schema: Support References without type

src/schema.rs

@@ -269,7 +269,7 @@ impl<'de> Deserialize<'de> for Ecosystem {
                     "SwiftURL" => Ok(Ecosystem::SwiftURL),
                     _ if value.starts_with("Ubuntu:") => {
                         regex_switch!(value,
-                            r#"^Ubuntu(?::Pro)?(?::(?<fips>FIPS(?:-preview|-updates)?))?:(?<version>\d+\.\d+)(?::LTS)?(?::for:(?<specialized>.+))?$"# => {
+                            r#"^Ubuntu(?::Pro)?(?::(?<fips>FIPS(?:-preview|-updates)?))?:(?<version>\d+\.\d+)(?::LTS)?(?::for:(?<specialized>.+))?"# => {
                                 Ecosystem::Ubuntu {
                                     version: version.to_string(),
                                     metadata: (!specialized.is_empty()).then_some(specialized.to_string()),
@@ -395,7 +395,7 @@ pub struct Affected {
 /// The type of reference information that has been provided. Examples include
 /// links to the original report, external advisories, or information about the
 /// fix.
-#[derive(Clone, Debug, Serialize, Deserialize)]
+#[derive(Clone, Debug, Default, Serialize, Deserialize)]
 #[serde(rename_all = "UPPERCASE")]
 #[non_exhaustive]
 pub enum ReferenceType {
@@ -430,6 +430,7 @@ pub enum ReferenceType {
     /// A report, typically on a bug or issue tracker, of the vulnerability.
     Report,
 
+    #[default]
     #[serde(rename = "NONE")]
     Undefined,
 
@@ -441,7 +442,7 @@ pub enum ReferenceType {
 #[derive(Clone, Debug, Serialize, Deserialize)]
 pub struct Reference {
     /// The type of reference this URL points to.
-    #[serde(rename = "type")]
+    #[serde(rename = "type", default)]
     pub reference_type: ReferenceType,
 
     /// The url where more information can be obtained about
@@ -451,7 +452,7 @@ pub struct Reference {
 
 /// The [`SeverityType`](SeverityType) describes the quantitative scoring method used to rate the
 /// severity of the vulnerability.
-#[derive(Clone, Debug, Serialize, Deserialize)]
+#[derive(Clone, Debug, Serialize, Deserialize, Default)]
 #[non_exhaustive]
 pub enum SeverityType {
     /// A CVSS vector string representing the unique characteristics and severity of the vulnerability
@@ -472,8 +473,13 @@ pub enum SeverityType {
     #[serde(rename = "CVSS_V4")]
     CVSSv4,
 
+    /// A plain severity represented as a single word string defined by the Ubuntu security team.
+    /// (e.g `"medium"`)
+    Ubuntu,
+
     /// The severity score was arrived at by using an unspecified
     /// scoring method.
+    #[default]
     #[serde(rename = "UNSPECIFIED")]
     Unspecified,
 }
@@ -484,7 +490,7 @@ pub enum SeverityType {
 pub struct Severity {
     /// The severity type property must be a [`SeverityType`](SeverityType), which describes the
     /// quantitative method used to calculate the associated score.
-    #[serde(rename = "type")]
+    #[serde(rename = "type", default)]
     pub severity_type: SeverityType,
 
     /// The score property is a string representing the severity score based on the
@@ -785,6 +791,19 @@ mod tests {
             }
         );
 
+        let json_str = r#""Ubuntu:Pro:24.04:LTS:Realtime:Kernel""#;
+        let ubuntu: Ecosystem = serde_json::from_str(json_str).unwrap();
+        assert_eq!(
+            ubuntu,
+            Ecosystem::Ubuntu {
+                version: "24.04".to_string(),
+                pro: true,
+                lts: true,
+                fips: None,
+                metadata: None,
+            }
+        );
+
         let json_str = r#""Ubuntu:22.04:LTS:for:NVIDIA:BlueField""#;
         let ubuntu: Ecosystem = serde_json::from_str(json_str).unwrap();
         assert_eq!(