-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/multiple filters, fix dedup CLI config values & other fixes #1165
Feature/multiple filters, fix dedup CLI config values & other fixes #1165
Conversation
Thanks! So CI is going to fail but it's not your fault - it also fails on master due to reliance on a yanked crate, #1156 I should probably fix that first so that we get working CI again. |
Ok. I will wait for an update info and then I will rebase. And I will be waiting concurrently for any review comments, or answers to the questions I asked. |
I've fixed CI in #1167, please rebase or merge |
@tarcieri any thoughts on the interaction between Clap and Abscissa here? |
clap was retrofit into abscissa which previously used gumdrop as its command line arguments parser. I don't know exactly what changes are needed. If someone wants to open a PR I can take a look. |
Oh, sorry. I've missed your message, that I can now rebase. I apologize for the delay. |
`cargo-audit` can now be configured to filter vulnerabilities by multiple target operating systems and CPU architectures. This can by done both in config file and in CLI. Support for old config file format (one where `target.os` and `target.arch` have a value of string) is kept.
CLI arguments defined in `AuditCommand` were also duplicated in `BinCommand`, with those in `BinCommand` taking precedence. This commit removes all duplicated flags. CliConfig was used to "unify" CLI flags defined in both `AuditCommand` and `BinCommand`. However since now those flags are only present in `AuditCommand`, `CliConfig` is no longer necessary, and as such was removed. If in future a need arises for subcommands to have their specific configuration, then overriding of `AuditConfig` can be done directly in `impl Override<AuditConfig> for AuditCommand`.
This fixes panic that were occurring when invalid color value was passed as an CLI argument. Now `clap` handles validating possible values.
f90cf8f
to
0be7612
Compare
I have rebased. What about my question regarding |
@Shnatsel Hi. I don't want to sound pushy, but could someone perhaps review this PR, please? I have ideas how to dedup |
Oh! Thanks for the ping, the notification about the PR update got lost in my inbox. Let me take a look |
CI fails due to latest rustc adding more lints. I've fixed it in #1181; CI should pass if you merge main into this branch. |
I cannot think of any uses for it. We haven't seen any user requests for it either. Let's leave it out to keep the user interface simple, and only add it if someone asks for it.
I think the bottom line is "none of the maintainers have a clue", so let's leave that to a follow-up PR.
Yes, that is correct. I have explained where they come from in the linked issue. We should list the recognized values somewhere; either in the help text, or have a flag akin to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
The only issues I could spot are some typos in comments. Thanks a lot for this PR!
arch = ["x86_64"] # Ignore advisories for CPU architectures other than this ones | ||
os = ["linux", "windows"] # Ignore advisories for operating systems other than this ones |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
arch = ["x86_64"] # Ignore advisories for CPU architectures other than this ones | |
os = ["linux", "windows"] # Ignore advisories for operating systems other than this ones | |
arch = ["x86_64"] # Ignore advisories for CPU architectures other than these | |
os = ["linux", "windows"] # Ignore advisories for operating systems other than these |
# Legacy audit config file | ||
# | ||
# This is an older version of audit.toml, that we want to still parse | ||
# and support. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent to have this tested 👍
} | ||
|
||
/// Ensure `target.arch` and `target.os` continue to parse when they | ||
/// are specified as a string, and not a list. This is the legacy behovior. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/// are specified as a string, and not a list. This is the legacy behovior. | |
/// are specified as a string, and not a list. This is the legacy behavior. |
I've rebased this myself in #1185 and merged that PR so that this doesn't stall out again. Thanks a lot for your contribution! I'd be happy to have more PRs from you, and hopefully I won't miss the notification next time. |
This PR:
--target-os
and--target-arch
#1160BinCommand
duplicates options ofAuditCommand
incargo-audit
#1164--color
flagI have formulated a couple of questions whilst I was reading code and would like to ask them here.
Should
cargo-audit --color
support valuetermcolor::ColorChoice::AlwaysAnsi
? Before I refactored--color
flag, this value was not supported, so I left it that way. But should this remain?After I removed duplicated flags from
BinCommand
I have noticed thatFixCommand
also duplicates flag--file
ofAuditCommand
, which allows to specify path toCargo.lock
file. I wanted to remove it as well, and use--file
passed toAuditCommand
, when runningFixCommand
, but I don't think this is easy to do, becauseFixCommand
implementsRunnable
and its methodrun
does not allow to pass arguments from external context.I have never before worked with
Abscissa
before, so I don't know what is the best possible solution. MaybeFixCommand
doesn't need to implementCommand
? Maybe--file
should be also added toAuditConfig
? MaybeFixCommand.file
should be changed toRefCell<Option<PathBuf>>
, skipped in clap, and then set inAuditCommand::run
before it invokesFixCommand::run
? I would be happy to hear a suggestion on how to implement it best. And I think it should be fixed, the same as duplicated arguments inBinCommand
should have been fixed.I would also like to do something with another issue I have created - #1161. As I understand, crate
platforms
is auto-generated, and so are values for targetArch
andOS
. But where exactly are they generated from? And how to point users to an exhaustive list of those values?