Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(rust): Support workspace.members parsing for Cargo.toml analysis #5285

Merged
merged 15 commits into from
Jan 29, 2024
Merged

feat(rust): Support workspace.members parsing for Cargo.toml analysis #5285

merged 15 commits into from
Jan 29, 2024

Conversation

anfedotoff
Copy link
Contributor

@anfedotoff anfedotoff commented Oct 1, 2023
edited
Loading

Description

Related issues

Checklist

@CLAassistant
Copy link

CLAassistant commented Oct 1, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

DmitriyLewen
DmitriyLewen reviewed Oct 2, 2023
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @anfedotoff
Thanks for your work!

I left some comments. Take a look, when you have time, please.

Regards, Dmitriy

pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated Show resolved Hide resolved
@anfedotoff anfedotoff mentioned this pull request Oct 2, 2023
Merged
@anfedotoff
Copy link
Contributor Author

@DmitriyLewen, sorry for too long, but I'm done with fixes. Please, have a look, if you have time:).

@DmitriyLewen
Copy link
Contributor

Good!
Resolve conflict, please.

DmitriyLewen
DmitriyLewen reviewed Oct 24, 2023
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@anfedotoff I left a few small comments.

I also forgot to ask you to add a test for members.

and one more thing - can you show how Cargo builds a dependency tree for participants.
I'm worried about direct/indirect dependencies.

pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated Show resolved Hide resolved
@DmitriyLewen
Copy link
Contributor

@anfedotoff Can you take a look on test errors (windows tests are broken)?

@anfedotoff
Copy link
Contributor Author

@anfedotoff Can you take a look on test errors (windows tests are broken)?

Hmm, honestly, I don't understand why this is happened. Maybe that test is flaky? Could you restart it, please?

@knqyf263
Copy link
Collaborator

knqyf263 commented Nov 20, 2023
edited
Loading

2023-11-14T06:17:47.684Z WARN Unable to parse "member\Cargo.toml": file open error: stat member\Cargo.toml: invalid argument

I don't think it's flaky. It shows a file open error.

@github-actions GitHub Actions
Copy link

This PR is stale because it has been labeled with inactivity.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Jan 20, 2024
@DmitriyLewen DmitriyLewen removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and will be auto-closed. label Jan 23, 2024
@DmitriyLewen
Copy link
Contributor

@knqyf263 I fixed Windows tests and did some small refactoring for this PR.
Can you look it when you have time please.

knqyf263
knqyf263 reviewed Jan 26, 2024
View reviewed changes
pkg/fanal/analyzer/language/rust/cargo/cargo_test.go Outdated
ID: "regex@1.10.2",
Name: "regex",
Version: "1.10.2",
Indirect: true,
Copy link
Collaborator

@knqyf263 knqyf263 Jan 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't it be false (meaning a direct dependency)? It is defined in Cargo.toml.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

pkg/fanal/analyzer/language/rust/cargo/cargo.go Outdated
log.Logger.Warnf("Unable to parse %q: %s", memberPath, err)
continue
}
maps.Copy(dependencies, memberDeps)
Copy link
Collaborator

@knqyf263 knqyf263 Jan 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC, workspace.dependencies is overridden by mistake here and then loses the version constraint.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right.
Thanks!
Fixed in 7b31975

DmitriyLewen and others added 2 commits January 26, 2024 17:32
@knqyf263 knqyf263 added this pull request to the merge queue Jan 29, 2024
Merged via the queue into aquasecurity:main with commit 5924c02 Jan 29, 2024
12 checks passed
@aqua-bot aqua-bot mentioned this pull request May 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DmitriyLewen DmitriyLewen DmitriyLewen left review comments

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(rust): Support workspace.members parsing for Cargo.toml analysis
4 participants
@anfedotoff @CLAassistant @DmitriyLewen @knqyf263