diff --git a/Cargo.lock b/Cargo.lock index a754fe109..c41f1b1cd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -553,41 +553,6 @@ dependencies = [ "memchr", ] -[[package]] -name = "darling" -version = "0.20.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989" -dependencies = [ - "darling_core", - "darling_macro", -] - -[[package]] -name = "darling_core" -version = "0.20.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5" -dependencies = [ - "fnv", - "ident_case", - "proc-macro2", - "quote", - "strsim", - "syn 2.0.82", -] - -[[package]] -name = "darling_macro" -version = "0.20.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806" -dependencies = [ - "darling_core", - "quote", - "syn 2.0.82", -] - [[package]] name = "dashmap" version = "6.1.0" @@ -611,37 +576,6 @@ dependencies = [ "powerfmt", ] -[[package]] -name = "derive_builder" -version = "0.20.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "507dfb09ea8b7fa618fcf76e953f4f5e192547945816d5358edffe39f6f94947" -dependencies = [ - "derive_builder_macro", -] - -[[package]] -name = "derive_builder_core" -version = "0.20.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8" -dependencies = [ - "darling", - "proc-macro2", - "quote", - "syn 2.0.82", -] - -[[package]] -name = "derive_builder_macro" -version = "0.20.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c" -dependencies = [ - "derive_builder_core", - "syn 2.0.82", -] - [[package]] name = "diff" version = "0.1.13" @@ -2035,12 +1969,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "ident_case" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" - [[package]] name = "idna" version = "0.5.0" @@ -2557,7 +2485,7 @@ dependencies = [ "serde-sarif", "serde_json", "strum", - "sysinfo", + "sysinfo 0.32.0", "tar", "tempfile", "tracing", @@ -3357,9 +3285,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "secrecy" -version = "0.8.0" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e" +checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a" dependencies = [ "zeroize", ] @@ -3407,12 +3335,11 @@ dependencies = [ [[package]] name = "serde-sarif" -version = "0.5.0" +version = "0.6.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a38c5e5bbaa10cc256774ea394ad62968c31c0e3c3265f65221e02c87dd1a914" +checksum = "d7156abc1ee1d97c418af6261768c90c96a592a63175cb647a2e43f43445ac10" dependencies = [ "anyhow", - "derive_builder", "prettyplease", "proc-macro2", "quote", @@ -3423,6 +3350,7 @@ dependencies = [ "strum_macros", "syn 2.0.82", "thiserror", + "typed-builder", ] [[package]] @@ -3684,8 +3612,21 @@ dependencies = [ "libc", "ntapi", "once_cell", + "windows 0.52.0", +] + +[[package]] +name = "sysinfo" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3b5ae3f4f7d64646c46c4cae4e3f01d1c5d255c7406fdd7c7f999a94e488791" +dependencies = [ + "core-foundation-sys", + "libc", + "memchr", + "ntapi", "rayon", - "windows", + "windows 0.57.0", ] [[package]] @@ -3969,6 +3910,26 @@ version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" +[[package]] +name = "typed-builder" +version = "0.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e14ed59dc8b7b26cacb2a92bad2e8b1f098806063898ab42a3bd121d7d45e75" +dependencies = [ + "typed-builder-macro", +] + +[[package]] +name = "typed-builder-macro" +version = "0.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "560b82d656506509d43abe30e0ba64c56b1953ab3d4fe7ba5902747a7a3cedd5" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.82", +] + [[package]] name = "typenum" version = "1.17.0" @@ -4134,7 +4095,7 @@ dependencies = [ "regex", "rustc_version", "rustversion", - "sysinfo", + "sysinfo 0.30.13", "time", ] @@ -4292,7 +4253,17 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be" dependencies = [ - "windows-core", + "windows-core 0.52.0", + "windows-targets", +] + +[[package]] +name = "windows" +version = "0.57.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12342cb4d8e3b046f3d80effd474a7a02447231330ef77d71daa6fbc40681143" +dependencies = [ + "windows-core 0.57.0", "windows-targets", ] @@ -4305,17 +4276,60 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-core" +version = "0.57.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2ed2439a290666cd67ecce2b0ffaad89c2a56b976b736e6ece670297897832d" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-result 0.1.2", + "windows-targets", +] + +[[package]] +name = "windows-implement" +version = "0.57.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9107ddc059d5b6fbfbffdfa7a7fe3e22a226def0b2608f72e9d552763d3e1ad7" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.82", +] + +[[package]] +name = "windows-interface" +version = "0.57.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29bee4b38ea3cde66011baa44dba677c432a78593e202392d1e9070cf2a7fca7" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.82", +] + [[package]] name = "windows-registry" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e400001bb720a623c1c69032f8e3e4cf09984deec740f007dd2b03ec864804b0" dependencies = [ - "windows-result", + "windows-result 0.2.0", "windows-strings", "windows-targets", ] +[[package]] +name = "windows-result" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e383302e8ec8515204254685643de10811af0ed97ea37210dc26fb0032647f8" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-result" version = "0.2.0" @@ -4331,7 +4345,7 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10" dependencies = [ - "windows-result", + "windows-result 0.2.0", "windows-targets", ] diff --git a/crates/noseyparker-cli/Cargo.toml b/crates/noseyparker-cli/Cargo.toml index 49ea744e2..dfdd71c85 100644 --- a/crates/noseyparker-cli/Cargo.toml +++ b/crates/noseyparker-cli/Cargo.toml @@ -95,9 +95,9 @@ rlimit = "0.10.0" schemars = "0.8" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -serde-sarif = "0.5" +serde-sarif = "0.6" strum = { version = "0.26", features = ["derive"] } -sysinfo = { version = "0.30" } +sysinfo = { version = "0.32" } tar = "0.4" tempfile = "3.1" tracing = "0.1" diff --git a/crates/noseyparker-cli/src/cmd_report/sarif_format.rs b/crates/noseyparker-cli/src/cmd_report/sarif_format.rs index 4f7068ff6..66c1f168c 100644 --- a/crates/noseyparker-cli/src/cmd_report/sarif_format.rs +++ b/crates/noseyparker-cli/src/cmd_report/sarif_format.rs @@ -11,7 +11,7 @@ impl DetailsReporter { Some(entry) => entry.m.blob_id.to_string(), None => bail!("Failed to get group match data for group {metadata:?}"), }; - let message = sarif::MessageBuilder::default() + let message = sarif::Message::builder() .text(format!( "Rule {:?} found {} {}.\nFirst blob id matched: {}", metadata.rule_name, @@ -23,7 +23,7 @@ impl DetailsReporter { }, first_match_blob_id, )) - .build()?; + .build(); // Will store every match location for the runs.results.location array property let locations: Vec = matches @@ -42,25 +42,27 @@ impl DetailsReporter { let additional_properties = vec![(String::from("blob_metadata"), serde_json::json!(blob_metadata))]; - let mut artifact_location = sarif::ArtifactLocationBuilder::default(); - if let Some(path) = p.blob_path() { - artifact_location.uri(path.to_string_lossy()); - } - let artifact_location = artifact_location.build()?; + let artifact_location = if let Some(path) = p.blob_path() { + sarif::ArtifactLocation::builder() + .uri(path.to_string_lossy()) + .build() + } else { + sarif::ArtifactLocation::builder().build() + }; let additional_properties = std::collections::BTreeMap::from_iter(additional_properties); - let properties = sarif::PropertyBagBuilder::default() + let properties = sarif::PropertyBag::builder() .additional_properties(additional_properties) - .build()?; + .build(); - let location = sarif::LocationBuilder::default() + let location = sarif::Location::builder() .physical_location( - sarif::PhysicalLocationBuilder::default() + sarif::PhysicalLocation::builder() .artifact_location(artifact_location) // .context_region() FIXME: fill this in with location info of surrounding context .region( - sarif::RegionBuilder::default() + sarif::Region::builder() .start_line(source_span.start.line as i64) .start_column(source_span.start.column as i64) .end_line(source_span.end.line as i64) @@ -71,20 +73,20 @@ impl DetailsReporter { .byte_length(offset_span.len() as i64) */ .snippet( - sarif::ArtifactContentBuilder::default() + sarif::ArtifactContent::builder() .text(m.snippet.matching.to_string()) - .build()?, + .build(), ) - .build()?, + .build(), ) - .build()?, + .build(), ) - .logical_locations([sarif::LogicalLocationBuilder::default() + .logical_locations([sarif::LogicalLocation::builder() .kind("blob") .name(m.blob_id.to_string()) .properties(properties) - .build()?]) - .build()?; + .build()]) + .build(); Ok(location) }) }) @@ -94,7 +96,7 @@ impl DetailsReporter { let fingerprint = metadata.finding_id.clone(); // Build the result for the match - let result = sarif::ResultBuilder::default() + let result = sarif::Result::builder() .rule_id(&metadata.rule_name) // .occurrence_count(locations.len() as i64) // FIXME: enable? .message(message) @@ -102,7 +104,7 @@ impl DetailsReporter { .locations(locations) .level(sarif::ResultLevel::Warning.to_string()) .partial_fingerprints([(fingerprint_name, fingerprint)]) - .build()?; + .build(); Ok(result) } @@ -116,17 +118,17 @@ impl DetailsReporter { findings.push(self.make_sarif_result(&finding)?); } - let run = sarif::RunBuilder::default() + let run = sarif::Run::builder() .tool(noseyparker_sarif_tool()?) .results(findings) - .build()?; + .build(); - let sarif = sarif::SarifBuilder::default() + let sarif = sarif::Sarif::builder() .version(sarif::Version::V2_1_0.to_string()) // .schema("https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/sarif-schema-2.1.0.json") .schema(sarif::SCHEMA_URL) .runs([run]) - .build()?; + .build(); serde_json::to_writer(&mut writer, &sarif)?; writeln!(writer)?; @@ -142,32 +144,32 @@ fn noseyparker_sarif_rules() -> Result> { .context("Failed to load builtin rules")? .iter_rules() .map(|rule| { - let help = sarif::MultiformatMessageStringBuilder::default() + let help = sarif::MultiformatMessageString::builder() .text(rule.references.join("\n")) - .build()?; + .build(); // FIXME: add better descriptions to Nosey Parker rules - let description = sarif::MultiformatMessageStringBuilder::default() + let description = sarif::MultiformatMessageString::builder() .text(&rule.pattern) - .build()?; + .build(); - let rule = sarif::ReportingDescriptorBuilder::default() + let rule = sarif::ReportingDescriptor::builder() .id(&rule.name) // FIXME: nosey parker rules need to have stable, unique IDs, preferably without spaces // .name(&rule.name) // FIXME: populate this once we have proper IDs .short_description(description) // .full_description(description) // FIXME: populate this .help(help) // FIXME: provide better help messages for NP rules that we can include here // .help_uri() // FIXME: populate this - .build()?; + .build(); Ok(rule) }) .collect::>>() } fn noseyparker_sarif_tool() -> Result { - sarif::ToolBuilder::default() + let tool = sarif::Tool::builder() .driver( - sarif::ToolComponentBuilder::default() + sarif::ToolComponent::builder() .name(env!("CARGO_PKG_NAME").to_string()) .semantic_version(env!("CARGO_PKG_VERSION").to_string()) .full_name(concat!("Nosey Parker ", env!("CARGO_PKG_VERSION"))) // FIXME: move into cargo.toml metadata, extract here; see https://docs.rs/cargo_metadata/latest/cargo_metadata/ @@ -176,13 +178,13 @@ fn noseyparker_sarif_tool() -> Result { .download_uri(env!("CARGO_PKG_REPOSITORY").to_string()) // .full_description() // FIXME: populate with some long description, like the text from the README.md .short_description( - sarif::MultiformatMessageStringBuilder::default() + sarif::MultiformatMessageString::builder() .text(env!("CARGO_PKG_DESCRIPTION")) - .build()?, + .build(), ) .rules(noseyparker_sarif_rules()?) - .build()?, + .build(), ) - .build() - .map_err(|e| e.into()) + .build(); + Ok(tool) } diff --git a/crates/noseyparker/Cargo.toml b/crates/noseyparker/Cargo.toml index f816d5185..ef007164e 100644 --- a/crates/noseyparker/Cargo.toml +++ b/crates/noseyparker/Cargo.toml @@ -47,7 +47,7 @@ regex = "1.7" reqwest = { version = "0.12", features = ["json", "native-tls-vendored"], optional = true } rusqlite = { version = "0.32", features = ["bundled", "backup", "serde_json"] } schemars = { version = "0.8", features = ["smallvec"] } -secrecy = { version = "0.8.0", optional = true } +secrecy = { version = "0.10.0", optional = true } smallvec = { version = "1", features = ["const_generics", "const_new", "union"] } serde = { version = "1.0", features = ["derive", "rc"] } serde_json = { version = "1.0" }