OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-31 16:50:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ec7ca2aa88d65d6eb3a9e37dfc27ad981e2b5ceb
advisory-db/README.md
Tony Arcieri f4dbb0d82c Rename package TOML attribute to crate_name 
The correct name for a Rust package is a "crate", so something with "crate" is
less ambiguous than "package".

However, "crate" itself is a Rust keyword. To avoid clashes in Rust code which
uses this same attribute name, "crate_name" can be used instead unambigously.
2017-02-25 23:13:36 -08:00

59 lines
1.6 KiB
Markdown
Raw Blame History

# RustSec Advisory Database
The RustSec Advisory Database is a repository of security advisories filed
against Rust crates published via https://crates.io
Advisory metadata is stored in [TOML] format for [cargo-audit] and other
automated tools to consume.
## Format
Each advisory contains information in [TOML] format:
```toml
[advisory]
crate_name = "vulnerablecrate"
# Versions which were never vulnerable
unaffected_versions = ["< 1.1.0"]
# Versions which include fixes for this vulnerability
patched_versions = [">= 1.2.0"]
# It is strongly recommended to request a CVE, or alternatively a DWF, and
# reference the assigned number here.
# - CVE: https://iwantacve.org/
# - DWF: https://distributedweaknessfiling.org/
dwf = []
# dwf = ["CVE-YYYY-XXXX"]
# dwf = ["CVE-YYYY-XXXX", "CVE-ZZZZ-WWWW"]
# URL to a long-form description of this issue, e.g. a blogpost announcing
# the release or a changelog entry (optional)
url = false
# Single-line description of a vulnerability
title = "Flaw in X allows Y"
# Disclosure date of the advisory (RFC 3339)
date = "2017-02-25"
# Enter a short-form description of the vulnerability here (required)
description = """
Affected versions of this crate did not properly X.
This allows an attacker to Y.
The flaw was corrected by Z.
"""
```
[TOML]: https://github.com/toml-lang/toml
[cargo-audit]: https://github.com/rustsec/cargo-audit
## License
All content in this repository is placed in the public domain.
[![Public Domain](http://i.creativecommons.org/p/zero/1.0/88x31.png)](https://github.com/RustSec/advisory-db/blob/master/LICENSE.txt)
Reference in New Issue View Git Blame Copy Permalink