page

emo-crab · Nov 21, 2023 · da34e7b · da34e7b
1 parent 98b02c5
commit da34e7b
Show file tree

Hide file tree

Showing 5 changed files with 90 additions and 65 deletions.
diff --git a/cvss/src/lib.rs b/cvss/src/lib.rs
@@ -16,24 +16,3 @@ pub mod v2;
 pub mod v3;
 pub mod v4;
 pub mod version;
-/// Roundup保留小数点后一位，小数点后第二位大于零则进一。 例如, Roundup(4.02) = 4.1; 或者 Roundup(4.00) = 4.0
-///
-/// Where “Round up” is defined as the smallest number,
-/// specified to one decimal place, that is equal to or higher than its input. For example,
-/// Round up (4.02) is 4.1; and Round up (4.00) is 4.0.
-///
-/// 1.  `function Roundup (input):`
-/// 2.  `    int_input = round_to_nearest_integer (input * 100000)`
-/// 3.  `    if (int_input % 10000) == 0:`
-/// 4.  `        return int_input / 100000.0`
-/// 5.  `    else:`
-/// 6.  `        return (floor(int_input / 10000) + 1) / 10.0`
-pub(crate) fn roundup(input: f32) -> f32 {
-  let int_input = (input * 100_000.0) as u32;
-  if int_input % 10000 == 0 {
-    (int_input as f32) / 100_000.0
-  } else {
-    let score_floor = ((int_input as f32) / 10_000.0).floor();
-    (score_floor + 1.0) / 10.0
-  }
-}
diff --git a/cvss/src/metric/v4.rs b/cvss/src/metric/v4.rs
@@ -35,10 +35,13 @@ pub enum MetricTypeV4 {
 
   /// User Interaction (UI)
   UI,
-
+  /// Confidentiality Requirements (CR)
   CR,
+  /// Integrity Requirements (IR)
   IR,
+  /// Availability Requirements (AR)
   AR,
+  /// Exploit Maturity (E)
   E,
 }
 
@@ -87,6 +90,9 @@ impl FromStr for MetricTypeV4 {
       "PR" => Ok(Self::PR),
       "AT" => Ok(Self::AT),
       "UI" => Ok(Self::UI),
+      "CR" => Ok(Self::CR),
+      "IR" => Ok(Self::IR),
+      "AR" => Ok(Self::AR),
       _ => Err(CVSSError::UnknownMetric { name: s.to_owned() }),
     }
   }

diff --git a/cvss/src/v3/mod.rs b/cvss/src/v3/mod.rs
@@ -27,7 +27,6 @@ use crate::version::Version;
 use serde::{Deserialize, Serialize};
 use std::fmt::{Display, Formatter};
 use std::str::FromStr;
-use crate::roundup;
 
 pub mod attack_complexity;
 pub mod attack_vector;
@@ -297,7 +296,27 @@ impl FromStr for ImpactMetricV3 {
     }
   }
 }
-
+/// Roundup保留小数点后一位，小数点后第二位大于零则进一。 例如, Roundup(4.02) = 4.1; 或者 Roundup(4.00) = 4.0
+///
+/// Where “Round up” is defined as the smallest number,
+/// specified to one decimal place, that is equal to or higher than its input. For example,
+/// Round up (4.02) is 4.1; and Round up (4.00) is 4.0.
+///
+/// 1.  `function Roundup (input):`
+/// 2.  `    int_input = round_to_nearest_integer (input * 100000)`
+/// 3.  `    if (int_input % 10000) == 0:`
+/// 4.  `        return int_input / 100000.0`
+/// 5.  `    else:`
+/// 6.  `        return (floor(int_input / 10000) + 1) / 10.0`
+fn roundup(input: f32) -> f32 {
+  let int_input = (input * 100_000.0) as u32;
+  if int_input % 10000 == 0 {
+    (int_input as f32) / 100_000.0
+  } else {
+    let score_floor = ((int_input as f32) / 10_000.0).floor();
+    (score_floor + 1.0) / 10.0
+  }
+}
 #[cfg(test)]
 mod tests {
   use crate::v3::roundup;

diff --git a/cvss/src/v4/environmental.rs b/cvss/src/v4/environmental.rs
@@ -172,7 +172,7 @@ impl Display for ConfidentialityRequirements {
 }
 
 impl Metric for IntegrityRequirements {
-  const TYPE: MetricType = MetricType::V4(MetricTypeV4::CR);
+  const TYPE: MetricType = MetricType::V4(MetricTypeV4::IR);
 
   fn help(&self) -> Help {
     match self {
@@ -249,7 +249,7 @@ impl Display for IntegrityRequirements {
 }
 
 impl Metric for AvailabilityRequirements {
-  const TYPE: MetricType = MetricType::V4(MetricTypeV4::CR);
+  const TYPE: MetricType = MetricType::V4(MetricTypeV4::AR);
 
   fn help(&self) -> Help {
     match self {

diff --git a/cvss/src/v4/mod.rs b/cvss/src/v4/mod.rs
@@ -7,7 +7,6 @@
 
 use crate::error::{CVSSError, Result};
 use crate::metric::Metric;
-use crate::roundup;
 use crate::severity::SeverityType;
 use crate::v4::attack_complexity::AttackComplexityType;
 use crate::v4::attack_requirements::AttackRequirementsType;
@@ -192,7 +191,7 @@ impl Display for CVSS {
   fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
     write!(
       f,
-      "CVSS:{}/{}/{}/{}/{}/{}/{}/{}/{}/{}/{}/{}",
+      "CVSS:{}/{}/{}/{}/{}/{}/{}/{}/{}/{}/{}/{}/{}/{}/{}/{}",
       self.version,
       self.exploit_ability.attack_vector,
       self.exploit_ability.attack_complexity,
@@ -204,7 +203,11 @@ impl Display for CVSS {
       self.vulnerable_impact.availability_impact,
       self.subsequent_impact.confidentiality_impact,
       self.subsequent_impact.integrity_impact,
-      self.subsequent_impact.availability_impact
+      self.subsequent_impact.availability_impact,
+      self.environmental.confidentiality_requirements,
+      self.environmental.integrity_requirements,
+      self.environmental.availability_requirements,
+      self.exploit
     )
   }
 }
@@ -364,7 +367,7 @@ impl CVSS {
         + normalized_severity_eq5)
         / lower as f32;
     }
-    println!("{:?}", mean_distance);
+    println!("{:?}", score - mean_distance);
     let score = roundup(score - mean_distance);
     println!("{}", score);
     score
@@ -423,11 +426,13 @@ impl CVSS {
     return vectors;
   }
   fn severity_distances(&self, vectors: Vec<String>) -> (f32, f32, f32, f32, f32) {
+    println!("self_vector: {}", self);
     // 每个都和self这个cvss的分数比较，返回第一个大于self本身的
     let mut severity_distances = vec![];
     for vector in vectors {
       let max_vector = CVSS::vector_string(&vector);
       if let Ok(max_vector) = max_vector {
+        println!("max_vector: {}", max_vector);
         let av = self.exploit_ability.attack_vector.score()
           - max_vector.exploit_ability.attack_vector.score();
         let pr = self.exploit_ability.privileges_required.score()
@@ -519,48 +524,64 @@ impl CVSS {
     return (eq1, eq2, eq3, eq4, eq5, eq6);
   }
 }
-
-impl CVSS {}
+/// Roundup保留小数点后一位，小数点后第二位四舍五入。 例如, Roundup(4.02) = 4.0; 或者 Roundup(4.00) = 4.0
+fn roundup(input: f32) -> f32 {
+  let int_input = (input * 100.0) as u32;
+  println!("{}", int_input % 10);
+  if int_input % 10 < 5 {
+    println!("{}", (int_input / 10) as f32 / 10.0);
+    (int_input / 10) as f32 / 10.0
+  } else {
+    let score_floor = ((int_input as f32) / 10.0).floor();
+    (score_floor + 1.0) / 10.0
+  }
+}
 #[cfg(test)]
 mod tests {
-  use crate::v4::CVSS;
+  use crate::v4::{roundup, CVSS};
   use std::collections::HashMap;
   use std::str::FromStr;
   #[test]
+  fn roundup_test() {
+    assert_eq!(roundup(0.12000), 0.1);
+    assert_eq!(roundup(0.15000), 0.2);
+    assert_eq!(roundup(0.94900), 0.9);
+  }
+  #[test]
   fn cvss_score_test() {
     let vs_map: HashMap<&'static str, f32> = HashMap::from_iter([
-      // (
-      //   "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
-      //   10.0,
-      // ),
-      // (
-      //   "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
-      //   9.4,
-      // ),
-      // (
-      //   "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
-      //   9.0,
-      // ),
-      // (
-      //   "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
-      //   8.9,
-      // ),
-      // (
-      //   "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
-      //   7.3,
-      // ),
-      // (
-      //   "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
-      //   6.1,
-      // ),
-      // (
-      //   "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:A",
-      //   2.4,
-      // ),
-      // (
-      //   "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:N/SA:H/E:A",
-      //   2.0,
-      // ),
+      (
+        "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
+        10.0,
+      ),
+      (
+        "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
+        9.4,
+      ),
+      (
+        "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
+        9.0,
+      ),
+      (
+        "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
+        8.9,
+      ),
+      (
+        "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
+        7.3,
+      ),
+      (
+        "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:A",
+        6.1,
+      ),
+      (
+        "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:A",
+        2.4,
+      ),
+      (
+        "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:N/SA:H/E:A",
+        2.0,
+      ),
       (
         "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:N/SA:H/E:P/CR:H/IR:M/AR:L",
         0.9,