diff --git a/apps/cargo-scout-audit/Cargo.lock b/apps/cargo-scout-audit/Cargo.lock index 069839bb..d9c46638 100644 --- a/apps/cargo-scout-audit/Cargo.lock +++ b/apps/cargo-scout-audit/Cargo.lock @@ -8,18 +8,6 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -[[package]] -name = "ahash" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" -dependencies = [ - "cfg-if", - "getrandom", - "once_cell", - "version_check", -] - [[package]] name = "aho-corasick" version = "1.1.2" @@ -103,9 +91,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.75" +version = "1.0.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +checksum = "0952808a6c2afd1aa8947271f3a60f1a6763c7b912d210184c5149b5cf147247" [[package]] name = "arc-swap" @@ -113,12 +101,6 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" -[[package]] -name = "arrayvec" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" - [[package]] name = "async-trait" version = "0.1.73" @@ -225,6 +207,12 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a3e368af43e418a04d52505cf3dbc23dda4e3407ae2fa99fd0e4f308ce546acc" +[[package]] +name = "byteyarn" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7534301c0ea17abb4db06d75efc7b4b0fa360fce8e175a4330d721c71c942ff" + [[package]] name = "camino" version = "1.1.6" @@ -236,27 +224,32 @@ dependencies = [ [[package]] name = "cargo" -version = "0.72.2" +version = "0.75.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "171aca76a3199e771ea0b94ec260984ed9cba62af8e478142974dbaa594d583b" +checksum = "8883ad826b173ffc1363f9478d16714977ba3b3ddd540d2dd5cbc0ceeda1819b" dependencies = [ + "anstream", + "anstyle", "anyhow", "base64", "bytesize", + "cargo-credential", + "cargo-credential-libsecret", + "cargo-credential-macos-keychain", + "cargo-credential-wincred", "cargo-platform", "cargo-util", "clap", + "color-print", "crates-io", "curl", "curl-sys", - "env_logger 0.10.2", "filetime", "flate2", - "fwdansi", "git2", "git2-curl", - "gix 0.44.1", - "gix-features 0.29.0", + "gix 0.54.1", + "gix-features 0.35.0", "glob", "hex", "hmac", @@ -265,36 +258,37 @@ dependencies = [ "humantime", "ignore", "im-rc", - "indexmap 1.9.3", - "is-terminal", + "indexmap", "itertools 0.10.5", "jobserver", - "lazy_static", "lazycell", "libc", "libgit2-sys", - "log", "memchr", "opener", "os_info", "pasetors", "pathdiff", + "pulldown-cmark 0.9.6", "rand", "rustfix", "semver", "serde", + "serde-untagged", "serde-value", "serde_ignored", "serde_json", "sha1", "shell-escape", - "strip-ansi-escapes", + "syn 2.0.52", "tar", "tempfile", - "termcolor", "time", "toml 0.7.7", "toml_edit 0.19.15", + "tracing", + "tracing-subscriber", + "unicase", "unicode-width", "unicode-xid", "url", @@ -304,27 +298,32 @@ dependencies = [ [[package]] name = "cargo" -version = "0.73.1" +version = "0.76.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77a6fe1f5394d14b81d2f3f605832a3ce35ed0bf120bc7ef437ce27fd4929c6a" +checksum = "86cb275625d5f6445b70d6c544230c3db747dd8b23ae65faa7d5d095e4f6d293" dependencies = [ + "anstream", + "anstyle", "anyhow", "base64", "bytesize", + "cargo-credential", + "cargo-credential-libsecret", + "cargo-credential-macos-keychain", + "cargo-credential-wincred", "cargo-platform", "cargo-util", "clap", + "color-print", "crates-io", "curl", "curl-sys", - "env_logger 0.10.2", "filetime", "flate2", - "fwdansi", "git2", "git2-curl", - "gix 0.45.1", - "gix-features 0.30.0", + "gix 0.55.2", + "gix-features 0.35.0", "glob", "hex", "hmac", @@ -333,13 +332,12 @@ dependencies = [ "humantime", "ignore", "im-rc", - "indexmap 1.9.3", - "itertools 0.10.5", + "indexmap", + "itertools 0.11.0", "jobserver", "lazycell", "libc", "libgit2-sys", - "log", "memchr", "opener", "os_info", @@ -350,19 +348,22 @@ dependencies = [ "rustfix", "semver", "serde", + "serde-untagged", "serde-value", "serde_ignored", "serde_json", "sha1", "shell-escape", - "strip-ansi-escapes", + "supports-hyperlinks", "syn 2.0.52", "tar", "tempfile", - "termcolor", "time", - "toml 0.7.7", - "toml_edit 0.19.15", + "toml 0.8.10", + "toml_edit 0.20.7", + "tracing", + "tracing-subscriber", + "unicase", "unicode-width", "unicode-xid", "url", @@ -370,6 +371,52 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "cargo-credential" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e5c02daf38715e60a9f59155bc3154c3e0bf55ee7bf34ddc090e8818c8f75e3" +dependencies = [ + "anyhow", + "libc", + "serde", + "serde_json", + "thiserror", + "time", + "windows-sys 0.52.0", +] + +[[package]] +name = "cargo-credential-libsecret" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62d3e1abe5f85f1bb475901441daf4fbce5e6415c1b1ce7f40be92fd8cf678d5" +dependencies = [ + "anyhow", + "cargo-credential", + "libloading", +] + +[[package]] +name = "cargo-credential-macos-keychain" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "361100e0a3f7e5a3f3745bcda27637fce0e81dfa1deb00098085cbdacf5441d3" +dependencies = [ + "cargo-credential", + "security-framework", +] + +[[package]] +name = "cargo-credential-wincred" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4888956ebe36160e341031845a2db838d1e1be24ac6c20b2a02a8f593ff3692d" +dependencies = [ + "cargo-credential", + "windows-sys 0.52.0", +] + [[package]] name = "cargo-platform" version = "0.1.7" @@ -381,26 +428,27 @@ dependencies = [ [[package]] name = "cargo-scout-audit" -version = "0.2.4" +version = "0.2.6" dependencies = [ "ansi_term", "anyhow", - "cargo 0.72.2", + "cargo 0.76.0", "cargo_metadata", "chrono", "clap", "colored", "config", + "current_platform", "dunce", "dylint", - "env_logger 0.11.2", + "env_logger", "home", "itertools 0.12.1", "lazy_static", + "libloading", "log", "pulldown-cmark 0.10.0", "regex", - "scout-audit-internal", "serde", "serde_json", "tempfile", @@ -551,6 +599,27 @@ version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b8191fa7302e03607ff0e237d4246cc043ff5b3cb9409d995172ba3bea16b807" +[[package]] +name = "color-print" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a858372ff14bab9b1b30ea504f2a4bc534582aee3e42ba2d41d2a7baba63d5d" +dependencies = [ + "color-print-proc-macro", +] + +[[package]] +name = "color-print-proc-macro" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57e37866456a721d0a404439a1adae37a31be4e0055590d053dfe6981e05003f" +dependencies = [ + "nom", + "proc-macro2", + "quote", + "syn 1.0.109", +] + [[package]] name = "colorchoice" version = "1.0.0" @@ -660,15 +729,15 @@ dependencies = [ [[package]] name = "crates-io" -version = "0.37.0" +version = "0.39.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "876aa69b4afca5f2eb5e23daa3445930faf829bcb67075a20ffa884f11f8c57c" +checksum = "6622f902c3c338eced1f000091f034846ae36aadaf35d0acd1ab0469a2d8ef1f" dependencies = [ - "anyhow", "curl", "percent-encoding", "serde", "serde_json", + "thiserror", "url", ] @@ -781,6 +850,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "current_platform" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a74858bcfe44b22016cb49337d7b6f04618c58e5dbfdef61b06b8c434324a0bc" + [[package]] name = "der" version = "0.7.8" @@ -797,6 +872,9 @@ name = "deranged" version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946" +dependencies = [ + "serde", +] [[package]] name = "deunicode" @@ -854,13 +932,13 @@ checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" [[package]] name = "dylint" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "683b9feb84cd2620b4b75119b7e914ac132dbd9e523f9a98821f3b3a7e355053" +checksum = "4d6259cf4df09300534dcfa6a49918bb442327111e370c656b31f1c10ec08145" dependencies = [ "ansi_term", "anyhow", - "cargo 0.73.1", + "cargo 0.75.1", "cargo-platform", "cargo-util", "cargo_metadata", @@ -874,6 +952,7 @@ dependencies = [ "once_cell", "semver", "serde", + "serde-untagged", "serde_json", "tempfile", "toml 0.8.10", @@ -882,18 +961,20 @@ dependencies = [ [[package]] name = "dylint_internal" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ede982d9261f23a19b92ed7dc4ddeefc8328fc21c88e2c79ffd6e071c7972be" +checksum = "9400420c9ffa71c6b1b75d84225a150e3428eb12159e5bf4f56285bd9eb1c095" dependencies = [ "ansi_term", "anyhow", + "bitflags 2.4.0", "cargo_metadata", "git2", "home", "if_chain", "is-terminal", "log", + "once_cell", "rust-embed", "sedregex", ] @@ -949,26 +1030,22 @@ dependencies = [ ] [[package]] -name = "env_filter" -version = "0.1.0" +name = "encoding_rs" +version = "0.8.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a009aa4810eb158359dda09d0c87378e4bbb89b5a801f016885a4707ba24f7ea" +checksum = "7268b386296a025e474d5140678f75d6de9493ae55a5d709eeb9dd08149945e1" dependencies = [ - "log", - "regex", + "cfg-if", ] [[package]] -name = "env_logger" -version = "0.10.2" +name = "env_filter" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580" +checksum = "a009aa4810eb158359dda09d0c87378e4bbb89b5a801f016885a4707ba24f7ea" dependencies = [ - "humantime", - "is-terminal", "log", "regex", - "termcolor", ] [[package]] @@ -990,6 +1067,15 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" +[[package]] +name = "erased-serde" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b73807008a3c7f171cc40312f37d95ef0396e048b5848d775f54b1a4dd4a0d3" +dependencies = [ + "serde", +] + [[package]] name = "errno" version = "0.3.8" @@ -1009,6 +1095,15 @@ dependencies = [ "serde", ] +[[package]] +name = "faster-hex" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2a2b11eda1d40935b26cf18f6833c526845ae8c41e58d09af6adeb6f0269183" +dependencies = [ + "serde", +] + [[package]] name = "fastrand" version = "2.0.1" @@ -1063,16 +1158,6 @@ dependencies = [ "percent-encoding", ] -[[package]] -name = "fwdansi" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08c1f5787fe85505d1f7777268db5103d80a7a374d2316a7ce262e57baf8f208" -dependencies = [ - "memchr", - "termcolor", -] - [[package]] name = "generic-array" version = "0.14.7" @@ -1108,11 +1193,11 @@ dependencies = [ [[package]] name = "git2" -version = "0.17.2" +version = "0.18.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b989d6a7ca95a362cf2cfc5ad688b3a467be1f87e480b8dad07fee8c79b0044" +checksum = "232e6a7bfe35766bf715e55a88b39a700596c0ccfd88cd3680b4cdb40d66ef70" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.4.0", "libc", "libgit2-sys", "log", @@ -1123,9 +1208,9 @@ dependencies = [ [[package]] name = "git2-curl" -version = "0.18.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8f8b7432b72928cff76f69e59ed5327f94a52763731e71274960dee72fe5f8c" +checksum = "78e26b61608c573ffd26fc79061a823aa5147449a1afe1f61679a21e2031f7c3" dependencies = [ "curl", "git2", @@ -1135,47 +1220,53 @@ dependencies = [ [[package]] name = "gix" -version = "0.44.1" +version = "0.54.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bf41b61f7df395284f7a579c0fa1a7e012c5aede655174d4e91299ef1cac643" +checksum = "ad6d32e74454459690d57d18ea4ebec1629936e6b130b51d12cb4a81630ac953" dependencies = [ - "gix-actor 0.20.0", - "gix-attributes 0.12.0", - "gix-config 0.22.0", - "gix-credentials 0.14.0", + "gix-actor 0.27.0", + "gix-attributes 0.19.0", + "gix-commitgraph 0.21.0", + "gix-config 0.30.0", + "gix-credentials 0.20.0", "gix-date", - "gix-diff 0.29.0", - "gix-discover 0.18.1", - "gix-features 0.29.0", - "gix-fs 0.1.1", - "gix-glob 0.7.0", + "gix-diff 0.36.0", + "gix-discover 0.25.0", + "gix-features 0.35.0", + "gix-filter 0.5.0", + "gix-fs 0.7.0", + "gix-glob 0.13.0", "gix-hash", "gix-hashtable", - "gix-ignore 0.2.0", - "gix-index 0.16.1", - "gix-lock 5.0.1", - "gix-mailmap 0.12.0", - "gix-object 0.29.2", - "gix-odb 0.45.0", - "gix-pack 0.35.0", + "gix-ignore 0.8.0", + "gix-index 0.25.0", + "gix-lock 10.0.0", + "gix-macros", + "gix-negotiate 0.8.0", + "gix-object 0.37.0", + "gix-odb 0.53.0", + "gix-pack 0.43.0", "gix-path", + "gix-pathspec 0.3.0", "gix-prompt", - "gix-protocol 0.32.0", - "gix-ref 0.29.1", - "gix-refspec 0.10.1", - "gix-revision 0.13.0", + "gix-protocol 0.40.0", + "gix-ref 0.37.0", + "gix-refspec 0.18.0", + "gix-revision 0.22.0", + "gix-revwalk 0.8.0", "gix-sec", - "gix-tempfile 5.0.3", - "gix-transport 0.31.0", - "gix-traverse 0.25.0", - "gix-url 0.18.0", + "gix-submodule 0.4.0", + "gix-tempfile 10.0.0", + "gix-trace", + "gix-transport 0.37.0", + "gix-traverse 0.33.0", + "gix-url 0.24.0", "gix-utils", "gix-validate", - "gix-worktree 0.17.1", - "log", + "gix-worktree 0.26.0", "once_cell", - "prodash 23.1.2", - "signal-hook", + "parking_lot", + "prodash", "smallvec", "thiserror", "unicode-normalization", @@ -1183,49 +1274,53 @@ dependencies = [ [[package]] name = "gix" -version = "0.45.1" +version = "0.55.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf2a03ec66ee24d1b2bae3ab718f8d14f141613810cb7ff6756f7db667f1cd82" +checksum = "002667cd1ebb789313d0d0afe3d23b2821cf3b0e91605095f0e6d8751f0ceeea" dependencies = [ - "gix-actor 0.21.0", - "gix-attributes 0.13.1", - "gix-commitgraph", - "gix-config 0.23.0", - "gix-credentials 0.15.0", + "gix-actor 0.28.1", + "gix-attributes 0.20.1", + "gix-commitgraph 0.22.1", + "gix-config 0.31.0", + "gix-credentials 0.21.0", "gix-date", - "gix-diff 0.30.1", - "gix-discover 0.19.0", - "gix-features 0.30.0", - "gix-fs 0.2.0", - "gix-glob 0.8.0", + "gix-diff 0.37.0", + "gix-discover 0.26.0", + "gix-features 0.36.1", + "gix-filter 0.6.0", + "gix-fs 0.8.1", + "gix-glob 0.14.1", "gix-hash", "gix-hashtable", - "gix-ignore 0.3.0", - "gix-index 0.17.0", - "gix-lock 6.0.0", - "gix-mailmap 0.13.0", - "gix-negotiate", - "gix-object 0.30.0", - "gix-odb 0.46.0", - "gix-pack 0.36.0", + "gix-ignore 0.9.1", + "gix-index 0.26.0", + "gix-lock 11.0.1", + "gix-macros", + "gix-negotiate 0.9.0", + "gix-object 0.38.0", + "gix-odb 0.54.0", + "gix-pack 0.44.0", "gix-path", + "gix-pathspec 0.4.1", "gix-prompt", - "gix-protocol 0.33.2", - "gix-ref 0.30.0", - "gix-refspec 0.11.0", - "gix-revision 0.15.2", + "gix-protocol 0.41.1", + "gix-ref 0.38.0", + "gix-refspec 0.19.0", + "gix-revision 0.23.0", + "gix-revwalk 0.9.0", "gix-sec", - "gix-tempfile 6.0.0", - "gix-transport 0.32.0", - "gix-traverse 0.26.0", - "gix-url 0.19.0", + "gix-submodule 0.5.0", + "gix-tempfile 11.0.1", + "gix-trace", + "gix-transport 0.38.0", + "gix-traverse 0.34.0", + "gix-url 0.25.2", "gix-utils", "gix-validate", - "gix-worktree 0.18.0", - "log", + "gix-worktree 0.27.0", "once_cell", - "prodash 25.0.2", - "signal-hook", + "parking_lot", + "prodash", "smallvec", "thiserror", "unicode-normalization", @@ -1233,44 +1328,44 @@ dependencies = [ [[package]] name = "gix-actor" -version = "0.20.0" +version = "0.27.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "848efa0f1210cea8638f95691c82a46f98a74b9e3524f01d4955ebc25a8f84f3" +checksum = "08c60e982c5290897122d4e2622447f014a2dadd5a18cb73d50bb91b31645e27" dependencies = [ "bstr", "btoi", "gix-date", "itoa", - "nom", "thiserror", + "winnow 0.5.40", ] [[package]] name = "gix-actor" -version = "0.21.0" +version = "0.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fe73f9f6be1afbf1bd5be919a9636fa560e2f14d42262a934423ed6760cd838" +checksum = "2eadca029ef716b4378f7afb19f7ee101fde9e58ba1f1445971315ac866db417" dependencies = [ "bstr", "btoi", "gix-date", "itoa", - "nom", "thiserror", + "winnow 0.5.40", ] [[package]] name = "gix-attributes" -version = "0.12.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3015baa01ad2122fbcaab7863c857a603eb7b7ec12ac8141207c42c6439805e2" +checksum = "2451665e70709ba4753b623ef97511ee98c4a73816b2c5b5df25678d607ed820" dependencies = [ "bstr", - "gix-glob 0.7.0", + "byteyarn", + "gix-glob 0.13.0", "gix-path", "gix-quote", - "kstring", - "log", + "gix-trace", "smallvec", "thiserror", "unicode-bom", @@ -1278,16 +1373,16 @@ dependencies = [ [[package]] name = "gix-attributes" -version = "0.13.1" +version = "0.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78b79590ac382f80d87e06416f5fcac6fee5d83dcb152a00ed0bdbaa988acc31" +checksum = "0f395469d38c76ec47cd1a6c5a53fbc3f13f737b96eaf7535f4e6b367e643381" dependencies = [ "bstr", - "gix-glob 0.8.0", + "gix-glob 0.14.1", "gix-path", "gix-quote", + "gix-trace", "kstring", - "log", "smallvec", "thiserror", "unicode-bom", @@ -1313,76 +1408,88 @@ dependencies = [ [[package]] name = "gix-command" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f28f654184b5f725c5737c7e4f466cbd8f0102ac352d5257eeab19647ee4256" +checksum = "3c576cfbf577f72c097b5f88aedea502cd62952bdc1fb3adcab4531d5525a4c7" dependencies = [ "bstr", ] [[package]] name = "gix-commitgraph" -version = "0.16.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8490ae1b3d55c47e6a71d247c082304a2f79f8d0332c1a2f5693d42a2021a09" +checksum = "e75a975ee22cf0a002bfe9b5d5cb3d2a88e263a8a178cd7509133cff10f4df8a" dependencies = [ "bstr", "gix-chunk", - "gix-features 0.30.0", + "gix-features 0.35.0", "gix-hash", - "memmap2", + "memmap2 0.7.1", + "thiserror", +] + +[[package]] +name = "gix-commitgraph" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85a7007ba021f059803afaf6f8a48872422abc20550ac12ede6ddea2936cec36" +dependencies = [ + "bstr", + "gix-chunk", + "gix-features 0.36.1", + "gix-hash", + "memmap2 0.9.4", "thiserror", ] [[package]] name = "gix-config" -version = "0.22.0" +version = "0.30.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d252a0eddb6df74600d3d8872dc9fe98835a7da43110411d705b682f49d4ac1" +checksum = "c171514b40487d3f677ae37efc0f45ac980e3169f23c27eb30a70b47fdf88ab5" dependencies = [ "bstr", "gix-config-value", - "gix-features 0.29.0", - "gix-glob 0.7.0", + "gix-features 0.35.0", + "gix-glob 0.13.0", "gix-path", - "gix-ref 0.29.1", + "gix-ref 0.37.0", "gix-sec", - "log", "memchr", - "nom", "once_cell", "smallvec", "thiserror", "unicode-bom", + "winnow 0.5.40", ] [[package]] name = "gix-config" -version = "0.23.0" +version = "0.31.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51f310120ae1ba8f0ca52fb22876ce9bad5b15c8ffb3eb7302e4b64a3b9f681c" +checksum = "5cae98c6b4c66c09379bc35274b172587d6b0ac369a416c39128ad8c6454f9bb" dependencies = [ "bstr", "gix-config-value", - "gix-features 0.30.0", - "gix-glob 0.8.0", + "gix-features 0.36.1", + "gix-glob 0.14.1", "gix-path", - "gix-ref 0.30.0", + "gix-ref 0.38.0", "gix-sec", - "log", "memchr", - "nom", "once_cell", "smallvec", "thiserror", "unicode-bom", + "winnow 0.5.40", ] [[package]] name = "gix-config-value" -version = "0.12.5" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e874f41437441c02991dcea76990b9058fadfc54b02ab4dd06ab2218af43897" +checksum = "74ab5d22bc21840f4be0ba2e78df947ba14d8ba6999ea798f86b5bdb999edd0c" dependencies = [ "bitflags 2.4.0", "bstr", @@ -1393,9 +1500,9 @@ dependencies = [ [[package]] name = "gix-credentials" -version = "0.14.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4874a4fc11ffa844a3c2b87a66957bda30a73b577ef1acf15ac34df5745de5ff" +checksum = "46900b884cc5af6a6c141ee741607c0c651a4e1d33614b8d888a1ba81cc0bc8a" dependencies = [ "bstr", "gix-command", @@ -1403,15 +1510,15 @@ dependencies = [ "gix-path", "gix-prompt", "gix-sec", - "gix-url 0.18.0", + "gix-url 0.24.0", "thiserror", ] [[package]] name = "gix-credentials" -version = "0.15.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f89fea8acd28f5ef8fa5042146f1637afd4d834bc8f13439d8fd1e5aca0d65" +checksum = "1c5c5d74069b842a1861e581027ac6b7ad9ff66f5911c89b9f45484d7ebda6a4" dependencies = [ "bstr", "gix-command", @@ -1419,15 +1526,15 @@ dependencies = [ "gix-path", "gix-prompt", "gix-sec", - "gix-url 0.19.0", + "gix-url 0.25.2", "thiserror", ] [[package]] name = "gix-date" -version = "0.5.1" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc164145670e9130a60a21670d9b6f0f4f8de04e5dd256c51fa5a0340c625902" +checksum = "180b130a4a41870edfbd36ce4169c7090bca70e195da783dea088dd973daa59c" dependencies = [ "bstr", "itoa", @@ -1437,73 +1544,72 @@ dependencies = [ [[package]] name = "gix-diff" -version = "0.29.0" +version = "0.36.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "644a0f2768bc42d7a69289ada80c9e15c589caefc6a315d2307202df83ed1186" +checksum = "788ddb152c388206e81f36bcbb574e7ed7827c27d8fa62227b34edc333d8928c" dependencies = [ "gix-hash", - "gix-object 0.29.2", - "imara-diff", + "gix-object 0.37.0", "thiserror", ] [[package]] name = "gix-diff" -version = "0.30.1" +version = "0.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9029ad0083cc286a4bd2f5b3bf66bb66398abc26f2731a2824cd5edfc41a0e33" +checksum = "931394f69fb8c9ed6afc0aae3487bd869e936339bcc13ed8884472af072e0554" dependencies = [ "gix-hash", - "gix-object 0.30.0", - "imara-diff", + "gix-object 0.38.0", "thiserror", ] [[package]] name = "gix-discover" -version = "0.18.1" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a6b61363e63e7cdaa3e6f96acb0257ebdb3d8883e21eba5930c99f07f0a5fc0" +checksum = "69507643d75a0ea9a402fcf73ced517d2b95cc95385904ac09d03e0b952fde33" dependencies = [ "bstr", "dunce", "gix-hash", "gix-path", - "gix-ref 0.29.1", + "gix-ref 0.37.0", "gix-sec", "thiserror", ] [[package]] name = "gix-discover" -version = "0.19.0" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aba9c6c0d1f2b2efe65581de73de4305004612d49c83773e783202a7ef204f46" +checksum = "a45d5cf0321178883e38705ab2b098f625d609a7d4c391b33ac952eff2c490f2" dependencies = [ "bstr", "dunce", "gix-hash", "gix-path", - "gix-ref 0.30.0", + "gix-ref 0.38.0", "gix-sec", "thiserror", ] [[package]] name = "gix-features" -version = "0.29.0" +version = "0.35.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf69b0f5c701cc3ae22d3204b671907668f6437ca88862d355eaf9bc47a4f897" +checksum = "9b9ff423ae4983f762659040d13dd7a5defbd54b6a04ac3cc7347741cec828cd" dependencies = [ "bytes", "crc32fast", "crossbeam-channel", "flate2", "gix-hash", + "gix-trace", "libc", "once_cell", "parking_lot", - "prodash 23.1.2", + "prodash", "sha1_smol", "thiserror", "walkdir", @@ -1511,81 +1617,120 @@ dependencies = [ [[package]] name = "gix-features" -version = "0.30.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a8c493409bf6060d408eec9bbdd1b12ea351266b50012e2a522f75dfc7b8314" +checksum = "4d46a4a5c6bb5bebec9c0d18b65ada20e6517dbd7cf855b87dd4bbdce3a771b2" dependencies = [ "bytes", "crc32fast", - "crossbeam-channel", "flate2", "gix-hash", + "gix-trace", "libc", "once_cell", - "parking_lot", - "prodash 25.0.2", + "prodash", "sha1_smol", "thiserror", "walkdir", ] +[[package]] +name = "gix-filter" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1be40d28cd41445bb6cd52c4d847d915900e5466f7433eaee6a9e0a3d1d88b08" +dependencies = [ + "bstr", + "encoding_rs", + "gix-attributes 0.19.0", + "gix-command", + "gix-hash", + "gix-object 0.37.0", + "gix-packetline-blocking", + "gix-path", + "gix-quote", + "gix-trace", + "smallvec", + "thiserror", +] + +[[package]] +name = "gix-filter" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92f674d3fdb6b1987b04521ec9a5b7be8650671f2c4bbd17c3c81e2a364242ff" +dependencies = [ + "bstr", + "encoding_rs", + "gix-attributes 0.20.1", + "gix-command", + "gix-hash", + "gix-object 0.38.0", + "gix-packetline-blocking", + "gix-path", + "gix-quote", + "gix-trace", + "smallvec", + "thiserror", +] + [[package]] name = "gix-fs" -version = "0.1.1" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b37a1832f691fdc09910bd267f9a2e413737c1f9ec68c6e31f9e802616278a9" +checksum = "09815faba62fe9b32d918b75a554686c98e43f7d48c43a80df58eb718e5c6635" dependencies = [ - "gix-features 0.29.0", + "gix-features 0.35.0", ] [[package]] name = "gix-fs" -version = "0.2.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30da8997008adb87f94e15beb7ee229f8a48e97af585a584bfee4a5a1880aab5" +checksum = "20e86eb040f5776a5ade092282e51cdcad398adb77d948b88d17583c2ae4e107" dependencies = [ - "gix-features 0.30.0", + "gix-features 0.36.1", ] [[package]] name = "gix-glob" -version = "0.7.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c07c98204529ac3f24b34754540a852593d2a4c7349008df389240266627a72a" +checksum = "a9d76e85f11251dcf751d2c5e918a14f562db5be6f727fd24775245653e9b19d" dependencies = [ "bitflags 2.4.0", "bstr", - "gix-features 0.29.0", + "gix-features 0.35.0", "gix-path", ] [[package]] name = "gix-glob" -version = "0.8.0" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd0ade1e80ab1f079703d1824e1daf73009096386aa7fd2f0477f6e4ac0a558e" +checksum = "5db19298c5eeea2961e5b3bf190767a2d1f09b8802aeb5f258e42276350aff19" dependencies = [ "bitflags 2.4.0", "bstr", - "gix-features 0.30.0", + "gix-features 0.36.1", "gix-path", ] [[package]] name = "gix-hash" -version = "0.11.4" +version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b422ff2ad9a0628baaad6da468cf05385bf3f5ab495ad5a33cce99b9f41092f" +checksum = "1f8cf8c2266f63e582b7eb206799b63aa5fa68ee510ad349f637dfe2d0653de0" dependencies = [ - "hex", + "faster-hex 0.9.0", "thiserror", ] [[package]] name = "gix-hashtable" -version = "0.2.4" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "385f4ce6ecf3692d313ca3aa9bd3b3d8490de53368d6d94bedff3af8b6d9c58d" +checksum = "feb61880816d7ec4f0b20606b498147d480860ddd9133ba542628df2f548d3ca" dependencies = [ "gix-hash", "hashbrown 0.14.0", @@ -1594,180 +1739,189 @@ dependencies = [ [[package]] name = "gix-ignore" -version = "0.2.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba205b6df563e2906768bb22834c82eb46c5fdfcd86ba2c347270bc8309a05b2" +checksum = "b048f443a1f6b02da4205c34d2e287e3fd45d75e8e2f06cfb216630ea9bff5e3" dependencies = [ "bstr", - "gix-glob 0.7.0", + "gix-glob 0.13.0", "gix-path", "unicode-bom", ] [[package]] name = "gix-ignore" -version = "0.3.0" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc6f7f101a0ccce808dbf7008ba131dede94e20257e7bde7a44cbb2f8c775625" +checksum = "a215cc8cf21645bca131fcf6329d3ebd46299c47dbbe27df71bb1ca9e328b879" dependencies = [ "bstr", - "gix-glob 0.8.0", + "gix-glob 0.14.1", "gix-path", "unicode-bom", ] [[package]] name = "gix-index" -version = "0.16.1" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f39c1ccc8f1912cbbd5191efc28dbc5f0d0598042aa56bc09427b7c34efab3ba" +checksum = "f54d63a9d13c13088f41f5a3accbec284e492ac8f4f707fcc307c139622e17b7" dependencies = [ "bitflags 2.4.0", "bstr", "btoi", "filetime", "gix-bitmap", - "gix-features 0.29.0", + "gix-features 0.35.0", + "gix-fs 0.7.0", "gix-hash", - "gix-lock 5.0.1", - "gix-object 0.29.2", - "gix-traverse 0.25.0", + "gix-lock 10.0.0", + "gix-object 0.37.0", + "gix-traverse 0.33.0", "itoa", - "memmap2", + "memmap2 0.7.1", "smallvec", "thiserror", ] [[package]] name = "gix-index" -version = "0.17.0" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "616ba958fabfb11263fa042c35690d48a6c7be4e9277e2c7e24ff263b3fe7b82" +checksum = "c83a4fcc121b2f2e109088f677f89f85e7a8ebf39e8e6659c0ae54d4283b1650" dependencies = [ "bitflags 2.4.0", "bstr", "btoi", "filetime", "gix-bitmap", - "gix-features 0.30.0", + "gix-features 0.36.1", + "gix-fs 0.8.1", "gix-hash", - "gix-lock 6.0.0", - "gix-object 0.30.0", - "gix-traverse 0.26.0", + "gix-lock 11.0.1", + "gix-object 0.38.0", + "gix-traverse 0.34.0", "itoa", - "memmap2", + "memmap2 0.7.1", "smallvec", "thiserror", ] [[package]] name = "gix-lock" -version = "5.0.1" +version = "10.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c693d7f05730fa74a7c467150adc7cea393518410c65f0672f80226b8111555" +checksum = "47fc96fa8b6b6d33555021907c81eb3b27635daecf6e630630bdad44f8feaa95" dependencies = [ - "gix-tempfile 5.0.3", + "gix-tempfile 10.0.0", "gix-utils", "thiserror", ] [[package]] name = "gix-lock" -version = "6.0.0" +version = "11.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ec5d5e6f07316d3553aa7425e3ecd935ec29882556021fe1696297a448af8d2" +checksum = "7e5c65e6a29830a435664891ced3f3c1af010f14900226019590ee0971a22f37" dependencies = [ - "gix-tempfile 6.0.0", + "gix-tempfile 11.0.1", "gix-utils", "thiserror", ] [[package]] -name = "gix-mailmap" -version = "0.12.0" +name = "gix-macros" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8856cec3bdc3610c06970d28b6cb20a0c6621621cf9a8ec48cbd23f2630f362" +checksum = "1dff438f14e67e7713ab9332f5fd18c8f20eb7eb249494f6c2bf170522224032" dependencies = [ - "bstr", - "gix-actor 0.20.0", - "thiserror", + "proc-macro2", + "quote", + "syn 2.0.52", ] [[package]] -name = "gix-mailmap" -version = "0.13.0" +name = "gix-negotiate" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4653701922c920e009f1bc4309feaff14882ade017770788f9a150928da3fa6a" +checksum = "6f1697bf9911c6d1b8d709b9e6ef718cb5ea5821a1b7991520125a8134448004" dependencies = [ - "bstr", - "gix-actor 0.21.0", + "bitflags 2.4.0", + "gix-commitgraph 0.21.0", + "gix-date", + "gix-hash", + "gix-object 0.37.0", + "gix-revwalk 0.8.0", + "smallvec", "thiserror", ] [[package]] name = "gix-negotiate" -version = "0.2.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "945c3ef1e912e44a5f405fc9e924edf42000566a1b257ed52cb1293300f6f08c" +checksum = "2a5cdcf491ecc9ce39dcc227216c540355fe0024ae7c38e94557752ca5ebb67f" dependencies = [ "bitflags 2.4.0", - "gix-commitgraph", + "gix-commitgraph 0.22.1", + "gix-date", "gix-hash", - "gix-object 0.30.0", - "gix-revision 0.15.2", + "gix-object 0.38.0", + "gix-revwalk 0.9.0", "smallvec", "thiserror", ] [[package]] name = "gix-object" -version = "0.29.2" +version = "0.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d96bd620fd08accdd37f70b2183cfa0b001b4f1c6ade8b7f6e15cb3d9e261ce" +checksum = "1e7e19616c67967374137bae83e950e9b518a9ea8a605069bd6716ada357fd6f" dependencies = [ "bstr", "btoi", - "gix-actor 0.20.0", - "gix-features 0.29.0", + "gix-actor 0.27.0", + "gix-date", + "gix-features 0.35.0", "gix-hash", "gix-validate", - "hex", "itoa", - "nom", "smallvec", "thiserror", + "winnow 0.5.40", ] [[package]] name = "gix-object" -version = "0.30.0" +version = "0.38.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8926c8f51c44dec3e709cb5dbc93deb9e8d4064c43c9efc54c158dcdfe8446c7" +checksum = "740f2a44267f58770a1cb3a3d01d14e67b089c7136c48d4bddbb3cfd2bf86a51" dependencies = [ "bstr", "btoi", - "gix-actor 0.21.0", - "gix-features 0.30.0", + "gix-actor 0.28.1", + "gix-date", + "gix-features 0.36.1", "gix-hash", "gix-validate", - "hex", "itoa", - "nom", "smallvec", "thiserror", + "winnow 0.5.40", ] [[package]] name = "gix-odb" -version = "0.45.0" +version = "0.53.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bca2f324aa67672b6d0f2c0fa93f96eb6a7029d260e4c1df5dce3c015f5e5add" +checksum = "8d6a392c6ba3a2f133cdc63120e9bc7aec81eef763db372c817de31febfe64bf" dependencies = [ "arc-swap", - "gix-features 0.29.0", + "gix-date", + "gix-features 0.35.0", "gix-hash", - "gix-object 0.29.2", - "gix-pack 0.35.0", + "gix-object 0.37.0", + "gix-pack 0.43.0", "gix-path", "gix-quote", "parking_lot", @@ -1777,15 +1931,16 @@ dependencies = [ [[package]] name = "gix-odb" -version = "0.46.0" +version = "0.54.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b234d806278eeac2f907c8b5a105c4ba537230c1a9d9236d822bf0db291f8f3" +checksum = "8630b56cb80d8fa684d383dad006a66401ee8314e12fbf0e566ddad8c115143b" dependencies = [ "arc-swap", - "gix-features 0.30.0", + "gix-date", + "gix-features 0.36.1", "gix-hash", - "gix-object 0.30.0", - "gix-pack 0.36.0", + "gix-object 0.38.0", + "gix-pack 0.44.0", "gix-path", "gix-quote", "parking_lot", @@ -1795,21 +1950,19 @@ dependencies = [ [[package]] name = "gix-pack" -version = "0.35.0" +version = "0.43.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "164a515900a83257ae4aa80e741655bee7a2e39113fb535d7a5ac623b445ff20" +checksum = "7536203a45b31e1bc5694bbf90ba8da1b736c77040dd6a520db369f371eb1ab3" dependencies = [ "clru", "gix-chunk", - "gix-diff 0.29.0", - "gix-features 0.29.0", + "gix-features 0.35.0", "gix-hash", "gix-hashtable", - "gix-object 0.29.2", + "gix-object 0.37.0", "gix-path", - "gix-tempfile 5.0.3", - "gix-traverse 0.25.0", - "memmap2", + "gix-tempfile 10.0.0", + "memmap2 0.7.1", "parking_lot", "smallvec", "thiserror", @@ -1817,21 +1970,19 @@ dependencies = [ [[package]] name = "gix-pack" -version = "0.36.0" +version = "0.44.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d2a14cb3156037eedb17d6cb7209b7180522b8949b21fd0fe3184c0a1d0af88" +checksum = "1431ba2e30deff1405920693d54ab231c88d7c240dd6ccc936ee223d8f8697c3" dependencies = [ "clru", "gix-chunk", - "gix-diff 0.30.1", - "gix-features 0.30.0", + "gix-features 0.36.1", "gix-hash", "gix-hashtable", - "gix-object 0.30.0", + "gix-object 0.38.0", "gix-path", - "gix-tempfile 6.0.0", - "gix-traverse 0.26.0", - "memmap2", + "gix-tempfile 11.0.1", + "memmap2 0.7.1", "parking_lot", "smallvec", "thiserror", @@ -1844,15 +1995,26 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a8384b1e964151aff0d5632dd9b191059d07dff358b96bd940f1b452600d7ab" dependencies = [ "bstr", - "faster-hex", + "faster-hex 0.8.1", + "thiserror", +] + +[[package]] +name = "gix-packetline-blocking" +version = "0.16.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d8395f7501c84d6a1fe902035fdfd8cd86d89e2dd6be0200ec1a72fd3c92d39" +dependencies = [ + "bstr", + "faster-hex 0.8.1", "thiserror", ] [[package]] name = "gix-path" -version = "0.8.4" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18609c8cbec8508ea97c64938c33cd305b75dfc04a78d0c3b78b8b3fd618a77c" +checksum = "69e0b521a5c345b7cd6a81e3e6f634407360a038c8b74ba14c621124304251b8" dependencies = [ "bstr", "gix-trace", @@ -1861,11 +2023,41 @@ dependencies = [ "thiserror", ] +[[package]] +name = "gix-pathspec" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3e26c9b47c51be73f98d38c84494bd5fb99334c5d6fda14ef5d036d50a9e5fd" +dependencies = [ + "bitflags 2.4.0", + "bstr", + "gix-attributes 0.19.0", + "gix-config-value", + "gix-glob 0.13.0", + "gix-path", + "thiserror", +] + +[[package]] +name = "gix-pathspec" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dbbb92f75a38ef043c8bb830b339b38d0698d7f3746968b5fcbade7a880494d" +dependencies = [ + "bitflags 2.4.0", + "bstr", + "gix-attributes 0.20.1", + "gix-config-value", + "gix-glob 0.14.1", + "gix-path", + "thiserror", +] + [[package]] name = "gix-prompt" -version = "0.5.5" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c22decaf4a063ccae2b2108820c8630c01bd6756656df3fe464b32b8958a5ea" +checksum = "5c9a913769516f5e9d937afac206fb76428e3d7238e538845842887fda584678" dependencies = [ "gix-command", "gix-config-value", @@ -1876,36 +2068,38 @@ dependencies = [ [[package]] name = "gix-protocol" -version = "0.32.0" +version = "0.40.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "877e49417f1730f4dbc2f7d9a2ab0f8b2f49ef08f97270691403ecde3d961e3a" +checksum = "cc7b700dc20cc9be8a5130a1fd7e10c34117ffa7068431c8c24d963f0a2e0c9b" dependencies = [ "bstr", "btoi", - "gix-credentials 0.14.0", - "gix-features 0.29.0", + "gix-credentials 0.20.0", + "gix-date", + "gix-features 0.35.0", "gix-hash", - "gix-transport 0.31.0", + "gix-transport 0.37.0", "maybe-async", - "nom", "thiserror", + "winnow 0.5.40", ] [[package]] name = "gix-protocol" -version = "0.33.2" +version = "0.41.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92a17058b45c461f0847528c5fb6ee6e76115e026979eb2d2202f98ee94f6c24" +checksum = "391e3feabdfa5f90dad6673ce59e3291ac28901b2ff248d86c5a7fbde0391e0e" dependencies = [ "bstr", "btoi", - "gix-credentials 0.15.0", - "gix-features 0.30.0", + "gix-credentials 0.21.0", + "gix-date", + "gix-features 0.36.1", "gix-hash", - "gix-transport 0.32.0", + "gix-transport 0.38.0", "maybe-async", - "nom", "thiserror", + "winnow 0.5.40", ] [[package]] @@ -1921,53 +2115,55 @@ dependencies = [ [[package]] name = "gix-ref" -version = "0.29.1" +version = "0.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e03989e9d49954368e1b526578230fc7189d1634acdfbe79e9ba1de717e15d5" +checksum = "22e6b749660b613641769edc1954132eb8071a13c32224891686091bef078de4" dependencies = [ - "gix-actor 0.20.0", - "gix-features 0.29.0", - "gix-fs 0.1.1", + "gix-actor 0.27.0", + "gix-date", + "gix-features 0.35.0", + "gix-fs 0.7.0", "gix-hash", - "gix-lock 5.0.1", - "gix-object 0.29.2", + "gix-lock 10.0.0", + "gix-object 0.37.0", "gix-path", - "gix-tempfile 5.0.3", + "gix-tempfile 10.0.0", "gix-validate", - "memmap2", - "nom", + "memmap2 0.7.1", "thiserror", + "winnow 0.5.40", ] [[package]] name = "gix-ref" -version = "0.30.0" +version = "0.38.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebdd999256f4ce8a5eefa89999879c159c263f3493a951d62aa5ce42c0397e1c" +checksum = "0ec2f6d07ac88d2fb8007ee3fa3e801856fb9d82e7366ec0ca332eb2c9d74a52" dependencies = [ - "gix-actor 0.21.0", - "gix-features 0.30.0", - "gix-fs 0.2.0", + "gix-actor 0.28.1", + "gix-date", + "gix-features 0.36.1", + "gix-fs 0.8.1", "gix-hash", - "gix-lock 6.0.0", - "gix-object 0.30.0", + "gix-lock 11.0.1", + "gix-object 0.38.0", "gix-path", - "gix-tempfile 6.0.0", + "gix-tempfile 11.0.1", "gix-validate", - "memmap2", - "nom", + "memmap2 0.7.1", "thiserror", + "winnow 0.5.40", ] [[package]] name = "gix-refspec" -version = "0.10.1" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a6ea733820df67e4cd7797deb12727905824d8f5b7c59d943c456d314475892" +checksum = "0895cb7b1e70f3c3bd4550c329e9f5caf2975f97fcd4238e05754e72208ef61e" dependencies = [ "bstr", "gix-hash", - "gix-revision 0.13.0", + "gix-revision 0.22.0", "gix-validate", "smallvec", "thiserror", @@ -1975,13 +2171,13 @@ dependencies = [ [[package]] name = "gix-refspec" -version = "0.11.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72bfd622abc86dd8ad1ec51b9eb77b4f1a766b94e3a1b87cf4a022c5b5570cf4" +checksum = "ccb0974cc41dbdb43a180c7f67aa481e1c1e160fcfa8f4a55291fd1126c1a6e7" dependencies = [ "bstr", "gix-hash", - "gix-revision 0.15.2", + "gix-revision 0.23.0", "gix-validate", "smallvec", "thiserror", @@ -1989,86 +2185,131 @@ dependencies = [ [[package]] name = "gix-revision" -version = "0.13.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "810f35e9afeccca999d5d348b239f9c162353127d2e13ff3240e31b919e35476" +checksum = "c8c4b15cf2ab7a35f5bcb3ef146187c8d36df0177e171ca061913cbaaa890e89" dependencies = [ "bstr", "gix-date", "gix-hash", "gix-hashtable", - "gix-object 0.29.2", + "gix-object 0.37.0", + "gix-revwalk 0.8.0", + "gix-trace", "thiserror", ] [[package]] name = "gix-revision" -version = "0.15.2" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5044f56cd7a487ce9b034cbe0252ae0b6b47ff56ca3dabd79bc30214d0932cd7" +checksum = "2ca97ac73459a7f3766aa4a5638a6e37d56d4c7962bc1986fbaf4883d0772588" dependencies = [ "bstr", "gix-date", "gix-hash", "gix-hashtable", - "gix-object 0.30.0", - "gix-revwalk", + "gix-object 0.38.0", + "gix-revwalk 0.9.0", + "gix-trace", "thiserror", ] [[package]] name = "gix-revwalk" -version = "0.1.0" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9870c6b1032f2084567710c3b2106ac603377f8d25766b8a6b7c33e6e3ca279" +dependencies = [ + "gix-commitgraph 0.21.0", + "gix-date", + "gix-hash", + "gix-hashtable", + "gix-object 0.37.0", + "smallvec", + "thiserror", +] + +[[package]] +name = "gix-revwalk" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc2623ba8747914f151f5e12b65adac576ab459dbed5f50a36c7a3e9cbf2d3ca" +checksum = "a16d8c892e4cd676d86f0265bf9d40cefd73d8d94f86b213b8b77d50e77efae0" dependencies = [ - "gix-commitgraph", + "gix-commitgraph 0.22.1", + "gix-date", "gix-hash", "gix-hashtable", - "gix-object 0.30.0", + "gix-object 0.38.0", "smallvec", "thiserror", ] [[package]] name = "gix-sec" -version = "0.8.4" +version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9615cbd6b456898aeb942cd75e5810c382fbfc48dbbff2fa23ebd2d33dcbe9c7" +checksum = "022592a0334bdf77c18c06e12a7c0eaff28845c37e73c51a3e37d56dd495fb35" dependencies = [ "bitflags 2.4.0", "gix-path", - "libc", - "windows", + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "gix-submodule" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd0150e82e9282d3f2ab2dd57a22f9f6c3447b9d9856e5321ac92d38e3e0e2b7" +dependencies = [ + "bstr", + "gix-config 0.30.0", + "gix-path", + "gix-pathspec 0.3.0", + "gix-refspec 0.18.0", + "gix-url 0.24.0", + "thiserror", +] + +[[package]] +name = "gix-submodule" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bba78c8d12aa24370178453ec3a472ff08dfaa657d116229f57f2c9cd469a1c2" +dependencies = [ + "bstr", + "gix-config 0.31.0", + "gix-path", + "gix-pathspec 0.4.1", + "gix-refspec 0.19.0", + "gix-url 0.25.2", + "thiserror", ] [[package]] name = "gix-tempfile" -version = "5.0.3" +version = "10.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d71a0d32f34e71e86586124225caefd78dabc605d0486de580d717653addf182" +checksum = "5ae0978f3e11dc57290ee75ac2477c815bca1ce2fa7ed5dc5f16db067410ac4d" dependencies = [ - "gix-fs 0.1.1", + "gix-fs 0.7.0", "libc", "once_cell", "parking_lot", - "signal-hook", - "signal-hook-registry", "tempfile", ] [[package]] name = "gix-tempfile" -version = "6.0.0" +version = "11.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3785cb010e9dc5c446dfbf02bc1119fc17d3a48a27c029efcb3a3c32953eb10" +checksum = "388dd29114a86ec69b28d1e26d6d63a662300ecf61ab3f4cc578f7d7dc9e7e23" dependencies = [ - "gix-fs 0.2.0", + "gix-fs 0.8.1", "libc", "once_cell", "parking_lot", - "signal-hook", - "signal-hook-registry", "tempfile", ] @@ -2080,74 +2321,82 @@ checksum = "02b202d766a7fefc596e2cc6a89cda8ad8ad733aed82da635ac120691112a9b1" [[package]] name = "gix-transport" -version = "0.31.0" +version = "0.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f01c2bf7b989c679695ef635fc7d9e80072e08101be4b53193c8e8b649900102" +checksum = "b9ec726e6a245e68ace59a34126a1d679de60360676612985e70b0d3b102fb4e" dependencies = [ "base64", "bstr", "curl", "gix-command", - "gix-credentials 0.14.0", - "gix-features 0.29.0", + "gix-credentials 0.20.0", + "gix-features 0.35.0", "gix-packetline", "gix-quote", "gix-sec", - "gix-url 0.18.0", + "gix-url 0.24.0", "thiserror", ] [[package]] name = "gix-transport" -version = "0.32.0" +version = "0.38.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64a39ffed9a9078ed700605e064b15d7c6ae50aa65e7faa36ca6919e8081df15" +checksum = "2f209a93364e24f20319751bc11092272e2f3fe82bb72592b2822679cf5be752" dependencies = [ "base64", "bstr", "curl", "gix-command", - "gix-credentials 0.15.0", - "gix-features 0.30.0", + "gix-credentials 0.21.0", + "gix-features 0.36.1", "gix-packetline", "gix-quote", "gix-sec", - "gix-url 0.19.0", + "gix-url 0.25.2", "thiserror", ] [[package]] name = "gix-traverse" -version = "0.25.0" +version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5be1e807f288c33bb005075111886cceb43ed8a167b3182a0f62c186e2a0dd1" +checksum = "22ef04ab3643acba289b5cedd25d6f53c0430770b1d689d1d654511e6fb81ba0" dependencies = [ + "gix-commitgraph 0.21.0", + "gix-date", "gix-hash", "gix-hashtable", - "gix-object 0.29.2", + "gix-object 0.37.0", + "gix-revwalk 0.8.0", + "smallvec", "thiserror", ] [[package]] name = "gix-traverse" -version = "0.26.0" +version = "0.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0842e984cb4bf26339dc559f3a1b8bf8cdb83547799b2b096822a59f87f33d9" +checksum = "14d050ec7d4e1bb76abf0636cf4104fb915b70e54e3ced9a4427c999100ff38a" dependencies = [ + "gix-commitgraph 0.22.1", + "gix-date", "gix-hash", "gix-hashtable", - "gix-object 0.30.0", + "gix-object 0.38.0", + "gix-revwalk 0.9.0", + "smallvec", "thiserror", ] [[package]] name = "gix-url" -version = "0.18.0" +version = "0.24.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc77f89054297cc81491e31f1bab4027e554b5ef742a44bd7035db9a0f78b76" +checksum = "6125ecf46e8c68bf7202da6cad239831daebf0247ffbab30210d72f3856e420f" dependencies = [ "bstr", - "gix-features 0.29.0", + "gix-features 0.35.0", "gix-path", "home", "thiserror", @@ -2156,12 +2405,12 @@ dependencies = [ [[package]] name = "gix-url" -version = "0.19.0" +version = "0.25.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1663df25ac42047a2547618d2a6979a26f478073f6306997429235d2cd4c863" +checksum = "0c427a1a11ccfa53a4a2da47d9442c2241deee63a154bc15cc14b8312fbc4005" dependencies = [ "bstr", - "gix-features 0.30.0", + "gix-features 0.36.1", "gix-path", "home", "thiserror", @@ -2180,9 +2429,9 @@ dependencies = [ [[package]] name = "gix-validate" -version = "0.7.7" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba9b3737b2cef3dcd014633485f0034b0f1a931ee54aeb7d8f87f177f3c89040" +checksum = "e39fc6e06044985eac19dd34d474909e517307582e462b2eb4c8fa51b6241545" dependencies = [ "bstr", "thiserror", @@ -2190,44 +2439,38 @@ dependencies = [ [[package]] name = "gix-worktree" -version = "0.17.1" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a69eaff0ae973a9d37c40f02ae5ae50fa726c8fc2fd3ab79d0a19eb61975aafa" +checksum = "9f5e32972801bd82d56609e6fc84efc358fa1f11f25c5e83b7807ee2280f14fe" dependencies = [ "bstr", - "filetime", - "gix-attributes 0.12.0", - "gix-features 0.29.0", - "gix-fs 0.1.1", - "gix-glob 0.7.0", + "gix-attributes 0.19.0", + "gix-features 0.35.0", + "gix-fs 0.7.0", + "gix-glob 0.13.0", "gix-hash", - "gix-ignore 0.2.0", - "gix-index 0.16.1", - "gix-object 0.29.2", + "gix-ignore 0.8.0", + "gix-index 0.25.0", + "gix-object 0.37.0", "gix-path", - "io-close", - "thiserror", ] [[package]] name = "gix-worktree" -version = "0.18.0" +version = "0.27.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d388ad962e8854402734a7387af8790f6bdbc8d05349052dab16ca4a0def50f6" +checksum = "ddaf79e721dba64fe726a42f297a3c8ed42e55cdc0d81ca68452f2def3c2d7fd" dependencies = [ "bstr", - "filetime", - "gix-attributes 0.13.1", - "gix-features 0.30.0", - "gix-fs 0.2.0", - "gix-glob 0.8.0", + "gix-attributes 0.20.1", + "gix-features 0.36.1", + "gix-fs 0.8.1", + "gix-glob 0.14.1", "gix-hash", - "gix-ignore 0.3.0", - "gix-index 0.17.0", - "gix-object 0.30.0", + "gix-ignore 0.9.1", + "gix-index 0.26.0", + "gix-object 0.38.0", "gix-path", - "io-close", - "thiserror", ] [[package]] @@ -2246,7 +2489,7 @@ dependencies = [ "bstr", "log", "regex-automata 0.4.6", - "regex-syntax", + "regex-syntax 0.8.2", ] [[package]] @@ -2271,12 +2514,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "hashbrown" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" - [[package]] name = "hashbrown" version = "0.13.2" @@ -2427,26 +2664,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "imara-diff" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e98c1d0ad70fc91b8b9654b1f33db55e59579d3b3de2bffdced0fdb810570cb8" -dependencies = [ - "ahash", - "hashbrown 0.12.3", -] - -[[package]] -name = "indexmap" -version = "1.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" -dependencies = [ - "autocfg", - "hashbrown 0.12.3", -] - [[package]] name = "indexmap" version = "2.0.0" @@ -2457,16 +2674,6 @@ dependencies = [ "hashbrown 0.14.0", ] -[[package]] -name = "io-close" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cadcf447f06744f8ce713d2d6239bb5bde2c357a452397a9ed90c625da390bc" -dependencies = [ - "libc", - "winapi", -] - [[package]] name = "is-terminal" version = "0.4.9" @@ -2487,6 +2694,15 @@ dependencies = [ "either", ] +[[package]] +name = "itertools" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1c173a5686ce8bfa551b3563d0c2170bf24ca44da99c7ca4bfdab5418c3fe57" +dependencies = [ + "either", +] + [[package]] name = "itertools" version = "0.12.1" @@ -2582,9 +2798,9 @@ checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" [[package]] name = "libgit2-sys" -version = "0.15.2+1.6.4" +version = "0.16.2+1.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a80df2e11fb4a61f4ba2ab42dbe7f74468da143f1a75c74e11dee7c813f694fa" +checksum = "ee4126d8b4ee5c9d9ea891dd875cfdc1e9d0950437179104b183d7d8a74d24e8" dependencies = [ "cc", "libc", @@ -2594,6 +2810,16 @@ dependencies = [ "pkg-config", ] +[[package]] +name = "libloading" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +dependencies = [ + "cfg-if", + "windows-targets 0.52.4", +] + [[package]] name = "libm" version = "0.2.8" @@ -2673,6 +2899,15 @@ dependencies = [ "libc", ] +[[package]] +name = "matchers" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558" +dependencies = [ + "regex-automata 0.1.10", +] + [[package]] name = "maybe-async" version = "0.2.7" @@ -2692,9 +2927,18 @@ checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" [[package]] name = "memmap2" -version = "0.5.10" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f49388d20533534cd19360ad3d6a7dadc885944aa802ba3995040c5ec11288c6" +dependencies = [ + "libc", +] + +[[package]] +name = "memmap2" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83faa42c0a078c393f6b29d5db232d8be22776a891f8f56e5284faee4a20b327" +checksum = "fe751422e4a8caa417e13c3ea66452215d7d63e19e604f4980461212f3ae1322" dependencies = [ "libc", ] @@ -2739,6 +2983,25 @@ dependencies = [ "minimal-lexical", ] +[[package]] +name = "normpath" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5831952a9476f2fed74b77d74182fa5ddc4d21c72ec45a333b250e3ed0272804" +dependencies = [ + "windows-sys 0.52.0", +] + +[[package]] +name = "nu-ansi-term" +version = "0.46.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84" +dependencies = [ + "overload", + "winapi", +] + [[package]] name = "num-traits" version = "0.2.16" @@ -2774,11 +3037,12 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opener" -version = "0.5.2" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "293c15678e37254c15bd2f092314abb4e51d7fdde05c2021279c12631b54f005" +checksum = "6c62dcb6174f9cb326eac248f07e955d5d559c272730b6c03e396b443b562788" dependencies = [ "bstr", + "normpath", "winapi", ] @@ -2847,6 +3111,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "overload" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" + [[package]] name = "p384" version = "0.13.0" @@ -3064,18 +3334,9 @@ dependencies = [ [[package]] name = "prodash" -version = "23.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9516b775656bc3e8985e19cd4b8c0c0de045095074e453d2c0a513b5f978392d" -dependencies = [ - "parking_lot", -] - -[[package]] -name = "prodash" -version = "25.0.2" +version = "26.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d67eb4220992a4a052a4bb03cf776e493ecb1a3a36bab551804153d63486af7" +checksum = "794b5bf8e2d19b53dcdcec3e4bba628e20f5b6062503ba89281fa7037dd7bbcf" dependencies = [ "parking_lot", ] @@ -3202,7 +3463,16 @@ dependencies = [ "aho-corasick", "memchr", "regex-automata 0.4.6", - "regex-syntax", + "regex-syntax 0.8.2", +] + +[[package]] +name = "regex-automata" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132" +dependencies = [ + "regex-syntax 0.6.29", ] [[package]] @@ -3219,9 +3489,15 @@ checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" dependencies = [ "aho-corasick", "memchr", - "regex-syntax", + "regex-syntax 0.8.2", ] +[[package]] +name = "regex-syntax" +version = "0.6.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" + [[package]] name = "regex-syntax" version = "0.8.2" @@ -3320,12 +3596,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "rustversion" -version = "1.0.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" - [[package]] name = "ryu" version = "1.0.15" @@ -3356,13 +3626,6 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" -[[package]] -name = "scout-audit-internal" -version = "0.2.4" -dependencies = [ - "strum", -] - [[package]] name = "sec1" version = "0.7.3" @@ -3377,6 +3640,29 @@ dependencies = [ "zeroize", ] +[[package]] +name = "security-framework" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6" +dependencies = [ + "bitflags 1.3.2", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f3cc463c0ef97e11c3461a9d3787412d30e8e7eb907c79180c4a57bf7c04ef" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "sedregex" version = "0.2.5" @@ -3404,6 +3690,16 @@ dependencies = [ "serde_derive", ] +[[package]] +name = "serde-untagged" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a160535368dfc353348e7eaa299156bd508c60c45a9249725f5f6d370d82a66" +dependencies = [ + "erased-serde", + "serde", +] + [[package]] name = "serde-value" version = "0.7.0" @@ -3483,29 +3779,19 @@ dependencies = [ ] [[package]] -name = "shell-escape" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45bb67a18fa91266cc7807181f62f9178a6873bfad7dc788c42e6430db40184f" - -[[package]] -name = "signal-hook" -version = "0.3.17" +name = "sharded-slab" +version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" dependencies = [ - "libc", - "signal-hook-registry", + "lazy_static", ] [[package]] -name = "signal-hook-registry" -version = "1.4.1" +name = "shell-escape" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" -dependencies = [ - "libc", -] +checksum = "45bb67a18fa91266cc7807181f62f9178a6873bfad7dc788c42e6430db40184f" [[package]] name = "signature" @@ -3575,15 +3861,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" -[[package]] -name = "strip-ansi-escapes" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "011cbb39cf7c1f62871aea3cc46e5817b0937b49e9447370c93cacbe93a766d8" -dependencies = [ - "vte", -] - [[package]] name = "strsim" version = "0.11.0" @@ -3591,33 +3868,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5ee073c9e4cd00e28217186dbe12796d692868f432bf2e97ee73bed0c56dfa01" [[package]] -name = "strum" -version = "0.25.0" +name = "subtle" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290d54ea6f91c969195bdbcd7442c8c2a2ba87da8bf60a7ee86a235d4bc1e125" -dependencies = [ - "strum_macros", -] +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] -name = "strum_macros" -version = "0.25.2" +name = "supports-hyperlinks" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad8d03b598d3d0fff69bf533ee3ef19b8eeb342729596df84bcc7e1f96ec4059" +checksum = "f84231692eb0d4d41e4cdd0cabfdd2e6cd9e255e65f80c9aa7c98dd502b4233d" dependencies = [ - "heck", - "proc-macro2", - "quote", - "rustversion", - "syn 2.0.52", + "is-terminal", ] -[[package]] -name = "subtle" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" - [[package]] name = "syn" version = "1.0.109" @@ -3684,15 +3948,6 @@ dependencies = [ "unic-segment", ] -[[package]] -name = "termcolor" -version = "1.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" -dependencies = [ - "winapi-util", -] - [[package]] name = "terminal_size" version = "0.3.0" @@ -3723,6 +3978,16 @@ dependencies = [ "syn 2.0.52", ] +[[package]] +name = "thread_local" +version = "1.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +dependencies = [ + "cfg-if", + "once_cell", +] + [[package]] name = "time" version = "0.3.28" @@ -3816,7 +4081,20 @@ version = "0.19.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" dependencies = [ - "indexmap 2.0.0", + "indexmap", + "serde", + "serde_spanned", + "toml_datetime", + "winnow 0.5.40", +] + +[[package]] +name = "toml_edit" +version = "0.20.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70f427fce4d84c72b5b732388bf4a9f4531b53f74e2887e3ecb2481f68f66d81" +dependencies = [ + "indexmap", "serde", "serde_spanned", "toml_datetime", @@ -3829,7 +4107,7 @@ version = "0.22.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2c1b5fd4128cc8d3e0cb74d4ed9a9cc7c7284becd4df68f5f940e1ad123606f6" dependencies = [ - "indexmap 2.0.0", + "indexmap", "serde", "serde_spanned", "toml_datetime", @@ -3865,6 +4143,36 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" dependencies = [ "once_cell", + "valuable", +] + +[[package]] +name = "tracing-log" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" +dependencies = [ + "log", + "once_cell", + "tracing-core", +] + +[[package]] +name = "tracing-subscriber" +version = "0.3.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad0f048c97dbd9faa9b7df56362b8ebcaa52adb06b498c050d2f4e32f90a7a8b" +dependencies = [ + "matchers", + "nu-ansi-term", + "once_cell", + "regex", + "sharded-slab", + "smallvec", + "thread_local", + "tracing", + "tracing-core", + "tracing-log", ] [[package]] @@ -4000,6 +4308,12 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" +[[package]] +name = "valuable" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" + [[package]] name = "vcpkg" version = "0.2.15" @@ -4012,27 +4326,6 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" -[[package]] -name = "vte" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6cbce692ab4ca2f1f3047fcf732430249c0e971bfdd2b234cf2c47ad93af5983" -dependencies = [ - "arrayvec", - "utf8parse", - "vte_generate_state_changes", -] - -[[package]] -name = "vte_generate_state_changes" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d257817081c7dffcdbab24b9e62d2def62e2ff7d00b1c20062551e6cccc145ff" -dependencies = [ - "proc-macro2", - "quote", -] - [[package]] name = "walkdir" version = "2.4.0" @@ -4161,15 +4454,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" -[[package]] -name = "windows" -version = "0.48.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e686886bc078bc1b0b600cac0147aadb815089b6e4da64016cbd754b6342700f" -dependencies = [ - "windows-targets 0.48.5", -] - [[package]] name = "windows-core" version = "0.52.0" diff --git a/apps/cargo-scout-audit/Cargo.toml b/apps/cargo-scout-audit/Cargo.toml index 0628e67f..b47d089d 100644 --- a/apps/cargo-scout-audit/Cargo.toml +++ b/apps/cargo-scout-audit/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cargo-scout-audit" -version = "0.2.4" +version = "0.2.6" edition = "2021" authors = [ "Agustin Aon ", @@ -27,16 +27,18 @@ name = "cargo-scout-audit" [dependencies] ansi_term = "0.12.1" anyhow = "1" -cargo = "0.72.2" +cargo = "0.76.0" cargo_metadata = "0.18.1" chrono = { version = "0.4.34", features = ["serde"] } clap = { version = "4.3.0", features = ["derive"] } +current_platform = "0.2.0" dunce = "1.0.4" dylint = { version = "2.3.0"} env_logger = "0.11.2" home = { version = "0.5.5" } itertools = "0.12.1" lazy_static = "=1.4.0" +libloading = "0.8" log = "0.4" regex = { version = "1.5", features = ["unicode"] } serde = { version = "1.0.163", features = ["derive"] } @@ -45,8 +47,12 @@ tempfile = "3.8" toml = { version = "0.8.0" } tera = {version = "=1.19.1", features=["builtins"]} webbrowser = "=0.8.12" +<<<<<<< HEAD +pulldown-cmark = "0.10.0" +======= scout-audit-internal = { version = "0.2.3", path = "../../scout-audit-internal", features = ["detector"] } +>>>>>>> main [dev-dependencies] colored = "2.0.0" diff --git a/apps/cargo-scout-audit/src/detectors/source/git.rs b/apps/cargo-scout-audit/src/detectors/source/git.rs index c6892d80..0f11d022 100644 --- a/apps/cargo-scout-audit/src/detectors/source/git.rs +++ b/apps/cargo-scout-audit/src/detectors/source/git.rs @@ -2,13 +2,15 @@ use std::path::PathBuf; use anyhow::{anyhow, bail, ensure, Result}; use cargo::{ - core::{source::MaybePackage, Dependency, Package, PackageId, QueryKind, Source}, + core::{Dependency, Package, PackageId}, + sources::source::{MaybePackage, QueryKind, Source}, + util::cache_lock::CacheLockMode, Config, }; /// Downloads git repo using cargo native cache and returns its path. pub fn download_git_repo(dependency: &Dependency, config: &Config) -> Result { - let _lock = config.acquire_package_cache_lock()?; + let _lock = config.acquire_package_cache_lock(CacheLockMode::DownloadExclusive)?; let mut source = dependency.source_id().load(config, &Default::default())?; let package_id = sample_package_id(dependency, &mut *source)?; @@ -48,7 +50,8 @@ fn git_dependency_root_from_package<'a>( if source.source_id().is_git() { let git_path = config.git_path(); - let git_path = config.assert_package_cache_locked(&git_path); + let git_path = + config.assert_package_cache_locked(CacheLockMode::DownloadExclusive, &git_path); ensure!( package_root.starts_with(git_path.join("checkouts")), "Unexpected path: {}", diff --git a/apps/cargo-scout-audit/src/output/mod.rs b/apps/cargo-scout-audit/src/output/mod.rs index e60cec19..6a50f296 100644 --- a/apps/cargo-scout-audit/src/output/mod.rs +++ b/apps/cargo-scout-audit/src/output/mod.rs @@ -3,4 +3,3 @@ pub mod markdown; pub mod pdf; pub mod report; pub mod utils; -pub mod vulnerabilities; diff --git a/apps/cargo-scout-audit/src/output/report.rs b/apps/cargo-scout-audit/src/output/report.rs index adfec4b5..6315599d 100644 --- a/apps/cargo-scout-audit/src/output/report.rs +++ b/apps/cargo-scout-audit/src/output/report.rs @@ -1,12 +1,11 @@ use anyhow::Result; use chrono::offset::Local; -use core::panic; use serde::{Deserialize, Serialize}; use serde_json::Value; use std::path::Path; use std::{collections::HashMap, os::unix::process::CommandExt}; -use super::{html, markdown, pdf, vulnerabilities::*}; +use super::{html, markdown, pdf}; #[derive(Serialize, Deserialize, Debug)] pub struct Report { @@ -97,32 +96,27 @@ impl Report { } } -pub struct RawVulnerability { - pub id: &'static str, - pub name: &'static str, - pub short_message: &'static str, - pub long_message: &'static str, - pub severity: &'static str, - pub help: &'static str, - pub vulnerability_class: &'static str, -} - -impl From for Vulnerability { - fn from(finding: RawVulnerability) -> Self { +impl From<&LintInfo> for Vulnerability { + fn from(lint_info: &LintInfo) -> Self { Vulnerability { - id: finding.id.to_string(), - name: finding.name.to_string(), - short_message: finding.short_message.to_string(), - long_message: finding.long_message.to_string(), - severity: finding.severity.to_string(), - help: finding.help.to_string(), + id: lint_info.id.clone(), + name: lint_info.name.clone(), + short_message: lint_info.short_message.clone(), + long_message: lint_info.long_message.clone(), + severity: lint_info.severity.clone(), + help: lint_info.help.clone(), } } } use crate::startup::ProjectInfo; +use crate::utils::detectors_info::LintInfo; -pub fn generate_report(scout_output: String, info: ProjectInfo, blockchain: BlockChain) -> Report { +pub fn generate_report( + scout_output: String, + info: ProjectInfo, + detector_info: HashMap, +) -> Report { let scout_findings = scout_output .lines() .map(|line| serde_json::from_str::(line).unwrap()) @@ -131,17 +125,12 @@ pub fn generate_report(scout_output: String, info: ProjectInfo, blockchain: Bloc .get("message") .and_then(|message| message.get("code")) .and_then(|code| code.get("code")) - .and_then(|code| code.as_str()) - .filter(|code| blockchain.get_array_of_vulnerability_names().contains(code)) .is_some() }) .collect::>(); - let mut det_map: HashMap<_, _> = blockchain - .get_array_of_vulnerability_names() - .iter() - .map(|&detector| (detector.to_string(), 0)) - .collect(); + let mut id: u32 = 0; + let mut det_map: HashMap = HashMap::new(); let mut findings: Vec = Vec::new(); @@ -207,10 +196,11 @@ pub fn generate_report(scout_output: String, info: ProjectInfo, blockchain: Bloc let fndg = Finding { id: id as u32, occurrence_index: *v, - category_id: blockchain - .get_raw_vuln_from_name(&category) - .vulnerability_class - .to_string(), + category_id: detector_info + .get(&category) + .map_or("Local detector".to_owned(), |f| { + f.vulnerability_class.clone() + }), vulnerability_id: category, error_message, span, @@ -230,10 +220,24 @@ pub fn generate_report(scout_output: String, info: ProjectInfo, blockchain: Bloc let mut categories: Vec = Vec::new(); - for vuln in summary_map.keys() { - let raw_vuln = blockchain.get_raw_vuln_from_name(vuln); - let id = raw_vuln.vulnerability_class.to_string(); - let vuln = Vulnerability::from(raw_vuln); + for (vuln_id, _) in &summary_map { + let info = detector_info.get::(vuln_id); + let vuln = match info { + Some(lint_info) => Vulnerability::from(lint_info), + None => Vulnerability { + id: vuln_id.to_string(), + name: "Local detector:".to_owned() + vuln_id, + short_message: "".to_owned(), + long_message: "".to_owned(), + severity: "unknown".to_owned(), + help: "".to_owned(), + }, + }; + let id = detector_info + .get::(vuln_id) + .map_or("Local detector".to_owned(), |f| { + f.vulnerability_class.clone() + }); if categories.iter().any(|cat| cat.id == id) { let cat = categories.iter_mut().find(|cat| cat.id == id).unwrap(); @@ -251,25 +255,28 @@ pub fn generate_report(scout_output: String, info: ProjectInfo, blockchain: Bloc } } - let mut vulns_by_severity = vec![ + let mut by_severity: HashMap = [ ("critical".to_string(), 0), ("medium".to_string(), 0), ("minor".to_string(), 0), ("enhancement".to_string(), 0), - ]; + ("unknown".to_string(), 0), + ] + .iter() + .cloned() + .collect(); for (vuln, count) in &summary_map { - let severity = blockchain.get_raw_vuln_from_name(vuln).severity.to_string(); - let severity_count = vulns_by_severity - .iter_mut() - .find(|(s, _)| s.to_lowercase() == severity.to_lowercase()) - .unwrap(); - severity_count.1 += count; + let severity = detector_info + .get(vuln) + .map_or("unknown".to_owned(), |f| f.severity.clone()); + let severity_count = by_severity.get_mut(&severity.to_lowercase()).unwrap(); + *severity_count += count; } let summary = Summary { total_vulnerabilities: findings.len() as u32, - by_severity: vulns_by_severity.into_iter().collect(), + by_severity, }; let date = format!( @@ -288,68 +295,3 @@ pub fn generate_report(scout_output: String, info: ProjectInfo, blockchain: Bloc findings, ) } - -use crate::startup::BlockChain; - -trait GetRawVulnerabilities { - fn get_raw_vuln_from_name(&self, name: &str) -> RawVulnerability; - fn get_array_of_vulnerability_names(&self) -> Vec<&'static str>; -} - -impl GetRawVulnerabilities for BlockChain { - fn get_raw_vuln_from_name(&self, name: &str) -> RawVulnerability { - match &self { - BlockChain::Ink => match name { - "assert_violation" => INK_ASSERT_VIOLATION, - "avoid_std_core_mem_forget" => INK_AVOID_STD_CORE_MEM_FORGET, - "avoid_format_string" => INK_AVOID_FORMAT_STRING, - "delegate_call" => INK_DELEGATE_CALL, - "divide_before_multiply" => INK_DIVIDE_BEFORE_MULTIPLY, - "dos_unbounded_operation" => INK_DOS_UNBOUNDED_OPERATION, - "unexpected_revert_warn" => INK_UNEXPECTED_REVERT_WARN, - "check_ink_version" => INK_CHECK_INK_VERSION, - "insufficiently_random_values" => INK_INSUFFICIENTLY_RANDOM_VALUES, - "integer_overflow_underflow" => INK_INTEGER_OVERFLOW_UNDERFLOW, - "iterator_over_indexing" => INK_ITERATOR_OVER_INDEXING, - "lazy_delegate" => INK_LAZY_DELEGATE, - "panic_error" => INK_PANIC_ERROR, - "reentrancy_1" => INK_REENTRANCY, - "reentrancy_2" => INK_REENTRANCY, - "unprotected_set_code_hash" => INK_UNPROTECTED_SET_CODE_HASH, - "set_storage_warn" => INK_SET_STORAGE_WARN, - "unprotected_mapping_operation" => INK_UNPROTECTED_MAPPING_OPERATION, - "unprotected_self_destruct" => INK_UNPROTECTED_SELF_DESTRUCT, - "unrestricted_transfer_from" => INK_UNRESTRICTED_TRANSFER_FROM, - "unsafe_expect" => INK_UNSAFE_EXPECT, - "unsafe_unwrap" => INK_UNSAFE_UNWRAP, - "unused_return_enum" => INK_UNUSED_RETURN_ENUM, - "zero_or_test_address" => INK_ZERO_OR_TEST_ADDRESS, - _ => panic!("Unknown vulnerability name: {}", name), - }, - BlockChain::Soroban => match name { - "avoid_core_mem_forget" => SOROBAN_AVOID_CORE_MEM_FORGET, - "avoid_panic_error" => SOROBAN_AVOID_PANIC_ERROR, - "avoid_unsafe_block" => SOROBAN_AVOID_UNSAFE_BLOCK, - "divide_before_multiply" => SOROBAN_DIVIDE_BEFORE_MULTIPLY, - "dos_unbounded_operation" => SOROBAN_DOS_UNBOUNDED_OPERATION, - "insufficiently_random_values" => SOROBAN_INSUFFICIENTLY_RANDOM_VALUES, - "overflow_check" => SOROBAN_OVERFLOW_CHECK, - "set_contract_storage" => SOROBAN_SET_CONTRACT_STORAGE, - "soroban_version" => SOROBAN_SOROBAN_VERSION, - "unprotected_update_current_contract_wasm" => { - SOROBAN_UNPROTECTED_UPDATE_CURRENT_CONTRACT_WASM - } - "unsafe_expect" => SOROBAN_UNSAFE_EXPECT, - "unsafe_unwrap" => SOROBAN_UNSAFE_UNWRAP, - "unused_return_enum" => SOROBAN_UNUSED_RETURN_ENUM, - _ => panic!("Unknown vulnerability name: {}", name), - }, - } - } - fn get_array_of_vulnerability_names(&self) -> std::vec::Vec<&'static str> { - match &self { - BlockChain::Ink => INK_DETECTORS.to_vec(), - BlockChain::Soroban => SOROBAN_DETECTORS.to_vec(), - } - } -} diff --git a/apps/cargo-scout-audit/src/output/vulnerabilities.rs b/apps/cargo-scout-audit/src/output/vulnerabilities.rs deleted file mode 100644 index 65db7281..00000000 --- a/apps/cargo-scout-audit/src/output/vulnerabilities.rs +++ /dev/null @@ -1,404 +0,0 @@ -pub const SOROBAN_DETECTORS: [&str; 13] = [ - "avoid_core_mem_forget", - "avoid_panic_error", - "avoid_unsafe_block", - "divide_before_multiply", - "dos_unbounded_operation", - "insufficiently_random_values", - "overflow_check", - "set_contract_storage", - "soroban_version", - "unprotected_update_current_contract_wasm", - "unsafe_expect", - "unsafe_unwrap", - "unused_return_enum", -]; - -pub const INK_DETECTORS: [&str; 24] = [ - "assert_violation", - "avoid_std_core_mem_forget", - "avoid_format_string", - "delegate_call", - "divide_before_multiply", - "dos_unbounded_operation", - "unexpected_revert_warn", - "check_ink_version", - "insufficiently_random_values", - "integer_overflow_underflow", - "iterator_over_indexing", - "lazy_delegate", - "panic_error", - "reentrancy_1", - "reentrancy_2", - "unprotected_set_code_hash", - "set_storage_warn", - "unprotected_mapping_operation", - "unprotected_self_destruct", - "unrestricted_transfer_from", - "unsafe_expect", - "unsafe_unwrap", - "unused_return_enum", - "zero_or_test_address", -]; -use crate::output::report::RawVulnerability; -use scout_audit_internal::{ink_lint_message::*, soroban_lint_message::*}; - -pub const SOROBAN_AVOID_CORE_MEM_FORGET: RawVulnerability = RawVulnerability { - id: "avoid_core_mem_forget", - name: "Avoid core::mem::forget usage", - short_message: SOROBAN_AVOID_CORE_MEM_FORGET_LINT_MESSAGE, - long_message: "The core::mem::forget function is used to forget about a value without running its destructor. This could lead to memory leaks and logic errors.", - severity: "Enhancement", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-core-mem-forget", - vulnerability_class: "Best practices", -}; - -pub const SOROBAN_AVOID_PANIC_ERROR: RawVulnerability = RawVulnerability { - id: "avoid_panic_error", - name: "Avoid panic! macro", - short_message: SOROBAN_AVOID_PANIC_ERROR_LINT_MESSAGE, - long_message: "The use of the panic! macro to stop execution when a condition is not met is useful for testing and prototyping but should be avoided in production code. Using Result as the return type for functions that can fail is the idiomatic way to handle errors in Rust. ", - severity: "Enhancement", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-panic-error", - vulnerability_class: "Validations and error handling", -}; - -pub const SOROBAN_AVOID_UNSAFE_BLOCK: RawVulnerability = RawVulnerability { - id: "avoid_unsafe_block", - name: "Avoid unsafe block", - short_message: SOROBAN_AVOID_UNSAFE_BLOCK_LINT_MESSAGE, - long_message: "The unsafe block is used to bypass Rust's safety checks. It is recommended to avoid using unsafe blocks as much as possible, and to use them only when necessary. ", - severity: "Enhancement", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-unsafe-block", - vulnerability_class: "Best practices", -}; - -pub const SOROBAN_DIVIDE_BEFORE_MULTIPLY: RawVulnerability = RawVulnerability { - id: "divide_before_multiply", - name: "Divide Before Multiply", - short_message: SOROBAN_DIVIDE_BEFORE_MULTIPLY_LINT_MESSAGE, - long_message: "Performing a division operation before a multiplication can lead to a loss of precision. This issue becomes significant in programs like smart contracts where numerical precision is crucial.", - severity: "Medium", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/divide-before-multiply", - vulnerability_class: "Arithmetic", -}; - -pub const SOROBAN_DOS_UNBOUNDED_OPERATION: RawVulnerability = RawVulnerability { - id: "dos_unbounded_operation", - name: "Denial of Service: Unbounded Operation", - short_message: SOROBAN_DOS_UNBOUNDED_OPERATION_LINT_MESSAGE, - long_message: "In order to prevent a single transaction from consuming all the gas in a block, unbounded operations must be avoided. This includes loops that do not have a bounded number of iterations, and recursive calls. ", - severity: "Medium", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/dos-unbounded-operation", - vulnerability_class: "Denial of Service", -}; - -pub const SOROBAN_INSUFFICIENTLY_RANDOM_VALUES: RawVulnerability = RawVulnerability { - id: "insufficiently_random_values", - name: "Insufficiently Random Values", - short_message: SOROBAN_INSUFFICIENTLY_RANDOM_VALUES_LINT_MESSAGE, - long_message: "Use env.prng() to generate random numbers, and remember that all random numbers are under the control of validators.", - severity: "Critical", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/insufficiently-random-values", - vulnerability_class: "Block attributes", -}; - -pub const SOROBAN_OVERFLOW_CHECK: RawVulnerability = RawVulnerability { - id: "overflow_check", - name: "Overflow Check", - short_message: SOROBAN_OVERFLOW_CHECK_LINT_MESSAGE, - long_message: "An overflow/underflow is typically caught and generates an error. When it is not caught, the operation will result in an inexact result which could lead to serious problems.", - severity: "Critical", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/overflow-check", - vulnerability_class: "Arithmetic", -}; - -pub const SOROBAN_SET_CONTRACT_STORAGE: RawVulnerability = RawVulnerability { - id: "set_contract_storage", - name: "Set Contract Storage", - short_message: SOROBAN_SET_CONTRACT_STORAGE_LINT_MESSAGE, - long_message: "In soroban, the storage of a contract can be modified by an arbitrary caller. When a smart contract uses this function, the contract needs to check if the caller should be able to alter this storage. If this does not happen, an arbitary caller may modify balances and other relevant contract storage.", - severity: "Critical", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/set-contract-storage", - vulnerability_class: "Authorization", -}; - -pub const SOROBAN_SOROBAN_VERSION: RawVulnerability = RawVulnerability { - id: "soroban_version", - name: "Check Soroban version", - short_message: SOROBAN_VERSION_LINT_MESSAGE, - long_message: "Using a older version of Soroban can be dangerous, as it may have bugs or security issues. Use the latest version available.", - severity: "Enhancement", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/soroban-version", - vulnerability_class: "Best practices", -}; - -pub const SOROBAN_UNPROTECTED_UPDATE_CURRENT_CONTRACT_WASM: RawVulnerability = RawVulnerability { - id: "unprotected_update_current_contract_wasm", - name: "Unprotected Update Current Contract Wasm", - short_message: SOROBAN_UNPROTECTED_UPDATE_CURRENT_CONTRACT_LINT_MESSAGE, - long_message: "If users are allowed to call update_current_contract_wasm, they can intentionally modify the contract behaviour, leading to the loss of all associated data/tokens and functionalities given by this contract or by others that depend on it. To prevent this, the function should be restricted to administrators or authorized users only. ", - severity: "Critical", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unprotected-update-current-contract-wasm", - vulnerability_class: "Authorization", -}; - -pub const SOROBAN_UNSAFE_EXPECT: RawVulnerability = RawVulnerability { - id: "unsafe_expect", - name: "Unsafe Expect", - short_message: SOROBAN_UNSAFE_EXPECT_LINT_MESSAGE, - long_message: "In Rust, the expect method is commonly used for error handling. It retrieves the value from a Result or Option and panics with a specified error message if an error occurs. However, using expect can lead to unexpected program crashes. ", - severity: "Medium", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unsafe-expect", - vulnerability_class: "Validations and error handling", -}; - -pub const SOROBAN_UNSAFE_UNWRAP: RawVulnerability = RawVulnerability { - id: "unsafe_unwrap", - name: "Unsafe Unwrap", - short_message: SOROBAN_UNSAFE_UNWRAP_LINT_MESSAGE, - long_message: "This vulnerability class pertains to the inappropriate usage of the unwrap method in Rust, which is commonly employed for error handling. The unwrap method retrieves the inner value of an Option or Result, but if an error or None occurs, it triggers a panic and crashes the program. ", - severity: "Medium", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unsafe-unwrap", - vulnerability_class: "Validations and error handling", -}; - -pub const SOROBAN_UNUSED_RETURN_ENUM: RawVulnerability = RawVulnerability { - id: "unused_return_enum", - name: "Unused Return Enum", - short_message: SOROBAN_UNUSED_RETURN_ENUM_LINT_MESSAGE, - long_message: "Soroban functions can return a Result enum with a custom error type. This is useful for the caller to know what went wrong when the message fails. The definition of the Result type enum consists of two variants: Ok and Err. If any of the variants is not used, the code could be simplified or it could imply a bug. ", - severity: "Minor", - help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unused-return-enum", - vulnerability_class: "Validations and error handling", -}; - -pub const INK_ASSERT_VIOLATION: RawVulnerability = RawVulnerability { - id: "assert_violation", - name: "Assert Violation", - short_message: INK_ASSERT_VIOLATION_LINT_MESSAGE, - long_message: "The assert! macro is used in Rust to ensure that a certain condition holds true at a certain point in your code. If the condition does not hold, then the assert! macro will cause the program to panic. This is a problem, as seen in panic-error", - severity: "Enhancement", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/assert-violation", - vulnerability_class: "Validations and error handling", -}; - -pub const INK_AVOID_STD_CORE_MEM_FORGET: RawVulnerability = RawVulnerability { - id: "avoid_std_core_mem_forget", - name: "Avoid std::mem::forget usage", - short_message: INK_AVOID_CORE_MEM_FORGET_LINT_MESSAGE, - long_message: "The core::mem::forget function is used to forget about a value without running its destructor. This could lead to memory leaks and logic errors.", - severity: "Enhancement", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/avoid-core-mem-forget", - vulnerability_class: "Best practices", -}; - -pub const INK_AVOID_FORMAT_STRING: RawVulnerability = RawVulnerability { - id: "avoid_format_string", - name: "Avoid format! macro", - short_message: INK_AVOID_FORMAT_STRING_LINT_MESSAGE, - long_message: "The format! macro is used to create a String from a given set of arguments. This macro is not recommended, it is better to use a custom error type enum. ", - severity: "Enhancement", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/avoid-format-string", - vulnerability_class: " Validations and error handling", -}; - -pub const INK_DELEGATE_CALL: RawVulnerability = RawVulnerability { - id: "delegate_call", - name: "Unsafe Delegate Call", - short_message: INK_DELEGATE_CALL_LINT_MESSAGE, - long_message: "It is important to validate and restrict delegate calls to trusted contracts, implement proper access control mechanisms, and carefully review external contracts to prevent unauthorized modifications, unexpected behavior, and potential exploits.", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/delegate-call", - vulnerability_class: "Authorization ", -}; - -pub const INK_DIVIDE_BEFORE_MULTIPLY: RawVulnerability = RawVulnerability { - id: "divide_before_multiply", - name: "Divide Before Multiply", - short_message: INK_DIVIDE_BEFORE_MULTIPLY_LINT_MESSAGE, - long_message: "Performing a division operation before a multiplication can lead to a loss of precision. This issue becomes significant in programs like smart contracts where numerical precision is crucial.", - severity: "Medium", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/divide-before-multiply", - vulnerability_class: "Arithmetic", -}; - -pub const INK_DOS_UNBOUNDED_OPERATION: RawVulnerability = RawVulnerability { - id: "dos_unbounded_operation", - name: "Denial of Service: Unbounded Operation", - short_message: INK_DOS_UNBOUNDED_OPERATION_LINT_MESSAGE, - long_message: "In order to prevent a single transaction from consuming all the gas in a block, unbounded operations must be avoided. This includes loops that do not have a bounded number of iterations, and recursive calls. ", - severity: "Medium", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/dos-unbounded-operation", - vulnerability_class: "Denial of Service", -}; - -pub const INK_UNEXPECTED_REVERT_WARN: RawVulnerability = RawVulnerability { - id: "unexpected_revert_warn", - name: "Unexpected Revert Inserting to Storage", - short_message: INK_DOS_UNEXPECTED_REVERT_WITH_VECTOR_LINT_MESSAGE, - long_message: " It occurs by preventing transactions by other users from being successfully executed forcing the blockchain state to revert to its original state.", - severity: "Medium", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/dos-unexpected-revert-with-vector", - vulnerability_class: "Denial of Service", -}; - -pub const INK_CHECK_INK_VERSION: RawVulnerability = RawVulnerability { - id: "check_ink_version", - name: "Check Ink! version", - short_message: INK_INK_VERSION_LINT_MESSAGE, - long_message: "Using a older version of ink! can be dangerous, as it may have bugs or security issues. Use the latest version available.", - severity: "Enhancement", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/ink-version", - vulnerability_class: "Best practices", -}; - -pub const INK_INSUFFICIENTLY_RANDOM_VALUES: RawVulnerability = RawVulnerability { - id: "insufficiently_random_values", - name: "Insufficiently Random Values", - short_message: INK_INSUFFICIENTLY_RANDOM_VALUES_LINT_MESSAGE, - long_message: "Using block attributes like block_timestamp or block_number for random number generation in ink! Substrate smart contracts is not recommended due to the predictability of these values. Block attributes are publicly visible and deterministic, making it easy for malicious actors to anticipate their values and manipulate outcomes to their advantage.", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/insufficiently-random-values", - vulnerability_class: "Block attributes", -}; - -pub const INK_INTEGER_OVERFLOW_UNDERFLOW: RawVulnerability = RawVulnerability { - id: "integer_overflow_underflow", - name: "Integer Overflow/Underflow", - short_message: INK_INTEGER_OVERFLOW_OR_UNDERFLOW_LINT_MESSAGE, - long_message: "An overflow/underflow is typically caught and generates an error. When it is not caught, the operation will result in an inexact result which could lead to serious problems.\n In Ink! 5.0.0, using raw math operations will result in `cargo contract build` failing with an error message.", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/integer-overflow-or-underflow", - vulnerability_class: "Arithmetic", -}; - -pub const INK_ITERATOR_OVER_INDEXING: RawVulnerability = RawVulnerability { - id: "iterator_over_indexing", - name: "Iterator Over Indexing", - short_message: INK_ITERATORS_OVER_INDEXING_LINT_MESSAGE, - long_message: "The use of iterators over indexing is a best practice that should be followed in Rust. This is because accessing a vector by index is slower than using an iterator. Also, if the index is out of bounds, it will panic. ", - severity: "Enhancement", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/iterators-over-indexing", - vulnerability_class: "Best practices", -}; - -pub const INK_LAZY_DELEGATE: RawVulnerability = RawVulnerability { - id: "lazy_delegate", - name: "Lazy Delegate", - short_message: INK_LAZY_DELEGATE_LINT_MESSAGE, - long_message: "A bug in ink! causes delegated calls to not modify the caller's storage unless Lazy with ManualKey or Mapping is used.", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/lazy-delegate", - vulnerability_class: "Known Bugs", -}; - -pub const INK_PANIC_ERROR: RawVulnerability = RawVulnerability { - id: "panic_error", - name: "Panic Error", - short_message: INK_PANIC_ERROR_LINT_MESSAGE, - long_message: "The use of the panic! macro to stop execution when a condition is not met is useful for testing and prototyping but should be avoided in production code. Using Result as the return type for functions that can fail is the idiomatic way to handle errors in Rust. ", - severity: "Enhancement", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/panic-error", - vulnerability_class: "Validations and error handling", -}; - -pub const INK_REENTRANCY: RawVulnerability = RawVulnerability { - id: "reentrancy", - name: "Reentrancy", - short_message: INK_REENTRANCY_LINT_MESSAGE, - long_message: "An ink! smart contract can interact with other smart contracts. These operations imply (external) calls where control flow is passed to the called contract until the execution of the called code is over, then the control is delivered back to the caller. A reentrancy vulnerability may happen when a user calls a function, this function calls a malicious contract which again calls this same function, and this 'reentrancy' has unexpected reprecussions to the contract.", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/reentrancy", - vulnerability_class: "Reentrancy", -}; - -pub const INK_UNPROTECTED_SET_CODE_HASH: RawVulnerability = RawVulnerability { - id: "unprotected_set_code_hash", - name: "Unprotected Set Code Hash", - short_message: INK_SET_CODE_HASH_LINT_MESSAGE, - long_message: "If users are allowed to call set_code_hash, they can intentionally modify the contract behaviour, leading to the loss of all associated data/tokens and functionalities given by this contract or by others that depend on it. To prevent this, the function should be restricted to administrators or authorized users only. ", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-set-code-hash", - vulnerability_class: "Authorization", -}; - -pub const INK_SET_STORAGE_WARN: RawVulnerability = RawVulnerability { - id: "set_storage_warn", - name: "Set Contract Storage", - short_message: INK_SET_CONTRACT_STORAGE_LINT_MESSAGE, - long_message: "In ink! the function set_contract_storage(key: &K, value: &V) can be used to modify the contract storage under a given key. When a smart contract uses this function, the contract needs to check if the caller should be able to alter this storage. If this does not happen, an arbitary caller may modify balances and other relevant contract storage. ", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/set-contract-storage", - vulnerability_class: "Authorization", -}; - -pub const INK_UNPROTECTED_MAPPING_OPERATION: RawVulnerability = RawVulnerability { - id: "unprotected_mapping_operation", - name: "Unprotected Mapping Operation", - short_message: INK_UNPROTECTED_MAPPING_OPERATION_LINT_MESSAGE, - long_message: "Modifying mappings with an arbitrary key given by the user could lead to unintented modifications of critical data, modifying data belonging to other users, causing denial of service, unathorized access, and other potential issues. ", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-mapping-operation", - vulnerability_class: "Validations and error handling", -}; - -pub const INK_UNPROTECTED_SELF_DESTRUCT: RawVulnerability = RawVulnerability { - id: "unprotected_self_destruct", - name: "Unprotected Self Destruct", - short_message: INK_UNPROTECTED_SELF_DESTRUCT_LINT_MESSAGE, - long_message: "If users are allowed to call terminate_contract, they can intentionally or accidentally destroy the contract, leading to the loss of all associated data and functionalities given by this contract or by others that depend on it. To prevent this, the function should be restricted to administrators or authorized users only. ", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/unprotected-self-destruct", - vulnerability_class: "Authorization", -}; - -pub const INK_UNRESTRICTED_TRANSFER_FROM: RawVulnerability = RawVulnerability { - id: "unrestricted_transfer_from", - name: "Unrestricted Transfer From", - short_message: INK_UNRESTRICTED_TRANSFER_FROM_LINT_MESSAGE, - long_message: "In an ink! Substrate smart contract, allowing unrestricted transfer_from operations poses a significant vulnerability. When from arguments for that function is provided directly by the user, this might enable the withdrawal of funds from any actor with token approval on the contract. This could result in unauthorized transfers and loss of funds. To mitigate this vulnerability, instead of allowing an arbitrary from address, the from address should be restricted, ideally to the address of the caller (self.env().caller()), ensuring that the sender can initiate a transfer only with their own tokens. ", - severity: "Critical", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/unrestricted-transfer-from", - vulnerability_class: "Validations and error handling", -}; - -pub const INK_UNSAFE_EXPECT: RawVulnerability = RawVulnerability { - id: "unsafe_expect", - name: "Unsafe Expect", - short_message: INK_UNSAFE_EXPECT_LINT_MESSAGE, - long_message: "In Rust, the expect method is commonly used for error handling. It retrieves the value from a Result or Option and panics with a specified error message if an error occurs. However, using expect can lead to unexpected program crashes. ", - severity: "Medium", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/unsafe-expect", - vulnerability_class: "Validations and error handling", -}; - -pub const INK_UNSAFE_UNWRAP: RawVulnerability = RawVulnerability { - id: "unsafe_unwrap", - name: "Unsafe Unwrap", - short_message: INK_UNSAFE_UNWRAP_LINT_MESSAGE, - long_message: "This vulnerability class pertains to the inappropriate usage of the unwrap method in Rust, which is commonly employed for error handling. The unwrap method retrieves the inner value of an Option or Result, but if an error or None occurs, it triggers a panic and crashes the program. ", - severity: "Medium", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/unsafe-unwrap", - vulnerability_class: "Validations and error handling", -}; - -pub const INK_UNUSED_RETURN_ENUM: RawVulnerability = RawVulnerability { - id: "unused_return_enum", - name: "Unused Return Enum", - short_message: INK_UNUSED_RETURN_ENUM_LINT_MESSAGE, - long_message: "Ink! messages can return a Result enum with a custom error type. This is useful for the caller to know what went wrong when the message fails. The definition of the Result type enum consists of two variants: Ok and Err. If any of the variants is not used, the code could be simplified or it could imply a bug. ", - severity: "Minor", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/unused-return-enum", - vulnerability_class: "Validations and error handling", -}; - -pub const INK_ZERO_OR_TEST_ADDRESS: RawVulnerability = RawVulnerability { - id: "zero_or_test_address", - name: "Zero or Test Address", - short_message: INK_ZERO_OR_TEST_ADDRESS_LINT_MESSAGE, - long_message: "The assignment of the zero address to a variable in a smart contract represents a critical vulnerability because it can lead to loss of control over the contract. This stems from the fact that the zero address does not have an associated private key, which means it's impossible to claim ownership, rendering any contract assets or functions permanently inaccessible. ", - severity: "Medium", - help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/zero-or-test-address", - vulnerability_class: "Validations and error handling", -}; diff --git a/apps/cargo-scout-audit/src/startup.rs b/apps/cargo-scout-audit/src/startup.rs index f2dc0b85..a3d9ad05 100644 --- a/apps/cargo-scout-audit/src/startup.rs +++ b/apps/cargo-scout-audit/src/startup.rs @@ -1,11 +1,14 @@ use core::panic; +use current_platform::CURRENT_PLATFORM; use std::{ - fs, + collections::HashMap, + env, fs, hash::{Hash, Hasher}, path::PathBuf, + process::{Child, Command}, }; -use anyhow::{bail, Context, Result}; +use anyhow::{bail, Context, Ok, Result}; use cargo::Config; use cargo_metadata::MetadataCommand; use clap::{Parser, Subcommand, ValueEnum}; @@ -17,6 +20,7 @@ use crate::{ utils::{ config::{open_config_or_default, profile_enabled_detectors}, detectors::{get_excluded_detectors, get_filtered_detectors, list_detectors}, + detectors_info::{get_detectors_info, LintInfo}, }, }; @@ -101,10 +105,18 @@ pub struct Scout { #[clap( short, long, - help = "Prints verbose information.", + help = "Prints detectors metadata.", default_value_t = false )] pub verbose: bool, + + #[clap( + name = "metadata", + long, + help = "Prints metadata information.", + default_value_t = false + )] + pub detectors_metadata: bool, } #[derive(Debug, Copy, Clone)] @@ -121,6 +133,12 @@ pub struct ProjectInfo { } pub fn run_scout(opts: Scout) -> Result<()> { + let opt_child = run_scout_in_nightly()?; + if let Some(mut child) = opt_child { + child.wait()?; + return Ok(()); + } + // Validations if opts.filter.is_some() && opts.exclude.is_some() { panic!("You can't use `--exclude` and `--filter` at the same time."); @@ -211,6 +229,14 @@ pub fn run_scout(opts: Scout) -> Result<()> { .build(bc_dependency, used_detectors) .context("Failed to build detectors bis")?; + let detectors_info = get_detectors_info(&detectors_paths)?; + + if opts.detectors_metadata { + let json = serde_json::to_string_pretty(&detectors_info); + println!("{}", json.unwrap()); + return Ok(()); + } + let root = metadata.root_package().unwrap(); let mut hasher = std::hash::DefaultHasher::new(); @@ -225,16 +251,47 @@ pub fn run_scout(opts: Scout) -> Result<()> { }; // Run dylint - run_dylint(detectors_paths, opts, bc_dependency, info).context("Failed to run dylint")?; + run_dylint(detectors_paths, opts, bc_dependency, info, detectors_info) + .context("Failed to run dylint")?; Ok(()) } +fn run_scout_in_nightly() -> Result> { + #[cfg(target_os = "linux")] + let var_name = "LD_LIBRARY_PATH"; + #[cfg(target_os = "macos")] + let var_name = "DYLD_FALLBACK_LIBRARY_PATH"; + let toolchain = std::env::var(var_name)?; + if !toolchain.contains("nightly-2023-12-16") { + let current_platform = CURRENT_PLATFORM; + let rustup_home = env::var("RUSTUP_HOME")?; + + let lib_path = + rustup_home.clone() + "/toolchains/nightly-2023-12-16-" + current_platform + "/lib"; + + let args: Vec = env::args().collect(); + let program = args[0].clone(); + + let mut command = Command::new(program); + for arg in args.iter().skip(1) { + command.arg(arg); + } + + command.env(var_name, lib_path); + let child = command.spawn()?; + Ok(Some(child)) + } else { + Ok(None) + } +} + fn run_dylint( detectors_paths: Vec, mut opts: Scout, - bc_dependency: BlockChain, + _bc_dependency: BlockChain, info: ProjectInfo, + detectors_info: HashMap, ) -> Result<()> { // Convert detectors paths to string let detectors_paths: Vec = detectors_paths @@ -288,7 +345,7 @@ fn run_dylint( let mut content = String::new(); std::io::Read::read_to_string(&mut stdout_file, &mut content)?; - let report = generate_report(content, info, bc_dependency); + let report = generate_report(content, info, detectors_info); // Generate HTML let html = report.generate_html()?; @@ -319,7 +376,7 @@ fn run_dylint( let mut content = String::new(); std::io::Read::read_to_string(&mut stdout_file, &mut content)?; - let report = generate_report(content, info, bc_dependency); + let report = generate_report(content, info, detectors_info); // Generate Markdown let markdown_path = report.generate_markdown()?; @@ -368,7 +425,7 @@ fn run_dylint( let mut content = String::new(); std::io::Read::read_to_string(&mut stdout_file, &mut content)?; - let report = generate_report(content, info, bc_dependency); + let report = generate_report(content, info, detectors_info); let path = if let Some(path) = opts.output_path { path diff --git a/apps/cargo-scout-audit/src/utils/detectors_info.rs b/apps/cargo-scout-audit/src/utils/detectors_info.rs new file mode 100644 index 00000000..19a3a1d6 --- /dev/null +++ b/apps/cargo-scout-audit/src/utils/detectors_info.rs @@ -0,0 +1,65 @@ +use anyhow::{Ok, Result}; +use serde::Serialize; +use std::{collections::HashMap, ffi, path::PathBuf}; + +#[derive(Default, Debug, Clone, Serialize)] +pub struct RawLintInfo { + pub id: ffi::CString, + pub name: ffi::CString, + pub short_message: ffi::CString, + pub long_message: ffi::CString, + pub severity: ffi::CString, + pub help: ffi::CString, + pub vulnerability_class: ffi::CString, +} + +#[derive(Default, Debug, Clone, Serialize)] +pub struct LintInfo { + pub id: String, + pub name: String, + pub short_message: String, + pub long_message: String, + pub severity: String, + pub help: String, + pub vulnerability_class: String, +} + +impl From<&RawLintInfo> for LintInfo { + fn from(info: &RawLintInfo) -> Self { + LintInfo { + id: info.id.to_str().unwrap().to_string(), + name: info.name.to_str().unwrap().to_string(), + short_message: info.short_message.to_str().unwrap().to_string(), + long_message: info.long_message.to_str().unwrap().to_string(), + severity: info.severity.to_str().unwrap().to_string(), + help: info.help.to_str().unwrap().to_string(), + vulnerability_class: info.vulnerability_class.to_str().unwrap().to_string(), + } + } +} + +type LintInfoFunc = unsafe fn(info: &mut RawLintInfo); + +pub fn get_detectors_info(detectors_paths: &Vec) -> Result> { + let mut lint_store = HashMap::::default(); + + for detector_path in detectors_paths { + unsafe { + let lib_res = libloading::os::unix::Library::open( + Some(detector_path), + libloading::os::unix::RTLD_LAZY | libloading::os::unix::RTLD_LOCAL, + ); + + let lib = lib_res.unwrap(); + let lint_info_func_res = lib.get::(b"lint_info"); + if lint_info_func_res.is_ok() { + let lint_info_func = lint_info_func_res.unwrap(); + let mut info = RawLintInfo::default(); + lint_info_func(&mut info); + let lint_info = LintInfo::from(&info); + lint_store.insert(lint_info.id.clone(), lint_info); + } + } + } + Ok(lint_store) +} diff --git a/apps/cargo-scout-audit/src/utils/mod.rs b/apps/cargo-scout-audit/src/utils/mod.rs index a1738aae..eb6be041 100644 --- a/apps/cargo-scout-audit/src/utils/mod.rs +++ b/apps/cargo-scout-audit/src/utils/mod.rs @@ -3,6 +3,6 @@ pub mod cargo_package; pub mod command; pub mod config; pub mod detectors; +pub mod detectors_info; pub mod env; -pub mod output; pub mod rustup; diff --git a/scout-audit-dylint-linting/Cargo.lock b/scout-audit-dylint-linting/Cargo.lock index 4de82cc3..2b2ffa66 100644 --- a/scout-audit-dylint-linting/Cargo.lock +++ b/scout-audit-dylint-linting/Cargo.lock @@ -204,7 +204,7 @@ checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" [[package]] name = "scout-audit-dylint-linting" -version = "2.6.1" +version = "3.0.1" dependencies = [ "assert_cmd", "cargo_metadata", diff --git a/scout-audit-dylint-linting/Cargo.toml b/scout-audit-dylint-linting/Cargo.toml index b4c1ba1a..b5caa616 100644 --- a/scout-audit-dylint-linting/Cargo.toml +++ b/scout-audit-dylint-linting/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "scout-audit-dylint-linting" -version = "2.6.1" +version = "3.0.1" authors = ["Samuel E. Moelius III "] description = "Utilities for writing Dylint libraries" edition = "2021" diff --git a/scout-audit-dylint-linting/src/lib.rs b/scout-audit-dylint-linting/src/lib.rs index 714d17d5..6d04f55e 100644 --- a/scout-audit-dylint-linting/src/lib.rs +++ b/scout-audit-dylint-linting/src/lib.rs @@ -205,6 +205,7 @@ extern crate rustc_span; use std::{ any::type_name, + ffi, fs::read_to_string, path::{Path, PathBuf}, sync::Mutex, @@ -218,6 +219,16 @@ pub const DYLINT_VERSION: &str = "0.1.0"; pub use paste; +pub struct LintInfo { + pub id: ffi::CString, + pub name: ffi::CString, + pub short_message: ffi::CString, + pub long_message: ffi::CString, + pub severity: ffi::CString, + pub help: ffi::CString, + pub vulnerability_class: ffi::CString, +} + // smoelius: Including `extern crate rustc_driver` causes the library to link against // `librustc_driver.so`, which dylint-driver also links against. So, essentially, the library uses // dylint-driver's copy of the Rust compiler crates. @@ -272,10 +283,29 @@ macro_rules! __maybe_mangle { }; } +#[macro_export] +macro_rules! __raw_lint_info { + ($VAR: ident, $NAME:ident, $desc: expr, { + name: $name:expr, + long_message: $long_message:expr, + severity: $severity:expr, + help: $help:expr, + vulnerability_class: $vulnerability_class:expr $(,)* + }) => { + $VAR.id = std::ffi::CString::new(stringify!($NAME).to_lowercase().as_bytes()).unwrap(); + $VAR.name = std::ffi::CString::new($name.as_bytes()).unwrap(); + $VAR.short_message = std::ffi::CString::new($desc.as_bytes()).unwrap(); + $VAR.long_message = std::ffi::CString::new($long_message.as_bytes()).unwrap(); + $VAR.severity = std::ffi::CString::new($severity.as_bytes()).unwrap(); + $VAR.help = std::ffi::CString::new($help.as_bytes()).unwrap(); + $VAR.vulnerability_class = std::ffi::CString::new($vulnerability_class.as_bytes()).unwrap(); + }; +} + #[doc(hidden)] #[macro_export] macro_rules! __declare_and_register_lint { - ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $register_pass_method:ident, $pass:expr) => { + ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $register_pass_method:ident, $pass:expr, $info: tt) => { $crate::__maybe_exclude! { $crate::dylint_library!(); } @@ -283,6 +313,13 @@ macro_rules! __declare_and_register_lint { extern crate rustc_lint; extern crate rustc_session; + $crate::__maybe_mangle! { + #[allow(clippy::no_mangle_with_rust_abi)] + pub fn lint_info(info: &mut $crate::LintInfo) { + $crate::__raw_lint_info!(info, $NAME, $desc, $info); + } + } + $crate::__maybe_mangle! { #[allow(clippy::no_mangle_with_rust_abi)] pub fn register_lints(sess: &rustc_session::Session, lint_store: &mut rustc_lint::LintStore) { @@ -322,13 +359,14 @@ macro_rules! __make_late_closure { #[macro_export] macro_rules! impl_pre_expansion_lint { - ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $pass:expr) => { + ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $pass:expr, $info: tt) => { $crate::__declare_and_register_lint!( $(#[$attr])* $vis $NAME, $Level, $desc, register_pre_expansion_pass, - || Box::new($pass) + || Box::new($pass), + $info ); $crate::paste::paste! { rustc_session::impl_lint_pass!([< $NAME:camel >] => [$NAME]); @@ -338,13 +376,14 @@ macro_rules! impl_pre_expansion_lint { #[macro_export] macro_rules! impl_early_lint { - ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $pass:expr) => { + ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $pass:expr, $info: tt) => { $crate::__declare_and_register_lint!( $(#[$attr])* $vis $NAME, $Level, $desc, register_early_pass, - || Box::new($pass) + || Box::new($pass), + $info ); $crate::paste::paste! { rustc_session::impl_lint_pass!([< $NAME:camel >] => [$NAME]); @@ -354,13 +393,14 @@ macro_rules! impl_early_lint { #[macro_export] macro_rules! impl_late_lint { - ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $pass:expr) => { + ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $pass:expr, $info: tt) => { $crate::__declare_and_register_lint!( $(#[$attr])* $vis $NAME, $Level, $desc, register_late_pass, - $crate::__make_late_closure!($pass) + $crate::__make_late_closure!($pass), + $info ); $crate::paste::paste! { rustc_session::impl_lint_pass!([< $NAME:camel >] => [$NAME]); @@ -370,14 +410,15 @@ macro_rules! impl_late_lint { #[macro_export] macro_rules! declare_pre_expansion_lint { - ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr) => { + ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $info: tt) => { $crate::paste::paste! { $crate::__declare_and_register_lint!( $(#[$attr])* $vis $NAME, $Level, $desc, register_pre_expansion_pass, - || Box::new([< $NAME:camel >]) + || Box::new([< $NAME:camel >]), + $info ); rustc_session::declare_lint_pass!([< $NAME:camel >] => [$NAME]); } @@ -386,14 +427,15 @@ macro_rules! declare_pre_expansion_lint { #[macro_export] macro_rules! declare_early_lint { - ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr) => { + ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $info: tt) => { $crate::paste::paste! { $crate::__declare_and_register_lint!( $(#[$attr])* $vis $NAME, $Level, $desc, register_early_pass, - || Box::new([< $NAME:camel >]) + || Box::new([< $NAME:camel >]), + $info ); rustc_session::declare_lint_pass!([< $NAME:camel >] => [$NAME]); } @@ -402,14 +444,15 @@ macro_rules! declare_early_lint { #[macro_export] macro_rules! declare_late_lint { - ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr) => { + ($(#[$attr:meta])* $vis:vis $NAME:ident, $Level:ident, $desc:expr, $info: tt) => { $crate::paste::paste! { $crate::__declare_and_register_lint!( $(#[$attr])* $vis $NAME, $Level, $desc, register_late_pass, - $crate::__make_late_closure!([< $NAME:camel >]) + $crate::__make_late_closure!([< $NAME:camel >]), + $info ); rustc_session::declare_lint_pass!([< $NAME:camel >] => [$NAME]); } diff --git a/scout-audit-internal/Cargo.toml b/scout-audit-internal/Cargo.toml deleted file mode 100644 index 3a9aa16b..00000000 --- a/scout-audit-internal/Cargo.toml +++ /dev/null @@ -1,31 +0,0 @@ -[package] -name = "scout-audit-internal" -version = "0.2.4" -edition = "2021" -authors = [ - "José García Crosta ", - "Facundo Lerena ", - "Agustin Losiggio ", - "Matias Cabello ", - "Ariel Waissbein ", -] -license = "MIT" -description = "Scout is an extensible open-source tool intended to assist soroban smart contract developers and auditors detect common security issues and deviations from best practices." -homepage = "https://github.com/CoinFabrik/scout-soroban" -repository = "https://github.com/CoinFabrik/scout-soroban" -readme = "../README.md" -keywords = ["auditor", "security", "soroban", "stellar", "smart-contracts"] -categories = ["development-tools", "command-line-utilities"] - -[features] -detector = ["dep:strum"] -lint_helper = [ - "dep:scout-audit-clippy-utils", - "dep:serde_json" -] - -[dependencies] -strum = { version = "0.25", features = ["derive"], optional = true } -serde_json = { version = "1.0", optional = true } -scout-audit-clippy-utils = { version = "=0.2.3", path = "../scout-audit-clippy-utils", optional = true } diff --git a/scout-audit-internal/rust-toolchain b/scout-audit-internal/rust-toolchain deleted file mode 100644 index bcb80559..00000000 --- a/scout-audit-internal/rust-toolchain +++ /dev/null @@ -1,3 +0,0 @@ -[toolchain] -channel = "nightly-2023-12-16" -components = ["llvm-tools-preview", "rustc-dev"] diff --git a/scout-audit-internal/src/detector.rs b/scout-audit-internal/src/detector.rs deleted file mode 100644 index 03d1574b..00000000 --- a/scout-audit-internal/src/detector.rs +++ /dev/null @@ -1,194 +0,0 @@ -#[cfg(feature = "lint_helper")] -extern crate rustc_driver; -#[cfg(feature = "lint_helper")] -extern crate rustc_errors; -#[cfg(feature = "lint_helper")] -extern crate rustc_lint; -#[cfg(feature = "lint_helper")] -extern crate rustc_span; - -pub mod ink_lint_message; -pub mod soroban_lint_message; - -use ink_lint_message::*; -use soroban_lint_message::*; - -#[cfg(feature = "lint_helper")] -use rustc_lint::{Lint, LintContext}; -#[cfg(feature = "lint_helper")] -use rustc_span::Span; -#[cfg(feature = "lint_helper")] -use scout_audit_clippy_utils::diagnostics::{ - span_lint as span_lint_clippy, span_lint_and_help as span_lint_and_help_clippy, -}; -#[cfg(feature = "lint_helper")] -use serde_json::json; -use strum::{Display, EnumIter}; - -/// Available detectors for Soroban -#[derive(Debug, Display, Clone, EnumIter, PartialEq, Eq, Hash)] -#[strum(serialize_all = "kebab-case")] -pub enum SorobanDetector { - AvoidCoreMemForget, - AvoidPanicError, - AvoidUnsafeBlock, - DivideBeforeMultiply, - DosUnboundedOperation, - InsufficientlyRandomValues, - OverflowCheck, - SetContractStorage, - SorobanVersion, - UnprotectedUpdateCurrentContractWasm, - UnsafeExpect, - UnsafeUnwrap, - UnusedReturnEnum, -} - -// Available detectors for Ink -#[derive(Debug, Display, Clone, EnumIter, PartialEq, Eq, Hash)] -#[strum(serialize_all = "kebab-case")] -pub enum InkDetector { - AssertViolation, - AvoidCoreMemForget, - AvoidFormatString, - DelegateCall, - DivideBeforeMultiply, - DosUnboundedOperation, - DosUnexpectedRevertWithVector, - InkVersion, - InsufficientlyRandomValues, - IntegerOverflowOrUnderflow, - IteratorsOverIndexing, - LazyDelegate, - PanicError, - #[strum(serialize = "reentrancy-1")] - Reentrancy1, - #[strum(serialize = "reentrancy-2")] - Reentrancy2, - SetCodeHash, - SetContractStorage, - UnprotectedMappingOperation, - UnprotectedSelfDestruct, - UnrestrictedTransferFrom, - UnsafeExpect, - UnsafeUnwrap, - UnusedReturnEnum, - ZeroOrTestAddress, -} - -/* -This trait should be implemented by every enum of detectors (for each blockchain) -We cannot use this trait because it's not possible to make CONST functions in traits! -If in the future this is possible, we can use this trait to enforce the implementation of the functions -*/ -pub trait DetectorImpl: std::fmt::Display { - fn get_lint_message(&self) -> &'static str; - - #[cfg(feature = "lint_helper")] - fn span_lint_and_help( - &self, - cx: &T, - lint: &'static Lint, - span: Span, - help: &str, - ); - - #[cfg(feature = "lint_helper")] - fn span_lint(&self, cx: &T, lint: &'static Lint, span: Span); -} - -impl DetectorImpl for SorobanDetector { - fn get_lint_message(&self) -> &'static str { - match self { - SorobanDetector::AvoidCoreMemForget => SOROBAN_AVOID_CORE_MEM_FORGET_LINT_MESSAGE, - SorobanDetector::InsufficientlyRandomValues => { - SOROBAN_INSUFFICIENTLY_RANDOM_VALUES_LINT_MESSAGE - } - SorobanDetector::DivideBeforeMultiply => SOROBAN_DIVIDE_BEFORE_MULTIPLY_LINT_MESSAGE, - SorobanDetector::OverflowCheck => SOROBAN_OVERFLOW_CHECK_LINT_MESSAGE, - SorobanDetector::SetContractStorage => SOROBAN_SET_CONTRACT_STORAGE_LINT_MESSAGE, - SorobanDetector::UnprotectedUpdateCurrentContractWasm => { - SOROBAN_UNPROTECTED_UPDATE_CURRENT_CONTRACT_LINT_MESSAGE - } - SorobanDetector::UnsafeExpect => SOROBAN_UNSAFE_EXPECT_LINT_MESSAGE, - SorobanDetector::UnsafeUnwrap => SOROBAN_UNSAFE_UNWRAP_LINT_MESSAGE, - SorobanDetector::AvoidPanicError => SOROBAN_AVOID_PANIC_ERROR_LINT_MESSAGE, - SorobanDetector::AvoidUnsafeBlock => SOROBAN_AVOID_UNSAFE_BLOCK_LINT_MESSAGE, - SorobanDetector::DosUnboundedOperation => SOROBAN_DOS_UNBOUNDED_OPERATION_LINT_MESSAGE, - SorobanDetector::SorobanVersion => SOROBAN_VERSION_LINT_MESSAGE, - SorobanDetector::UnusedReturnEnum => SOROBAN_UNUSED_RETURN_ENUM_LINT_MESSAGE, - } - } - - #[cfg(feature = "lint_helper")] - fn span_lint_and_help( - &self, - cx: &T, - lint: &'static Lint, - span: Span, - help: &str, - ) { - span_lint_and_help_clippy(cx, lint, span, self.get_lint_message(), None, help); - } - - #[cfg(feature = "lint_helper")] - fn span_lint(&self, cx: &T, lint: &'static Lint, span: Span) { - span_lint_clippy(cx, lint, span, self.get_lint_message()); - } -} - -impl DetectorImpl for InkDetector { - /// Returns the lint message for the detector. - fn get_lint_message(&self) -> &'static str { - match self { - InkDetector::AssertViolation => INK_ASSERT_VIOLATION_LINT_MESSAGE, - InkDetector::AvoidCoreMemForget => INK_AVOID_CORE_MEM_FORGET_LINT_MESSAGE, - InkDetector::AvoidFormatString => INK_AVOID_FORMAT_STRING_LINT_MESSAGE, - InkDetector::DelegateCall => INK_DELEGATE_CALL_LINT_MESSAGE, - InkDetector::DivideBeforeMultiply => INK_DIVIDE_BEFORE_MULTIPLY_LINT_MESSAGE, - InkDetector::DosUnboundedOperation => INK_DOS_UNBOUNDED_OPERATION_LINT_MESSAGE, - InkDetector::DosUnexpectedRevertWithVector => { - INK_DOS_UNEXPECTED_REVERT_WITH_VECTOR_LINT_MESSAGE - } - InkDetector::InkVersion => INK_INK_VERSION_LINT_MESSAGE, - InkDetector::InsufficientlyRandomValues => { - INK_INSUFFICIENTLY_RANDOM_VALUES_LINT_MESSAGE - } - InkDetector::IntegerOverflowOrUnderflow => { - INK_INTEGER_OVERFLOW_OR_UNDERFLOW_LINT_MESSAGE - } - InkDetector::IteratorsOverIndexing => INK_ITERATORS_OVER_INDEXING_LINT_MESSAGE, - InkDetector::LazyDelegate => INK_LAZY_DELEGATE_LINT_MESSAGE, - InkDetector::PanicError => INK_PANIC_ERROR_LINT_MESSAGE, - InkDetector::Reentrancy1 => INK_REENTRANCY_LINT_MESSAGE, - InkDetector::Reentrancy2 => INK_REENTRANCY_LINT_MESSAGE, - InkDetector::SetCodeHash => INK_SET_CODE_HASH_LINT_MESSAGE, - InkDetector::SetContractStorage => INK_SET_CONTRACT_STORAGE_LINT_MESSAGE, - InkDetector::UnprotectedMappingOperation => { - INK_UNPROTECTED_MAPPING_OPERATION_LINT_MESSAGE - } - InkDetector::UnprotectedSelfDestruct => INK_UNPROTECTED_SELF_DESTRUCT_LINT_MESSAGE, - InkDetector::UnrestrictedTransferFrom => INK_UNRESTRICTED_TRANSFER_FROM_LINT_MESSAGE, - InkDetector::UnsafeExpect => INK_UNSAFE_EXPECT_LINT_MESSAGE, - InkDetector::UnsafeUnwrap => INK_UNSAFE_UNWRAP_LINT_MESSAGE, - InkDetector::UnusedReturnEnum => INK_UNUSED_RETURN_ENUM_LINT_MESSAGE, - InkDetector::ZeroOrTestAddress => INK_ZERO_OR_TEST_ADDRESS_LINT_MESSAGE, - } - } - - #[cfg(feature = "lint_helper")] - fn span_lint_and_help( - &self, - cx: &T, - lint: &'static Lint, - span: Span, - help: &str, - ) { - span_lint_and_help_clippy(cx, lint, span, self.get_lint_message(), None, help); - } - - #[cfg(feature = "lint_helper")] - fn span_lint(&self, cx: &T, lint: &'static Lint, span: Span) { - span_lint_clippy(cx, lint, span, self.get_lint_message()); - } -} diff --git a/scout-audit-internal/src/detector/ink_lint_message.rs b/scout-audit-internal/src/detector/ink_lint_message.rs deleted file mode 100644 index 882c3d0e..00000000 --- a/scout-audit-internal/src/detector/ink_lint_message.rs +++ /dev/null @@ -1,33 +0,0 @@ -pub const INK_ASSERT_VIOLATION_LINT_MESSAGE: &str = - "Assert causes panic. Instead, return a proper error."; -pub const INK_AVOID_CORE_MEM_FORGET_LINT_MESSAGE: &str = - "Using `core::mem::forget` is not recommended."; -pub const INK_AVOID_FORMAT_STRING_LINT_MESSAGE: &str = "The format! macro should not be used."; -pub const INK_DELEGATE_CALL_LINT_MESSAGE: &str = "Passing arguments to the target of a delegate call is not safe, as it allows the caller to set a malicious hash as the target."; -pub const INK_DIVIDE_BEFORE_MULTIPLY_LINT_MESSAGE: &str = - "Division before multiplication might result in a loss of precision"; -pub const INK_DOS_UNBOUNDED_OPERATION_LINT_MESSAGE: &str = - "In order to prevent a single transaction from consuming all the gas in a block, unbounded operations must be avoided"; -pub const INK_DOS_UNEXPECTED_REVERT_WITH_VECTOR_LINT_MESSAGE: &str = - "This vector operation is called without access control"; -pub const INK_INK_VERSION_LINT_MESSAGE: &str = "Use the latest version of ink!"; -pub const INK_INSUFFICIENTLY_RANDOM_VALUES_LINT_MESSAGE: &str = "In order to prevent randomness manipulations by validators block_timestamp should not be used as random number source"; -pub const INK_INTEGER_OVERFLOW_OR_UNDERFLOW_LINT_MESSAGE: &str = "Potential for integer arithmetic overflow/underflow. Consider checked, wrapping or saturating arithmetic."; -pub const INK_ITERATORS_OVER_INDEXING_LINT_MESSAGE: &str = - "Hardcoding an index could lead to panic if the top bound is out of bounds."; -pub const INK_LAZY_DELEGATE_LINT_MESSAGE: &str = "Delegate call with non-lazy, non-mapping storage"; -pub const INK_PANIC_ERROR_LINT_MESSAGE: &str = "The panic! macro is used to stop execution when a condition is not met. This is useful for testing and prototyping, but should be avoided in production code"; -pub const INK_REENTRANCY_LINT_MESSAGE:&str = "External calls could open the opportunity for a malicious contract to execute any arbitrary code"; -pub const INK_SET_CODE_HASH_LINT_MESSAGE: &str = - "This set_code_hash is called without access control"; -pub const INK_SET_CONTRACT_STORAGE_LINT_MESSAGE:&str = "Abitrary users should not have control over keys because it implies writing any value of left mapping, lazy variable, or the main struct of the contract located in position 0 of the storage"; -pub const INK_UNPROTECTED_MAPPING_OPERATION_LINT_MESSAGE: &str = "This mapping operation is called without access control on a different key than the caller's address"; -pub const INK_UNPROTECTED_SELF_DESTRUCT_LINT_MESSAGE: &str = - "This terminate_contract is called without access control"; -pub const INK_UNRESTRICTED_TRANSFER_FROM_LINT_MESSAGE: &str = - "This argument comes from a user-supplied argument"; -pub const INK_UNSAFE_EXPECT_LINT_MESSAGE: &str = "Unsafe usage of `expect`"; -pub const INK_UNSAFE_UNWRAP_LINT_MESSAGE: &str = "Unsafe usage of `unwrap`"; -pub const INK_UNUSED_RETURN_ENUM_LINT_MESSAGE: &str = "Unused return enum"; -pub const INK_ZERO_OR_TEST_ADDRESS_LINT_MESSAGE: &str = - "Not checking for a zero-address could lead to a locked contract"; diff --git a/scout-audit-internal/src/detector/soroban_lint_message.rs b/scout-audit-internal/src/detector/soroban_lint_message.rs deleted file mode 100644 index ef2251ef..00000000 --- a/scout-audit-internal/src/detector/soroban_lint_message.rs +++ /dev/null @@ -1,20 +0,0 @@ -pub const SOROBAN_AVOID_CORE_MEM_FORGET_LINT_MESSAGE: &str = - "Use the `let _ = ...` pattern or `.drop()` method to forget the value"; -pub const SOROBAN_AVOID_UNSAFE_BLOCK_LINT_MESSAGE: &str = - "Avoid using unsafe blocks as it may lead to undefined behavior"; -pub const SOROBAN_INSUFFICIENTLY_RANDOM_VALUES_LINT_MESSAGE: &str = - "Use env.prng() to generate random numbers, and remember that all random numbers are under the control of validators"; -pub const SOROBAN_AVOID_PANIC_ERROR_LINT_MESSAGE: &str = "The panic! macro is used to stop execution when a condition is not met. Even when this does not break the execution of the contract, it is recommended to use Result instead of panic! because it will stop the execution of the caller contract"; -pub const SOROBAN_DIVIDE_BEFORE_MULTIPLY_LINT_MESSAGE: &str = - "Division before multiplication might result in a loss of precision"; -pub const SOROBAN_DOS_UNBOUNDED_OPERATION_LINT_MESSAGE: &str = - "In order to prevent a single transaction from consuming all the gas in a block, unbounded operations must be avoided"; -pub const SOROBAN_OVERFLOW_CHECK_LINT_MESSAGE: &str = - "Use `overflow-checks = true` in Cargo.toml profile"; -pub const SOROBAN_SET_CONTRACT_STORAGE_LINT_MESSAGE:&str = "Abitrary users should not have control over keys because it implies writing any value of left mapping, lazy variable, or the main struct of the contract located in position 0 of the storage"; -pub const SOROBAN_VERSION_LINT_MESSAGE: &str = "Use the latest version of Soroban"; -pub const SOROBAN_UNPROTECTED_UPDATE_CURRENT_CONTRACT_LINT_MESSAGE: &str = - "This update_current_contract_wasm is called without access control"; -pub const SOROBAN_UNSAFE_EXPECT_LINT_MESSAGE: &str = "Unsafe usage of `expect`"; -pub const SOROBAN_UNSAFE_UNWRAP_LINT_MESSAGE: &str = "Unsafe usage of `unwrap`"; -pub const SOROBAN_UNUSED_RETURN_ENUM_LINT_MESSAGE : &str = "If any of the variants (Ok/Err) is not used, the code could be simplified or it could imply a bug"; diff --git a/scout-audit-internal/src/lib.rs b/scout-audit-internal/src/lib.rs deleted file mode 100644 index 2e12df1a..00000000 --- a/scout-audit-internal/src/lib.rs +++ /dev/null @@ -1,21 +0,0 @@ -#![feature(const_trait_impl)] -#![cfg_attr(feature = "lint_helper", feature(rustc_private))] -//! # Scout Audit Internal -//! -//! This library is for internal usage only by [`cargo_scout_audit`](https://crates.io/crates/cargo-scout-audit) -#[cfg(feature = "detector")] -mod detector; - -#[cfg(feature = "detector")] -pub use detector::DetectorImpl; -#[cfg(feature = "detector")] -pub use detector::InkDetector; -#[cfg(feature = "detector")] -pub use detector::SorobanDetector; -#[cfg(feature = "detector")] -pub use strum::IntoEnumIterator; - -#[cfg(feature = "detector")] -pub use detector::ink_lint_message; -#[cfg(feature = "detector")] -pub use detector::soroban_lint_message;