#security #cvss #parser #cvssv3 #cvssv2

cvssrust

Rust implementation of the Common Vulnerability Scoring System (v2 / v3.0 / v3.1)

4 releases (2 stable)

1.0.1 Jun 11, 2020
1.0.0 Mar 16, 2020
0.1.1 Mar 12, 2020
0.1.0 Mar 11, 2020

#1012 in Parser implementations

Download history 2560/week @ 2024-06-09 2191/week @ 2024-06-16 2101/week @ 2024-06-23 2322/week @ 2024-06-30 2812/week @ 2024-07-07 1321/week @ 2024-07-14 1687/week @ 2024-07-21 2095/week @ 2024-07-28 1397/week @ 2024-08-04 1159/week @ 2024-08-11 2776/week @ 2024-08-18 1203/week @ 2024-08-25 1218/week @ 2024-09-01 1267/week @ 2024-09-08 1462/week @ 2024-09-15 1375/week @ 2024-09-22

5,339 downloads per month

MIT license

94KB
2.5K SLoC

Rust CVSS

Rust Crate

Rust implementation of the Common Vulnerability Scoring System (v2 / v3.0 / v3.1).

Supports parsing, generation and score calculation (base, temporal, environmental) for CVSS vectors v2/v3.0/v3.1

Current CVSS version is v3.1, but v3.0 and v2 are still in use.

Example

use cvssrust::v3::V3Vector;
use cvssrust::CVSSScore;
use std::str::FromStr;

let cvss_str = "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:W/RC:C";
let cvss = V3Vector::from_str(cvss_str).unwrap();

// https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:W/RC:C
assert_eq!(cvss.to_string(), String::from(cvss_str));
assert_eq!(cvss.base_score().value(), 6.1);
assert_eq!(cvss.base_score().severity().to_string(), "Medium");
assert_eq!(cvss.temporal_score().value(), 5.6);
assert_eq!(cvss.environmental_score().value(), 5.6);

CVSS v3.1 specification:

https://www.first.org/cvss/v3.1/specification-document

changes from 3.0: https://www.first.org/cvss/user-guide#2-6-Formula-Changes

calculator: https://www.first.org/cvss/calculator/3.1

CVSS v3.0 specification:

https://www.first.org/cvss/v3.0/specification-document

CVSS v2 specification:

https://www.first.org/cvss/v2/guide

Known issues:

Rounding issue where v2 temporal/environmental (but not base) scores in some cases are off by 0.1, see https://github.com/moor84/cvssrust/issues/10.

Does not affect v3 as there's a different rounding function.

Dependencies

~160KB