diff --git a/Cargo.lock b/Cargo.lock index d962494..17fcffb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6,12 +6,6 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2692800d602527d2b8fea50036119c37df74ab565b10e285706a3dcec0ec3e16" -[[package]] -name = "antidote" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34fde25430d87a9388dadbe6e34d7f72a462c8b43ac8d309b42b0a8505d7e2a5" - [[package]] name = "anyhow" version = "1.0.32" @@ -113,11 +107,26 @@ dependencies = [ "crossbeam", ] +[[package]] +name = "cargo-lock" +version = "4.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8504b63dd1249fd1745b7b4ef9b6f7b107ddeb3c95370043c7dbcc38653a2679" +dependencies = [ + "semver 0.9.0", + "serde", + "toml", + "url", +] + [[package]] name = "cc" version = "1.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef611cc68ff783f18535d77ddd080185275713d852c4f5cbb6122c462a7a825c" +dependencies = [ + "jobserver", +] [[package]] name = "cfg-if" @@ -133,7 +142,8 @@ checksum = "d021fddb7bd3e734370acfa4a83f34095571d8570c039f1420d77540f68d5772" dependencies = [ "libc", "num-integer", - "num-traits 0.2.12", + "num-traits", + "serde", "time", "winapi 0.3.9", ] @@ -166,6 +176,22 @@ dependencies = [ "libc", ] +[[package]] +name = "crates-index" +version = "0.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "15467291e8911aa3e73b0e77d988362da1df7ac974c7189ab38b94b6f7edfa7e" +dependencies = [ + "git2", + "glob", + "hex", + "home", + "serde", + "serde_derive", + "serde_json", + "smol_str", +] + [[package]] name = "crossbeam" version = "0.2.12" @@ -220,6 +246,15 @@ dependencies = [ "lazy_static 1.4.0", ] +[[package]] +name = "cvss" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c425c059aef1e9cc614482211c4bd78664299ca91d4353db994f9966a1e7161d" +dependencies = [ + "serde", +] + [[package]] name = "derive_more" version = "0.99.10" @@ -240,12 +275,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "dtoa" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134951f4028bdadb9b84baf4232681efbf277da25144b9b0ad65df75946c422b" - [[package]] name = "fake-simd" version = "0.1.2" @@ -320,6 +349,27 @@ dependencies = [ "typenum", ] +[[package]] +name = "git2" +version = "0.13.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e094214efbc7fdbbdee952147e493b00e99a4e52817492277e98967ae918165" +dependencies = [ + "bitflags 1.2.1", + "libc", + "libgit2-sys", + "log 0.4.11", + "openssl-probe", + "openssl-sys", + "url", +] + +[[package]] +name = "glob" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" + [[package]] name = "hashbrown" version = "0.9.1" @@ -335,31 +385,30 @@ dependencies = [ "libc", ] +[[package]] +name = "hex" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "644f9158b2f133fd50f5fb3242878846d9eb792e445c893805ff0e3824006e35" +dependencies = [ + "serde", +] + +[[package]] +name = "home" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2456aef2e6b6a9784192ae780c0f15bc57df0e918585282325e8c8ac27737654" +dependencies = [ + "winapi 0.3.9", +] + [[package]] name = "httparse" version = "1.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd179ae861f0c2e53da70d892f5f3029f9594be0c41dc5269cd371691b1dc2f9" -[[package]] -name = "hyper" -version = "0.10.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a0652d9a2609a968c14be1a9ea00bf4b1d64e2e1f53a1b51b6fff3a6e829273" -dependencies = [ - "base64 0.9.3", - "httparse", - "language-tags", - "log 0.3.9", - "mime 0.2.6", - "num_cpus", - "time", - "traitobject", - "typeable", - "unicase 1.4.2", - "url", -] - [[package]] name = "hyper" version = "0.11.27" @@ -374,30 +423,19 @@ dependencies = [ "iovec", "language-tags", "log 0.4.11", - "mime 0.3.16", + "mime", "net2", - "percent-encoding", + "percent-encoding 1.0.1", "relay", "time", "tokio-core", "tokio-io", "tokio-proto", "tokio-service", - "unicase 2.6.0", + "unicase", "want", ] -[[package]] -name = "hyper-native-tls" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72332e4a35d3059583623b50e98e491b78f8b96c5521fcb3f428167955aa56e8" -dependencies = [ - "antidote", - "hyper 0.10.16", - "native-tls", -] - [[package]] name = "hyper-tls" version = "0.1.4" @@ -405,7 +443,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ffb1bd5e518d3065840ab315dbbf44e4420e5f7d80e2cb93fa6ffffc50522378" dependencies = [ "futures", - "hyper 0.11.27", + "hyper", "native-tls", "tokio-core", "tokio-io", @@ -415,9 +453,9 @@ dependencies = [ [[package]] name = "idna" -version = "0.1.5" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38f09e0f0b1fb55fdee1f17470ad800da77af5186a1a76c026b679358b7e844e" +checksum = "02e2673c30ee86b5b96a9cb52ad15718aa1f966f5ab9ad54a8b95d5ca33120a9" dependencies = [ "matches", "unicode-bidi", @@ -432,7 +470,7 @@ checksum = "55e2e4c765aa53a0424761bf9f41aa7a6ac1efa87238f59560640e27fca028f2" dependencies = [ "autocfg", "hashbrown", - "serde 1.0.116", + "serde", ] [[package]] @@ -444,18 +482,21 @@ dependencies = [ "libc", ] -[[package]] -name = "itoa" -version = "0.3.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c" - [[package]] name = "itoa" version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc6f3ad7b9d11a0c00842ff8de1b60ee58661048eb8049ed33c73594f359d7e6" +[[package]] +name = "jobserver" +version = "0.1.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c71313ebb9439f74b00d9d2dcec36440beaf57a6aa0623068441dd7cd81a7f2" +dependencies = [ + "libc", +] + [[package]] name = "kernel32-sys" version = "0.2.2" @@ -490,6 +531,46 @@ version = "0.2.77" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2f96b10ec2560088a8e76961b00d47107b3a625fecb76dedb29ee7ccbf98235" +[[package]] +name = "libgit2-sys" +version = "0.12.13+1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "069eea34f76ec15f2822ccf78fe0cdb8c9016764d0a12865278585a74dbdeae5" +dependencies = [ + "cc", + "libc", + "libssh2-sys", + "libz-sys", + "openssl-sys", + "pkg-config", +] + +[[package]] +name = "libssh2-sys" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca46220853ba1c512fc82826d0834d87b06bcd3c2a42241b7de72f3d2fe17056" +dependencies = [ + "cc", + "libc", + "libz-sys", + "openssl-sys", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "libz-sys" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "602113192b08db8f38796c4e85c39e960c145965140e918018bcde1952429655" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "linked-hash-map" version = "0.5.3" @@ -586,15 +667,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "mime" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba626b8a6de5da682e1caa06bdb42a335aee5a84db8e5046a3e8ab17ba0a3ae0" -dependencies = [ - "log 0.3.9", -] - [[package]] name = "mime" version = "0.3.16" @@ -676,16 +748,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8d59457e662d541ba17869cf51cf177c0b5f0cbf476c66bdc90bf1edac4f875b" dependencies = [ "autocfg", - "num-traits 0.2.12", -] - -[[package]] -name = "num-traits" -version = "0.1.43" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31" -dependencies = [ - "num-traits 0.2.12", + "num-traits", ] [[package]] @@ -732,6 +795,12 @@ dependencies = [ "openssl-sys", ] +[[package]] +name = "openssl-probe" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77af24da69f9d9341038eba93a073b1fdaaa1b788221b00a69bce9e762cb32de" + [[package]] name = "openssl-sys" version = "0.9.58" @@ -786,6 +855,12 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "31010dd2e1ac33d5b46a5b413495239882813e0369f8ed8a5e266f173602f831" +[[package]] +name = "percent-encoding" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" + [[package]] name = "pest" version = "2.1.3" @@ -835,6 +910,15 @@ version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d36492546b6af1463394d46f0c834346f31548646f6ba10849802c9c9a27ac33" +[[package]] +name = "platforms" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "feb3b2b1033b8a60b4da6ee470325f887758c95d5320f52f9ce0df055a55940e" +dependencies = [ + "serde", +] + [[package]] name = "proc-macro2" version = "1.0.23" @@ -912,7 +996,7 @@ version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e614f96449605730b4f7ad2c019e88c1652d730634b4eba07b810801856635e3" dependencies = [ - "serde 1.0.116", + "serde", ] [[package]] @@ -933,21 +1017,6 @@ dependencies = [ "winapi 0.3.9", ] -[[package]] -name = "reqwest" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3bef9ed8fdfcc30947d6b774938dc0c3f369a474efe440df2c7f278180b2d2e6" -dependencies = [ - "hyper 0.10.16", - "hyper-native-tls", - "log 0.3.9", - "serde 0.9.15", - "serde_json 0.9.10", - "serde_urlencoded", - "url", -] - [[package]] name = "route-recognizer" version = "0.1.13" @@ -965,13 +1034,22 @@ dependencies = [ [[package]] name = "rustsec" -version = "0.6.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fb074a338f1f966f5d86eaef9aa85b544207ed138986e60a33e08202c5c4492" +checksum = "b2f7c2b431b329341b1ee7193b7403269153b99804ff5850a0b8966aed26f558" dependencies = [ - "reqwest", - "semver 0.11.0", - "toml 0.3.2", + "cargo-lock", + "chrono", + "crates-index", + "cvss", + "git2", + "home", + "platforms", + "semver 0.9.0", + "semver-parser 0.9.0", + "serde", + "thiserror", + "toml", ] [[package]] @@ -1069,6 +1147,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403" dependencies = [ "semver-parser 0.7.0", + "serde", ] [[package]] @@ -1078,7 +1157,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f301af10236f6df4160f7c3f04eec6dbc70ace82d23326abad5edee88801c6b6" dependencies = [ "semver-parser 0.10.0", - "serde 1.0.116", + "serde", ] [[package]] @@ -1087,6 +1166,12 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" +[[package]] +name = "semver-parser" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b46e1121e8180c12ff69a742aabc4f310542b6ccb69f1691689ac17fdf8618aa" + [[package]] name = "semver-parser" version = "0.10.0" @@ -1097,12 +1182,6 @@ dependencies = [ "pest_derive", ] -[[package]] -name = "serde" -version = "0.9.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34b623917345a631dc9608d5194cc206b3fe6c3554cd1c75b937e55e285254af" - [[package]] name = "serde" version = "1.0.116" @@ -1123,39 +1202,15 @@ dependencies = [ "syn", ] -[[package]] -name = "serde_json" -version = "0.9.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad8bcf487be7d2e15d3d543f04312de991d631cfe1b43ea0ade69e6a8a5b16a1" -dependencies = [ - "dtoa", - "itoa 0.3.4", - "num-traits 0.1.43", - "serde 0.9.15", -] - [[package]] name = "serde_json" version = "1.0.57" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "164eacbdb13512ec2745fb09d51fd5b22b0d65ed294a1dcf7285a360c80a675c" dependencies = [ - "itoa 0.4.6", + "itoa", "ryu", - "serde 1.0.116", -] - -[[package]] -name = "serde_urlencoded" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68f06ece1408d3221d11a9da11953ad0c94daa48cfa42026471306f895b91bc8" -dependencies = [ - "dtoa", - "itoa 0.3.4", - "serde 0.9.15", - "url", + "serde", ] [[package]] @@ -1179,7 +1234,7 @@ dependencies = [ "cadence", "derive_more", "futures", - "hyper 0.11.27", + "hyper", "hyper-tls", "indexmap", "lru-cache", @@ -1190,13 +1245,13 @@ dependencies = [ "rustsec", "sass-rs", "semver 0.11.0", - "serde 1.0.116", - "serde_json 1.0.57", + "serde", + "serde_json", "slog", "slog-json", "tokio-core", "tokio-service", - "toml 0.5.6", + "toml", "try_future", ] @@ -1225,8 +1280,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ddc0d2aff1f8f325ef660d9a0eb6e6dcd20b30b3f581a5897f58bf42d061c37a" dependencies = [ "chrono", - "serde 1.0.116", - "serde_json 1.0.57", + "serde", + "serde_json", "slog", ] @@ -1245,6 +1300,15 @@ dependencies = [ "maybe-uninit", ] +[[package]] +name = "smol_str" +version = "0.1.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ca0f7ce3a29234210f0f4f0b56f8be2e722488b95cb522077943212da3b32eb" +dependencies = [ + "serde", +] + [[package]] name = "syn" version = "1.0.42" @@ -1272,6 +1336,26 @@ dependencies = [ "remove_dir_all", ] +[[package]] +name = "thiserror" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dfdd070ccd8ccb78f4ad66bf1982dc37f620ef696c6b5028fe2ed83dd3d0d08" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd80fc12f73063ac132ac92aceea36734f04a1d93c1240c6944e23a3b8841793" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "time" version = "0.1.44" @@ -1529,30 +1613,15 @@ dependencies = [ "tokio-reactor", ] -[[package]] -name = "toml" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd86ad9ebee246fdedd610e0f6d0587b754a3d81438db930a244d0480ed7878f" -dependencies = [ - "serde 0.9.15", -] - [[package]] name = "toml" version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ffc92d160b1eef40665be3a05630d003936a3bc7da7421277846c2613e92c71a" dependencies = [ - "serde 1.0.116", + "serde", ] -[[package]] -name = "traitobject" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efd1f82c56340fdf16f2a953d7bda4f8fdffba13d93b00844c25572110b26079" - [[package]] name = "try-lock" version = "0.1.0" @@ -1574,12 +1643,6 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3e5d7cd7ab3e47dda6e56542f4bbf3824c15234958c6e1bd6aaa347e93499fdc" -[[package]] -name = "typeable" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1410f6f91f21d1612654e7cc69193b0334f909dcf2c790c4826254fbb86f8887" - [[package]] name = "typenum" version = "1.12.0" @@ -1592,22 +1655,13 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56dee185309b50d1f11bfedef0fe6d036842e3fb77413abef29f8f8d1c5d4c1c" -[[package]] -name = "unicase" -version = "1.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f4765f83163b74f957c797ad9253caf97f103fb064d3999aea9568d09fc8a33" -dependencies = [ - "version_check 0.1.5", -] - [[package]] name = "unicase" version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "50f37be617794602aabbeee0be4f259dc1778fabe05e2d67ee8f79326d5cb4f6" dependencies = [ - "version_check 0.9.2", + "version_check", ] [[package]] @@ -1636,13 +1690,13 @@ checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564" [[package]] name = "url" -version = "1.7.2" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd4e7c0d531266369519a4aa4f399d748bd37043b00bde1e4ff1f60a120b355a" +checksum = "829d4a8476c35c9bf0bbce5a3b23f4106f79728039b726d292bb93bc106787cb" dependencies = [ "idna", "matches", - "percent-encoding", + "percent-encoding 2.1.0", ] [[package]] @@ -1651,12 +1705,6 @@ version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6454029bf181f092ad1b853286f23e2c507d8e8194d01d92da4a55c274a5508c" -[[package]] -name = "version_check" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "914b1a6776c4c929a602fafd8bc742e06365d4bcbe48c30f9cca5824f70dc9dd" - [[package]] name = "version_check" version = "0.9.2" diff --git a/Cargo.toml b/Cargo.toml index 48377cb..1a9124e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,13 +19,13 @@ derive_more = "0.99" futures = "0.1" hyper = "0.11" hyper-tls = "0.1" -indexmap = { version = "1.0.0", features = ["serde-1"] } +indexmap = { version = "1", features = ["serde-1"] } lru-cache = "0.1" maud = "0.22" once_cell = "1.4" relative-path = { version = "0.3.7", features = ["serde"] } route-recognizer = "0.1" -rustsec = "0.6.0" +rustsec = "0.21" semver = { version = "0.11", features = ["serde"] } serde = { version = "1", features = ["derive"] } serde_json = "1" diff --git a/src/engine/machines/analyzer.rs b/src/engine/machines/analyzer.rs index b7f5be8..655e5b6 100644 --- a/src/engine/machines/analyzer.rs +++ b/src/engine/machines/analyzer.rs @@ -1,6 +1,6 @@ use std::sync::Arc; -use rustsec::db::AdvisoryDatabase; +use rustsec::database::{Database, Query}; use semver::Version; use crate::models::crates::{ @@ -9,11 +9,11 @@ use crate::models::crates::{ pub struct DependencyAnalyzer { deps: AnalyzedDependencies, - advisory_db: Option>, + advisory_db: Option>, } impl DependencyAnalyzer { - pub fn new(deps: &CrateDeps, advisory_db: Option>) -> DependencyAnalyzer { + pub fn new(deps: &CrateDeps, advisory_db: Option>) -> DependencyAnalyzer { DependencyAnalyzer { deps: AnalyzedDependencies::new(deps), advisory_db, @@ -24,7 +24,7 @@ impl DependencyAnalyzer { name: &CrateName, dep: &mut AnalyzedDependency, ver: &Version, - advisory_db: Option<&AdvisoryDatabase>, + advisory_db: Option<&Database>, ) { if dep.required.matches(&ver) { if let Some(ref mut current_latest_that_matches) = dep.latest_that_matches { @@ -35,8 +35,12 @@ impl DependencyAnalyzer { dep.latest_that_matches = Some(ver.clone()); } + let name: rustsec::cargo_lock::Name = name.as_ref().parse().unwrap(); + let version: rustsec::cargo_lock::Version = ver.to_string().parse().unwrap(); + let query = Query::new().package_version(name, version); + if !advisory_db - .map(|db| db.find_vulns_for_crate(name.as_ref(), ver).is_empty()) + .map(|db| db.query(&query).is_empty()) .unwrap_or(true) { dep.insecure = true; @@ -90,8 +94,9 @@ impl DependencyAnalyzer { #[cfg(test)] mod tests { - use super::DependencyAnalyzer; - use models::crates::{CrateDep, CrateDeps, CrateRelease}; + use crate::models::crates::{CrateDep, CrateDeps, CrateRelease}; + + use super::*; #[test] fn tracks_latest_without_matching() { diff --git a/src/engine/machines/crawler.rs b/src/engine/machines/crawler.rs index 0936ca5..a8ce0b9 100644 --- a/src/engine/machines/crawler.rs +++ b/src/engine/machines/crawler.rs @@ -118,8 +118,9 @@ mod tests { use relative_path::RelativePath; use semver::VersionReq; - use super::ManifestCrawler; - use models::crates::CrateDep; + use crate::models::crates::CrateDep; + + use super::*; #[test] fn simple_package_manifest() { diff --git a/src/engine/mod.rs b/src/engine/mod.rs index 8f6efeb..db55df5 100644 --- a/src/engine/mod.rs +++ b/src/engine/mod.rs @@ -12,7 +12,7 @@ use hyper::Client; use hyper_tls::HttpsConnector; use once_cell::sync::Lazy; use relative_path::{RelativePath, RelativePathBuf}; -use rustsec::db::AdvisoryDatabase; +use rustsec::database::Database; use semver::VersionReq; use slog::Logger; use tokio_service::Service; @@ -237,7 +237,7 @@ impl Engine { .call((repo_path.clone(), manifest_path)) } - fn fetch_advisory_db(&self) -> impl Future, Error = Error> { + fn fetch_advisory_db(&self) -> impl Future, Error = Error> { self.fetch_advisory_db .call(()) .from_err() diff --git a/src/interactors/rustsec.rs b/src/interactors/rustsec.rs index caf74f2..7fcec16 100644 --- a/src/interactors/rustsec.rs +++ b/src/interactors/rustsec.rs @@ -2,10 +2,10 @@ use std::str; use std::sync::Arc; use anyhow::{anyhow, ensure, Error}; -use futures::{future, Future, IntoFuture, Stream}; +use futures::{future, future::done, Future, IntoFuture, Stream}; use hyper::{Error as HyperError, Method, Request, Response}; -use rustsec::db::AdvisoryDatabase; -use rustsec::ADVISORY_DB_URL; +use rustsec::database::Database; +use rustsec::repository::DEFAULT_URL; use tokio_service::Service; #[derive(Debug, Clone)] @@ -17,35 +17,59 @@ where S::Future: 'static, { type Request = (); - type Response = Arc; + type Response = Arc; type Error = Error; type Future = Box>; fn call(&self, _req: ()) -> Self::Future { let service = self.0.clone(); - let uri_future = ADVISORY_DB_URL.parse().into_future().from_err(); - - Box::new(uri_future.and_then(move |uri| { - let request = Request::new(Method::Get, uri); - - service.call(request).from_err().and_then(|response| { - let status = response.status(); - if !status.is_success() { - future::Either::A(future::err(anyhow!( - "Status code {} when fetching advisory db", - status - ))) - } else { - let body_future = response.body().concat2().from_err(); - let decode_future = body_future.and_then(|body| { - Ok(Arc::new(AdvisoryDatabase::from_toml(str::from_utf8( - &body, - )?)?)) - }); - future::Either::B(decode_future) - } - }) - })) + Box::new(done( + rustsec::Database::fetch() + .map(|db| Arc::new(db)) + .map_err(|err| anyhow!("err fetching rustsec DB")), + )) } } + +// #[derive(Debug, Clone)] +// pub struct FetchAdvisoryDatabase(pub S); + +// impl Service for FetchAdvisoryDatabase +// where +// S: Service + Clone + 'static, +// S::Future: 'static, +// { +// type Request = (); +// type Response = Arc; +// type Error = Error; +// type Future = Box>; + +// fn call(&self, _req: ()) -> Self::Future { +// let service = self.0.clone(); + +// let uri_future = DEFAULT_URL.parse().into_future().from_err(); + +// Box::new(uri_future.and_then(move |uri| { +// let request = Request::new(Method::Get, uri); + +// service.call(request).from_err().and_then(|response| { +// let status = response.status(); +// if !status.is_success() { +// future::Either::A(future::err(anyhow!( +// "Status code {} when fetching advisory db", +// status +// ))) +// } else { +// let body_future = response.body().concat2().from_err(); +// let decode_future = body_future.and_then(|body| { +// Ok(Arc::new(Database::from_toml(str::from_utf8( +// &body, +// )?)?)) +// }); +// future::Either::B(decode_future) +// } +// }) +// })) +// } +// } diff --git a/src/parsers/manifest.rs b/src/parsers/manifest.rs index b88c05f..4cf4f89 100644 --- a/src/parsers/manifest.rs +++ b/src/parsers/manifest.rs @@ -138,8 +138,9 @@ pub fn parse_manifest_toml(input: &str) -> Result { #[cfg(test)] mod tests { - use super::parse_manifest_toml; - use models::crates::CrateManifest; + use crate::models::crates::CrateManifest; + + use super::*; #[test] fn parse_workspace_without_members_declaration() {