添加CPE匹配

Cargo.toml

@@ -31,7 +31,7 @@ opt-level = 3
 
 [dependencies]
 cpe = { path = "cpe" }
-cve = { path = "cve"}
+cve = { path = "cve" }
 
 [dev-dependencies]
 serde = { version = "1", features = ["derive"] }

cpe/Cargo.toml

@@ -9,5 +9,6 @@ edition = "2021"
 serde = { version = "1", features = ["derive"] }
 chrono = { version = "0.4", features = ["serde"] }
 percent-encoding = "2.1"
+version-compare = "0.1"
 language-tags = {version="0.3",features=["serde"]}
 thiserror = "1.0"

cpe/src/dictionary.rs

@@ -1,6 +1,6 @@
 use crate::{parse_uri_attribute, CPEAttributes};
 use chrono::{DateTime, Utc};
-use serde::{de, Deserialize, Deserializer, Serialize};
+use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
 use std::fmt;
 use std::marker::PhantomData;
 
@@ -86,7 +86,8 @@ pub struct Reference {
 pub struct CPE23Item {
   #[serde(
     rename(serialize = "name", deserialize = "@name"),
-    deserialize_with = "uri_to_attribute"
+    deserialize_with = "uri_to_attribute",
+    serialize_with = "attribute_to_uri"
   )]
   pub name: CPEAttributes,
   #[serde(skip_serializing_if = "Option::is_none")]
@@ -105,7 +106,8 @@ pub struct Deprecation {
 pub struct DeprecatedInfo {
   #[serde(
     rename(serialize = "name", deserialize = "@name"),
-    deserialize_with = "uri_to_attribute"
+    deserialize_with = "uri_to_attribute",
+    serialize_with = "attribute_to_uri"
   )]
   pub name: CPEAttributes,
   #[serde(rename(serialize = "type", deserialize = "@type"))]
@@ -181,3 +183,10 @@ where
   }
   deserializer.deserialize_any(UriToAttribute(PhantomData))
 }
+
+pub fn attribute_to_uri<S>(cpe: &CPEAttributes, s: S) -> Result<S::Ok, S::Error>
+where
+  S: Serializer,
+{
+  s.serialize_str(&cpe.to_string())
+}

cpe/src/lib.rs

@@ -320,3 +320,46 @@ fn parse_uri_attribute(value: &str) -> Result<String> {
   let value = strip_slashes(value.as_str());
   Ok(value)
 }
+
+pub fn version_cmp(a: &str, b: &str, operator: &str) -> bool {
+  if let Ok(op) = version_compare::Cmp::from_sign(operator) {
+    if let Ok(res) = version_compare::compare_to(a, b, op) {
+      return res;
+    }
+  }
+  false
+}
+
+impl CPEAttributes {
+  // 匹配指定版本是否存在漏洞
+  pub fn match_version(&self, version: &str) -> bool {
+    if self.version.is_any() {
+      return true;
+    } else if self.version.is_na() {
+      return false;
+    }
+    let my_version = if self.update.is_value() {
+      format!("{} {}", self.version, self.update)
+    } else {
+      self.version.to_string()
+    };
+    version_cmp(version, &my_version, "==")
+  }
+  // 是否匹配指定产品
+  pub fn match_product(&self, product: &str) -> bool {
+    if self.product.is_any() {
+      return true;
+    } else if self.product.is_na() {
+      return false;
+    }
+    product == self.normalize_target_software()
+  }
+  // 规范化目标软件,
+  fn normalize_target_software(&self) -> String {
+    if let Component::Value(software) = &self.target_sw {
+      format!("{}-{}", software, self.product)
+    } else {
+      self.product.to_string()
+    }
+  }
+}

cve/Cargo.toml

@@ -7,7 +7,5 @@ edition = "2021"
 
 [dependencies]
 serde = { version = "1", features = ["derive"] }
-cpe = { path = "../cpe", optional = true}
-thiserror = "1.0"
-[features]
-cpe = ["dep:cpe"]
+cpe = { path = "../cpe"}
+thiserror = "1.0"

tests/tests.rs

@@ -0,0 +1,8 @@
+#[cfg(test)]
+mod tests {
+  #[test]
+  fn it_works() {
+    let result = 2 + 2;
+    assert_eq!(result, 4);
+  }
+}