Vector

polycvss

Struct Vector 

Source 
pub struct Vector(/* private fields */);
Expand description

CVSS vector.

Notes:

  • Parses CVSS v2, v3, and v4 vector strings.
  • Represented internally as a u64 (8 bytes). See “Internal Representation” below.
  • Metrics are sorted in specification order when iterating a Vector or converting a Vector to a string; the order of metrics in the original vector string is not preserved. See “Examples” below.
  • Optional metrics with a value of Not Defined (X) are skipped when iterating a Vector or converting a Vector to a string. See “Examples” below.

§Examples

Parse vector string:

// parse CVSS v2 vector string
let v2: Vector = "AV:N/AC:L/Au:N/C:C/I:C/A:C".parse()?;

// parse CVSS v3 vector string
let v3: Vector = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H".parse()?;

// parse CVSS v4 vector string
let v4: Vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H".parse()?;

Iterate over vector metrics:

// parse CVSS v4 vector string
let v: Vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H".parse()?;

// print metrics
for m in v {
  println!("metric: {m}");
}

Get metric from vector:

// parse CVSS v4 vector string
let v: Vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H".parse()?;

// get metric
let metric = v.get(Name::V4(v4::Name::AttackVector))?;

// check result
assert_eq!(metric, Metric::V4(v4::Metric::AttackVector(v4::AttackVector::Network)));

Get score for several vector strings:

// parse CVSS v2 vector string, get score
let v2: Vector = "AV:N/AC:L/Au:N/C:C/I:C/A:C".parse()?;
assert_eq!(Score::from(v2), Score::from(10.0));

// parse CVSS v3 vector string, get score
let v3: Vector = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H".parse()?;
assert_eq!(Score::from(v3), Score::from(9.8));

// parse CVSS v4 vector string, get score
let v4: Vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H".parse()?;
assert_eq!(Score::from(v4), Score::from(10.0));

Get base score for several vector strings:

// parse CVSS v2 vector string, get base score
let v2: Vector = "AV:N/AC:L/Au:N/C:C/I:C/A:C".parse()?;
assert_eq!(v2.base_score(), Score::from(10.0));

// parse CVSS v3 vector string, get base score
let v3: Vector = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H".parse()?;
assert_eq!(v3.base_score(), Score::from(9.8));

// parse CVSS v4 vector string, get base score
let v4: Vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H".parse()?;
assert_eq!(v4.base_score(), Score::from(10.0));

Show that the order of metrics within a vector string is not preserved when parsing a vector string and then converting the Vector back to a string:

// vector string with first two metrics (AV and AC) swapped
let s = "CVSS:4.0/AC:L/AV:N/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H";

// expected result after parsing vector string above and converting
// the parsed vector back to a vector string
let exp = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H";

// parse vector string, then convert parsed vector back to vector string
let got = s.parse::<Vector>()?.to_string();

// check result
assert_eq!(got, exp);

Show that optional metrics with a value of Not Defined (X) are not preserved when parsing a vector string and then converting the Vector back to a string:

// vector string which contains an optional metric (MAV) with a
// value of `Not Defined (X)`
let s = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/MAV:X";

// expected result after parsing vector string above and converting
// the parsed vector back to a vector string
let exp = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H";

// parse vector string, then convert parsed vector back to vector string
let got = s.parse::<Vector>()?.to_string();

// check result
assert_eq!(got, exp);

Verify that a Vector is the same size as a u64:

assert_eq!(size_of::<Vector>(), size_of::<u64>());

Verify that a v4::Vector is the same size as one u64:

assert_eq!(size_of::<v4::Vector>(), size_of::<u64>());

§Internal Representation

A Vector is represented internally as a bit field within a u64, The lower 60 bits contain encoded metric values, and the upper 4 bits contain the vector version: A Vector is represented internally as a bit field within a u64. Metric values are stored in the lower 60 bits (bits 0..60) and the CVSS version is stored in the upper 4 bits (bits 60..64):

Bit RangeDescription
0..60Metric values.
60..64CVSS version.

The metric value encoding method is version-specific. See the version-specific vector representations for more information:

Implementations§

Source§

impl Vector

Source

pub fn get(self, name: Name) -> Result<Metric, Err>

Get Metric from Vector by Name.

Returns Err::UnknownName if there is a mismatch between the version of the vector and the version of the given Name.

§Example

Get metric from vector by name:

// parse CVSS v4 vector string
let v: Vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H".parse()?;

// get metric
let metric = v.get(Name::V4(v4::Name::AttackVector))?;

// check result
assert_eq!(metric, Metric::V4(v4::Metric::AttackVector(v4::AttackVector::Network)));

Example of error when there is a mismatch between the version of the vector and the version of the given Name:

// parse CVSS v3 vector string
let v: Vector = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H".parse()?;

// try to get v4 metric from v3 vector
let got = v.get(Name::V4(v4::Name::AttackVector));

// check result
assert_eq!(got, Err(Err::UnknownName));
Source

pub fn base_score(&self) -> Score

Get Vector base score.

For CVSS v2 and CVSS v3 vectors this method returns the base score, excluding the effect of temporal and environmental metrics.

For CVSS v4 vectors this method returns the score.

§Example

Get base score for several vector strings:

// parse CVSS v2 vector string, get base score
let v2: Vector = "AV:N/AC:L/Au:N/C:C/I:C/A:C".parse()?;
assert_eq!(v2.base_score(), Score::from(10.0));

// parse CVSS v3 vector string, get base score
let v3: Vector = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H".parse()?;
assert_eq!(v3.base_score(), Score::from(9.8));

// parse CVSS v4 vector string, get base score
let v4: Vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H".parse()?;
assert_eq!(v4.base_score(), Score::from(10.0));

Trait Implementations§

Source§

impl Clone for Vector

Source§

fn clone(&self) -> Vector

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Vector

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for Vector

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl From<Vector> for Score

Source§

fn from(vec: Vector) -> Score

Converts to this type from the input type.
Source§

impl From<Vector> for Vector

Source§

fn from(vec: Vector) -> Self

Converts to this type from the input type.
Source§

impl From<Vector> for Vector

Source§

fn from(vec: Vector) -> Vector

Converts to this type from the input type.
Source§

impl From<Vector> for Vector

Source§

fn from(vec: Vector) -> Self

Converts to this type from the input type.
Source§

impl From<Vector> for Vector

Source§

fn from(vec: Vector) -> Vector

Converts to this type from the input type.
Source§

impl From<Vector> for Vector

Source§

fn from(vec: Vector) -> Self

Converts to this type from the input type.
Source§

impl From<Vector> for Vector

Source§

fn from(vec: Vector) -> Vector

Converts to this type from the input type.
Source§

impl From<Vector> for Version

Source§

fn from(vec: Vector) -> Version

Converts to this type from the input type.
Source§

impl FromStr for Vector

Source§

type Err = Err

The associated error which can be returned from parsing.
Source§

fn from_str(s: &str) -> Result<Self, Self::Err>

Parses a string s to return a value of this type. Read more
Source§

impl IntoIterator for Vector

Source§

type Item = Metric

The type of the elements being iterated over.
Source§

type IntoIter = VectorIterator

Which kind of iterator are we turning this into?
Source§

fn into_iter(self) -> Self::IntoIter

Creates an iterator from a value. Read more
Source§

impl PartialEq for Vector

Source§

fn eq(&self, other: &Vector) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl TryFrom<String> for Vector

Source§

type Error = Err

The type returned in the event of a conversion error.
Source§

fn try_from(s: String) -> Result<Self, Self::Error>

Performs the conversion.
Source§

impl Copy for Vector

Source§

impl Eq for Vector

Source§

impl StructuralPartialEq for Vector

Auto Trait Implementations§

§

impl Freeze for Vector

§

impl RefUnwindSafe for Vector

§

impl Send for Vector

§

impl Sync for Vector

§

impl Unpin for Vector

§

impl UnwindSafe for Vector

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.