use crate::{
database::{Database, Query},
error::{Error, ErrorKind},
package::Package,
vulnerability::Vulnerability,
};
use serde::Deserialize;
use std::{fs, path::Path, str::FromStr};
use toml;
#[derive(Clone, Debug, Deserialize, Eq, PartialEq)]
pub struct Lockfile {
#[serde(rename = "package")]
pub packages: Vec<Package>,
}
impl Lockfile {
pub fn load_file<P: AsRef<Path>>(path: P) -> Result<Self, Error> {
let path = path.as_ref();
fs::read_to_string(path)
.map_err(|e| format_err!(ErrorKind::Io, "couldn't open {}: {}", path.display(), e))?
.parse()
}
pub fn vulnerabilities(&self, db: &Database) -> Vec<Vulnerability> {
self.query_vulnerabilities(db, &Query::crate_scope())
}
pub fn query_vulnerabilities(&self, db: &Database, query: &Query) -> Vec<Vulnerability> {
let mut vulns = vec![];
for package in &self.packages {
let advisories = db.query(
&query
.clone()
.package_version(package.name.clone(), package.version.clone()),
);
vulns.extend(
advisories
.iter()
.map(|advisory| Vulnerability::new(advisory, package)),
);
}
vulns
}
pub fn dependent_packages(&self, package: &Package) -> Vec<&Package> {
self.packages
.iter()
.filter(|other_package| {
other_package
.dependencies
.iter()
.any(|dep| dep.name == package.name && dep.version == package.version)
})
.collect()
}
}
impl FromStr for Lockfile {
type Err = Error;
fn from_str(toml_string: &str) -> Result<Self, Error> {
Ok(toml::from_str(toml_string)?)
}
}
#[cfg(test)]
mod tests {
use crate::lockfile::Lockfile;
#[test]
fn load_cargo_lockfile() {
let lockfile = Lockfile::load_file("Cargo.lock").unwrap();
assert!(lockfile.packages.len() > 0);
}
}