1
0
Fork 0
mirror of https://github.com/imjasonh/rustvulncheck synced 2026-07-08 12:15:03 +00:00
Commit graph

3 commits

Author SHA1 Message Date
Claude
e797dadbad
Add hourly enrichment workflow with resume and timeout support
- Add --existing-db flag to enrich command to skip already-enriched advisories
- Add --timeout-secs flag to stop processing after a time budget
- Create .github/workflows/enrich.yml that runs hourly on a 55-minute budget
- Workflow commits enriched vuln_db.json to repo, checkpointing progress
- Each run picks up where the last left off, progressively enriching the backlog

https://claude.ai/code/session_01Pp3k3jGUtnTTqvMMr1uP4Y
2026-03-25 13:24:07 +00:00
Claude
b148c8d4b8
Add analyze command to detect reachable vulnerable symbols in Rust projects
Implements the next phase of cargo-deep-audit: given a Rust project and the
enriched vulnerability database, determine which vulnerable symbols are
actually called from user code.

New modules:
- lockfile.rs: Parse Cargo.lock to extract dependency names and versions
- scanner.rs: Scan .rs source files for references to vulnerable symbols
  using import tracking (use statements) and call pattern matching, with
  High/Medium confidence levels
- analyzer.rs: Orchestrate the full pipeline — load vuln_db, match against
  lockfile versions (semver-aware), scan source, produce structured report

Changes:
- main.rs refactored into subcommands: `enrich` (Phase 1) and `analyze` (Phase 2)
- db.rs/diff_analyzer.rs: Added Deserialize support to load vuln_db.json
- CI workflow updated for subcommand syntax
- 24 tests total (21 unit + 3 integration), all passing

https://claude.ai/code/session_011sdj18ZvQYbDVwEKqrWDj1
2026-03-25 10:50:22 +00:00
Claude
ce7f533cb0
Add CI workflow for tests and enrichment dry-run
Two jobs:
- test: builds and runs cargo test
- enrichment-dry-run: runs the pipeline against 10 real advisories
  using the Actions GITHUB_TOKEN, uploads vuln_db.json as artifact

https://claude.ai/code/session_01AeNG3herWfKhos9uZVUY5d
2026-03-25 01:34:22 +00:00