rustquty-core 0.2.0

Core library for rustquty, a local-first quality scanner for Rust projects
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

//! Audit collector — runs `cargo audit`.

use super::{Collector, CollectorError, CollectorOutput};
use crate::context::Context;
use std::process::Command;

pub struct AuditCollector;

impl AuditCollector {
    pub fn new() -> Self {
        Self
    }

    fn parse_json_output(&self, stdout: &str) -> (u32, u32) {
        let mut vulnerability_count = 0u32;
        let mut critical_count = 0u32;

        if let Ok(json) = serde_json::from_str::<serde_json::Value>(stdout) {
            if let Some(found) = json.get("vulnerabilities").and_then(|v| v.get("found")) {
                vulnerability_count = found.as_u64().unwrap_or(0) as u32;
            }
            if let Some(list) = json.get("vulnerabilities").and_then(|v| v.get("list"))
                && let Some(arr) = list.as_array()
            {
                for item in arr {
                    if let Some(severity) = item.get("severity").and_then(|s| s.as_str())
                        && severity.eq_ignore_ascii_case("critical")
                    {
                        critical_count += 1;
                    }
                }
            }
        }

        (vulnerability_count, critical_count)
    }
}

impl Collector for AuditCollector {
    fn name(&self) -> &'static str {
        "audit"
    }

    fn is_available(&self) -> bool {
        Command::new("cargo-audit")
            .arg("--version")
            .output()
            .map(|o| o.status.success())
            .unwrap_or(false)
    }

    fn collect(&self, ctx: &Context) -> Result<CollectorOutput, CollectorError> {
        let start = std::time::Instant::now();
        let output = Command::new("cargo-audit")
            .args(["--json"])
            .current_dir(&ctx.workspace_root)
            .output()
            .map_err(|e| CollectorError::IoError(e.to_string()))?;

        let duration_ms = start.elapsed().as_millis() as u64;
        let stdout = String::from_utf8_lossy(&output.stdout).to_string();
        let stderr = String::from_utf8_lossy(&output.stderr).to_string();

        let (vulnerability_count, _critical_count) = self.parse_json_output(&stdout);
        let status = if vulnerability_count == 0 {
            crate::schema::CollectorStatus::Pass
        } else {
            crate::schema::CollectorStatus::Fail
        };

        Ok(CollectorOutput {
            status,
            duration_ms,
            stdout,
            stderr,
        })
    }
}

impl Default for AuditCollector {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_parse_json_output_no_vulns() {
        let collector = AuditCollector::new();
        let json = r#"{"vulnerabilities":{"found":0,"list":[]}}"#;
        let (vuln, critical) = collector.parse_json_output(json);
        assert_eq!(vuln, 0);
        assert_eq!(critical, 0);
    }

    #[test]
    fn test_parse_json_output_with_vulns() {
        let collector = AuditCollector::new();
        let json = r#"{"vulnerabilities":{"found":2,"list":[{"id":"RUSTSEC-0001","severity":"High"},{"id":"RUSTSEC-0002","severity":"critical"}]}}"#;
        let (vuln, critical) = collector.parse_json_output(json);
        assert_eq!(vuln, 2);
        assert_eq!(critical, 1);
    }
}