diff --git a/Cargo.lock b/Cargo.lock index 2d8b30c..cdc7fbf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,3 +1,8 @@ +[[package]] +name = "antidote" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "arrayvec" version = "0.4.7" @@ -35,6 +40,15 @@ dependencies = [ "rusttype 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "base64" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)", + "safemem 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "base64" version = "0.9.0" @@ -192,6 +206,24 @@ name = "httparse" version = "1.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" +[[package]] +name = "hyper" +version = "0.10.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "base64 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)", + "httparse 1.2.4 (registry+https://github.com/rust-lang/crates.io-index)", + "language-tags 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", + "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", + "mime 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", + "num_cpus 1.8.0 (registry+https://github.com/rust-lang/crates.io-index)", + "time 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)", + "traitobject 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", + "typeable 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", + "unicase 1.4.2 (registry+https://github.com/rust-lang/crates.io-index)", + "url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "hyper" version = "0.11.18" @@ -216,6 +248,16 @@ dependencies = [ "unicase 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "hyper-native-tls" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "antidote 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", + "hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)", + "native-tls 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "hyper-tls" version = "0.1.2" @@ -230,6 +272,16 @@ dependencies = [ "tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "idna" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", + "unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)", + "unicode-normalization 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "indexmap" version = "0.4.1" @@ -320,6 +372,11 @@ dependencies = [ "linked-hash-map 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "matches" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "maud" version = "0.17.2" @@ -343,6 +400,14 @@ dependencies = [ "maud_htmlescape 0.17.0 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "mime" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "mime" version = "0.3.5" @@ -556,6 +621,20 @@ dependencies = [ "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "reqwest" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)", + "hyper-native-tls 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)", + "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", + "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", + "serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)", + "serde_urlencoded 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", + "url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "route-recognizer" version = "0.1.12" @@ -566,6 +645,16 @@ name = "rustc-demangle" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" +[[package]] +name = "rustsec" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "reqwest 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", + "semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", + "toml 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "rusttype" version = "0.4.1" @@ -648,6 +737,11 @@ name = "semver-parser" version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" +[[package]] +name = "serde" +version = "0.9.15" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "serde" version = "1.0.27" @@ -672,6 +766,17 @@ dependencies = [ "synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "serde_json" +version = "0.9.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "dtoa 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", + "itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)", + "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", + "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "serde_json" version = "1.0.9" @@ -683,6 +788,17 @@ dependencies = [ "serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "serde_urlencoded" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "dtoa 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", + "itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)", + "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", + "url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "shared-failure" version = "0.1.0" @@ -706,6 +822,7 @@ dependencies = [ "maud 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)", "relative-path 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)", "route-recognizer 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)", + "rustsec 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)", "sass-rs 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)", @@ -870,6 +987,14 @@ dependencies = [ "tokio-io 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "toml" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "toml" version = "0.4.5" @@ -878,6 +1003,24 @@ dependencies = [ "serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "traitobject" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "typeable" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "unicase" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "unicase" version = "2.1.0" @@ -886,6 +1029,19 @@ dependencies = [ "version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "unicode-bidi" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "unicode-normalization" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" + [[package]] name = "unicode-xid" version = "0.0.4" @@ -899,6 +1055,16 @@ dependencies = [ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "url" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "idna 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", + "matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", + "percent-encoding 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "vcpkg" version = "0.2.2" @@ -953,9 +1119,11 @@ dependencies = [ ] [metadata] +"checksum antidote 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "34fde25430d87a9388dadbe6e34d7f72a462c8b43ac8d309b42b0a8505d7e2a5" "checksum arrayvec 0.4.7 (registry+https://github.com/rust-lang/crates.io-index)" = "a1e964f9e24d588183fcb43503abda40d288c8657dfc27311516ce2f05675aef" "checksum backtrace 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)" = "ebbbf59b1c43eefa8c3ede390fcc36820b4999f7914104015be25025e0d62af2" "checksum backtrace-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "44585761d6161b0f57afc49482ab6bd067e4edef48c12a152c237eb0203f7661" +"checksum base64 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "96434f987501f0ed4eb336a411e0631ecd1afa11574fe148587adc4ff96143c9" "checksum base64 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "229d032f1a99302697f10b27167ae6d03d49d032e6a8e2550e8d3fc13356d2b4" "checksum bitflags 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4efd02e230a02e18f92fc2735f44597385ed02ad8f831e7c1c1156ee5e1ab3a5" "checksum bitflags 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b3c30d3802dfb7281680d6285f2ccdaa8c2d8fee41f93805dba5c4cf50dc23cf" @@ -979,8 +1147,11 @@ dependencies = [ "checksum futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "ab90cde24b3319636588d0c35fe03b1333857621051837ed769faefb4c2162e4" "checksum gcc 0.3.54 (registry+https://github.com/rust-lang/crates.io-index)" = "5e33ec290da0d127825013597dbdfc28bee4964690c7ce1166cbc2a7bd08b1bb" "checksum httparse 1.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2f407128745b78abc95c0ffbe4e5d37427fdc0d45470710cfef8c44522a2e37" +"checksum hyper 0.10.13 (registry+https://github.com/rust-lang/crates.io-index)" = "368cb56b2740ebf4230520e2b90ebb0461e69034d85d1945febd9b3971426db2" "checksum hyper 0.11.18 (registry+https://github.com/rust-lang/crates.io-index)" = "c4f9b276c87e3fc1902a8bdfcce264c3f7c8a1c35e5e0c946062739f55026664" +"checksum hyper-native-tls 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "72332e4a35d3059583623b50e98e491b78f8b96c5521fcb3f428167955aa56e8" "checksum hyper-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "9c81fa95203e2a6087242c38691a0210f23e9f3f8f944350bd676522132e2985" +"checksum idna 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "014b298351066f1512874135335d62a789ffe78a9974f94b43ed5621951eaf7d" "checksum indexmap 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7164c96d6e18ccc3ce43f3dedac996c21a220670a106c275b96ad92110401362" "checksum iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dbe6e417e7d0975db6512b90796e8ce223145ac4e33c377e4a42882a0e88bb08" "checksum itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c" @@ -995,9 +1166,11 @@ dependencies = [ "checksum log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b" "checksum log 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "89f010e843f2b1a31dbd316b3b8d443758bc634bed37aabade59c686d644e0a2" "checksum lru-cache 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4d06ff7ff06f729ce5f4e227876cb88d10bc59cd4ae1e09fbb2bde15c850dc21" +"checksum matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "100aabe6b8ff4e4a7e32c1c13523379802df0772b82466207ac25b013f193376" "checksum maud 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)" = "c0023c814f4a545946ab612ad64a4edce8126d4fe4f0abc5f319b80877112048" "checksum maud_htmlescape 0.17.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d0fb85bccffc42302ad1e1ed8679f6a39d1317f775a37fbc3f79bdfbe054bfb7" "checksum maud_macros 0.17.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0d8377d77c1995044b8ad67a59d15b434c8b7de470ac743de4916ee2bd9fce55" +"checksum mime 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "ba626b8a6de5da682e1caa06bdb42a335aee5a84db8e5046a3e8ab17ba0a3ae0" "checksum mime 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)" = "e2e00e17be181010a91dbfefb01660b17311059dc8c7f48b9017677721e732bd" "checksum mio 0.6.13 (registry+https://github.com/rust-lang/crates.io-index)" = "7da01a5e23070d92d99b1ecd1cd0af36447c6fd44b0fe283c2db199fa136724f" "checksum miow 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f2f3b1cf331de6896aabf6e9d55dca90356cc9960cca7eaaf408a355ae919" @@ -1022,8 +1195,10 @@ dependencies = [ "checksum relative-path 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)" = "e614f96449605730b4f7ad2c019e88c1652d730634b4eba07b810801856635e3" "checksum relay 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1576e382688d7e9deecea24417e350d3062d97e32e45d70b1cde65994ff1489a" "checksum remove_dir_all 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b5d2f806b0fcdabd98acd380dc8daef485e22bcb7cddc811d1337967f2528cf5" +"checksum reqwest 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3bef9ed8fdfcc30947d6b774938dc0c3f369a474efe440df2c7f278180b2d2e6" "checksum route-recognizer 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "cf3255338088df8146ba63d60a9b8e3556f1146ce2973bc05a75181a42ce2256" "checksum rustc-demangle 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "aee45432acc62f7b9a108cc054142dac51f979e69e71ddce7d6fc7adf29e817e" +"checksum rustsec 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9fb074a338f1f966f5d86eaef9aa85b544207ed138986e60a33e08202c5c4492" "checksum rusttype 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "24f3d32ca1619041480bd0b4756963762369f1d3f2fcc212c4877042f867b4ca" "checksum safemem 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e27a8b19b835f7aea908818e871f5cc3a5a186550c30773be987e155e8163d8f" "checksum sass-rs 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "90f8cf6e645aa843ffffcbdc1e8752b1f221dfa314c81895aeb229a77aea7e05" @@ -1034,10 +1209,13 @@ dependencies = [ "checksum security-framework-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "5421621e836278a0b139268f36eee0dc7e389b784dc3f79d8f11aabadf41bead" "checksum semver 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1d7eb9ef2c18661902cc47e535f9bc51b78acd254da71d375c2f6720d9a40403" "checksum semver-parser 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" +"checksum serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "34b623917345a631dc9608d5194cc206b3fe6c3554cd1c75b937e55e285254af" "checksum serde 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)" = "db99f3919e20faa51bb2996057f5031d8685019b5a06139b1ce761da671b8526" "checksum serde_derive 1.0.27 (registry+https://github.com/rust-lang/crates.io-index)" = "f4ba7591cfe93755e89eeecdbcc668885624829b020050e6aec99c2a03bd3fd0" "checksum serde_derive_internals 0.19.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6e03f1c9530c3fb0a0a5c9b826bdd9246a5921ae995d75f512ac917fc4dd55b5" +"checksum serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ad8bcf487be7d2e15d3d543f04312de991d631cfe1b43ea0ade69e6a8a5b16a1" "checksum serde_json 1.0.9 (registry+https://github.com/rust-lang/crates.io-index)" = "c9db7266c7d63a4c4b7fe8719656ccdd51acf1bed6124b174f933b009fb10bcb" +"checksum serde_urlencoded 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "68f06ece1408d3221d11a9da11953ad0c94daa48cfa42026471306f895b91bc8" "checksum slab 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "17b4fcaed89ab08ef143da37bc52adbcc04d4a69014f4c1208d6b51f0c47bc23" "checksum slab 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fdeff4cd9ecff59ec7e3744cbca73dfe5ac35c2aedb2cfba8a1c715a18912e9d" "checksum slog 2.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "0a6b13b17f4225771f7f15cece704a4e68d3a5f31278ed26367f497133398a18" @@ -1055,10 +1233,17 @@ dependencies = [ "checksum tokio-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8fbb47ae81353c63c487030659494b295f6cb6576242f907f203473b191b0389" "checksum tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "24da22d077e0f15f55162bdbdc661228c1581892f52074fb242678d015b45162" "checksum tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "772f4b04e560117fe3b0a53e490c16ddc8ba6ec437015d91fa385564996ed913" +"checksum toml 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bd86ad9ebee246fdedd610e0f6d0587b754a3d81438db930a244d0480ed7878f" "checksum toml 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)" = "a7540f4ffc193e0d3c94121edb19b055670d369f77d5804db11ae053a45b6e7e" +"checksum traitobject 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "efd1f82c56340fdf16f2a953d7bda4f8fdffba13d93b00844c25572110b26079" +"checksum typeable 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "1410f6f91f21d1612654e7cc69193b0334f909dcf2c790c4826254fbb86f8887" +"checksum unicase 1.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7f4765f83163b74f957c797ad9253caf97f103fb064d3999aea9568d09fc8a33" "checksum unicase 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "284b6d3db520d67fbe88fd778c21510d1b0ba4a551e5d0fbb023d33405f6de8a" +"checksum unicode-bidi 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "49f2bd0c6468a8230e1db229cff8029217cf623c767ea5d60bfbd42729ea54d5" +"checksum unicode-normalization 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "51ccda9ef9efa3f7ef5d91e8f9b83bbe6955f9bf86aec89d5cce2c874625920f" "checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc" "checksum unreachable 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1f2ae5ddb18e1c92664717616dd9549dde73f539f01bd7b77c2edb2446bdff91" +"checksum url 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fa35e768d4daf1d85733418a49fb42e10d7f633e394fccab4ab7aba897053fe2" "checksum vcpkg 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "9e0a7d8bed3178a8fb112199d466eeca9ed09a14ba8ad67718179b4fd5487d0b" "checksum version_check 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "6b772017e347561807c1aa192438c5fd74242a670a6cffacc40f2defd1dc069d" "checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" diff --git a/Cargo.toml b/Cargo.toml index 46ebd41..fd35b72 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,6 +15,7 @@ lru-cache = "0.1.1" maud = "0.17.2" relative-path = { version = "0.3.7", features = ["serde"] } route-recognizer = "0.1.12" +rustsec = "0.6.0" semver = { version = "0.9.0", features = ["serde"] } serde = "1.0.27" serde_derive = "1.0.27" diff --git a/src/engine/futures/analyze.rs b/src/engine/futures/analyze.rs index 61563b5..f08870d 100644 --- a/src/engine/futures/analyze.rs +++ b/src/engine/futures/analyze.rs @@ -12,27 +12,29 @@ pub struct AnalyzeDependenciesFuture { } impl AnalyzeDependenciesFuture { - pub fn new(engine: &Engine, deps: CrateDeps) -> Self { - let analyzer = DependencyAnalyzer::new(&deps); + pub fn new(engine: Engine, deps: CrateDeps) -> Self { + let future = engine.fetch_advisory_db().and_then(move |advisory_db| { + let analyzer = DependencyAnalyzer::new(&deps, advisory_db); - let main_deps = deps.main.into_iter().filter_map(|(name, dep)| { - if dep.is_external() { Some(name) } else { None } - }); - let dev_deps = deps.dev.into_iter().filter_map(|(name, dep)| { - if dep.is_external() { Some(name) } else { None } - }); - let build_deps = deps.build.into_iter().filter_map(|(name, dep)| { - if dep.is_external() { Some(name) } else { None } - }); + let main_deps = deps.main.into_iter().filter_map(|(name, dep)| { + if dep.is_external() { Some(name) } else { None } + }); + let dev_deps = deps.dev.into_iter().filter_map(|(name, dep)| { + if dep.is_external() { Some(name) } else { None } + }); + let build_deps = deps.build.into_iter().filter_map(|(name, dep)| { + if dep.is_external() { Some(name) } else { None } + }); - let release_futures = engine.fetch_releases(main_deps.chain(dev_deps).chain(build_deps)); + let release_futures = engine.fetch_releases(main_deps.chain(dev_deps).chain(build_deps)); - let analyzed_deps_future = futures_unordered(release_futures) - .fold(analyzer, |mut analyzer, releases| { analyzer.process(releases); Ok(analyzer) as Result<_, Error> }) - .map(|analyzer| analyzer.finalize()); + futures_unordered(release_futures) + .fold(analyzer, |mut analyzer, releases| { analyzer.process(releases); Ok(analyzer) as Result<_, Error> }) + .map(|analyzer| analyzer.finalize()) + }); AnalyzeDependenciesFuture { - inner: Box::new(analyzed_deps_future) + inner: Box::new(future) } } } diff --git a/src/engine/machines/analyzer.rs b/src/engine/machines/analyzer.rs index cc2dd3d..daa62f8 100644 --- a/src/engine/machines/analyzer.rs +++ b/src/engine/machines/analyzer.rs @@ -1,19 +1,24 @@ +use std::sync::Arc; + +use rustsec::db::AdvisoryDatabase; use semver::Version; -use ::models::crates::{CrateDeps, CrateRelease, AnalyzedDependency, AnalyzedDependencies}; +use ::models::crates::{CrateDeps, CrateRelease, CrateName, AnalyzedDependency, AnalyzedDependencies}; pub struct DependencyAnalyzer { - deps: AnalyzedDependencies + deps: AnalyzedDependencies, + advisory_db: Arc } impl DependencyAnalyzer { - pub fn new(deps: &CrateDeps) -> DependencyAnalyzer { + pub fn new(deps: &CrateDeps, advisory_db: Arc) -> DependencyAnalyzer { DependencyAnalyzer { - deps: AnalyzedDependencies::new(deps) + deps: AnalyzedDependencies::new(deps), + advisory_db } } - fn process_single(dep: &mut AnalyzedDependency, ver: &Version) { + fn process_single(name: &CrateName, dep: &mut AnalyzedDependency, ver: &Version, advisory_db: &AdvisoryDatabase) { if dep.required.matches(&ver) { if let Some(ref mut current_latest_that_matches) = dep.latest_that_matches { if *current_latest_that_matches < *ver { @@ -22,6 +27,10 @@ impl DependencyAnalyzer { } else { dep.latest_that_matches = Some(ver.clone()); } + + if !advisory_db.find_vulns_for_crate(name.as_ref(), ver).is_empty() { + dep.insecure = true; + } } if !ver.is_prerelease() { if let Some(ref mut current_latest) = dep.latest { @@ -37,13 +46,13 @@ impl DependencyAnalyzer { pub fn process>(&mut self, releases: I) { for release in releases.into_iter().filter(|r| !r.yanked) { if let Some(main_dep) = self.deps.main.get_mut(&release.name) { - DependencyAnalyzer::process_single(main_dep, &release.version) + DependencyAnalyzer::process_single(&release.name, main_dep, &release.version, &self.advisory_db) } if let Some(dev_dep) = self.deps.dev.get_mut(&release.name) { - DependencyAnalyzer::process_single(dev_dep, &release.version) + DependencyAnalyzer::process_single(&release.name, dev_dep, &release.version, &self.advisory_db) } if let Some(build_dep) = self.deps.build.get_mut(&release.name) { - DependencyAnalyzer::process_single(build_dep, &release.version) + DependencyAnalyzer::process_single(&release.name, build_dep, &release.version, &self.advisory_db) } } } diff --git a/src/engine/mod.rs b/src/engine/mod.rs index ba6f76d..7988c8e 100644 --- a/src/engine/mod.rs +++ b/src/engine/mod.rs @@ -11,6 +11,7 @@ use hyper::Client; use hyper::client::HttpConnector; use hyper_tls::HttpsConnector; use relative_path::{RelativePath, RelativePathBuf}; +use rustsec::db::AdvisoryDatabase; use semver::VersionReq; use slog::Logger; use tokio_service::Service; @@ -25,7 +26,8 @@ use ::models::crates::{CrateName, CratePath, CrateRelease, AnalyzedDependencies} use ::interactors::crates::{QueryCrate, GetPopularCrates}; use ::interactors::RetrieveFileAtPath; -use ::interactors::github::{GetPopularRepos}; +use ::interactors::github::GetPopularRepos; +use ::interactors::rustsec::FetchAdvisoryDatabase; use self::futures::AnalyzeDependenciesFuture; use self::futures::CrawlManifestFuture; @@ -41,7 +43,8 @@ pub struct Engine { query_crate: Arc>>, get_popular_crates: Arc>>, get_popular_repos: Arc>>, - retrieve_file_at_path: Arc> + retrieve_file_at_path: Arc>, + fetch_advisory_db: Arc>> } impl Engine { @@ -51,6 +54,7 @@ impl Engine { let query_crate = Cache::new(QueryCrate(client.clone()), Duration::from_secs(300), 500); let get_popular_crates = Cache::new(GetPopularCrates(client.clone()), Duration::from_secs(10), 1); let get_popular_repos = Cache::new(GetPopularRepos(client.clone()), Duration::from_secs(10), 1); + let fetch_advisory_db = Cache::new(FetchAdvisoryDatabase(client.clone()), Duration::from_secs(300), 1); Engine { client: client.clone(), logger, metrics, @@ -58,7 +62,8 @@ impl Engine { query_crate: Arc::new(query_crate), get_popular_crates: Arc::new(get_popular_crates), get_popular_repos: Arc::new(get_popular_repos), - retrieve_file_at_path: Arc::new(RetrieveFileAtPath(client)) + retrieve_file_at_path: Arc::new(RetrieveFileAtPath(client)), + fetch_advisory_db: Arc::new(fetch_advisory_db) } } @@ -77,6 +82,10 @@ impl AnalyzeDependenciesOutcome { self.crates.iter().any(|&(_, ref deps)| deps.any_outdated()) } + pub fn any_insecure(&self) -> bool { + self.crates.iter().any(|&(_, ref deps)| deps.count_insecure() > 0) + } + pub fn outdated_ratio(&self) -> (usize, usize) { self.crates.iter().fold((0, 0), |(outdated, total), &(_, ref deps)| { (outdated + deps.count_outdated(), total + deps.count_total()) @@ -115,7 +124,7 @@ impl Engine { manifest_future.and_then(move |manifest_output| { let engine_for_analyze = engine.clone(); let futures = manifest_output.crates.into_iter().map(move |(crate_name, deps)| { - let analyzed_deps_future = AnalyzeDependenciesFuture::new(&engine_for_analyze, deps); + let analyzed_deps_future = AnalyzeDependenciesFuture::new(engine_for_analyze.clone(), deps); analyzed_deps_future.map(move |analyzed_deps| (crate_name, analyzed_deps)) }); @@ -147,7 +156,7 @@ impl Engine { match query_response.releases.iter().find(|release| release.version == crate_path.version) { None => future::Either::A(future::err(format_err!("could not find crate release with version {}", crate_path.version))), Some(release) => { - let analyzed_deps_future = AnalyzeDependenciesFuture::new(&engine, release.deps.clone()); + let analyzed_deps_future = AnalyzeDependenciesFuture::new(engine.clone(), release.deps.clone()); future::Either::B(analyzed_deps_future.map(move |analyzed_deps| { let crates = vec![(crate_path.name, analyzed_deps)].into_iter().collect(); @@ -190,6 +199,12 @@ impl Engine { let manifest_path = path.join(RelativePath::new("Cargo.toml")); self.retrieve_file_at_path.call((repo_path.clone(), manifest_path)) } + + fn fetch_advisory_db(&self) -> + impl Future, Error=Error> + { + self.fetch_advisory_db.call(()).from_err().map(|db| db.clone()) + } } lazy_static! { diff --git a/src/interactors/mod.rs b/src/interactors/mod.rs index 105eee6..3738402 100644 --- a/src/interactors/mod.rs +++ b/src/interactors/mod.rs @@ -10,7 +10,7 @@ pub mod bitbucket; pub mod crates; pub mod github; pub mod gitlab; - +pub mod rustsec; #[derive(Debug, Clone)] pub struct RetrieveFileAtPath(pub S); diff --git a/src/interactors/rustsec.rs b/src/interactors/rustsec.rs new file mode 100644 index 0000000..b651c15 --- /dev/null +++ b/src/interactors/rustsec.rs @@ -0,0 +1,44 @@ +use std::str; +use std::sync::Arc; + +use failure::Error; +use futures::{Future, IntoFuture, Stream, future}; +use hyper::{Error as HyperError, Method, Request, Response}; +use rustsec::ADVISORY_DB_URL; +use rustsec::db::AdvisoryDatabase; +use tokio_service::Service; + +#[derive(Debug, Clone)] +pub struct FetchAdvisoryDatabase(pub S); + +impl Service for FetchAdvisoryDatabase + where S: Service + Clone + 'static, + S::Future: 'static +{ + type Request = (); + type Response = Arc; + type Error = Error; + type Future = Box>; + + fn call(&self, _req: ()) -> Self::Future { + let service = self.0.clone(); + + let uri_future = ADVISORY_DB_URL.parse().into_future().from_err(); + + Box::new(uri_future.and_then(move |uri| { + let request = Request::new(Method::Get, uri); + + service.call(request).from_err().and_then(|response| { + let status = response.status(); + if !status.is_success() { + future::Either::A(future::err(format_err!("Status code {} when fetching advisory db", status))) + } else { + let body_future = response.body().concat2().from_err(); + let decode_future = body_future + .and_then(|body| Ok(Arc::new(AdvisoryDatabase::from_toml(str::from_utf8(&body)?)?))); + future::Either::B(decode_future) + } + }) + })) + } +} diff --git a/src/main.rs b/src/main.rs index 5584621..5756ac1 100644 --- a/src/main.rs +++ b/src/main.rs @@ -15,6 +15,7 @@ extern crate lru_cache; extern crate maud; extern crate relative_path; extern crate route_recognizer; +extern crate rustsec; extern crate semver; #[macro_use] extern crate serde_derive; extern crate serde; diff --git a/src/models/crates.rs b/src/models/crates.rs index e499cda..3fc60ed 100644 --- a/src/models/crates.rs +++ b/src/models/crates.rs @@ -93,7 +93,8 @@ pub struct CrateDeps { pub struct AnalyzedDependency { pub required: VersionReq, pub latest_that_matches: Option, - pub latest: Option + pub latest: Option, + pub insecure: bool } impl AnalyzedDependency { @@ -101,7 +102,8 @@ impl AnalyzedDependency { AnalyzedDependency { required, latest_that_matches: None, - latest: None + latest: None, + insecure: false } } @@ -158,6 +160,19 @@ impl AnalyzedDependencies { .filter(|&(_, dep)| dep.is_outdated()) .count(); main_outdated + dev_outdated + build_outdated + } + + pub fn count_insecure(&self) -> usize { + let main_insecure = self.main.iter() + .filter(|&(_, dep)| dep.insecure) + .count(); + let dev_insecure = self.dev.iter() + .filter(|&(_, dep)| dep.insecure) + .count(); + let build_insecure = self.build.iter() + .filter(|&(_, dep)| dep.insecure) + .count(); + main_insecure + dev_insecure + build_insecure } pub fn any_outdated(&self) -> bool { diff --git a/src/server/views/badge.rs b/src/server/views/badge.rs index fca3a48..590c98f 100644 --- a/src/server/views/badge.rs +++ b/src/server/views/badge.rs @@ -7,25 +7,33 @@ use ::engine::AnalyzeDependenciesOutcome; pub fn badge(analysis_outcome: Option<&AnalyzeDependenciesOutcome>) -> Badge { let opts = match analysis_outcome { Some(outcome) => { - let (outdated, total) = outcome.outdated_ratio(); - - if outdated > 0 { + if outcome.any_insecure() { BadgeOptions { subject: "dependencies".into(), - status: format!("{} of {} outdated", outdated, total), - color: "#dfb317".into() - } - } else if total > 0 { - BadgeOptions { - subject: "dependencies".into(), - status: "up to date".into(), - color: "#4c1".into() + status: "insecure".into(), + color: "#e05d44".into() } } else { - BadgeOptions { - subject: "dependencies".into(), - status: "none".into(), - color: "#4c1".into() + let (outdated, total) = outcome.outdated_ratio(); + + if outdated > 0 { + BadgeOptions { + subject: "dependencies".into(), + status: format!("{} of {} outdated", outdated, total), + color: "#dfb317".into() + } + } else if total > 0 { + BadgeOptions { + subject: "dependencies".into(), + status: "up to date".into(), + color: "#4c1".into() + } + } else { + BadgeOptions { + subject: "dependencies".into(), + status: "none".into(), + color: "#4c1".into() + } } } }, diff --git a/src/server/views/html/status.rs b/src/server/views/html/status.rs index 2342cc4..91b83be 100644 --- a/src/server/views/html/status.rs +++ b/src/server/views/html/status.rs @@ -36,12 +36,15 @@ fn dependency_tables(crate_name: CrateName, deps: AnalyzedDependencies) -> Marku fn dependency_table(title: &str, deps: IndexMap) -> Markup { let count_total = deps.len(); + let count_insecure = deps.iter().filter(|&(_, dep)| dep.insecure).count(); let count_outdated = deps.iter().filter(|&(_, dep)| dep.is_outdated()).count(); html! { h3 class="title is-4" (title) p class="subtitle is-5" { - @if count_outdated > 0 { + @if count_insecure > 0 { + (format!(" ({} total, {} insecure)", count_total, count_insecure)) + } @else if count_outdated > 0 { (format!(" ({} total, {} up-to-date, {} outdated)", count_total, count_total - count_outdated, count_outdated)) } @else { (format!(" ({} total, all up-to-date)", count_total)) @@ -72,7 +75,9 @@ fn dependency_table(title: &str, deps: IndexMap) } } td class="has-text-right" { - @if dep.is_outdated() { + @if dep.insecure { + span class="tag is-danger" "insecure" + } @else if dep.is_outdated() { span class="tag is-warning" "out of date" } @else { span class="tag is-success" "up to date" @@ -150,7 +155,9 @@ fn render_success(analysis_outcome: AnalyzeDependenciesOutcome, subject_path: Su let status_data_uri = badge::badge(Some(&analysis_outcome)).to_svg_data_uri(); - let hero_class = if analysis_outcome.any_outdated() { + let hero_class = if analysis_outcome.any_insecure() { + "is-danger" + } else if analysis_outcome.any_outdated() { "is-warning" } else { "is-success"