diff options
Diffstat (limited to 'crates/shirabe/src/advisory')
| -rw-r--r-- | crates/shirabe/src/advisory/audit_config.rs | 11 | ||||
| -rw-r--r-- | crates/shirabe/src/advisory/auditor.rs | 54 | ||||
| -rw-r--r-- | crates/shirabe/src/advisory/ignored_security_advisory.rs | 14 | ||||
| -rw-r--r-- | crates/shirabe/src/advisory/mod.rs | 5 | ||||
| -rw-r--r-- | crates/shirabe/src/advisory/partial_security_advisory.rs | 40 |
5 files changed, 75 insertions, 49 deletions
diff --git a/crates/shirabe/src/advisory/audit_config.rs b/crates/shirabe/src/advisory/audit_config.rs index da01a2c..f75d499 100644 --- a/crates/shirabe/src/advisory/audit_config.rs +++ b/crates/shirabe/src/advisory/audit_config.rs @@ -59,7 +59,10 @@ impl AuditConfig { /// Detailed format: ['CVE-123' => ['apply' => 'audit|block|all', 'reason' => '...']] fn parse_ignore_with_apply( config: &PhpMixed, - ) -> anyhow::Result<(IndexMap<String, Option<String>>, IndexMap<String, Option<String>>)> { + ) -> anyhow::Result<( + IndexMap<String, Option<String>>, + IndexMap<String, Option<String>>, + )> { let mut for_audit: IndexMap<String, Option<String>> = IndexMap::new(); let mut for_block: IndexMap<String, Option<String>> = IndexMap::new(); @@ -83,11 +86,13 @@ impl AuditConfig { (key.clone(), "all".to_string(), Some(reason_str.clone())) } PhpMixed::Array(detail) => { - let apply = detail.get("apply") + let apply = detail + .get("apply") .and_then(|v| v.as_string()) .unwrap_or("all") .to_string(); - let reason = detail.get("reason") + let reason = detail + .get("reason") .and_then(|v| v.as_string()) .map(|s| s.to_string()); diff --git a/crates/shirabe/src/advisory/auditor.rs b/crates/shirabe/src/advisory/auditor.rs index d96a474..37c86d9 100644 --- a/crates/shirabe/src/advisory/auditor.rs +++ b/crates/shirabe/src/advisory/auditor.rs @@ -5,8 +5,8 @@ use indexmap::IndexMap; use shirabe_external_packages::composer::pcre::preg::Preg; use shirabe_external_packages::symfony::console::formatter::output_formatter::OutputFormatter; use shirabe_php_shim::{ - array_all, array_any, array_key_exists, array_keys, array_reduce, get_class, is_string, - sprintf, str_starts_with, InvalidArgumentException, PhpMixed, DATE_ATOM, + DATE_ATOM, InvalidArgumentException, PhpMixed, array_all, array_any, array_key_exists, + array_keys, array_reduce, get_class, is_string, sprintf, str_starts_with, }; use crate::advisory::ignored_security_advisory::IgnoredSecurityAdvisory; @@ -96,16 +96,12 @@ impl Auditor { && self.needs_complete_advisory_load(&all_advisories, &ignore_list) { // TODO(phase-b): $packages reused here; see note above - let result = repo_set.get_matching_security_advisories( - vec![], - false, - ignore_unreachable, - )?; + let result = + repo_set.get_matching_security_advisories(vec![], false, ignore_unreachable)?; all_advisories = result.advisories; unreachable_repos.extend(result.unreachable_repos); } - let processed = - self.process_advisories(all_advisories, &ignore_list, &ignored_severities); + let processed = self.process_advisories(all_advisories, &ignore_list, &ignored_severities); let advisories = processed.advisories; let ignored_advisories = processed.ignored_advisories; @@ -175,9 +171,7 @@ impl Auditor { io.write( PhpMixed::String(JsonFile::encode( - &PhpMixed::Array( - json.into_iter().map(|(k, v)| (k, Box::new(v))).collect(), - ), + &PhpMixed::Array(json.into_iter().map(|(k, v)| (k, Box::new(v))).collect()), shirabe_php_shim::JSON_UNESCAPED_SLASHES | shirabe_php_shim::JSON_PRETTY_PRINT | shirabe_php_shim::JSON_UNESCAPED_UNICODE, @@ -210,10 +204,13 @@ impl Auditor { ), ]; for (advisories_to_output, message) in passes { - let (pkg_count, total_advisory_count) = - self.count_advisories(advisories_to_output); + let (pkg_count, total_advisory_count) = self.count_advisories(advisories_to_output); if pkg_count > 0 { - let plurality = if total_advisory_count == 1 { "y" } else { "ies" }; + let plurality = if total_advisory_count == 1 { + "y" + } else { + "ies" + }; let pkg_plurality = if pkg_count == 1 { "" } else { "s" }; let punctuation = if format == "summary" { "." } else { ":" }; io.write_error( @@ -290,8 +287,7 @@ impl Auditor { } // no partial advisories present - let advisories_values: Vec<&Vec<PartialSecurityAdvisory>> = - advisories.values().collect(); + let advisories_values: Vec<&Vec<PartialSecurityAdvisory>> = advisories.values().collect(); if array_all( &advisories_values, |pkg_advisories: &&Vec<PartialSecurityAdvisory>| { @@ -382,12 +378,12 @@ impl Auditor { // only holds PartialSecurityAdvisory let advisory_as_full: Option<&SecurityAdvisory> = None; if let Some(full) = advisory_as_full { - if is_string(&PhpMixed::String( - full.severity.clone().unwrap_or_default(), - )) && array_key_exists( - full.severity.as_deref().unwrap_or(""), - ignored_severities, - ) { + if is_string(&PhpMixed::String(full.severity.clone().unwrap_or_default())) + && array_key_exists( + full.severity.as_deref().unwrap_or(""), + ignored_severities, + ) + { is_active = false; let sev = full.severity.as_deref().unwrap_or(""); ignore_reason = ignored_severities @@ -397,10 +393,7 @@ impl Auditor { } if is_string(&PhpMixed::String(full.cve.clone().unwrap_or_default())) - && array_key_exists( - full.cve.as_deref().unwrap_or(""), - ignore_list, - ) + && array_key_exists(full.cve.as_deref().unwrap_or(""), ignore_list) { is_active = false; ignore_reason = ignore_list @@ -413,8 +406,7 @@ impl Auditor { let remote_id = source.get("remoteId").cloned().unwrap_or_default(); if array_key_exists(&remote_id, ignore_list) { is_active = false; - ignore_reason = - ignore_list.get(&remote_id).cloned().unwrap_or(None); + ignore_reason = ignore_list.get(&remote_id).cloned().unwrap_or(None); break; } } @@ -584,7 +576,9 @@ impl Auditor { error.push(format!("URL: {}", /* self.get_url(advisory) */ "")); error.push(format!( "Affected versions: {}", - OutputFormatter::escape(/* advisory.affectedVersions.getPrettyString() */ "") + OutputFormatter::escape( + /* advisory.affectedVersions.getPrettyString() */ "" + ) )); error.push(format!( "Reported at: {}", diff --git a/crates/shirabe/src/advisory/ignored_security_advisory.rs b/crates/shirabe/src/advisory/ignored_security_advisory.rs index b260644..7ed3a4c 100644 --- a/crates/shirabe/src/advisory/ignored_security_advisory.rs +++ b/crates/shirabe/src/advisory/ignored_security_advisory.rs @@ -1,10 +1,10 @@ //! ref: composer/src/Composer/Advisory/IgnoredSecurityAdvisory.php +use crate::advisory::security_advisory::SecurityAdvisory; use chrono::{DateTime, Utc}; use indexmap::IndexMap; use shirabe_php_shim::PhpMixed; use shirabe_semver::constraint::constraint_interface::ConstraintInterface; -use crate::advisory::security_advisory::SecurityAdvisory; #[derive(Debug)] pub struct IgnoredSecurityAdvisory { @@ -25,7 +25,17 @@ impl IgnoredSecurityAdvisory { ignore_reason: Option<String>, severity: Option<String>, ) -> Self { - let inner = SecurityAdvisory::new(package_name, advisory_id, affected_versions, title, sources, reported_at, cve, link, severity); + let inner = SecurityAdvisory::new( + package_name, + advisory_id, + affected_versions, + title, + sources, + reported_at, + cve, + link, + severity, + ); Self { inner, ignore_reason, diff --git a/crates/shirabe/src/advisory/mod.rs b/crates/shirabe/src/advisory/mod.rs new file mode 100644 index 0000000..783e9b7 --- /dev/null +++ b/crates/shirabe/src/advisory/mod.rs @@ -0,0 +1,5 @@ +pub mod audit_config; +pub mod auditor; +pub mod ignored_security_advisory; +pub mod partial_security_advisory; +pub mod security_advisory; diff --git a/crates/shirabe/src/advisory/partial_security_advisory.rs b/crates/shirabe/src/advisory/partial_security_advisory.rs index cd64dc8..e7aa96e 100644 --- a/crates/shirabe/src/advisory/partial_security_advisory.rs +++ b/crates/shirabe/src/advisory/partial_security_advisory.rs @@ -1,5 +1,6 @@ //! ref: composer/src/Composer/Advisory/PartialSecurityAdvisory.php +use crate::advisory::security_advisory::SecurityAdvisory; use anyhow::Result; use chrono::{DateTime, TimeZone, Utc}; use indexmap::IndexMap; @@ -8,7 +9,6 @@ use shirabe_php_shim::{PhpMixed, UnexpectedValueException}; use shirabe_semver::constraint::constraint::Constraint; use shirabe_semver::constraint::constraint_interface::ConstraintInterface; use shirabe_semver::version_parser::VersionParser; -use crate::advisory::security_advisory::SecurityAdvisory; fn serialize_constraint<S: serde::Serializer>( c: &Box<dyn ConstraintInterface>, @@ -34,16 +34,18 @@ impl PartialSecurityAdvisory { ) -> Result<Box<dyn std::any::Any>> { let affected_versions_str = data["affectedVersions"].as_string().unwrap_or(""); - let constraint: Box<dyn ConstraintInterface> = match parser.parse_constraints(affected_versions_str) { - Ok(c) => c, - Err(_) => { - let affected_version = Preg::replace(r"(^[>=<^~]*[\d.]+).*", "$1", affected_versions_str); - match parser.parse_constraints(&affected_version) { - Ok(c) => c, - Err(_) => Box::new(Constraint::new("==", "0.0.0-invalid-version")), + let constraint: Box<dyn ConstraintInterface> = + match parser.parse_constraints(affected_versions_str) { + Ok(c) => c, + Err(_) => { + let affected_version = + Preg::replace(r"(^[>=<^~]*[\d.]+).*", "$1", affected_versions_str); + match parser.parse_constraints(&affected_version) { + Ok(c) => c, + Err(_) => Box::new(Constraint::new("==", "0.0.0-invalid-version")), + } } - } - }; + }; let has_full_data = data.contains_key("title") && data.contains_key("sources") @@ -63,9 +65,15 @@ impl PartialSecurityAdvisory { data["title"].as_string().unwrap_or("").to_string(), data["sources"].clone(), reported_at, - data.get("cve").and_then(|v| v.as_string()).map(|s| s.to_string()), - data.get("link").and_then(|v| v.as_string()).map(|s| s.to_string()), - data.get("severity").and_then(|v| v.as_string()).map(|s| s.to_string()), + data.get("cve") + .and_then(|v| v.as_string()) + .map(|s| s.to_string()), + data.get("link") + .and_then(|v| v.as_string()) + .map(|s| s.to_string()), + data.get("severity") + .and_then(|v| v.as_string()) + .map(|s| s.to_string()), ); return Ok(Box::new(advisory)); } @@ -82,6 +90,10 @@ impl PartialSecurityAdvisory { advisory_id: String, affected_versions: Box<dyn ConstraintInterface>, ) -> Self { - Self { advisory_id, package_name, affected_versions } + Self { + advisory_id, + package_name, + affected_versions, + } } } |