tvl-depot

mdebray/tvl-depot

Fork 0

Commit graph

Author	SHA1	Message	Date
sterni	8699370fae	chore(tools/rust-crates-advisory): move custom checker to user dir Profpatsch originally implemented an advisory checker from scratch in Rust. We now ended up just using cargo-audit for the global checks exposed via CI and the custom implementation is unused. To clean up //tools/rust-crates-advisory a bit, we can move the unused parts to his user directory. Change-Id: Iacbd27c163edd07c804220fd1b3569c23aebd3e7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7171 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>	2022-11-06 18:40:59 +00:00
Vincent Ambo	3d8ee62087	style(rust): Format all Rust code with rustfmt Change-Id: Iab7e00cc26a4f9727d3ab98691ef379921a33052 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5240 Tested-by: BuildkiteCI Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: tazjin <tazjin@tvl.su>	2022-02-08 12:06:39 +00:00
Profpatsch	952afb7da9	feat(tools): add rust-crates-advisory We have a bunch of crates in `third_party/rust-crates`; it would be great if we could check them for existing CVEs. This tool does that, it takes the rust security advisory database, parses the applicable CVEs, and cross-checks them against the actual crate versions we list in our package database. The dumb parser we wrote is tested against all entries in the database, so we will notice when upstream breaks their shit. Checking the semver stuff is easy enough with the semver crate. If an advisory matches, it prints the whole thing and fails the build. Change-Id: I9e912c43d37a685d9d7a4424defc467a171ea3c4 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2818 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: sterni <sternenseemann@systemli.org>	2021-05-17 23:00:57 +00:00

Author

SHA1

Message

Date

sterni

8699370fae

chore(tools/rust-crates-advisory): move custom checker to user dir

Profpatsch originally implemented an advisory checker from scratch in
Rust. We now ended up just using cargo-audit for the global checks
exposed via CI and the custom implementation is unused. To clean up
//tools/rust-crates-advisory a bit, we can move the unused parts to his
user directory.

Change-Id: Iacbd27c163edd07c804220fd1b3569c23aebd3e7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7171
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>

2022-11-06 18:40:59 +00:00

Vincent Ambo

3d8ee62087

style(rust): Format all Rust code with rustfmt

Change-Id: Iab7e00cc26a4f9727d3ab98691ef379921a33052
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5240
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>

2022-02-08 12:06:39 +00:00

Profpatsch

952afb7da9

feat(tools): add rust-crates-advisory

We have a bunch of crates in `third_party/rust-crates`; it would be
great if we could check them for existing CVEs.

This tool does that, it takes the rust security advisory database,
parses the applicable CVEs, and cross-checks them against the actual
crate versions we list in our package database.

The dumb parser we wrote is tested against all entries in the
database, so we will notice when upstream breaks their shit.
Checking the semver stuff is easy enough with the semver crate.

If an advisory matches, it prints the whole thing and fails the build.

Change-Id: I9e912c43d37a685d9d7a4424defc467a171ea3c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2818
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>

2021-05-17 23:00:57 +00:00

3 commits