blob: 094a2fc6ac6c588b11dc82b4e847e4e787362c31 [file] [log] [blame]
//! Security advisories in the RustSec database
pub mod affected;
mod category;
mod date;
mod id;
mod informational;
mod keyword;
mod license;
pub mod linter;
mod metadata;
mod parts;
pub(crate) mod versions;
pub use self::{
affected::Affected,
category::Category,
date::Date,
id::{Id, IdKind},
informational::Informational,
keyword::Keyword,
license::License,
linter::Linter,
metadata::Metadata,
parts::Parts,
versions::Versions,
};
pub use cvss::Severity;
use crate::{
error::{Error, ErrorKind},
fs,
};
use serde::{Deserialize, Serialize};
use std::{path::Path, str::FromStr};
/// RustSec Security Advisories
#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
pub struct Advisory {
/// The `[advisory]` section of a RustSec advisory
#[serde(rename = "advisory")]
pub metadata: Metadata,
/// The (optional) `[affected]` section of a RustSec advisory
pub affected: Option<Affected>,
/// Versions related to this advisory which are patched or unaffected.
pub versions: Versions,
}
impl Advisory {
/// Load an advisory from a `RUSTSEC-20XX-NNNN.md` file
pub fn load_file(path: impl AsRef<Path>) -> Result<Self, Error> {
let path = path.as_ref();
let advisory_data = fs::read_to_string(path)
.map_err(|e| format_err!(ErrorKind::Io, "couldn't open {}: {}", path.display(), e))?;
advisory_data
.parse()
.map_err(|e| format_err!(ErrorKind::Parse, "error parsing {}: {}", path.display(), e))
}
/// Get advisory ID
pub fn id(&self) -> &Id {
&self.metadata.id
}
/// Get advisory title
pub fn title(&self) -> &str {
self.metadata.title.as_ref()
}
/// Get advisory description
pub fn description(&self) -> &str {
self.metadata.description.as_ref()
}
/// Get the date the underlying issue was reported on
pub fn date(&self) -> &Date {
&self.metadata.date
}
/// Get the severity of this advisory if it has a CVSS v3 associated
pub fn severity(&self) -> Option<Severity> {
self.metadata.cvss.as_ref().map(|cvss| cvss.severity())
}
/// Whether the advisory has been withdrawn, i.e. soft-deleted
pub fn withdrawn(&self) -> bool {
self.metadata.withdrawn.is_some()
}
}
impl FromStr for Advisory {
type Err = Error;
fn from_str(advisory_data: &str) -> Result<Self, Error> {
let parts = parts::Parts::parse(advisory_data)?;
// V4 advisories omit the leading `[advisory]` TOML table
let front_matter = if parts.front_matter.starts_with("[advisory]") {
parts.front_matter.to_owned()
} else {
String::from("[advisory]\n") + parts.front_matter
};
let mut advisory: Self = toml::from_str(&front_matter).map_err(crate::Error::from_toml)?;
if !advisory.metadata.title.is_empty() {
fail!(
ErrorKind::Parse,
"invalid `title` attribute in advisory TOML"
);
}
if !advisory.metadata.description.is_empty() {
fail!(
ErrorKind::Parse,
"invalid `description` attribute in advisory TOML"
);
}
advisory.metadata.title = parts.title.to_owned();
advisory.metadata.description = parts.description.to_owned();
Ok(advisory)
}
}