shouldi: Add cargo audit for rust

Yash-Varshney · web-flow · commit f2cfb78a4d7c · 2020-04-04T11:37:16.000-07:00
- Move downloads to their own folder for caching

Signed-off-by: John Andersen &lt;johnandersenpdx@gmail.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - `validate` parameter in `Input` takes `Operation.instance_name`
 - New db source can utilize any database that inherits from `BaseDatabase`
 - Logistic Regression with SAG optimizer
+- shouldi got an operation to run cargo-audit on rust code.
+- Moved all the downloads to tests/downloads to speed the CI test.
 - Test tensorflow DNNEstimator documentation exaples in CI
 - Add python code for tensorflow DNNEstimator
 - Ability to run a subflow as if it were an operation using the
diff --git a/examples/shouldi/.gitignore b/examples/shouldi/.gitignore
@@ -18,8 +18,11 @@ wheelhouse/
 *.modeldir
 *.db
 htmlcov/
-tests/golangci-lint-download/
-tests/javascript_algo-download/
-tests/npm-audit-download/
-tests/golang-download/
-tests/cri-resource-manager-download/
+tests/downloads/golangci-lint-download/
+tests/downloads/javascript_algo-download/
+tests/downloads/npm-audit-download/
+tests/downloads/cargo-audit-download/
+tests/downloads/rust-download/
+tests/downloads/crates-download/
+tests/downloads/golang-download/
+tests/downloads/cri-resource-manager-download/
diff --git a/examples/shouldi/shouldi/cargo_audit.py b/examples/shouldi/shouldi/cargo_audit.py
@@ -0,0 +1,56 @@
+import json
+import asyncio
+from typing import Dict, Any
+
+from dffml.df.base import op
+from dffml.df.types import Definition
+
+package_src_dir = Definition(name="package_src_dir", primitive="str")
+cargo_audit_output = Definition(
+    name="golangci_lint_output", primitive="Dict[str, Any]"
+)
+
+
+class CargoAuditError(Exception):
+    """
+    Raised when cargo-audit fails
+    """
+
+
+async def run_cargo_build(pkg_input: str):
+
+    new_proc = await asyncio.create_subprocess_exec(
+        "cargo",
+        "build",
+        "--release",
+        cwd=pkg_input,
+        stdout=asyncio.subprocess.PIPE,
+        stderr=asyncio.subprocess.PIPE,
+    )
+    stdout, stderr = await new_proc.communicate()
+    if new_proc.returncode != 0:
+        raise Exception(stderr.decode())
+
+
+@op(inputs={"pkg": package_src_dir}, outputs={"report": cargo_audit_output})
+async def run_cargo_audit(pkg: str) -> Dict[str, Any]:
+    """
+    CLI usage: dffml service dev run -log debug shouldi.cargo_audit:run_cargo_audit -pkg .
+    """
+    proc = await asyncio.create_subprocess_exec(
+        "cargo",
+        "audit",
+        "--json",
+        cwd=pkg,
+        stdout=asyncio.subprocess.PIPE,
+        stderr=asyncio.subprocess.PIPE,
+    )
+    stdout, stderr = await proc.communicate()
+    if len(stdout) == 0:
+        raise CargoAuditError(stderr.decode())
+
+    cargo_audit_op = stdout.decode()
+    issues = json.loads(cargo_audit_op)
+    result = issues["vulnerabilities"]["count"]
+
+    return {"report": result}
diff --git a/examples/shouldi/tests/test_cargo_audit.py b/examples/shouldi/tests/test_cargo_audit.py
@@ -0,0 +1,49 @@
+import pathlib
+
+from dffml.util.os import prepend_to_path
+from dffml.util.net import cached_download_unpack_archive
+from dffml.util.asynctestcase import AsyncTestCase
+
+from shouldi.cargo_audit import run_cargo_audit, run_cargo_build
+
+
+class TestRunCargoAuditOp(AsyncTestCase):
+    @cached_download_unpack_archive(
+        "https://static.rust-lang.org/dist/rust-1.42.0-x86_64-unknown-linux-gnu.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "rust.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "rust-download",
+        "ad2ab72dc407b0f5d34621640555e2da751da8803cbad734396faa54111e03093093f6fa66f14a1948bece8f9e33730d",
+    )
+    @cached_download_unpack_archive(
+        "https://github.com/RustSec/cargo-audit/archive/v0.11.2.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "cargo_audit.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "cargo-audit-download",
+        "dea36731efaac4d0fd37a295c65520a7e9b23b5faa0a92dce7ab20764f8323fc34856079524c676e4cad1cb065ee6472",
+    )
+    @cached_download_unpack_archive(
+        "https://github.com/rust-lang/crates.io/archive/8c1a7e29073e175f0e69e0e537374269da244cee.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "crates.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "crates-download",
+        "1bf0c3459373882f51132942872d0dbf8da01eee8d42c3c2090d234e4db99b39d4858c1fd2492c85917d670cae2519ca",
+    )
+    async def test_run(self, rust, cargo_audit, crates):
+        if not (
+            cargo_audit
+            / "cargo-audit-0.11.2"
+            / "target"
+            / "release"
+            / "cargo-audit"
+        ).is_file():
+            await run_cargo_build(cargo_audit / "cargo-audit-0.11.2")
+
+        with prepend_to_path(
+            rust / "rust-1.42.0-x86_64-unknown-linux-gnu" / "cargo" / "bin",
+            cargo_audit / "cargo-audit-0.11.2" / "target" / "release",
+        ):
+            results = await run_cargo_audit(
+                str(
+                    crates
+                    / "crates.io-8c1a7e29073e175f0e69e0e537374269da244cee"
+                )
+            )
+            self.assertEqual(type(results["report"]), int)
diff --git a/examples/shouldi/tests/test_golangci_lint.py b/examples/shouldi/tests/test_golangci_lint.py
@@ -25,20 +25,24 @@ async def tearDown(self):
 
     @cached_download_unpack_archive(
         "https://dl.google.com/go/go1.14.linux-amd64.tar.gz",
-        pathlib.Path(__file__).parent / "golang.tar.gz",
-        pathlib.Path(__file__).parent / "golang-download",
+        pathlib.Path(__file__).parent / "downloads" / "golang.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "golang-download",
         "5dcc7b2e9049d80ceee9d3a7a4b76b578f42de64eaadabd039f080a9f329f2ad448da710626ed8fb4b070b4555b50e6f",
     )
     @cached_download_unpack_archive(
         "https://github.com/golangci/golangci-lint/releases/download/v1.23.7/golangci-lint-1.23.7-linux-amd64.tar.gz",
-        pathlib.Path(__file__).parent / "golangci-lint.tar.gz",
-        pathlib.Path(__file__).parent / "golangci-lint-download",
+        pathlib.Path(__file__).parent / "downloads" / "golangci-lint.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "golangci-lint-download",
         "088a65ae7aa45c8a5695f40cc90672d00dece7f08ce307567fddc8b2d03858cb5baf9d162193922d36c57c504cc52999",
     )
     @cached_download_unpack_archive(
         "https://github.com/intel/cri-resource-manager/archive/c5e6091c79830cf7d076bbdec59c4a253b369d6a.tar.gz",
-        pathlib.Path(__file__).parent / "cri-resource-manager.tar.gz",
-        pathlib.Path(__file__).parent / "cri-resource-manager-download",
+        pathlib.Path(__file__).parent
+        / "downloads"
+        / "cri-resource-manager.tar.gz",
+        pathlib.Path(__file__).parent
+        / "downloads"
+        / "cri-resource-manager-download",
         "bdcbc8dadf9c6ee2f7571d10cb54459fe54773036982ad7485f007606efae96d7aaec7da18e2fea806fb6f68eb1722a8",
     )
     async def test_run(self, golang, golangci_lint, cri_resource_manager):
diff --git a/examples/shouldi/tests/test_npm_audit.py b/examples/shouldi/tests/test_npm_audit.py
@@ -10,14 +10,16 @@
 class TestRunNPM_AuditOp(AsyncTestCase):
     @cached_download_unpack_archive(
         "https://nodejs.org/dist/v12.16.1/node-v12.16.1-linux-x64.tar.gz",
-        pathlib.Path(__file__).parent / "npm.tar.gz",
-        pathlib.Path(__file__).parent / "npm-audit-download",
+        pathlib.Path(__file__).parent / "downloads" / "npm.tar.gz",
+        pathlib.Path(__file__).parent / "downloads" / "npm-audit-download",
         "7df0e7b9f0d7e387c866c3b75596d924a63d11233e7a1a850acdeb333729ebbc9dcf01b1724ddf48a48bedf0cf2fddd8",
     )
     @cached_download_unpack_archive(
         "https://github.com/trekhleb/javascript-algorithms/archive/ba2d8dc4a8e27659c1420fe52390cb7981df4a94.tar.gz",
-        pathlib.Path(__file__).parent / "javascript_algo.tar.gz",
-        pathlib.Path(__file__).parent / "javascript_algo-download",
+        pathlib.Path(__file__).parent / "downloads" / "javascript_algo.tar.gz",
+        pathlib.Path(__file__).parent
+        / "downloads"
+        / "javascript_algo-download",
         "36b3ce51780ee6ea8dcec266c9d09e3a00198868ba1b041569950b82cf45884da0c47ec354dd8514022169849dfe8b7c",
     )
     async def test_run(self, npm_audit, javascript_algo):
