Skip to content

Commit 953ed92

Browse files
ysaito1001david-perez
ysaito1001
authored and
david-perez
committed
Address vulnerabilities reported within the tools directory (#2633)
## Motivation and Context Addresses vulnerabilities reported by `cargo audit` within the repository. ## Description This commit addresses vulnerabilities within the tools directory reported by `cargo audit`. Mostly they have been fixed by regenerating `Cargo.lock` files. Two exceptions: - `crate-hasher` needs to drop the `temp_dir` crate and switch over to the `tempfile` crate - `canary-runner` needs to upgrade the `octorust` crate ## Testing After the PR, no vulnerabilities reported from the crates that have been patched. Ran `cargo t` on the updated crates. Furthermore, no vulnerabilities reported currently within `rust-runtime` and `aws/rust-runtime`: ``` ➜ rust-runtime git:(ysaito/fix-cargo-audit) pwd smithy-rs/rust-runtime ➜ rust-runtime git:(ysaito/fix-cargo-audit) rm Cargo.lock && cargo generate-lockfile && cargo audit Updating crates.io index Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 543 security advisories Updating crates.io index Scanning Cargo.lock for vulnerabilities (314 crate dependencies) ➜ rust-runtime git:(ysaito/fix-cargo-audit) pwd smithy-rs/aws/rust-runtime ➜ rust-runtime git:(ysaito/fix-cargo-audit) rm Cargo.lock && cargo generate-lockfile && cargo audit Updating crates.io index Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 543 security advisories Updating crates.io index Scanning Cargo.lock for vulnerabilities (249 crate dependencies) ``` ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._ Co-authored-by: Yuki Saito <[email protected]>
1 parent 3dae7b1 commit 953ed92

File tree

10 files changed

+2273
-1390
lines changed

10 files changed

+2273
-1390
lines changed

tools/ci-build/changelogger/Cargo.lock

+363-196
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

tools/ci-build/crate-hasher/Cargo.lock

+294-144
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

tools/ci-build/crate-hasher/Cargo.toml

+1-1
Original file line numberDiff line numberDiff line change
@@ -24,4 +24,4 @@ sha256 = "1.1"
2424
flate2 = "1.0"
2525
pretty_assertions = "1.3"
2626
tar = "0.4"
27-
tempdir = "0.3"
27+
tempfile = "3.5.0"

tools/ci-build/crate-hasher/tests/test.rs

+10-10
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ use flate2::read::GzDecoder;
88
use std::fs::File;
99
use std::process::Command;
1010
use tar::Archive;
11-
use tempdir::TempDir;
11+
use tempfile::TempDir;
1212

1313
use crate_hasher::file_list::FileList;
1414

@@ -25,40 +25,40 @@ fn assert_correct_aws_smithy_async_hash(file_list: &FileList) {
2525

2626
#[test]
2727
fn test_against_aws_smithy_async() -> Result<()> {
28-
let dir = TempDir::new("test_against_aws_smithy_async")?;
28+
let dir = TempDir::new()?.path().join("test_against_aws_smithy_async");
2929

3030
let tar = GzDecoder::new(File::open("tests/aws-smithy-async-2022-04-08.tar.gz")?);
3131
let mut archive = Archive::new(tar);
3232
archive.unpack(&dir)?;
3333

34-
let file_list = FileList::discover(&dir.as_ref().join("aws-smithy-async"))?;
34+
let file_list = FileList::discover(&dir.as_path().join("aws-smithy-async"))?;
3535
assert_correct_aws_smithy_async_hash(&file_list);
3636
Ok(())
3737
}
3838

3939
#[test]
4040
fn test_against_aws_smithy_async_with_ignored_files() -> Result<()> {
41-
let dir = TempDir::new("test_against_aws_smithy_async")?;
41+
let dir = TempDir::new()?.path().join("test_against_aws_smithy_async");
4242

4343
let tar = GzDecoder::new(File::open("tests/aws-smithy-async-2022-04-08.tar.gz")?);
4444
let mut archive = Archive::new(tar);
4545
archive.unpack(&dir)?;
4646

47-
std::fs::create_dir(dir.as_ref().join("target"))?;
47+
std::fs::create_dir(&dir.as_path().join("target"))?;
4848
std::fs::write(
49-
dir.as_ref().join("target/something"),
49+
&dir.as_path().join("target/something"),
5050
b"some data that should be excluded",
5151
)?;
5252

53-
let file_list = FileList::discover(&dir.as_ref().join("aws-smithy-async"))?;
53+
let file_list = FileList::discover(&dir.as_path().join("aws-smithy-async"))?;
5454
assert_correct_aws_smithy_async_hash(&file_list);
5555

5656
Ok(())
5757
}
5858

5959
#[test]
6060
fn test_against_aws_smithy_async_with_git_repo() -> Result<()> {
61-
let dir = TempDir::new("test_against_aws_smithy_async")?;
61+
let dir = TempDir::new()?.path().join("test_against_aws_smithy_async");
6262

6363
let tar = GzDecoder::new(File::open("tests/aws-smithy-async-2022-04-08.tar.gz")?);
6464
let mut archive = Archive::new(tar);
@@ -68,10 +68,10 @@ fn test_against_aws_smithy_async_with_git_repo() -> Result<()> {
6868
Command::new("git")
6969
.arg("init")
7070
.arg(".")
71-
.current_dir(dir.as_ref().join("aws-smithy-async"))
71+
.current_dir(&dir.as_path().join("aws-smithy-async"))
7272
.output()?;
7373

74-
let file_list = FileList::discover(&dir.as_ref().join("aws-smithy-async"))?;
74+
let file_list = FileList::discover(&dir.as_path().join("aws-smithy-async"))?;
7575
assert_correct_aws_smithy_async_hash(&file_list);
7676

7777
Ok(())

0 commit comments

Comments
 (0)