use camino::Utf8PathBuf;
use cordance_core::advise::{AdviseFinding, Severity};
use cordance_core::pack::CordancePack;
use super::AdviseRule;
pub struct RSupply1;
impl AdviseRule for RSupply1 {
fn id(&self) -> &'static str {
"R-supply-1"
}
fn doctrine_anchor(&self) -> &'static str {
"doctrine/principles/dependencies-supply-chain.md"
}
fn check(&self, pack: &CordancePack) -> Vec<AdviseFinding> {
let has_cargo_toml = pack
.sources
.iter()
.any(|r| r.path.as_str().ends_with("Cargo.toml"));
if !has_cargo_toml {
return vec![];
}
let has_deny_toml = pack
.sources
.iter()
.any(|r| r.path.as_str() == "deny.toml" || r.path.as_str().ends_with("/deny.toml"));
if has_deny_toml {
return vec![];
}
vec![AdviseFinding {
id: self.id().into(),
severity: Severity::Warning,
summary: "Rust project detected but no deny.toml found.".into(),
doctrine_anchor: Utf8PathBuf::from(self.doctrine_anchor()),
project_paths: vec![".".into()],
remediation: "Add deny.toml with [advisories], [licenses], and [bans] sections. \
Run: cargo deny check."
.into(),
}]
}
}