schema: Support more Ubuntu quirks

Jarrah-TLR · Jarrah-TLR · commit 3b7e950464e1 · 2025-11-19T10:49:52.000+11:00
Ubuntu keep adding items to their ecosystem strings, resulting in the regex regularly failing and dropping all data. Instead, relax the regex to allow it to parse only the start of the line. Having most of the data is better than none. An example of this is "USN-7550-2.json". Additionally, Ubuntu OSVs now include an ubuntu specific severity. This otherwise matches the existing schema but is expected to contain a simple string rather than the CVSS score. An example of this is "UBUNTU-CVE-2025-9825.json".
diff --git a/src/schema.rs b/src/schema.rs
@@ -269,7 +269,7 @@ impl<'de> Deserialize<'de> for Ecosystem {
                     "SwiftURL" => Ok(Ecosystem::SwiftURL),
                     _ if value.starts_with("Ubuntu:") => {
                         regex_switch!(value,
-                            r#"^Ubuntu(?::Pro)?(?::(?<fips>FIPS(?:-preview|-updates)?))?:(?<version>\d+\.\d+)(?::LTS)?(?::for:(?<specialized>.+))?$"# => {
+                            r#"^Ubuntu(?::Pro)?(?::(?<fips>FIPS(?:-preview|-updates)?))?:(?<version>\d+\.\d+)(?::LTS)?(?::for:(?<specialized>.+))?"# => {
                                 Ecosystem::Ubuntu {
                                     version: version.to_string(),
                                     metadata: (!specialized.is_empty()).then_some(specialized.to_string()),
@@ -473,6 +473,10 @@ pub enum SeverityType {
     #[serde(rename = "CVSS_V4")]
     CVSSv4,
 
+    /// A plain severity represented as a single word string defined by the Ubuntu security team.
+    /// (e.g `"medium"`)
+    Ubuntu,
+
     /// The severity score was arrived at by using an unspecified
     /// scoring method.
     #[serde(rename = "UNSPECIFIED")]
@@ -786,6 +790,19 @@ mod tests {
             }
         );
 
+        let json_str = r#""Ubuntu:Pro:24.04:LTS:Realtime:Kernel""#;
+        let ubuntu: Ecosystem = serde_json::from_str(json_str).unwrap();
+        assert_eq!(
+            ubuntu,
+            Ecosystem::Ubuntu {
+                version: "24.04".to_string(),
+                pro: true,
+                lts: true,
+                fips: None,
+                metadata: None,
+            }
+        );
+
         let json_str = r#""Ubuntu:22.04:LTS:for:NVIDIA:BlueField""#;
         let ubuntu: Ecosystem = serde_json::from_str(json_str).unwrap();
         assert_eq!(
