From ca3e93e2f67707a016b28e58f8374522a1fb68f0 Mon Sep 17 00:00:00 2001
From: mo khan <mo.khan@gmail.com>
Date: Tue, 4 Aug 2020 14:51:49 -0600
Subject: Add limited network support for Cargo projects

* Add test to scan cargo project with packages from a private registry
* Synchronize mono cert store
* Wipe nuget package cache before specs
* Compress /usr/local/share
* Exclude development dependencies
* Add CHANGELOG entry
---
 spec/fixtures/haproxy.cfg                          |  6 ++
 spec/fixtures/rust/cargo/custom-tls/Cargo.lock     | 16 ++++
 spec/fixtures/rust/cargo/custom-tls/Cargo.toml     |  8 ++
 spec/fixtures/rust/cargo/custom-tls/src/main.rs    |  3 +
 .../rust/cargo/dev-dependencies/Cargo.lock         | 95 ++++++++++++++++++++++
 .../rust/cargo/dev-dependencies/Cargo.toml         | 11 +++
 .../rust/cargo/dev-dependencies/src/main.rs        |  3 +
 spec/fixtures/rust/cargo/hello_world/Cargo.lock    | 46 +++++++++++
 spec/fixtures/rust/cargo/hello_world/Cargo.toml    |  8 ++
 spec/fixtures/rust/cargo/hello_world/src/main.rs   |  3 +
 spec/integration/rust/cargo_spec.rb                | 58 +++++++++++++
 11 files changed, 257 insertions(+)
 create mode 100644 spec/fixtures/rust/cargo/custom-tls/Cargo.lock
 create mode 100644 spec/fixtures/rust/cargo/custom-tls/Cargo.toml
 create mode 100644 spec/fixtures/rust/cargo/custom-tls/src/main.rs
 create mode 100644 spec/fixtures/rust/cargo/dev-dependencies/Cargo.lock
 create mode 100644 spec/fixtures/rust/cargo/dev-dependencies/Cargo.toml
 create mode 100644 spec/fixtures/rust/cargo/dev-dependencies/src/main.rs
 create mode 100644 spec/fixtures/rust/cargo/hello_world/Cargo.lock
 create mode 100644 spec/fixtures/rust/cargo/hello_world/Cargo.toml
 create mode 100644 spec/fixtures/rust/cargo/hello_world/src/main.rs
 create mode 100644 spec/integration/rust/cargo_spec.rb

(limited to 'spec')

diff --git a/spec/fixtures/haproxy.cfg b/spec/fixtures/haproxy.cfg
index 4a5b982..d5b2647 100644
--- a/spec/fixtures/haproxy.cfg
+++ b/spec/fixtures/haproxy.cfg
@@ -20,6 +20,7 @@ defaults
 frontend www-https
   bind *:443 ssl crt wildcard.test.pem
 
+  acl cargo-backend ssl_fc_sni cargo.test
   acl composer-backend ssl_fc_sni composer.test
   acl goproxy-backend ssl_fc_sni goproxy.test
   acl maven-backend ssl_fc_sni maven.test
@@ -29,6 +30,7 @@ frontend www-https
   acl rubygems-backend ssl_fc_sni rubygems.test
 
   http-request replace-header Host .* api.nuget.org if nuget-backend
+  http-request replace-header Host .* github.com if cargo-backend
   http-request replace-header Host .* packagist.org if composer-backend
   http-request replace-header Host .* proxy.golang.org if goproxy-backend
   http-request replace-header Host .* pypi.org if pypi-backend
@@ -36,6 +38,7 @@ frontend www-https
   http-request replace-header Host .* repo1.maven.org if maven-backend
   http-request replace-header Host .* rubygems.org if rubygems-backend
 
+  use_backend cargo-backend if cargo-backend
   use_backend composer-backend if composer-backend
   use_backend goproxy-backend if goproxy-backend
   use_backend maven-backend if maven-backend
@@ -44,6 +47,9 @@ frontend www-https
   use_backend pypi-backend if pypi-backend
   use_backend rubygems-backend if rubygems-backend
 
+backend cargo-backend
+  server www1 github.com:443 ssl verify none
+
 backend composer-backend
   server www1 packagist.org:443 ssl verify none
 
diff --git a/spec/fixtures/rust/cargo/custom-tls/Cargo.lock b/spec/fixtures/rust/cargo/custom-tls/Cargo.lock
new file mode 100644
index 0000000..52702bd
--- /dev/null
+++ b/spec/fixtures/rust/cargo/custom-tls/Cargo.lock
@@ -0,0 +1,16 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+[[package]]
+name = "custom-tls"
+version = "0.1.0"
+dependencies = [
+ "libc 0.2.74 (registry+https://cargo.test/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.74"
+source = "registry+https://cargo.test/rust-lang/crates.io-index"
+
+[metadata]
+"checksum libc 0.2.74 (registry+https://cargo.test/rust-lang/crates.io-index)" = "a2f02823cf78b754822df5f7f268fb59822e7296276d3e069d8e8cb26a14bd10"
diff --git a/spec/fixtures/rust/cargo/custom-tls/Cargo.toml b/spec/fixtures/rust/cargo/custom-tls/Cargo.toml
new file mode 100644
index 0000000..5058806
--- /dev/null
+++ b/spec/fixtures/rust/cargo/custom-tls/Cargo.toml
@@ -0,0 +1,8 @@
+[package]
+name = "custom-tls"
+version = "0.1.0"
+authors = ["example <tanuki@example.com>"]
+edition = "2018"
+
+[dependencies]
+libc = "0.2.74"
diff --git a/spec/fixtures/rust/cargo/custom-tls/src/main.rs b/spec/fixtures/rust/cargo/custom-tls/src/main.rs
new file mode 100644
index 0000000..e7a11a9
--- /dev/null
+++ b/spec/fixtures/rust/cargo/custom-tls/src/main.rs
@@ -0,0 +1,3 @@
+fn main() {
+    println!("Hello, world!");
+}
diff --git a/spec/fixtures/rust/cargo/dev-dependencies/Cargo.lock b/spec/fixtures/rust/cargo/dev-dependencies/Cargo.lock
new file mode 100644
index 0000000..5c2a516
--- /dev/null
+++ b/spec/fixtures/rust/cargo/dev-dependencies/Cargo.lock
@@ -0,0 +1,95 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+[[package]]
+name = "ansi_term"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "byteorder"
+version = "1.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "dev-dependencies"
+version = "0.1.0"
+dependencies = [
+ "diesel 1.4.5 (registry+https://github.com/rust-lang/crates.io-index)",
+ "pretty_assertions 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "diesel"
+version = "1.4.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "byteorder 1.3.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "diesel_derives 1.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "diesel_derives"
+version = "1.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "proc-macro2 1.0.19 (registry+https://github.com/rust-lang/crates.io-index)",
+ "quote 1.0.7 (registry+https://github.com/rust-lang/crates.io-index)",
+ "syn 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "difference"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
+name = "pretty_assertions"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "ansi_term 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "difference 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "unicode-xid 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "proc-macro2 1.0.19 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "syn"
+version = "1.0.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "proc-macro2 1.0.19 (registry+https://github.com/rust-lang/crates.io-index)",
+ "quote 1.0.7 (registry+https://github.com/rust-lang/crates.io-index)",
+ "unicode-xid 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
+name = "unicode-xid"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[metadata]
+"checksum ansi_term 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "23ac7c30002a5accbf7e8987d0632fa6de155b7c3d39d0067317a391e00a2ef6"
+"checksum byteorder 1.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de"
+"checksum diesel 1.4.5 (registry+https://github.com/rust-lang/crates.io-index)" = "3e2de9deab977a153492a1468d1b1c0662c1cf39e5ea87d0c060ecd59ef18d8c"
+"checksum diesel_derives 1.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "45f5098f628d02a7a0f68ddba586fb61e80edec3bdc1be3b921f4ceec60858d3"
+"checksum difference 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b3304d19798a8e067e48d8e69b2c37f0b5e9b4e462504ad9e27e9f3fce02bba8"
+"checksum pretty_assertions 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "28ea5118e2f41bfbc974b28d88c07621befd1fa5d6ec23549be96302a1a59dd2"
+"checksum proc-macro2 1.0.19 (registry+https://github.com/rust-lang/crates.io-index)" = "04f5f085b5d71e2188cb8271e5da0161ad52c3f227a661a3c135fdf28e258b12"
+"checksum quote 1.0.7 (registry+https://github.com/rust-lang/crates.io-index)" = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
+"checksum syn 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)" = "e69abc24912995b3038597a7a593be5053eb0fb44f3cc5beec0deb421790c1f4"
+"checksum unicode-xid 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564"
diff --git a/spec/fixtures/rust/cargo/dev-dependencies/Cargo.toml b/spec/fixtures/rust/cargo/dev-dependencies/Cargo.toml
new file mode 100644
index 0000000..7adf447
--- /dev/null
+++ b/spec/fixtures/rust/cargo/dev-dependencies/Cargo.toml
@@ -0,0 +1,11 @@
+[package]
+name = "dev-dependencies"
+version = "0.1.0"
+authors = ["example <tanuki@example.com>"]
+edition = "2018"
+
+[dependencies]
+diesel = "1.4.5"
+
+[dev-dependencies]
+pretty_assertions = "0.4.0"
diff --git a/spec/fixtures/rust/cargo/dev-dependencies/src/main.rs b/spec/fixtures/rust/cargo/dev-dependencies/src/main.rs
new file mode 100644
index 0000000..e7a11a9
--- /dev/null
+++ b/spec/fixtures/rust/cargo/dev-dependencies/src/main.rs
@@ -0,0 +1,3 @@
+fn main() {
+    println!("Hello, world!");
+}
diff --git a/spec/fixtures/rust/cargo/hello_world/Cargo.lock b/spec/fixtures/rust/cargo/hello_world/Cargo.lock
new file mode 100644
index 0000000..0d0a86c
--- /dev/null
+++ b/spec/fixtures/rust/cargo/hello_world/Cargo.lock
@@ -0,0 +1,46 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+[[package]]
+name = "hello_world"
+version = "0.1.0"
+dependencies = [
+ "time",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.74"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2f02823cf78b754822df5f7f268fb59822e7296276d3e069d8e8cb26a14bd10"
+
+[[package]]
+name = "time"
+version = "0.1.43"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
diff --git a/spec/fixtures/rust/cargo/hello_world/Cargo.toml b/spec/fixtures/rust/cargo/hello_world/Cargo.toml
new file mode 100644
index 0000000..8331179
--- /dev/null
+++ b/spec/fixtures/rust/cargo/hello_world/Cargo.toml
@@ -0,0 +1,8 @@
+[package]
+name = "hello_world"
+version = "0.1.0"
+authors = ["example <tanuki@example.com>"]
+edition = "2018"
+
+[dependencies]
+time = "0.1.12"
diff --git a/spec/fixtures/rust/cargo/hello_world/src/main.rs b/spec/fixtures/rust/cargo/hello_world/src/main.rs
new file mode 100644
index 0000000..e7a11a9
--- /dev/null
+++ b/spec/fixtures/rust/cargo/hello_world/src/main.rs
@@ -0,0 +1,3 @@
+fn main() {
+    println!("Hello, world!");
+}
diff --git a/spec/integration/rust/cargo_spec.rb b/spec/integration/rust/cargo_spec.rb
new file mode 100644
index 0000000..77ad447
--- /dev/null
+++ b/spec/integration/rust/cargo_spec.rb
@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+RSpec.describe "cargo" do
+  subject { runner.scan(env: env) }
+
+  let(:env) { {} }
+
+  context "when scanning a cargo project" do
+    before do
+      runner.mount(dir: fixture_file('rust/cargo/hello_world'))
+    end
+
+    specify { expect(subject).to match_schema }
+
+    specify do
+      expect(subject.dependency_names).to match_array(%w[libc time])
+    end
+
+    specify { expect(subject.licenses_for('libc')).to match_array(['mit or apache-2.0']) }
+    specify { expect(subject.licenses_for('time')).to match_array(['Apache-2.0', 'MIT']) }
+  end
+
+  context "when fetching dependencies from a custom registry" do
+    before do
+      add_host('cargo.test', '127.0.0.1')
+      start_proxy_server
+      runner.mount(dir: fixture_file('rust/cargo/custom-tls'))
+    end
+
+    context "when the CA certificate is provided" do
+      let(:env) { { 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read } }
+
+      specify do
+        expect(subject).to match_schema
+        expect(subject.dependency_names).to match_array(['libc'])
+        expect(subject.licenses_for('libc')).to match_array(['mit or apache-2.0'])
+      end
+    end
+
+    context "when the CA certificate is NOT provided" do
+      let(:env) { {} }
+
+      specify { expect(subject).to match_schema }
+    end
+  end
+
+  context "when scanning a project with dev dependencies" do
+    before do
+      runner.mount(dir: fixture_file('rust/cargo/dev-dependencies'))
+    end
+
+    it 'excludes them from the report' do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to include('diesel')
+      expect(subject.dependency_names).not_to include('pretty_assertions')
+    end
+  end
+end
-- 
cgit v1.2.3