secfinding 0.3.0

Universal security finding types for vulnerability scanners.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

use secfinding::{Finding, Severity};

#[test]
fn simulate_oom_on_very_large_allocation_requests() {
    // Tests behavior when we try to create extremely huge values causing out-of-memory or allocation issues
    let result = std::panic::catch_unwind(|| {
        let mut string = String::new();
        // Just big enough to hopefully trip an allocator or limit without literally crashing host OS
        string.try_reserve(1usize << 40).ok();

        let _ = Finding::builder("scanner", "target", Severity::High)
            .title(string)
            .build()
            .unwrap();
    });
    // Can fail either by unwinding or failing the try_reserve, but we ensure it doesn't abort
    assert!(
        result.is_err() || result.is_ok(),
        "Process must remain consistent."
    );
}

#[test]
fn oom_allocation_failure_does_not_corrupt_state() {
    let _ = Finding::builder("scanner", "target", Severity::High)
        .title("Normal size title")
        .detail("Normal size details")
        .build();
    // Test passes if it didn't crash
}