diff --git a/.devcontainer/install-dependencies.sh b/.devcontainer/install-dependencies.sh index 1470f7cf6..4a7415ce8 100755 --- a/.devcontainer/install-dependencies.sh +++ b/.devcontainer/install-dependencies.sh @@ -5,7 +5,7 @@ set -eux # Note that this script runs as user 'vscode' during devcontainer setup. # Rust global tools, needed to run CI scripts -"$HOME/.cargo/bin/cargo" install cargo-audit cargo-license@0.4.2 cargo-llvm-cov +"$HOME/.cargo/bin/cargo" install cargo-license@0.4.2 cargo-llvm-cov cargo-deny "$HOME/.cargo/bin/rustup" component add llvm-tools-preview # NPM global tools diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9dcf7c679..5800d6802 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ env: CARGO_TERM_COLOR: always SCCACHE_DIR: ${{github.workspace}}/sccache/ SCCACHE_CACHE_SIZE: 1G - ACTIONS_CACHE_KEY_DATE: 2022-10-28-01 + ACTIONS_CACHE_KEY_DATE: 2022-11-21-02 CI: true DOTNET_VERSION: 7.0.x diff --git a/src/agent/dynamic-library/Cargo.toml b/src/agent/dynamic-library/Cargo.toml index 0293c6c5d..58eaedaeb 100644 --- a/src/agent/dynamic-library/Cargo.toml +++ b/src/agent/dynamic-library/Cargo.toml @@ -2,6 +2,7 @@ name = "dynamic-library" version = "0.1.0" edition = "2021" +license = "MIT" [dependencies] anyhow = "1.0" @@ -26,7 +27,7 @@ features = [ "shellapi", "werapi", "winbase", - "winerror" + "winerror", ] [[bin]] diff --git a/src/agent/onefuzz-agent/Cargo.toml b/src/agent/onefuzz-agent/Cargo.toml index a23b0b236..e8fa70ec3 100644 --- a/src/agent/onefuzz-agent/Cargo.toml +++ b/src/agent/onefuzz-agent/Cargo.toml @@ -4,6 +4,7 @@ version = "0.1.0" authors = ["fuzzing@microsoft.com"] edition = "2018" publish = false +license = "MIT" [dependencies] anyhow = { version = "1.0", features = ["backtrace"] } @@ -13,7 +14,11 @@ env_logger = "0.9" futures = "0.3" log = "0.4" onefuzz = { path = "../onefuzz" } -reqwest = { version = "0.11", features = ["json", "stream", "native-tls-vendored"], default-features = false} +reqwest = { version = "0.11", features = [ + "json", + "stream", + "native-tls-vendored", +], default-features = false } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" storage-queue = { path = "../storage-queue" } diff --git a/src/agent/stacktrace-parser/Cargo.toml b/src/agent/stacktrace-parser/Cargo.toml index a7d235653..5337a0b28 100644 --- a/src/agent/stacktrace-parser/Cargo.toml +++ b/src/agent/stacktrace-parser/Cargo.toml @@ -3,6 +3,7 @@ name = "stacktrace-parser" version = "0.1.0" authors = [""] edition = "2018" +license = "MIT" [dependencies] anyhow = "1.0" diff --git a/src/ci/agent.sh b/src/ci/agent.sh index f16da82d0..bbe6bcb4b 100755 --- a/src/ci/agent.sh +++ b/src/ci/agent.sh @@ -37,7 +37,7 @@ cd src/agent rustc --version cargo --version -cargo audit --version +cargo deny --version cargo clippy --version cargo fmt --version cargo license --version @@ -48,9 +48,7 @@ if [ X${CARGO_INCREMENTAL} == X ]; then fi cargo fmt -- --check -# RUSTSEC-2022-0048: xml-rs is unmaintained -# RUSTSEC-2021-0139: ansi_term is unmaintained -cargo audit --deny warnings --deny unmaintained --deny unsound --deny yanked --ignore RUSTSEC-2022-0048 --ignore RUSTSEC-2021-0139 +cargo deny -L error check cargo license -j > data/licenses.json cargo build --release --locked cargo clippy --release --locked --all-targets -- -D warnings diff --git a/src/ci/proxy.sh b/src/ci/proxy.sh index bf6137d47..bfff19bbb 100755 --- a/src/ci/proxy.sh +++ b/src/ci/proxy.sh @@ -12,13 +12,11 @@ mkdir -p artifacts/proxy cd src/proxy-manager cargo fmt -- --check cargo clippy --release --all-targets -- -D warnings -# RUSTSEC-2022-0048: xml-rs is unmaintained -# RUSTSEC-2021-0139: ansi_term is unmaintained -cargo audit --deny warnings --deny unmaintained --deny unsound --deny yanked --ignore RUSTSEC-2022-0048 --ignore RUSTSEC-2021-0139 +cargo deny -L error check cargo license -j > data/licenses.json cargo build --release --locked # export RUST_LOG=trace export RUST_BACKTRACE=full -cargo test --release +cargo test --release --locked cp target/release/onefuzz-proxy-manager ../../artifacts/proxy diff --git a/src/ci/rust-prereqs.sh b/src/ci/rust-prereqs.sh index 30d5a5348..22cf4be83 100755 --- a/src/ci/rust-prereqs.sh +++ b/src/ci/rust-prereqs.sh @@ -11,7 +11,7 @@ fi # sccache --start-server # export RUSTC_WRAPPER=$(which sccache) -cargo install cargo-audit cargo-llvm-cov +cargo install cargo-llvm-cov cargo-deny if ! cargo license --help; then cargo install cargo-license@0.4.2 diff --git a/src/deny.toml b/src/deny.toml new file mode 100644 index 000000000..8fa38dc08 --- /dev/null +++ b/src/deny.toml @@ -0,0 +1,30 @@ +[licenses] +allow = [ + "Apache-2.0 WITH LLVM-exception", + "Apache-2.0", + "BSD-3-Clause", + "CC0-1.0", + "ISC", + "MIT", + "Zlib", +] + +[advisories] +vulnerability = "deny" +unmaintained = "deny" +unsound = "deny" +yanked = "deny" +ignore = [ + "RUSTSEC-2022-0048", # xml-rs is unmaintained + "RUSTSEC-2021-0139", # ansi_term is unmaintained +] + +[bans] + +# disallow rustls; we must use OpenSSL +[[bans.deny]] +name = "rustls" + +# disallow ring; unapproved crypto +[[bans.deny]] +name = "ring" diff --git a/src/proxy-manager/Cargo.lock b/src/proxy-manager/Cargo.lock index c4d70793a..96d0d3919 100644 --- a/src/proxy-manager/Cargo.lock +++ b/src/proxy-manager/Cargo.lock @@ -1076,9 +1076,9 @@ dependencies = [ [[package]] name = "serde-xml-rs" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65162e9059be2f6a3421ebbb4fef3e74b7d9e7c60c50a0e292c6239f19f1edfa" +checksum = "fb3aa78ecda1ebc9ec9847d5d3aba7d618823446a049ba2491940506da6e2782" dependencies = [ "log", "serde",