Feature/multiple filters, fix dedup CLI config values & other fixes #1165
Conversation
|
Thanks! So CI is going to fail but it's not your fault - it also fails on master due to reliance on a yanked crate, #1156 I should probably fix that first so that we get working CI again. |
|
Ok. I will wait for an update info and then I will rebase. And I will be waiting concurrently for any review comments, or answers to the questions I asked. |
|
I've fixed CI in #1167, please rebase or merge |
@tarcieri any thoughts on the interaction between Clap and Abscissa here? |
|
clap was retrofit into abscissa which previously used gumdrop as its command line arguments parser. I don't know exactly what changes are needed. If someone wants to open a PR I can take a look. |
|
Oh, sorry. I've missed your message, that I can now rebase. I apologize for the delay. |
`cargo-audit` can now be configured to filter vulnerabilities by multiple target operating systems and CPU architectures. This can by done both in config file and in CLI. Support for old config file format (one where `target.os` and `target.arch` have a value of string) is kept.
CLI arguments defined in `AuditCommand` were also duplicated in `BinCommand`, with those in `BinCommand` taking precedence. This commit removes all duplicated flags. CliConfig was used to "unify" CLI flags defined in both `AuditCommand` and `BinCommand`. However since now those flags are only present in `AuditCommand`, `CliConfig` is no longer necessary, and as such was removed. If in future a need arises for subcommands to have their specific configuration, then overriding of `AuditConfig` can be done directly in `impl Override<AuditConfig> for AuditCommand`.
This fixes panic that were occurring when invalid color value was passed as an CLI argument. Now `clap` handles validating possible values.
aleksanderkrauze
force-pushed
the
feature/multiple-filters
branch
from
f90cf8f
to
0be7612
Compare
|
I have rebased. What about my question regarding |
|
@Shnatsel Hi. I don't want to sound pushy, but could someone perhaps review this PR, please? I have ideas how to dedup |
|
Oh! Thanks for the ping, the notification about the PR update got lost in my inbox. Let me take a look |
|
CI fails due to latest rustc adding more lints. I've fixed it in #1181; CI should pass if you merge main into this branch. |
I cannot think of any uses for it. We haven't seen any user requests for it either. Let's leave it out to keep the user interface simple, and only add it if someone asks for it.
I think the bottom line is "none of the maintainers have a clue", so let's leave that to a follow-up PR.
Yes, that is correct. I have explained where they come from in the linked issue. We should list the recognized values somewhere; either in the help text, or have a flag akin to |
| arch = ["x86_64"] # Ignore advisories for CPU architectures other than this ones | ||
| os = ["linux", "windows"] # Ignore advisories for operating systems other than this ones |
There was a problem hiding this comment.
| arch = ["x86_64"] # Ignore advisories for CPU architectures other than this ones | |
| os = ["linux", "windows"] # Ignore advisories for operating systems other than this ones | |
| arch = ["x86_64"] # Ignore advisories for CPU architectures other than these | |
| os = ["linux", "windows"] # Ignore advisories for operating systems other than these |
| # Legacy audit config file | ||
| # | ||
| # This is an older version of audit.toml, that we want to still parse | ||
| # and support. |
There was a problem hiding this comment.
Excellent to have this tested 👍
| } | ||
|
|
||
| /// Ensure `target.arch` and `target.os` continue to parse when they | ||
| /// are specified as a string, and not a list. This is the legacy behovior. |
There was a problem hiding this comment.
| /// are specified as a string, and not a list. This is the legacy behovior. | |
| /// are specified as a string, and not a list. This is the legacy behavior. |
|
I've rebased this myself in #1185 and merged that PR so that this doesn't stall out again. Thanks a lot for your contribution! I'd be happy to have more PRs from you, and hopefully I won't miss the notification next time. |
This PR:
--target-osand--target-arch#1160BinCommandduplicates options ofAuditCommandincargo-audit#1164--colorflagI have formulated a couple of questions whilst I was reading code and would like to ask them here.
Should
cargo-audit --colorsupport valuetermcolor::ColorChoice::AlwaysAnsi? Before I refactored--colorflag, this value was not supported, so I left it that way. But should this remain?After I removed duplicated flags from
BinCommandI have noticed thatFixCommandalso duplicates flag--fileofAuditCommand, which allows to specify path toCargo.lockfile. I wanted to remove it as well, and use--filepassed toAuditCommand, when runningFixCommand, but I don't think this is easy to do, becauseFixCommandimplementsRunnableand its methodrundoes not allow to pass arguments from external context.I have never before worked with
Abscissabefore, so I don't know what is the best possible solution. MaybeFixCommanddoesn't need to implementCommand? Maybe--fileshould be also added toAuditConfig? MaybeFixCommand.fileshould be changed toRefCell<Option<PathBuf>>, skipped in clap, and then set inAuditCommand::runbefore it invokesFixCommand::run? I would be happy to hear a suggestion on how to implement it best. And I think it should be fixed, the same as duplicated arguments inBinCommandshould have been fixed.I would also like to do something with another issue I have created - #1161. As I understand, crate
platformsis auto-generated, and so are values for targetArchandOS. But where exactly are they generated from? And how to point users to an exhaustive list of those values?