fix: cargo audit report matching && severity ranking

washanhanzi · Nov 19, 2024 · 5dd38bc · 5dd38bc
1 parent 58a50c9
commit 5dd38bc
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 20 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -28,6 +28,7 @@ executable_path_finder = "0.0.5"
 petgraph = "0.6.5"
 tokio-util = { version = "0.7.12", features = ["time"] }
 unicode-xid = "0.2.6"
+cargo-util-schemas = "0"
 
 cargo = { git = "https://github.com/washanhanzi/cargo.git", branch = "master" }
 tower-lsp = { git = "https://github.com/washanhanzi/tower-lsp", branch = "master", features = [

diff --git a/src/controller/appraiser.rs b/src/controller/appraiser.rs
@@ -1,7 +1,7 @@
-use std::collections::HashMap;
+use std::{collections::HashMap, str::FromStr};
 
 use cargo::util::VersionExt;
-use semver::Version;
+use semver::{Version, VersionReq};
 use tokio::sync::{
     mpsc::{self, Sender},
     oneshot,
@@ -191,17 +191,39 @@ impl Appraiser {
                                     }
                                     None => {
                                         for (v, rr) in reports_map {
-                                            if dep
-                                                .unresolved
-                                                .as_ref()
-                                                .unwrap()
-                                                .version_req()
-                                                .matches(&Version::parse(v).unwrap())
-                                            {
-                                                audited.insert(
-                                                    (cargo_path_uri.clone(), dep.id.to_string()),
-                                                    (dep.clone(), rr.clone()),
-                                                );
+                                            match dep.unresolved.as_ref() {
+                                                Some(unresolved) => {
+                                                    if unresolved
+                                                        .version_req()
+                                                        .matches(&Version::parse(v).unwrap())
+                                                    {
+                                                        audited.insert(
+                                                            (
+                                                                cargo_path_uri.clone(),
+                                                                dep.id.to_string(),
+                                                            ),
+                                                            (dep.clone(), rr.clone()),
+                                                        );
+                                                    }
+                                                }
+                                                None => {
+                                                    if let Some(v) = dep.version.as_ref() {
+                                                        let Ok(req)=  cargo_util_schemas::core::PartialVersion::from_str(v.value())else{
+                                                            continue;
+                                                        };
+                                                        if req.to_caret_req().matches(
+                                                            &Version::parse(v.value()).unwrap(),
+                                                        ) {
+                                                            audited.insert(
+                                                                (
+                                                                    cargo_path_uri.clone(),
+                                                                    dep.id.to_string(),
+                                                                ),
+                                                                (dep.clone(), rr.clone()),
+                                                            );
+                                                        }
+                                                    }
+                                                }
                                             }
                                         }
                                     }

diff --git a/src/controller/audit.rs b/src/controller/audit.rs
@@ -109,7 +109,7 @@ pub fn into_diagnostic_severity(
     reports
         .iter()
         .map(|r| r.severity())
-        .max()
+        .min()
         .unwrap_or(DiagnosticSeverity::INFORMATION)
 }
 

diff --git a/src/controller/cargo.rs b/src/controller/cargo.rs
@@ -232,7 +232,7 @@ impl CargoError {
 
                             // Check if the requirement in the error message matches the dependency's requirement
                             if error_msg.contains(&format!("`{} = \"{}\"", d.name, req)) {
-                                let version = d.version.as_ref()?.id.as_str();
+                                let version = d.version.as_ref()?.id();
                                 let range = tree.entries.get(version)?.range;
                                 Some((
                                     version.to_string(),
@@ -268,7 +268,7 @@ impl CargoError {
                     };
                     let mut feature_map = HashMap::with_capacity(features.len());
                     for f in features {
-                        feature_map.insert(f.value.to_string(), f.id.to_string());
+                        feature_map.insert(f.value().to_string(), f.id().to_string());
                     }
                     let version = unresolved.version_req().to_string();
                     let summaries =

diff --git a/src/entity/dependency.rs b/src/entity/dependency.rs
@@ -36,7 +36,7 @@ impl Dependency {
     pub fn package_name(&self) -> &str {
         self.package
             .as_ref()
-            .map(|v| v.value.as_str())
+            .map(|v| v.value())
             .unwrap_or(&self.name)
     }
 

diff --git a/src/entity/value.rs b/src/entity/value.rs
@@ -1,11 +1,19 @@
 #[derive(Debug, Clone, Default)]
 pub struct Value<T> {
-    pub id: String,
-    pub value: T,
+    id: String,
+    value: T,
 }
 
 impl<T> Value<T> {
     pub fn new(id: String, value: T) -> Self {
         Self { id, value }
     }
+
+    pub fn id(&self) -> &str {
+        &self.id
+    }
+
+    pub fn value(&self) -> &T {
+        &self.value
+    }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -109,7 +109,7 @@ pub fn into_diagnostic_severity( @@
         reports
             .iter()
             .map(|r| r.severity())
-            .max()
+            .min()
             .unwrap_or(DiagnosticSeverity::INFORMATION)
     }
@@ Expand Down @@