
106/// This is metadata about the CVE ID such as the CVE ID, who requested it, who assigned it, when it was requested, when it was assigned, the current state (PUBLIC, REJECT, etc.) and so on.
107#[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
108#[serde(deny_unknown_fields)]
109pub struct Meta {
110  /// CVE-YEAR-NNNNNNN - the CVE ID in the format listed in <http://cve.mitre.org/cve/identifiers/syntaxchange.html#new>
111  #[serde(rename(deserialize = "ID"))]
112  pub id: String,
113  /// Assigner ID - the assigner of the CVE (email address)
114  #[serde(rename(deserialize = "ASSIGNER"))]
115  pub assigner: String,
116}
117
118/// This is problem type information (e.g. CWE identifier).
119///
120/// Must contain: At least one entry, can be text, OWASP, CWE, please note that while only one is required you can use more than one (or indeed all three) as long as they are correct.
121#[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
122#[serde(deny_unknown_fields)]
123pub struct ProblemType {
124  #[serde(rename = "problemtype_data")]
125  pub problem_type_data: Vec<Weaknesses>,
126}
127
128#[derive(Debug, Serialize, Deserialize, PartialEq, Clone)]
129#[serde(deny_unknown_fields)]
130pub struct Weaknesses {
131  pub source: Option<String>,
132  pub r#type: Option<String>,
133  pub description: Vec<Description>,
134}