From 82803c98536073a419bd08e6ee1b5d348f15ab5f Mon Sep 17 00:00:00 2001
From: xenofem <xenofem@xeno.science>
Date: Sun, 6 Aug 2023 14:10:31 -0400
Subject: [PATCH 1/3] update vulnerable h2 crate
---
Cargo.lock | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index f3b2d1b..a35fe70 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -802,9 +802,9 @@ dependencies = [
[[package]]
name = "h2"
-version = "0.3.16"
+version = "0.3.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5be7b54589b581f624f566bf5d8eb2bab1db736c51528720b6bd36b96b55924d"
+checksum = "97ec8491ebaf99c8eaa73058b045fe58073cd6be7f596ac993ced0b0a0c01049"
dependencies = [
"bytes",
"fnv",
From feb5e4979b0a3de0e84e43f0e2674f322b85b2e8 Mon Sep 17 00:00:00 2001
From: xenofem <xenofem@xeno.science>
Date: Sun, 6 Aug 2023 14:35:07 -0400
Subject: [PATCH 2/3] update simple_logger and colored to remove atty
dependency flagged by audit
---
Cargo.lock | 208 +++++++++++++++++++++++++++++++++++++++++++----------
Cargo.toml | 2 +-
2 files changed, 170 insertions(+), 40 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index a35fe70..c6b9489 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -294,17 +294,6 @@ dependencies = [
"syn 2.0.12",
]
-[[package]]
-name = "atty"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8"
-dependencies = [
- "hermit-abi 0.1.19",
- "libc",
- "winapi",
-]
-
[[package]]
name = "autocfg"
version = "1.1.0"
@@ -422,13 +411,13 @@ dependencies = [
[[package]]
name = "colored"
-version = "2.0.0"
+version = "2.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b3616f750b84d8f0de8a58bda93e08e2a81ad3f523089b05f1dffecab48c6cbd"
+checksum = "2674ec482fbc38012cf31e6c42ba0177b431a0cb6f15fe40efa5aab1bda516f6"
dependencies = [
- "atty",
+ "is-terminal",
"lazy_static",
- "winapi",
+ "windows-sys 0.48.0",
]
[[package]]
@@ -597,6 +586,27 @@ dependencies = [
"cfg-if",
]
+[[package]]
+name = "errno"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6b30f669a7961ef1631673d2766cc92f52d64f7ef354d4fe0ddfd30ed52f0f4f"
+dependencies = [
+ "errno-dragonfly",
+ "libc",
+ "windows-sys 0.48.0",
+]
+
+[[package]]
+name = "errno-dragonfly"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
+dependencies = [
+ "cc",
+ "libc",
+]
+
[[package]]
name = "fax"
version = "0.2.0"
@@ -831,15 +841,6 @@ version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
-[[package]]
-name = "hermit-abi"
-version = "0.1.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33"
-dependencies = [
- "libc",
-]
-
[[package]]
name = "hermit-abi"
version = "0.2.6"
@@ -849,6 +850,12 @@ dependencies = [
"libc",
]
+[[package]]
+name = "hermit-abi"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b"
+
[[package]]
name = "html5ever"
version = "0.25.2"
@@ -969,12 +976,35 @@ dependencies = [
"adler32",
]
+[[package]]
+name = "io-lifetimes"
+version = "1.0.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2"
+dependencies = [
+ "hermit-abi 0.3.2",
+ "libc",
+ "windows-sys 0.48.0",
+]
+
[[package]]
name = "ipnet"
version = "2.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "12b6ee2129af8d4fb011108c73d99a1b83a85977f23b82460c0ae2e25bb4b57f"
+[[package]]
+name = "is-terminal"
+version = "0.4.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "adcf93614601c8129ddf72e2d5633df827ba6551541c6d8c59520a371475be1f"
+dependencies = [
+ "hermit-abi 0.3.2",
+ "io-lifetimes",
+ "rustix",
+ "windows-sys 0.48.0",
+]
+
[[package]]
name = "istring"
version = "0.3.3"
@@ -1053,6 +1083,12 @@ version = "0.2.140"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "99227334921fae1a979cf0bfdfcc6b3e5ce376ef57e16fb6fb3ea2ed6095f80c"
+[[package]]
+name = "linux-raw-sys"
+version = "0.3.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"
+
[[package]]
name = "local-channel"
version = "0.1.3"
@@ -1162,7 +1198,7 @@ dependencies = [
"libc",
"log",
"wasi 0.11.0+wasi-snapshot-preview1",
- "windows-sys",
+ "windows-sys 0.45.0",
]
[[package]]
@@ -1228,7 +1264,7 @@ dependencies = [
"libc",
"redox_syscall",
"smallvec",
- "windows-sys",
+ "windows-sys 0.45.0",
]
[[package]]
@@ -1604,6 +1640,20 @@ dependencies = [
"semver",
]
+[[package]]
+name = "rustix"
+version = "0.37.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2aae838e49b3d63e9274e1c01833cc8139d3fec468c3b84688c628f44b1ae11d"
+dependencies = [
+ "bitflags",
+ "errno",
+ "io-lifetimes",
+ "libc",
+ "linux-raw-sys",
+ "windows-sys 0.45.0",
+]
+
[[package]]
name = "rustls"
version = "0.20.8"
@@ -1761,15 +1811,14 @@ dependencies = [
[[package]]
name = "simple_logger"
-version = "2.3.0"
+version = "4.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "48047e77b528151aaf841a10a9025f9459da80ba820e425ff7eb005708a76dc7"
+checksum = "2230cd5c29b815c9b699fb610b49a5ed65588f3509d9f0108be3a885da629333"
dependencies = [
- "atty",
"colored",
"log",
"time",
- "winapi",
+ "windows-sys 0.42.0",
]
[[package]]
@@ -1992,7 +2041,7 @@ dependencies = [
"signal-hook-registry",
"socket2",
"tokio-macros",
- "windows-sys",
+ "windows-sys 0.45.0",
]
[[package]]
@@ -2304,13 +2353,37 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+[[package]]
+name = "windows-sys"
+version = "0.42.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
+dependencies = [
+ "windows_aarch64_gnullvm 0.42.2",
+ "windows_aarch64_msvc 0.42.2",
+ "windows_i686_gnu 0.42.2",
+ "windows_i686_msvc 0.42.2",
+ "windows_x86_64_gnu 0.42.2",
+ "windows_x86_64_gnullvm 0.42.2",
+ "windows_x86_64_msvc 0.42.2",
+]
+
[[package]]
name = "windows-sys"
version = "0.45.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
dependencies = [
- "windows-targets",
+ "windows-targets 0.42.2",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
+dependencies = [
+ "windows-targets 0.48.1",
]
[[package]]
@@ -2319,13 +2392,28 @@ version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
+ "windows_aarch64_gnullvm 0.42.2",
+ "windows_aarch64_msvc 0.42.2",
+ "windows_i686_gnu 0.42.2",
+ "windows_i686_msvc 0.42.2",
+ "windows_x86_64_gnu 0.42.2",
+ "windows_x86_64_gnullvm 0.42.2",
+ "windows_x86_64_msvc 0.42.2",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.48.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05d4b17490f70499f20b9e791dcf6a299785ce8af4d709018206dc5b4953e95f"
+dependencies = [
+ "windows_aarch64_gnullvm 0.48.0",
+ "windows_aarch64_msvc 0.48.0",
+ "windows_i686_gnu 0.48.0",
+ "windows_i686_msvc 0.48.0",
+ "windows_x86_64_gnu 0.48.0",
+ "windows_x86_64_gnullvm 0.48.0",
+ "windows_x86_64_msvc 0.48.0",
]
[[package]]
@@ -2334,42 +2422,84 @@ version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc"
+
[[package]]
name = "windows_aarch64_msvc"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3"
+
[[package]]
name = "windows_i686_gnu"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
+[[package]]
+name = "windows_i686_gnu"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241"
+
[[package]]
name = "windows_i686_msvc"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
+[[package]]
+name = "windows_i686_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00"
+
[[package]]
name = "windows_x86_64_gnu"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1"
+
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953"
+
[[package]]
name = "windows_x86_64_msvc"
version = "0.42.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a"
+
[[package]]
name = "winreg"
version = "0.10.1"
diff --git a/Cargo.toml b/Cargo.toml
index 5f481de..4198a07 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,7 +19,7 @@ pdf = "0.8"
regex = "1.5.5"
reqwest = { version = "0.11", features = ["rustls-tls", "stream"], default-features = false }
scraper = "0.12"
-simple_logger = { version = "2.1.0", features = ["stderr"] }
+simple_logger = { version = "4.2", features = ["stderr"] }
thiserror = "1"
time = { version = "0.3.9", features = ["formatting", "macros", "parsing"] }
tokio = { version = "1", features = ["full"] }
From 5999d54842e3cda06a83c2bbbd79efc197a7602b Mon Sep 17 00:00:00 2001
From: xenofem <xenofem@xeno.science>
Date: Sun, 6 Aug 2023 15:16:37 -0400
Subject: [PATCH 3/3] remove unmaintained json crate, do our own string
escaping
---
Cargo.lock | 7 -------
Cargo.toml | 1 -
src/serialize.rs | 23 ++++++++++++++++++++---
3 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index c6b9489..2f52279 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1059,12 +1059,6 @@ dependencies = [
"wasm-bindgen",
]
-[[package]]
-name = "json"
-version = "0.12.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "078e285eafdfb6c4b434e0d31e8cfcb5115b651496faca5749b88fafd4f23bfd"
-
[[package]]
name = "language-tags"
version = "0.3.2"
@@ -1416,7 +1410,6 @@ dependencies = [
"actix-web",
"bytes",
"futures",
- "json",
"lazy_static",
"log",
"pdf",
diff --git a/Cargo.toml b/Cargo.toml
index 4198a07..2104ce5 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,7 +12,6 @@ actix-files = "0.6.0"
actix-web = "4.0.1"
bytes = "1.1"
futures = "0.3"
-json = "0.12.4"
lazy_static = "1.4"
log = "0.4.16"
pdf = "0.8"
diff --git a/src/serialize.rs b/src/serialize.rs
index 5de17be..ac8ef56 100644
--- a/src/serialize.rs
+++ b/src/serialize.rs
@@ -66,7 +66,7 @@ impl DataFormat for Csv {
fn header(dataset: &DataSet) -> SerializationChunk {
let mut header = String::from("Date");
for column in dataset.columns.iter() {
- write!(&mut header, ",{}", column)?;
+ write!(&mut header, r#","{}""#, column.replace('"', r#""""#))?;
}
writeln!(&mut header)?;
Ok(header)
@@ -97,7 +97,7 @@ impl DataFormat for Json {
fn header(dataset: &DataSet) -> SerializationChunk {
let mut header = String::from(r#"{"columns":["Date""#);
for column in dataset.columns.iter() {
- write!(&mut header, ",{}", json::stringify(column.as_str()))?;
+ write!(&mut header, ",{}", escaped_json_string(column.as_str()))?;
}
write!(&mut header, r#"],"rows":["#)?;
Ok(header)
@@ -115,7 +115,7 @@ impl DataFormat for Json {
)?;
for column in dataset.columns.iter() {
if let Some(val) = datapoint.values.get(column) {
- write!(&mut row, ",{}:{}", json::stringify(column.as_str()), val)?;
+ write!(&mut row, ",{}:{}", escaped_json_string(column.as_str()), val)?;
}
}
row += "}";
@@ -125,3 +125,20 @@ impl DataFormat for Json {
const ROW_SEPARATOR: &'static str = ",";
const END: &'static str = "]}";
}
+
+fn escaped_json_string(s: &str) -> String {
+ s.chars().fold(String::from(r#"""#), |mut acc, c| {
+ match c {
+ '"' => acc.push_str(r#"\""#),
+ '\\' => acc.push_str(r"\\"),
+ '\t' => acc.push_str(r"\t"),
+ '\n' => acc.push_str(r"\n"),
+ _ => if c.is_ascii_control() {
+ acc.push_str(&format!(r"\u{:04X}", c as u32))
+ } else {
+ acc.push(c)
+ }
+ }
+ acc
+ }) + r#"""#
+}