#parser #security #cvss #cvssv2 #cvssv3

cvssrust

Rust implementation of the Common Vulnerability Scoring System (v2 / v3.0 / v3.1)

4 releases (2 stable)

1.0.1 Jun 11, 2020
1.0.0 Mar 16, 2020
0.1.1 Mar 12, 2020
0.1.0 Mar 11, 2020

#1001 in Parser implementations

Download history 440/week @ 2023-11-20 656/week @ 2023-11-27 878/week @ 2023-12-04 1094/week @ 2023-12-11 1101/week @ 2023-12-18 448/week @ 2023-12-25 642/week @ 2024-01-01 1601/week @ 2024-01-08 1564/week @ 2024-01-15 1528/week @ 2024-01-22 1236/week @ 2024-01-29 1783/week @ 2024-02-05 1572/week @ 2024-02-12 1914/week @ 2024-02-19 1668/week @ 2024-02-26 1958/week @ 2024-03-04

7,135 downloads per month

MIT license

94KB
2.5K SLoC

Rust CVSS

Rust Crate

Rust implementation of the Common Vulnerability Scoring System (v2 / v3.0 / v3.1).

Supports parsing, generation and score calculation (base, temporal, environmental) for CVSS vectors v2/v3.0/v3.1

Current CVSS version is v3.1, but v3.0 and v2 are still in use.

Example

use cvssrust::v3::V3Vector;
use cvssrust::CVSSScore;
use std::str::FromStr;

let cvss_str = "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:W/RC:C";
let cvss = V3Vector::from_str(cvss_str).unwrap();

// https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:W/RC:C
assert_eq!(cvss.to_string(), String::from(cvss_str));
assert_eq!(cvss.base_score().value(), 6.1);
assert_eq!(cvss.base_score().severity().to_string(), "Medium");
assert_eq!(cvss.temporal_score().value(), 5.6);
assert_eq!(cvss.environmental_score().value(), 5.6);

CVSS v3.1 specification:

https://www.first.org/cvss/v3.1/specification-document

changes from 3.0: https://www.first.org/cvss/user-guide#2-6-Formula-Changes

calculator: https://www.first.org/cvss/calculator/3.1

CVSS v3.0 specification:

https://www.first.org/cvss/v3.0/specification-document

CVSS v2 specification:

https://www.first.org/cvss/v2/guide

Known issues:

Rounding issue where v2 temporal/environmental (but not base) scores in some cases are off by 0.1, see https://github.com/moor84/cvssrust/issues/10.

Does not affect v3 as there's a different rounding function.

Dependencies

~180KB