完成：--cves 查找并列出并查看已修复但尚未更新的 cve 漏洞信息

Signed-off-by: Jia Chao <jiachao2130@126.com>

Cargo.toml

@@ -3,6 +3,10 @@ name = "cuvat-rs"
 version = "0.1.0"
 edition = "2021"
 
+[[bin]]
+name = "cuvat"
+path = "src/main.rs"
+
 [dependencies]
 clap = { version = "4.0", features = ["derive"] }
 serde = { version = "1", features = ["serde_derive"] }

src/analyzer/mod.rs

@@ -1,4 +1,4 @@
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
 use std::str::FromStr;
 
 use cvrf_xmlparser::{Severity, CUSA};
@@ -51,21 +51,64 @@ pub fn cuvat_run(cli: &Cli) -> crate::Result<()> {
 }
 
 fn list_cves(cli: &Cli) -> crate::Result<()> {
+    let avaliable = get_avaliable()?;
+    let severity = Severity::from_str(&cli.severity)?;
+    let mut _cves = HashSet::new();
+    cli.sources.iter().for_each(|id| { _cves.insert(id); });
+
+    let mut cves = HashSet::new();
+    let mut msg = String::new();
+
+    // 仅针对可用更新
+    for (cusa, _) in &avaliable {
+        // 过滤
+        if cusa.severity() < &severity {
+            continue;
+        }
+
+        cusa.cves().iter().for_each(|cve| {
+            if let Some(_) = _cves.get(&cve.id) {
+                let _ = cves.insert(cve.clone());
+                _cves.remove(&cve.id);
+            }
+        });
+    }
+
+    for cve in &cves {
+        if cli.info {
+            msg = format!("{msg}\n\n{cve:#?}");
+        } else {
+            msg = format!("{msg}\n{}", cve.id);
+        }
+    }
+
+    if !_cves.is_empty() {
+        msg = format!("{msg}\n\nUnaffected CVEs:\n{_cves:#?}")
+    }
+
+    println!("{msg}");
+
     Ok(())
 }
 
 fn list_sas(cli: &Cli) -> crate::Result<()> {
+    let avaliable = get_avaliable()?;
+    let severity = Severity::from_str(&cli.severity)?;
     Ok(())
 }
 
 fn repoter(cli: &Cli) -> crate::Result<()> {
+    println!("TODO...");
     Ok(())
 }
 
 fn summary(cli: &Cli) -> crate::Result<()> {
     let avaliable = get_avaliable()?;
     let severity = Severity::from_str(&cli.severity)?;
+    let mut total = 0;
     let mut res = vec![0; 5];
+    let mut lists = vec![vec![]; 5];
+    let mut msg = String::new();
 
     for (cusa, rpms) in &avaliable {
         // 过滤
@@ -74,20 +117,36 @@ fn summary(cli: &Cli) -> crate::Result<()> {
         }
 
         let pos: usize = cusa.severity().into();
+        total += 1;
         res[pos] += 1;
+        lists[pos].push(cusa);
     }
-    let msg = format!(
-        "
-漏洞扫描结果如下：
-    致命漏洞： {:3} 个
-    高危漏洞： {:3} 个
-    中危漏洞： {:3} 个
-    低危漏洞： {:3} 个
-    ",
-        res[4], res[3], res[2], res[1]
-    );
 
-    println!("{}", msg);
+    // 如果需要列出详细的 sa
+    if cli.list {
+        msg = format!("当前系统未修复的公告列表（共 {total} 个）：\n");
+        for sas in &lists {
+            for sa in sas {
+                msg = format!("{msg}\n{:>4}{}: {:?}", "", sa.id(), sa.severity());
+            }
+        }
+        //msg = format!("{msg}\n\n");
+    } else {
+        msg = format!(
+            "{msg}
+本次安全检查共扫描出 {} 个漏洞：
+
+    致命漏洞：{:>3} 个
+    高危漏洞：{:>3} 个
+    中危漏洞：{:>3} 个
+    低危漏洞：{:>3} 个
+    ",
+            total, res[4], res[3], res[2], res[1]
+        );
+    }
+
+    println!("{msg}");
+
     Ok(())
 }
 

src/cli.rs

@@ -14,11 +14,11 @@ pub struct Cli {
     #[arg(short, long, default_value_t = false)]
     pub list: bool,
 
-    /// 列出并查看已修复但尚未更新的 cve 漏洞信息
+    /// 查找并列出并查看已修复但尚未更新的 cve 漏洞信息
     #[arg(long, default_value_t = false)]
     pub cves: bool,
 
-    /// 列出并查看已修复但尚未更新的 sa 安全公告信息
+    /// 查找并列出并查看已修复但尚未更新的 sa 安全公告信息
     #[arg(long, default_value_t = false)]
     pub sas: bool,