aboutsummaryrefslogtreecommitdiffhomepage
path: root/crates/shirabe/src/advisory
diff options
context:
space:
mode:
authornsfisis <nsfisis@gmail.com>2026-05-17 02:53:53 +0900
committernsfisis <nsfisis@gmail.com>2026-05-17 02:53:53 +0900
commita1c7e6908a26e10f6e1f23a51721664b5e2d838d (patch)
treec575c76f1b43359ed74913da4c6a2636643f1ba0 /crates/shirabe/src/advisory
parent7f606f36fef0c0467c3c0db3d0da33af486dae8a (diff)
downloadphp-shirabe-a1c7e6908a26e10f6e1f23a51721664b5e2d838d.tar.gz
php-shirabe-a1c7e6908a26e10f6e1f23a51721664b5e2d838d.tar.zst
php-shirabe-a1c7e6908a26e10f6e1f23a51721664b5e2d838d.zip
chore(style): cargo fmt
Diffstat (limited to 'crates/shirabe/src/advisory')
-rw-r--r--crates/shirabe/src/advisory/audit_config.rs11
-rw-r--r--crates/shirabe/src/advisory/auditor.rs54
-rw-r--r--crates/shirabe/src/advisory/ignored_security_advisory.rs14
-rw-r--r--crates/shirabe/src/advisory/mod.rs5
-rw-r--r--crates/shirabe/src/advisory/partial_security_advisory.rs40
5 files changed, 75 insertions, 49 deletions
diff --git a/crates/shirabe/src/advisory/audit_config.rs b/crates/shirabe/src/advisory/audit_config.rs
index da01a2c..f75d499 100644
--- a/crates/shirabe/src/advisory/audit_config.rs
+++ b/crates/shirabe/src/advisory/audit_config.rs
@@ -59,7 +59,10 @@ impl AuditConfig {
/// Detailed format: ['CVE-123' => ['apply' => 'audit|block|all', 'reason' => '...']]
fn parse_ignore_with_apply(
config: &PhpMixed,
- ) -> anyhow::Result<(IndexMap<String, Option<String>>, IndexMap<String, Option<String>>)> {
+ ) -> anyhow::Result<(
+ IndexMap<String, Option<String>>,
+ IndexMap<String, Option<String>>,
+ )> {
let mut for_audit: IndexMap<String, Option<String>> = IndexMap::new();
let mut for_block: IndexMap<String, Option<String>> = IndexMap::new();
@@ -83,11 +86,13 @@ impl AuditConfig {
(key.clone(), "all".to_string(), Some(reason_str.clone()))
}
PhpMixed::Array(detail) => {
- let apply = detail.get("apply")
+ let apply = detail
+ .get("apply")
.and_then(|v| v.as_string())
.unwrap_or("all")
.to_string();
- let reason = detail.get("reason")
+ let reason = detail
+ .get("reason")
.and_then(|v| v.as_string())
.map(|s| s.to_string());
diff --git a/crates/shirabe/src/advisory/auditor.rs b/crates/shirabe/src/advisory/auditor.rs
index d96a474..37c86d9 100644
--- a/crates/shirabe/src/advisory/auditor.rs
+++ b/crates/shirabe/src/advisory/auditor.rs
@@ -5,8 +5,8 @@ use indexmap::IndexMap;
use shirabe_external_packages::composer::pcre::preg::Preg;
use shirabe_external_packages::symfony::console::formatter::output_formatter::OutputFormatter;
use shirabe_php_shim::{
- array_all, array_any, array_key_exists, array_keys, array_reduce, get_class, is_string,
- sprintf, str_starts_with, InvalidArgumentException, PhpMixed, DATE_ATOM,
+ DATE_ATOM, InvalidArgumentException, PhpMixed, array_all, array_any, array_key_exists,
+ array_keys, array_reduce, get_class, is_string, sprintf, str_starts_with,
};
use crate::advisory::ignored_security_advisory::IgnoredSecurityAdvisory;
@@ -96,16 +96,12 @@ impl Auditor {
&& self.needs_complete_advisory_load(&all_advisories, &ignore_list)
{
// TODO(phase-b): $packages reused here; see note above
- let result = repo_set.get_matching_security_advisories(
- vec![],
- false,
- ignore_unreachable,
- )?;
+ let result =
+ repo_set.get_matching_security_advisories(vec![], false, ignore_unreachable)?;
all_advisories = result.advisories;
unreachable_repos.extend(result.unreachable_repos);
}
- let processed =
- self.process_advisories(all_advisories, &ignore_list, &ignored_severities);
+ let processed = self.process_advisories(all_advisories, &ignore_list, &ignored_severities);
let advisories = processed.advisories;
let ignored_advisories = processed.ignored_advisories;
@@ -175,9 +171,7 @@ impl Auditor {
io.write(
PhpMixed::String(JsonFile::encode(
- &PhpMixed::Array(
- json.into_iter().map(|(k, v)| (k, Box::new(v))).collect(),
- ),
+ &PhpMixed::Array(json.into_iter().map(|(k, v)| (k, Box::new(v))).collect()),
shirabe_php_shim::JSON_UNESCAPED_SLASHES
| shirabe_php_shim::JSON_PRETTY_PRINT
| shirabe_php_shim::JSON_UNESCAPED_UNICODE,
@@ -210,10 +204,13 @@ impl Auditor {
),
];
for (advisories_to_output, message) in passes {
- let (pkg_count, total_advisory_count) =
- self.count_advisories(advisories_to_output);
+ let (pkg_count, total_advisory_count) = self.count_advisories(advisories_to_output);
if pkg_count > 0 {
- let plurality = if total_advisory_count == 1 { "y" } else { "ies" };
+ let plurality = if total_advisory_count == 1 {
+ "y"
+ } else {
+ "ies"
+ };
let pkg_plurality = if pkg_count == 1 { "" } else { "s" };
let punctuation = if format == "summary" { "." } else { ":" };
io.write_error(
@@ -290,8 +287,7 @@ impl Auditor {
}
// no partial advisories present
- let advisories_values: Vec<&Vec<PartialSecurityAdvisory>> =
- advisories.values().collect();
+ let advisories_values: Vec<&Vec<PartialSecurityAdvisory>> = advisories.values().collect();
if array_all(
&advisories_values,
|pkg_advisories: &&Vec<PartialSecurityAdvisory>| {
@@ -382,12 +378,12 @@ impl Auditor {
// only holds PartialSecurityAdvisory
let advisory_as_full: Option<&SecurityAdvisory> = None;
if let Some(full) = advisory_as_full {
- if is_string(&PhpMixed::String(
- full.severity.clone().unwrap_or_default(),
- )) && array_key_exists(
- full.severity.as_deref().unwrap_or(""),
- ignored_severities,
- ) {
+ if is_string(&PhpMixed::String(full.severity.clone().unwrap_or_default()))
+ && array_key_exists(
+ full.severity.as_deref().unwrap_or(""),
+ ignored_severities,
+ )
+ {
is_active = false;
let sev = full.severity.as_deref().unwrap_or("");
ignore_reason = ignored_severities
@@ -397,10 +393,7 @@ impl Auditor {
}
if is_string(&PhpMixed::String(full.cve.clone().unwrap_or_default()))
- && array_key_exists(
- full.cve.as_deref().unwrap_or(""),
- ignore_list,
- )
+ && array_key_exists(full.cve.as_deref().unwrap_or(""), ignore_list)
{
is_active = false;
ignore_reason = ignore_list
@@ -413,8 +406,7 @@ impl Auditor {
let remote_id = source.get("remoteId").cloned().unwrap_or_default();
if array_key_exists(&remote_id, ignore_list) {
is_active = false;
- ignore_reason =
- ignore_list.get(&remote_id).cloned().unwrap_or(None);
+ ignore_reason = ignore_list.get(&remote_id).cloned().unwrap_or(None);
break;
}
}
@@ -584,7 +576,9 @@ impl Auditor {
error.push(format!("URL: {}", /* self.get_url(advisory) */ ""));
error.push(format!(
"Affected versions: {}",
- OutputFormatter::escape(/* advisory.affectedVersions.getPrettyString() */ "")
+ OutputFormatter::escape(
+ /* advisory.affectedVersions.getPrettyString() */ ""
+ )
));
error.push(format!(
"Reported at: {}",
diff --git a/crates/shirabe/src/advisory/ignored_security_advisory.rs b/crates/shirabe/src/advisory/ignored_security_advisory.rs
index b260644..7ed3a4c 100644
--- a/crates/shirabe/src/advisory/ignored_security_advisory.rs
+++ b/crates/shirabe/src/advisory/ignored_security_advisory.rs
@@ -1,10 +1,10 @@
//! ref: composer/src/Composer/Advisory/IgnoredSecurityAdvisory.php
+use crate::advisory::security_advisory::SecurityAdvisory;
use chrono::{DateTime, Utc};
use indexmap::IndexMap;
use shirabe_php_shim::PhpMixed;
use shirabe_semver::constraint::constraint_interface::ConstraintInterface;
-use crate::advisory::security_advisory::SecurityAdvisory;
#[derive(Debug)]
pub struct IgnoredSecurityAdvisory {
@@ -25,7 +25,17 @@ impl IgnoredSecurityAdvisory {
ignore_reason: Option<String>,
severity: Option<String>,
) -> Self {
- let inner = SecurityAdvisory::new(package_name, advisory_id, affected_versions, title, sources, reported_at, cve, link, severity);
+ let inner = SecurityAdvisory::new(
+ package_name,
+ advisory_id,
+ affected_versions,
+ title,
+ sources,
+ reported_at,
+ cve,
+ link,
+ severity,
+ );
Self {
inner,
ignore_reason,
diff --git a/crates/shirabe/src/advisory/mod.rs b/crates/shirabe/src/advisory/mod.rs
new file mode 100644
index 0000000..783e9b7
--- /dev/null
+++ b/crates/shirabe/src/advisory/mod.rs
@@ -0,0 +1,5 @@
+pub mod audit_config;
+pub mod auditor;
+pub mod ignored_security_advisory;
+pub mod partial_security_advisory;
+pub mod security_advisory;
diff --git a/crates/shirabe/src/advisory/partial_security_advisory.rs b/crates/shirabe/src/advisory/partial_security_advisory.rs
index cd64dc8..e7aa96e 100644
--- a/crates/shirabe/src/advisory/partial_security_advisory.rs
+++ b/crates/shirabe/src/advisory/partial_security_advisory.rs
@@ -1,5 +1,6 @@
//! ref: composer/src/Composer/Advisory/PartialSecurityAdvisory.php
+use crate::advisory::security_advisory::SecurityAdvisory;
use anyhow::Result;
use chrono::{DateTime, TimeZone, Utc};
use indexmap::IndexMap;
@@ -8,7 +9,6 @@ use shirabe_php_shim::{PhpMixed, UnexpectedValueException};
use shirabe_semver::constraint::constraint::Constraint;
use shirabe_semver::constraint::constraint_interface::ConstraintInterface;
use shirabe_semver::version_parser::VersionParser;
-use crate::advisory::security_advisory::SecurityAdvisory;
fn serialize_constraint<S: serde::Serializer>(
c: &Box<dyn ConstraintInterface>,
@@ -34,16 +34,18 @@ impl PartialSecurityAdvisory {
) -> Result<Box<dyn std::any::Any>> {
let affected_versions_str = data["affectedVersions"].as_string().unwrap_or("");
- let constraint: Box<dyn ConstraintInterface> = match parser.parse_constraints(affected_versions_str) {
- Ok(c) => c,
- Err(_) => {
- let affected_version = Preg::replace(r"(^[>=<^~]*[\d.]+).*", "$1", affected_versions_str);
- match parser.parse_constraints(&affected_version) {
- Ok(c) => c,
- Err(_) => Box::new(Constraint::new("==", "0.0.0-invalid-version")),
+ let constraint: Box<dyn ConstraintInterface> =
+ match parser.parse_constraints(affected_versions_str) {
+ Ok(c) => c,
+ Err(_) => {
+ let affected_version =
+ Preg::replace(r"(^[>=<^~]*[\d.]+).*", "$1", affected_versions_str);
+ match parser.parse_constraints(&affected_version) {
+ Ok(c) => c,
+ Err(_) => Box::new(Constraint::new("==", "0.0.0-invalid-version")),
+ }
}
- }
- };
+ };
let has_full_data = data.contains_key("title")
&& data.contains_key("sources")
@@ -63,9 +65,15 @@ impl PartialSecurityAdvisory {
data["title"].as_string().unwrap_or("").to_string(),
data["sources"].clone(),
reported_at,
- data.get("cve").and_then(|v| v.as_string()).map(|s| s.to_string()),
- data.get("link").and_then(|v| v.as_string()).map(|s| s.to_string()),
- data.get("severity").and_then(|v| v.as_string()).map(|s| s.to_string()),
+ data.get("cve")
+ .and_then(|v| v.as_string())
+ .map(|s| s.to_string()),
+ data.get("link")
+ .and_then(|v| v.as_string())
+ .map(|s| s.to_string()),
+ data.get("severity")
+ .and_then(|v| v.as_string())
+ .map(|s| s.to_string()),
);
return Ok(Box::new(advisory));
}
@@ -82,6 +90,10 @@ impl PartialSecurityAdvisory {
advisory_id: String,
affected_versions: Box<dyn ConstraintInterface>,
) -> Self {
- Self { advisory_id, package_name, affected_versions }
+ Self {
+ advisory_id,
+ package_name,
+ affected_versions,
+ }
}
}
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-03 23:53:07 +0000