diff --git a/Cargo.lock b/Cargo.lock index f58691b5..980ed11f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -145,19 +145,18 @@ dependencies = [ [[package]] name = "cargo" -version = "0.52.0" +version = "0.58.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "668794d3757557250a8b7bf7d0920ca60910d9635e76d008caed037ec25c39b3" +checksum = "cab77eea837b09297f6ad70921e465d77b60eb10380505abc02bd6e66b653704" dependencies = [ "anyhow", "atty", "bytesize", "cargo-platform", + "cargo-util", "clap", - "core-foundation", "crates-io", "crossbeam-utils", - "crypto-hash", "curl", "curl-sys", "env_logger", @@ -172,6 +171,7 @@ dependencies = [ "humantime", "ignore", "im-rc", + "itertools", "jobserver", "lazy_static", "lazycell", @@ -179,15 +179,14 @@ dependencies = [ "libgit2-sys", "log", "memchr", - "miow", "num_cpus", "opener", "openssl", + "os_info", "percent-encoding", "rustc-workspace-hack", "rustfix", - "same-file", - "semver 0.10.0", + "semver", "serde", "serde_ignored", "serde_json", @@ -214,6 +213,7 @@ dependencies = [ "cargo", "cargo-geiger-serde", "cargo-platform", + "cargo-util", "cargo_metadata", "colored", "console 0.15.0", @@ -226,7 +226,7 @@ dependencies = [ "rand", "regex", "rstest", - "semver 1.0.4", + "semver", "serde", "serde_json", "strum", @@ -240,20 +240,42 @@ dependencies = [ name = "cargo-geiger-serde" version = "0.2.0" dependencies = [ - "semver 1.0.4", + "semver", "serde", "url", ] [[package]] name = "cargo-platform" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0226944a63d1bf35a3b5f948dd7c59e263db83695c9e8bffc4037de02e30f1d7" +checksum = "cbdb825da8a5df079a43676dbe042702f1707b1109f713a01420fbb4cc71fa27" dependencies = [ "serde", ] +[[package]] +name = "cargo-util" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2bf633f7ad4e022f63c4197085047af9606a08a3df17badbb7bd3644dc7faeb" +dependencies = [ + "anyhow", + "core-foundation", + "crypto-hash", + "filetime", + "hex 0.4.3", + "jobserver", + "libc", + "log", + "miow", + "same-file", + "shell-escape", + "tempfile", + "walkdir", + "winapi", +] + [[package]] name = "cargo_metadata" version = "0.14.1" @@ -262,7 +284,7 @@ checksum = "ba2ae6de944143141f6155a473a6b02f66c7c3f9f47316f802f80204ebfe6e12" dependencies = [ "camino", "cargo-platform", - "semver 1.0.4", + "semver", "serde", "serde_json", ] @@ -454,9 +476,9 @@ dependencies = [ [[package]] name = "curl" -version = "0.4.35" +version = "0.4.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a872858e9cb9e3b96c80dd78774ad9e32e44d3b05dc31e142b858d14aebc82c" +checksum = "1bc6d233563261f8db6ffb83bbaad5a73837a6e6b28868e926337ebbdece0be3" dependencies = [ "curl-sys", "libc", @@ -469,9 +491,9 @@ dependencies = [ [[package]] name = "curl-sys" -version = "0.4.41+curl-7.75.0" +version = "0.4.51+curl-7.80.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ec466abd277c7cab2905948f3e94d10bc4963f1f5d47921c1cc4ffd2028fe65" +checksum = "d130987e6a6a34fe0889e1083022fa48cd90e6709a84be3fb8dd95801de5af20" dependencies = [ "cc", "libc", @@ -515,9 +537,9 @@ checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" [[package]] name = "env_logger" -version = "0.8.3" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17392a012ea30ef05a610aa97dfb49496e71c9f676b27879922ea5bdf60d9d3f" +checksum = "0b2cf0344971ee6c64c31be0d530793fba457d322dfec2810c453d0ef228f9c3" dependencies = [ "atty", "humantime", @@ -634,9 +656,9 @@ checksum = "f6503fe142514ca4799d4c26297c4248239fe8838d827db6bd6065c6ed29a6ce" [[package]] name = "git2" -version = "0.13.17" +version = "0.13.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d250f5f82326884bd39c2853577e70a121775db76818ffa452ed1e80de12986" +checksum = "f29229cc1b24c0e6062f6e742aa3e256492a5323365e5ed3413599f8a5eff7d6" dependencies = [ "bitflags", "libc", @@ -814,9 +836,9 @@ checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736" [[package]] name = "jobserver" -version = "0.1.21" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c71313ebb9439f74b00d9d2dcec36440beaf57a6aa0623068441dd7cd81a7f2" +checksum = "af25a77299a7f711a01975c35a6a424eb6862092cc2d6c72c4ed6cbc56dfc1fa" dependencies = [ "libc", ] @@ -830,7 +852,7 @@ dependencies = [ "cargo_metadata", "cfg-expr", "petgraph", - "semver 1.0.4", + "semver", ] [[package]] @@ -847,15 +869,15 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.92" +version = "0.2.112" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56d855069fafbb9b344c0f962150cd2c1187975cb1c22c1522c240d8c4986714" +checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125" [[package]] name = "libgit2-sys" -version = "0.12.18+1.1.0" +version = "0.12.26+1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3da6a42da88fc37ee1ecda212ffa254c25713532980005d5f7c0b0fbe7e6e885" +checksum = "19e1c899248e606fbfe68dcb31d8b0176ebab833b103824af31bddf4b7457494" dependencies = [ "cc", "libc", @@ -971,10 +993,11 @@ checksum = "af8b08b04175473088b46763e51ee54da5f9a164bc162f615b91bc179dbf15a3" [[package]] name = "opener" -version = "0.4.1" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13117407ca9d0caf3a0e74f97b490a7e64c0ae3aa90a8b7085544d0c37b6f3ae" +checksum = "4ea3ebcd72a54701f56345f16785a6d3ac2df7e986d273eb4395c0b01db17952" dependencies = [ + "bstr", "winapi", ] @@ -1021,6 +1044,17 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "os_info" +version = "3.0.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5501659840950e918d046ad97ebe9702cbb4ec0097e47dbd27abf7692223181" +dependencies = [ + "log", + "serde", + "winapi", +] + [[package]] name = "percent-encoding" version = "2.1.0" @@ -1230,14 +1264,14 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" dependencies = [ - "semver 1.0.4", + "semver", ] [[package]] name = "rustfix" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2c50b74badcddeb8f7652fa8323ce440b95286f8e4b64ebfd871c609672704e" +checksum = "6f0be05fc0675ef4f47119dc39cfc46636bb77d4fc4ef1bd851b9c3f7697f32a" dependencies = [ "anyhow", "log", @@ -1276,16 +1310,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "semver" -version = "0.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "394cec28fa623e00903caf7ba4fa6fb9a0e260280bb8cdbbba029611108a0190" -dependencies = [ - "semver-parser", - "serde", -] - [[package]] name = "semver" version = "1.0.4" @@ -1295,12 +1319,6 @@ dependencies = [ "serde", ] -[[package]] -name = "semver-parser" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" - [[package]] name = "serde" version = "1.0.125" @@ -1383,11 +1401,10 @@ checksum = "fe0f37c9e8f3c5a4a66ad655a93c74daac4ad00c441533bf5c6e7990bb42604e" [[package]] name = "socket2" -version = "0.3.19" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "122e570113d28d773067fab24266b66753f6ea915758651696b6e35e49f88d6e" +checksum = "5dc90fe6c7be1a323296982db1836d1ea9e47b6839496dde9a541bc496df3516" dependencies = [ - "cfg-if", "libc", "winapi", ] @@ -1439,9 +1456,9 @@ dependencies = [ [[package]] name = "tar" -version = "0.4.33" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0bcfbd6a598361fda270d82469fff3d65089dc33e175c9a131f7b4cd395f228" +checksum = "4b55807c0344e1e6c04d7c965f5289c39a8d94ae23ed5c0b57aabac549f871c6" dependencies = [ "filetime", "libc", @@ -1581,9 +1598,9 @@ checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564" [[package]] name = "url" -version = "2.2.1" +version = "2.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ccd964113622c8e9322cfac19eb1004a07e636c545f325da085d5cdde6f1f8b" +checksum = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c" dependencies = [ "form_urlencoded", "idna", diff --git a/cargo-geiger/Cargo.toml b/cargo-geiger/Cargo.toml index cacd1223..61ea680d 100644 --- a/cargo-geiger/Cargo.toml +++ b/cargo-geiger/Cargo.toml @@ -15,7 +15,7 @@ maintenance = { status = "experimental" } [dependencies] anyhow = "1.0.40" -cargo = "0.52.0" +cargo = "0.58.0" cargo-geiger-serde = { path = "../cargo-geiger-serde", version = "0.2.0" } cargo_metadata = "0.14.1" cargo-platform = "0.1.1" @@ -32,6 +32,7 @@ strum = "0.23.0" strum_macros = "0.23.1" walkdir = "2.3.2" url = "2.2.1" +cargo-util = "0.1.1" [features] vendored-openssl = ["cargo/vendored-openssl"] diff --git a/cargo-geiger/src/cli.rs b/cargo-geiger/src/cli.rs index ab4917fa..067c8f7f 100644 --- a/cargo-geiger/src/cli.rs +++ b/cargo-geiger/src/cli.rs @@ -11,7 +11,7 @@ use crate::args::Args; // TODO: Consider making this a lib.rs (again) and expose a full API, excluding // only the terminal output..? That API would be dependent on cargo. use cargo::core::Workspace; -use cargo::util::{self, important_paths, CargoResult}; +use cargo::util::{important_paths, CargoResult}; use cargo::Config; use cargo_metadata::{CargoOpt, Metadata, MetadataCommand}; use cargo_platform::Cfg; @@ -57,8 +57,9 @@ pub fn get_cfgs( target: &Option, workspace: &Workspace, ) -> CargoResult>> { - let mut process = - util::process(&config.load_global_rustc(Some(workspace))?.path); + let mut process = cargo_util::ProcessBuilder::new( + &config.load_global_rustc(Some(workspace))?.path, + ); process.arg("--print=cfg").env_remove("RUST_LOG"); if let Some(ref s) = *target { process.arg("--target").arg(s); diff --git a/cargo-geiger/src/mapping/metadata.rs b/cargo-geiger/src/mapping/metadata.rs index e6dc666a..89448d42 100644 --- a/cargo-geiger/src/mapping/metadata.rs +++ b/cargo-geiger/src/mapping/metadata.rs @@ -148,11 +148,10 @@ mod metadata_tests { use crate::mapping::metadata::dependency::GetDependencyInformation; use crate::mapping::GetPackageRoot; + use cargo::core::dependency::DepKind; use cargo::core::registry::PackageRegistry; - use cargo::core::resolver::ResolveOpts; - use cargo::core::{ - dependency::DepKind, resolver::features::RequestedFeatures, - }; + use cargo::core::resolver::features::CliFeatures; + use cargo::core::resolver::features::HasDevUnits; use cargo::core::{ Package, PackageId, PackageIdSpec, PackageSet, Resolve, Workspace, }; @@ -310,21 +309,21 @@ mod metadata_tests { registry: &mut PackageRegistry<'cfg>, workspace: &'a Workspace<'cfg>, ) -> CargoResult<(PackageSet<'a>, Resolve)> { - let dev_deps = true; // TODO: Review this. let uses_default_features = !args.no_default_features; - let opts = ResolveOpts::new( - dev_deps, - RequestedFeatures::from_command_line( - &args.features, - args.all_features, - uses_default_features, - ), - ); + + let cli_features = CliFeatures::from_command_line( + &args.features, + args.all_features, + uses_default_features, + ) + .unwrap(); + let prev = ops::load_pkg_lockfile(workspace)?; let resolve = ops::resolve_with_previous( registry, workspace, - &opts, + &cli_features, + HasDevUnits::Yes, prev.as_ref(), None, &[PackageIdSpec::from_package_id(package_id)], diff --git a/cargo-geiger/src/scan/default.rs b/cargo-geiger/src/scan/default.rs index 0340badc..77b8b381 100644 --- a/cargo-geiger/src/scan/default.rs +++ b/cargo-geiger/src/scan/default.rs @@ -15,6 +15,7 @@ use super::{ use table::scan_to_table; use cargo::core::compiler::CompileMode; +use cargo::core::resolver::features::CliFeatures; use cargo::core::Workspace; use cargo::ops::CompileOptions; use cargo::{CliError, Config}; @@ -50,6 +51,7 @@ pub fn scan_unsafe( /// Based on code from cargo-bloat. It seems weird that `CompileOptions` can be /// constructed without providing all standard cargo options, TODO: Open an issue /// in cargo? +/// Tracker rust-secure-code/cargo-geiger/issues/226 fn build_compile_options<'a>( args: &'a FeaturesArgs, config: &'a Config, @@ -57,9 +59,15 @@ fn build_compile_options<'a>( let mut compile_options = CompileOptions::new(config, CompileMode::Check { test: false }) .unwrap(); - compile_options.features = args.features.clone(); - compile_options.all_features = args.all_features; - compile_options.no_default_features = args.no_default_features; + + let uses_default_features = !args.no_default_features; + + compile_options.cli_features = CliFeatures::from_command_line( + &args.features, + args.all_features, + uses_default_features, + ) + .unwrap(); // TODO: Investigate if this is relevant to cargo-geiger. //let mut bins = Vec::new(); @@ -163,24 +171,18 @@ mod default_tests { #[rstest( input_features, - expected_compile_features, case( vec![ String::from("unit"), String::from("test"), String::from("features") ], - vec!["unit", "test", "features"], ), case( vec![String::from("")], - vec![""], ) )] - fn build_compile_options_test( - input_features: Vec, - expected_compile_features: Vec<&str>, - ) { + fn build_compile_options_test(input_features: Vec) { let args = FeaturesArgs { all_features: rand::random(), features: input_features, @@ -189,11 +191,20 @@ mod default_tests { let config = Config::default().unwrap(); let compile_options = build_compile_options(&args, &config); + let expected_cli_features = + CliFeatures::from_command_line(&args.features, false, false) + .unwrap(); - assert_eq!(compile_options.all_features, args.all_features); - assert_eq!(compile_options.features, expected_compile_features); assert_eq!( - compile_options.no_default_features, + compile_options.cli_features.all_features, + args.all_features + ); + assert_eq!( + compile_options.cli_features.features, + expected_cli_features.features + ); + assert_eq!( + !compile_options.cli_features.uses_default_features, args.no_default_features ); } diff --git a/cargo-geiger/src/scan/find.rs b/cargo-geiger/src/scan/find.rs index 944b38cb..713bab0c 100644 --- a/cargo-geiger/src/scan/find.rs +++ b/cargo-geiger/src/scan/find.rs @@ -30,7 +30,9 @@ pub fn find_unsafe( cargo_metadata_parameters, print_config.include_tests, mode, - |i, count| -> CargoResult<()> { progress.tick(i, count) }, + |i, count| -> CargoResult<()> { + progress.tick(i, count, "find_unsafe_tick") + }, ); progress.clear(); config.shell().status("Scanning", "done")?; diff --git a/cargo-geiger/src/scan/rs_file.rs b/cargo-geiger/src/scan/rs_file.rs index 955f5a44..ff7ff63d 100644 --- a/cargo-geiger/src/scan/rs_file.rs +++ b/cargo-geiger/src/scan/rs_file.rs @@ -7,8 +7,9 @@ use cargo::core::manifest::TargetKind; use cargo::core::Workspace; use cargo::ops; use cargo::ops::{CleanOptions, CompileOptions}; -use cargo::util::{interning::InternedString, paths, CargoResult}; +use cargo::util::{interning::InternedString, CargoResult}; use cargo::Config; +use cargo_util::paths; use geiger::RsFileMetrics; use std::collections::HashSet; use std::error::Error; diff --git a/cargo-geiger/src/scan/rs_file/custom_executor.rs b/cargo-geiger/src/scan/rs_file/custom_executor.rs index 068be45f..4130c92f 100644 --- a/cargo-geiger/src/scan/rs_file/custom_executor.rs +++ b/cargo-geiger/src/scan/rs_file/custom_executor.rs @@ -1,6 +1,7 @@ use cargo::core::compiler::{CompileMode, Executor, Unit}; use cargo::core::{PackageId, Target}; -use cargo::util::{CargoResult, ProcessBuilder}; +use cargo::util::CargoResult; +use cargo_util::ProcessBuilder; use std::collections::HashSet; use std::error::Error; use std::ffi::OsString;