From 14f7fd3faa17698b1148e49402c8c3a65134b52e Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Tue, 8 Oct 2019 18:11:30 -0700 Subject: [PATCH] RUSTSEC-2019-0024: Test advisory for `rustsec-example-crate` This is a test advisory useful for verifying RustSec tooling and vulnerability detection pipelines are working correctly. Aside from the fact that it is filed against an example crate, it is otherwise considered by the Advisory Database itself to be a normal security advisory. It's filed against `rustsec-example-crate`, an otherwise completely empty crate with no functionality or code, which has two releases: - v0.0.1: *vulnerable* according to this advisory - v1.0.0: *patched* by this advisory (Technically there is a third release, v0.0.0, which is yanked, but otherwise identical to the v0.0.1 release) --- .../RUSTSEC-2019-0024.toml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 crates/rustsec-example-crate/RUSTSEC-2019-0024.toml diff --git a/crates/rustsec-example-crate/RUSTSEC-2019-0024.toml b/crates/rustsec-example-crate/RUSTSEC-2019-0024.toml new file mode 100644 index 0000000..b78d210 --- /dev/null +++ b/crates/rustsec-example-crate/RUSTSEC-2019-0024.toml @@ -0,0 +1,25 @@ +[advisory] +id = "RUSTSEC-2019-0024" +package = "rustsec-example-crate" +patched_versions = [">= 1.0.0"] +date = "2019-10-08" +url = "https://github.com/RustSec/advisory-db/issues/158" +title = "Test advisory with associated example crate" +description = """ +This is a test advisory useful for verifying RustSec tooling and vulnerability +detection pipelines are working correctly. Aside from the fact that it is filed +against an example crate, it is otherwise considered by the Advisory Database +itself to be a normal security advisory. + +It's filed against `rustsec-example-crate`, an otherwise completely empty crate +with no functionality or code, which has two releases: + +- [v0.0.1]: *vulnerable* according to this advisory +- [v1.0.0]: *patched* by this advisory + +(Technically there is a third release, v0.0.0, which is yanked, but otherwise +identical to the v0.0.1 release) + +[v0.0.1]: https://crates.io/crates/rustsec-example-crate/0.0.1 +[v1.0.0]: https://crates.io/crates/rustsec-example-crate/1.0.0 +"""