mirror of
https://github.com/imjasonh/rustvulncheck
synced 2026-07-06 19:02:25 +00:00
No description
Scanner fixes: - Block comment tracking: skip lines inside /* ... */ blocks - Skip `use` statements from being matched as call sites - Free function call detection: `parse_cookie(...)` after direct import - Type-aware suppression: when the receiver's type is positively known and doesn't match the vulnerable type, suppress the finding entirely (e.g., .abort() on MyHandle vs JoinHandle) Golden test improvements: - All assertions are now specific: exact counts (deps, reachable symbols, files scanned), exact advisory IDs listed vs reachable, exact call site locations (file:line), exact confidence levels (HIGH vs MEDIUM) - Each test documents its fixture layout and expected positive/negative findings in a header comment New edge_cases_project fixture covering: - Aliased imports (Decoder as HyperDecoder → dec.decode detected) - Free function calls (parse_cookie after direct import) - Commented-out code (block & line comments correctly skipped) - False positive suppression (abort() on MyHandle, parse() on String) - Typed method calls (jar.add(c) with explicit CookieJar type) 38 tests total (33 unit + 5 integration), all passing. https://claude.ai/code/session_011sdj18ZvQYbDVwEKqrWDj1 |
||
|---|---|---|
| .github/workflows | ||
| src | ||
| tests | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| design.md | ||