完成：--cves 查找并列出并查看已修复但尚未更新的 cve 漏洞信息

Signed-off-by: Jia Chao <jiachao2130@126.com>
2024-08-08 14:56:59 +08:00 · 2024-08-08 14:56:59 +08:00 · 4510e3500d
commit 4510e3500d
parent 3b9396c500
2 changed files with 44 additions and 4 deletions
--- a/src/analyzer/mod.rs
+++ b/src/analyzer/mod.rs
@ -1,4 +1,4 @@
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
 use std::str::FromStr;

 use cvrf_xmlparser::{Severity, CUSA};
@ -51,14 +51,54 @@ pub fn cuvat_run(cli: &Cli) -> crate::Result<()> {
 }

 fn list_cves(cli: &Cli) -> crate::Result<()> {
+    let avaliable = get_avaliable()?;
+    let severity = Severity::from_str(&cli.severity)?;
+    let mut _cves = HashSet::new();
+    cli.sources.iter().for_each(|id| { _cves.insert(id); });
+
+    let mut cves = HashSet::new();
+    let mut msg = String::new();
+
+    // 仅针对可用更新
+    for (cusa, _) in &avaliable {
+        // 过滤
+        if cusa.severity() < &severity {
+            continue;
+        }
+
+        cusa.cves().iter().for_each(|cve| {
+            if let Some(_) = _cves.get(&cve.id) {
+                let _ = cves.insert(cve.clone());
+                _cves.remove(&cve.id);
+            }
+        });
+    }
+
+    for cve in &cves {
+        if cli.info {
+            msg = format!("{msg}\n\n{cve:#?}");
+        } else {
+            msg = format!("{msg}\n{}", cve.id);
+        }
+    }
+
+    if !_cves.is_empty() {
+        msg = format!("{msg}\n\nUnaffected CVEs:\n{_cves:#?}")
+    }
+
+    println!("{msg}");
+
    Ok(())
 }

 fn list_sas(cli: &Cli) -> crate::Result<()> {
+    let avaliable = get_avaliable()?;
+    let severity = Severity::from_str(&cli.severity)?;
    Ok(())
 }

 fn repoter(cli: &Cli) -> crate::Result<()> {
+    println!("TODO...");
    Ok(())
 }

@ -105,7 +145,7 @@ fn summary(cli: &Cli) -> crate::Result<()> {
        );
    }

-    println!("{}", msg);
+    println!("{msg}");

    Ok(())
 }
--- a/src/cli.rs
+++ b/src/cli.rs
@ -14,11 +14,11 @@ pub struct Cli {
    #[arg(short, long, default_value_t = false)]
    pub list: bool,

-    /// 列出并查看已修复但尚未更新的 cve 漏洞信息
+    /// 查找并列出并查看已修复但尚未更新的 cve 漏洞信息
    #[arg(long, default_value_t = false)]
    pub cves: bool,

-    /// 列出并查看已修复但尚未更新的 sa 安全公告信息
+    /// 查找并列出并查看已修复但尚未更新的 sa 安全公告信息
    #[arg(long, default_value_t = false)]
    pub sas: bool,