You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CLI flags in cargo_audit::commands::audit::AuditCommand are duplicated in cargo_audit::commands::audit::binary_scanning::BinCommand. This means that running help commands will produce:
$ cargo run -q -p cargo-audit -- audit -h
Audit Cargo.lock files for vulnerable crates
Usage: cargo audit [OPTIONS] [COMMAND]
Commands:
bin scan compiled binaries
help Print this message or the help of the given subcommand(s)
Options:
-c, --color <COLOR> color configuration: always, never (default: auto)
-d, --db <DB> advisory database git repo path (default: ~/.cargo/advisory-db)
-D, --deny <DENY> exit with an error on: warnings (any), unmaintained, unsound, yanked
-f, --file <FILE> Cargo lockfile to inspect (or `-` for STDIN, default: Cargo.lock)
--ignore <ADVISORY_ID> Advisory id to ignore (can be specified multiple times)
--ignore-source Ignore sources of packages in Cargo.toml, matching advisories regardless of source
-n, --no-fetch do not perform a git fetch on the advisory DB
--stale allow stale database
--target-arch <TARGET_ARCH> filter vulnerabilities by CPU (default: no filter)
--target-os <TARGET_OS> filter vulnerabilities by OS (default: no filter)
-u, --url <URL> URL for advisory database git repo
-q, --quiet Avoid printing unnecessary information
--json Output report in JSON format
-h, --help Print help
-V, --version Print version
and
$ cargo run -q -p cargo-audit -- audit bin -h
scan compiled binaries
Usage: cargo audit bin [OPTIONS] <BINARY_PATHS>...
Arguments:
<BINARY_PATHS>... Paths to the binaries to be scanned
Options:
-c, --color <COLOR> color configuration: always, never (default: auto)
-d, --db <DB> advisory database git repo path (default: ~/.cargo/advisory-db)
-D, --deny <DENY> exit with an error on: warnings (any), unmaintained, unsound, yanked
--ignore <ADVISORY_ID> Advisory id to ignore (can be specified multiple times)
--ignore-source Ignore sources of packages in the audit data, matching advisories regardless of source
-n, --no-fetch do not perform a git fetch on the advisory DB
--stale allow stale database
--target-arch <TARGET_ARCH> filter vulnerabilities by CPU (default: no filter)
--target-os <TARGET_OS> filter vulnerabilities by OS (default: no filter)
-u, --url <URL> URL for advisory database git repo
-q, --quiet Avoid printing unnecessary information
--json Output report in JSON format
-h, --help Print help (see more with '--help')
This in turn allows to run cargo audit bin with duplicated and possibly conflicting config values. For example you can run:
cargo run -q -p cargo-audit -- audit --url https://foo bin --url https://bar /path/to/binary
I think this is some mistake and should be fixed by removing duplicated options from BinCommand. This will be of course a breaking change, but this seams like a right thing to do. And I doubt this will break many people, due to how odd it would be for someone to rely on this.
I am currently implementing #1160 and can to this together, if my proposition is accepted.
The text was updated successfully, but these errors were encountered:
CLI flags in
cargo_audit::commands::audit::AuditCommand
are duplicated incargo_audit::commands::audit::binary_scanning::BinCommand
. This means that running help commands will produce:$ cargo run -q -p cargo-audit -- audit -h
and
$ cargo run -q -p cargo-audit -- audit bin -h
This in turn allows to run
cargo audit bin
with duplicated and possibly conflicting config values. For example you can run:I think this is some mistake and should be fixed by removing duplicated options from
BinCommand
. This will be of course a breaking change, but this seams like a right thing to do. And I doubt this will break many people, due to how odd it would be for someone to rely on this.I am currently implementing #1160 and can to this together, if my proposition is accepted.
The text was updated successfully, but these errors were encountered: