rustsec 0.17.1

Client library for the RustSec security advisory database
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

//! Automatically attempt to fix vulnerable dependencies

use crate::{
    error::{Error, ErrorKind},
    version::VersionReq,
    vulnerability::Vulnerability,
};
use std::path::Path;

/// Auto-fixer for vulnerable dependencies
pub struct Fixer {
    manifest: cargo_edit::LocalManifest,
}

impl Fixer {
    /// Create a new [`Fixer`] for the given `Cargo.toml` file
    pub fn new(cargo_toml: impl AsRef<Path>) -> Result<Self, Error> {
        let manifest = cargo_edit::LocalManifest::try_new(cargo_toml.as_ref())?;
        Ok(Self { manifest })
    }

    /// Attempt to fix the given vulnerability
    pub fn fix(
        &mut self,
        vulnerability: &Vulnerability,
        dry_run: bool,
    ) -> Result<VersionReq, Error> {
        // TODO(tarcieri): find semver-compatible fix?
        let version_req = match vulnerability.versions.patched.get(0) {
            Some(req) => req,
            None => fail!(ErrorKind::Version, "no fixed version available"),
        };

        let dependency = cargo_edit::Dependency::new(vulnerability.package.name.as_str())
            .set_version(&version_req.to_string());

        self.manifest.upgrade(&dependency, dry_run, false)?;

        // TODO(tarcieri): return new version rather than req?
        Ok(version_req.clone())
    }
}