mirror of
https://github.com/imjasonh/rustvulncheck
synced 2026-07-16 12:32:30 +00:00
Scanner fixes: - Block comment tracking: skip lines inside /* ... */ blocks - Skip `use` statements from being matched as call sites - Free function call detection: `parse_cookie(...)` after direct import - Type-aware suppression: when the receiver's type is positively known and doesn't match the vulnerable type, suppress the finding entirely (e.g., .abort() on MyHandle vs JoinHandle) Golden test improvements: - All assertions are now specific: exact counts (deps, reachable symbols, files scanned), exact advisory IDs listed vs reachable, exact call site locations (file:line), exact confidence levels (HIGH vs MEDIUM) - Each test documents its fixture layout and expected positive/negative findings in a header comment New edge_cases_project fixture covering: - Aliased imports (Decoder as HyperDecoder → dec.decode detected) - Free function calls (parse_cookie after direct import) - Commented-out code (block & line comments correctly skipped) - False positive suppression (abort() on MyHandle, parse() on String) - Typed method calls (jar.add(c) with explicit CookieJar type) 38 tests total (33 unit + 5 integration), all passing. https://claude.ai/code/session_011sdj18ZvQYbDVwEKqrWDj1
27 lines
613 B
TOML
27 lines
613 B
TOML
# This file is automatically @generated by Cargo.
|
|
# It is not intended for manual editing.
|
|
version = 3
|
|
|
|
[[package]]
|
|
name = "edge-cases-app"
|
|
version = "0.1.0"
|
|
|
|
[[package]]
|
|
name = "hyper"
|
|
version = "0.14.27"
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
[[package]]
|
|
name = "serde_json"
|
|
version = "1.0.90"
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
[[package]]
|
|
name = "cookie"
|
|
version = "0.17.0"
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
|
|
[[package]]
|
|
name = "tokio"
|
|
version = "1.37.0"
|
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|