Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rust call analysis #452

Merged
merged 25 commits into from
Aug 15, 2023
Merged

Rust call analysis #452

merged 25 commits into from
Aug 15, 2023

Conversation

another-rex
Copy link
Collaborator

@another-rex another-rex commented Jul 27, 2023
edited
Loading

Support rust for call analysis, the current version is fully working for any rust binary or library that can be built with cargo build

Part of #476

TODO:

  • Figure out what if anything is wrong with the go analysis (Nothing is wrong, added another test for the future)
  • Add documentation to rust call analysis
  • Add tests
    • extractRlibArchive
    • ar
    • rustBuildSource integration test

Limitations: #464

oliverchang
oliverchang reviewed Jul 28, 2023
View reviewed changes
Copy link
Collaborator

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice! can you please add a simple test as well?

internal/sourceanalysis/ar/reader.go Outdated Show resolved Hide resolved
internal/sourceanalysis/rust.go Outdated Show resolved Hide resolved
internal/sourceanalysis/rust.go
func cleanRustFunctionSymbols(val string) string {
// Used to remove generics from functions and types as they are not included in function calls
// in advisories:
// E.g.: `smallvec::SmallVec<A>::new` => `smallvec::SmallVec::new`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should start a discussion here if the data can be formatted in a more convenient way to begin with?

Regex seems potentially very error prone here.

internal/sourceanalysis/rust.go Outdated Show resolved Hide resolved
internal/sourceanalysis/rust.go Show resolved Hide resolved
internal/sourceanalysis/rust.go Outdated Show resolved Hide resolved
oliverchang
oliverchang reviewed Jul 28, 2023
View reviewed changes
internal/sourceanalysis/rust.go Show resolved Hide resolved
internal/sourceanalysis/rust.go Outdated Show resolved Hide resolved
internal/sourceanalysis/rust.go Show resolved Hide resolved
@another-rex another-rex mentioned this pull request Aug 2, 2023
Open
2 tasks
hayleycd
hayleycd suggested changes Aug 2, 2023
View reviewed changes
Copy link
Collaborator

@hayleycd hayleycd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see a sample SCA output for the docs.

docs/output.md Outdated Show resolved Hide resolved
docs/output.md Outdated
```

**Rendered:**

| OSV URL | CVSS | Ecosystem | Package | Version | Source |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So when I saw that there were changes in the output file, I was hoping to see output from the SCAs. How does the Go & Rust output look different from the standard ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some examples and JSON comments explaining the output more thoroughly.

oliverchang
oliverchang approved these changes Aug 11, 2023
View reviewed changes
Copy link
Collaborator

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

As discussed offline, let's raise some data formatting (re the remaining open comment on the PR around generics) and consistency issues (e.g. macros) with the upstream RustSec folks. It would be nice to show osv-scanner as an example tool that can leverage the DB to its full extent.

@another-rex another-rex mentioned this pull request Aug 14, 2023
Open
@another-rex another-rex merged commit 17fd75e into google:main Aug 15, 2023
7 checks passed
@Shnatsel Shnatsel mentioned this pull request Aug 26, 2023
Closed
@chenrui333 chenrui333 mentioned this pull request Sep 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hayleycd hayleycd hayleycd approved these changes

@oliverchang oliverchang oliverchang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@another-rex @oliverchang @hayleycd