diff options
| author | sterni <sternenseemann@systemli.org> | 2022-02-03T13·44+0100 |
|---|---|---|
| committer | clbot <clbot@tvl.fyi> | 2022-02-04T11·20+0000 |
| commit | 5d064256556a6af2e90a7c902c166ab67c65ea3a (patch) | |
| tree | ea620f9f8e3329bdd997da20e044cad12b7727ee /users/sterni | |
| parent | c3684740ad6852f15de46577974f44dc98ca9703 (diff) | |
chore: move format-audit-result.jq out of //users/sterni r/3762
In the spirit of the readTree filter we should also not include files in user directories from the outside. Change-Id: I1abe36a721048900d2758b5986063b68b8d1af93 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5200 Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: tazjin <tazjin@tvl.su> Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
Diffstat (limited to 'users/sterni')
| -rw-r--r-- | users/sterni/nixpkgs-crate-holes/default.nix | 2 | ||||
| -rw-r--r-- | users/sterni/nixpkgs-crate-holes/format-audit-result.jq | 61 |
2 files changed, 1 insertions, 62 deletions
diff --git a/users/sterni/nixpkgs-crate-holes/default.nix b/users/sterni/nixpkgs-crate-holes/default.nix index b659c9c89e..63eaa16070 100644 --- a/users/sterni/nixpkgs-crate-holes/default.nix +++ b/users/sterni/nixpkgs-crate-holes/default.nix @@ -147,7 +147,7 @@ let bins.jq "-rj" "-f" - ./format-audit-result.jq + ../../../tools/rust-crates-advisory/format-audit-result.jq "--arg" "attr" strAttr diff --git a/users/sterni/nixpkgs-crate-holes/format-audit-result.jq b/users/sterni/nixpkgs-crate-holes/format-audit-result.jq deleted file mode 100644 index e3147b8016..0000000000 --- a/users/sterni/nixpkgs-crate-holes/format-audit-result.jq +++ /dev/null @@ -1,61 +0,0 @@ -# Link to human-readable advisory info for a given vulnerability -def link: - [ "https://rustsec.org/advisories/", .advisory.id, ".html" ] | add; - -# Format a list of version constraints -def version_list: - [ .[] | "`" + . + "`" ] | join("; "); - -# show paths to fixing this vulnerability: -# -# - if there are patched releases, show them (the version we are using presumably -# predates the vulnerability discovery, so we likely want to upgrade to a -# patched release). -# - if there are no patched releases, show the unaffected versions (in case we -# want to downgrade). -# - otherwise we state that no unaffected versions are available at this time. -# -# This logic should be useful, but is slightly dumber than cargo-audit's -# suggestion when using the non-JSON output. -def patched: - if .versions.patched == [] then - if .versions.unaffected != [] then - "unaffected: " + (.versions.unaffected | version_list) - else - "no unaffected version available" - end - else - "patched: " + (.versions.patched | version_list) - end; - -# if the vulnerability has aliases (like CVE-*) emit them in parens -def aliases: - if .advisory.aliases == [] then - "" - else - [ " (", (.advisory.aliases | join(", ")), ")" ] | add - end; - -# each vulnerability is rendered as a (normal) sublist item -def format_vulnerability: - [ " - " - , .package.name, " ", .package.version, ": " - , "[", .advisory.id, "](", link, ")" - , aliases - , ", ", patched - , "\n" - ] | add; - -# be quiet if no found vulnerabilities, otherwise render a GHFM checklist item -if .vulnerabilities.found | not then - "" -else - ([ "- [ ] " - , "`", $attr, "`: " - , (.vulnerabilities.count | tostring) - , " vulnerabilities in Cargo.lock" - , if $maintainers != "" then " (cc " + $maintainers + ")" else "" end - , "\n" - ] + (.vulnerabilities.list | map(format_vulnerability)) - ) | add -end |