mirror of
https://github.com/imjasonh/rustvulncheck
synced 2026-07-08 04:08:07 +00:00
Build the first phase of cargo deep-audit - a reachability-based vulnerability scanner for Rust. This pipeline: - Clones/caches the RustSec advisory-db and parses TOML advisory files - Extracts crate names, patched versions, CVE/RUSTSEC IDs, and GitHub refs - Fetches patch diffs via GitHub API (PRs resolve to merge commits) - Analyzes unified diffs to extract modified Rust function signatures - Outputs an enriched JSON database mapping advisory IDs to function signatures Modules: - advisory.rs: TOML parser with GitHub reference extraction - github.rs: GitHub API client for commit/PR diffs - diff_analyzer.rs: Unified diff parser extracting fn signatures from hunks - db.rs: JSON output database structure - main.rs: CLI orchestrator with clap https://claude.ai/code/session_01AeNG3herWfKhos9uZVUY5d
15 lines
338 B
TOML
15 lines
338 B
TOML
[package]
|
|
name = "cargo-deep-audit"
|
|
version = "0.1.0"
|
|
edition = "2021"
|
|
|
|
[dependencies]
|
|
clap = { version = "4", features = ["derive", "env"] }
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
toml = "0.8"
|
|
reqwest = { version = "0.12", features = ["blocking", "json"] }
|
|
regex = "1"
|
|
git2 = "0.19"
|
|
walkdir = "2"
|
|
anyhow = "1"
|