entrenar 0.7.11

Training & Optimization library with autograd, LoRA, quantization, and model merging
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

//! Dependency audit results and cargo-deny parsing.

use serde::{Deserialize, Serialize};

use super::{Advisory, AuditStatus, Result, Severity, SupplyChainError};

// Field name constants for cargo-deny JSON parsing (CB-525)
const FIELD_TYPE: &str = "type";
const FIELD_FIELDS: &str = "fields";
const FIELD_SEVERITY: &str = "severity";
const FIELD_CODE: &str = "code";
const FIELD_LABELS: &str = "labels";
const FIELD_SPAN: &str = "span";
const FIELD_CRATE: &str = "crate";
const FIELD_NAME: &str = "name";
const FIELD_VERSION: &str = "version";
const FIELD_MESSAGE: &str = "message";

/// Dependency audit result
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct DependencyAudit {
    /// Crate name
    pub crate_name: String,

    /// Version string
    pub version: String,

    /// Security advisories affecting this crate
    pub advisories: Vec<Advisory>,

    /// License identifier (e.g., "MIT", "Apache-2.0")
    pub license: String,

    /// Overall audit status
    pub audit_status: AuditStatus,
}

impl DependencyAudit {
    /// Create a new clean dependency audit
    pub fn clean(
        crate_name: impl Into<String>,
        version: impl Into<String>,
        license: impl Into<String>,
    ) -> Self {
        Self {
            crate_name: crate_name.into(),
            version: version.into(),
            advisories: Vec::new(),
            license: license.into(),
            audit_status: AuditStatus::Clean,
        }
    }

    /// Create a vulnerable dependency audit
    pub fn vulnerable(
        crate_name: impl Into<String>,
        version: impl Into<String>,
        license: impl Into<String>,
        advisories: Vec<Advisory>,
    ) -> Self {
        Self {
            crate_name: crate_name.into(),
            version: version.into(),
            advisories,
            license: license.into(),
            audit_status: AuditStatus::Vulnerable,
        }
    }

    /// Parse dependency audits from cargo-deny JSON output
    ///
    /// # Arguments
    ///
    /// * `json` - JSON output from `cargo deny check --format json`
    ///
    /// # Example JSON format
    ///
    /// ```json
    /// {
    ///   "type": "diagnostic",
    ///   "fields": {
    ///     "graphs": [...],
    ///     "severity": "error",
    ///     "code": "A001",
    ///     "message": "Detected security vulnerability",
    ///     "labels": [{"span": {"crate": {"name": "foo", "version": "1.0.0"}}}]
    ///   }
    /// }
    /// ```
    pub fn from_cargo_deny_output(json: &str) -> Result<Vec<Self>> {
        let mut audits = Vec::new();

        // cargo deny outputs newline-delimited JSON
        for line in json.lines() {
            let line = line.trim();
            if line.is_empty() {
                continue;
            }

            let value: serde_json::Value = serde_json::from_str(line)
                .map_err(|e| SupplyChainError::ParseError(e.to_string()))?;

            // Skip non-diagnostic messages
            if value.get(FIELD_TYPE).and_then(|t| t.as_str()) != Some("diagnostic") {
                continue;
            }

            let fields = match value.get(FIELD_FIELDS) {
                Some(f) => f,
                None => continue,
            };

            // Extract severity
            let severity_str =
                fields.get(FIELD_SEVERITY).and_then(|s| s.as_str()).unwrap_or("none");

            let is_vulnerability = severity_str == "error"
                && fields
                    .get(FIELD_CODE)
                    .and_then(|c| c.as_str())
                    .is_some_and(|c| c.starts_with('A'));

            if !is_vulnerability {
                continue;
            }

            // Extract crate info from labels
            if let Some(labels) = fields.get(FIELD_LABELS).and_then(|l| l.as_array()) {
                for label in labels {
                    if let Some(span) = label.get(FIELD_SPAN) {
                        if let Some(krate) = span.get(FIELD_CRATE) {
                            let crate_name = krate
                                .get(FIELD_NAME)
                                .and_then(|n| n.as_str())
                                .unwrap_or("unknown")
                                .to_string();

                            let version = krate
                                .get(FIELD_VERSION)
                                .and_then(|v| v.as_str())
                                .unwrap_or("unknown")
                                .to_string();

                            let message = fields
                                .get(FIELD_MESSAGE)
                                .and_then(|m| m.as_str())
                                .unwrap_or("Unknown vulnerability")
                                .to_string();

                            let code = fields
                                .get(FIELD_CODE)
                                .and_then(|c| c.as_str())
                                .unwrap_or("UNKNOWN")
                                .to_string();

                            let advisory = Advisory::new(code, Severity::High, message);

                            audits.push(Self::vulnerable(
                                crate_name,
                                version,
                                "unknown",
                                vec![advisory],
                            ));
                        }
                    }
                }
            }
        }

        Ok(audits)
    }

    /// Returns true if this dependency has vulnerabilities
    pub fn is_vulnerable(&self) -> bool {
        self.audit_status == AuditStatus::Vulnerable
    }

    /// Returns the highest severity advisory
    pub fn max_severity(&self) -> Severity {
        self.advisories.iter().map(|a| a.severity).max().unwrap_or(Severity::None)
    }
}