Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update chrono-tz and some other packages and some cleanup #89

Merged
merged 10 commits into from
Apr 7, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .cargo/config.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
[target.'cfg(all())']
rustflags = [
"-Funsafe_code",
"-Wclippy::missing_panics_doc",
"-Wclippy::panic_in_result_fn",
"-Wclippy::panic",
"-Wclippy::panicking_unwrap",
"-Wclippy::todo",
"-Wclippy::unimplemented",
"-Wclippy::unwrap_used",
"-Wclippy::use_self",
# "-Wmissing_debug_implementations",
# "-Wmissing_docs",
"-Wunused_qualifications",
]
5 changes: 5 additions & 0 deletions .clippy.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
warn-on-all-wildcard-imports = true
allow-expect-in-tests = true
allow-unwrap-in-tests = true
allow-dbg-in-tests = true
allow-print-in-tests = true
8 changes: 5 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,9 @@ jobs:
- name: Linting
run: |
cd rrule
cargo clippy -- -D warnings
# revert it back to the following line, the deprecated functions are removed from chrono
# cargo clippy -- -D warnings
cargo clippy
fmeringdal marked this conversation as resolved.
Show resolved Hide resolved
- name: Cargo Doc
run: |
cargo doc --no-deps --all-features --examples
Expand All @@ -38,7 +40,7 @@ jobs:
- { name: macOS, os: macos-latest, triple: x86_64-apple-darwin }
- { name: Windows, os: windows-2022, triple: x86_64-pc-windows-msvc }
version:
- 1.57.0 # MSRV
- 1.64.0 # MSRV
- stable
steps:
- uses: actions/checkout@v2
Expand All @@ -63,5 +65,5 @@ jobs:
cd rrule
cargo update
cargo audit
# Allowed to fail but this will notify us that some dependency might need an update.
# Allowed to fail, but this will notify us that some dependency might need an update.
continue-on-error: true
18 changes: 10 additions & 8 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,13 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased] (2022-0X-YY)
## 0.11.0 (2023-0X-YY)

### Changed

- `RRuleSet::all` returns an `RRuleResult` struct instead of a tuple.
- Update `chrono-tz` version to 0.8
- MSRV is bumped to `v1.64.0` from `v1.56.1`

## 0.10.0 (2022-08-08)

Expand All @@ -22,8 +24,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Removed
- `no-validation-limits` feature is removed and is replaced by arguments to `RRuleSet`.
- `RRuleSet::just_before` was removed to keep the public API more lean. Please use the iterator API directly if you need this use-case.
- `RRuleSet::just_after` was removed to keep the public API more lean. Please use the iterator API directly if you need this use-case.
- `RRuleSet::just_before` was removed to keep the public API leaner. Please use the iterator API directly if you need this use-case.
- `RRuleSet::just_after` was removed to keep the public API leaner. Please use the iterator API directly if you need this use-case.
- `RRuleSet::all_between` was replaced by `rrule_set.before(dt).after(dt).all(limit)`.

### Added
Expand All @@ -43,7 +45,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixes

- Fixed typos in security docs
- Fixed an infinite loop issue in the iteration phase where the counter date increment method did not increment the counter date and it was unable to make progress. This was solved by using a custom date time implementation for the counter date.
- Fixed an infinite loop issue in the iteration phase where the counter date increment method didn't increment the counter date, and it was unable to make progress. This was solved by using a custom date time implementation for the counter date.
- Fixes issue where iterations that passed a daylight saving time had incorrect hour.

## 0.9.0 (2022-07-18)
Expand All @@ -62,7 +64,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Fixes

- The `DTSTART` and `UNTIL` values were not synced before this release. They are now synced according to the RFC.
- The `DTSTART` and `UNTIL` values weren't synced before this release. They're now synced according to the RFC.
- Fix #61 where `collect_with_error` would not return an error in the case where `RRuleSet` iteration had an error.

## 0.8.0 (2022-06-21)
Expand Down Expand Up @@ -99,7 +101,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- Fix [#33](https://github.com/fmeringdal/rust-rrule/issues/33)
- Fix [#34](https://github.com/fmeringdal/rust-rrule/issues/34)
- Many tests were ignored because they were either invalid or the test didn't pass. Most ignored tests are now deleted or the code is fixed so that they pass.
- Many tests were ignored because they were either invalid or the test didn't pass. Most ignored tests are now deleted, or the code is fixed so that they pass.
- Better error handling

### Changed
Expand Down Expand Up @@ -142,7 +144,7 @@ Internal refactorings:
- `RRule` can only be crated using `new` function with a valid `RRuleProperties`.
- `RRule.option` is no longer public, but can be read by using `get_properties()`.
- `RRuleIter` and `RRuleSetIter` are now part of the public API.
- `NWeekday` has totally changed, but serves the same purpose.
- `NWeekday` has totally changed but serves the same purpose.
- Updated `chrono-tz` from `0.5.3` to `0.6.0`.
- Function `all` was moved to `DateFilter` and returns a `Result` now.

Expand Down Expand Up @@ -174,4 +176,4 @@ Internal refactorings:
## Pre 0.6.0 (2021-07-02)

All changes before 2021-07-02 where not documented.
This is everything before and including: fa8308944a4d2ead0a6ccfa6ee53b76b399e045f
This is everything before and including fa8308944a4d2ead0a6ccfa6ee53b76b399e045f
5 changes: 5 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
[workspace.package]
omid marked this conversation as resolved.
Show resolved Hide resolved
license = "MIT OR Apache-2.0"
edition = "2021"
rust-version = "1.64.0"

[workspace]
members = [
"rrule",
Expand Down
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ check:
@cargo clippy --fix --allow-dirty --allow-staged --all-targets --all-features
@cargo update --dry-run
@cargo outdated -wR
@cargo machete
@cargo doc --no-deps --all-features --examples --document-private-items
@cargo +nightly udeps --all-targets --all-features

Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,9 @@ See [Chrono-Tz's limits for more info](https://github.com/chronotope/chrono-tz/#
### Validation Limits

<a name="validation_limits"></a>
Because the specifications does give a lot of flexibility this can be [abused very easily](#Security).
In order to prevent most of the abuse we have imposed arbitrary limitation when on the `RRuleSet::all`
method. The validation limits are not enforced for the `RRuleSet::all_unchecked` method or when
Because the specifications do give a lot of flexibilities this can be [abused very easily](#Security).
In order to prevent most of the abuse we've imposed arbitrary limitation when on the `RRuleSet::all`
method. The validation limits aren't enforced for the `RRuleSet::all_unchecked` method or when
using the `Iterator` api directly.

Limitations:
Expand All @@ -100,7 +100,7 @@ Limitations:
| Max interval with freq Secondly | 50_000 (~13 hours) | 65_535 (u16::MAX) |
| Iteration limit | 100_000 | 4_294_967_295 (u32::MAX) |

By default, the "Arbitrary Limit" are used. If you instead want to use the "Crate Limit".
By default, the "Arbitrary Limit" is used. If you instead want to use the "Crate Limit".
Make sure you [understand the risks that come with this](#safety).

## Inspired by
Expand Down
14 changes: 7 additions & 7 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ The 3 problems we are currently mostly worried about are:

### Denial of Service (DoS) by panic

If the user is able to trigger a case where is it able to panic
the code it could crash the application or server.
If the user is able to trigger a case where it able to panic
the code, it could crash the application or server.
This can be limited by using [catch_unwind](https://doc.rust-lang.org/std/panic/fn.catch_unwind.html).
Make sure to read the documentation! This does not work if the
[`panic = "abort"`](https://doc.rust-lang.org/cargo/reference/profiles.html#panic)
Expand All @@ -19,14 +19,14 @@ It is not advised to reuse `RRule`, `RRuleSet` or iterators after it has panicke
Disabling overflow checks using compiler flags might result in unexpected results and crashes.
So this is strongly discouraged.

When the [validation limits](#validation_limits) are disabled this problem will be much more
When the [validation limits](#validation_limits) are disabled, this problem will be much more
prevalent. Numbers might overflow in some cases.

### Denial of Service (DoS) by CPU exhaustion

The spec allows for infinitely recurring events or searches for a datetime that meets the
requirements but does not exist. There are various protections for this built into the crate.
But in order to hit these limits it might take a few seconds depending on the CPU speed.
requirements but doesn't exist. There are various protections for this built into the crate.
But in order to hit these limits, it might take a few seconds depending on the CPU speed.

This problem can be mitigated by spawning the process in a separate thread and stopping the thread
if it hits the timeout. On decent CPUs this might not be a big issue.
Expand All @@ -37,8 +37,8 @@ made MUCH more significant.
### Denial of Service (DoS) by memory exhaustion

The spec allows for infinitely recurring events. Thus, the iterator might be practically infinite.
So when not setting a limit over the iterator it might create a list of events that practically
So when not setting a limit over the iterator, it might create a list of events that practically
never ends. And thus will continue until it crashes or hangs the system.

This problem can be easily mitigated by limiting the amount of events expected.
This problem can be easily mitigated by limiting the number of events expected.
This is also the reason why the `rrule.all(limit)` function takes a limit.
5 changes: 3 additions & 2 deletions rrule-afl-fuzz/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,16 +1,17 @@
[package]
name = "rrule-afl-fuzz"
version = "0.1.0"
edition = "2021"
authors = ["Ralph Bisschops <[email protected]>"]
publish = false
license.workspace = true
edition.workspace = true
rust-version.workspace = true

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
afl = "*"
chrono = "0.4.19"
chrono-tz = "0.6.0"
num-traits = "0.2.15"

[dependencies.rrule]
Expand Down
16 changes: 8 additions & 8 deletions rrule-afl-fuzz/src/take_data.rs
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ pub fn take_data_i8(input: &mut &[u8]) -> i8 {
i8::from_be_bytes(int_bytes.try_into().expect("Failed to convert to u8"))
}

/// Uses 2 byte
/// Uses 2 bytes
/// If no bytes left it will always return default (`0`)
pub fn take_data_i16(input: &mut &[u8]) -> i16 {
let byte_len = std::mem::size_of::<i16>();
Expand All @@ -140,7 +140,7 @@ pub fn take_data_i16(input: &mut &[u8]) -> i16 {
i16::from_be_bytes(int_bytes.try_into().expect("Failed to convert to u8"))
}

/// Uses 4 byte
/// Uses 4 bytes
/// If no bytes left it will always return default (`0`)
pub fn take_data_i32(input: &mut &[u8]) -> i32 {
let byte_len = std::mem::size_of::<i32>();
Expand All @@ -152,7 +152,7 @@ pub fn take_data_i32(input: &mut &[u8]) -> i32 {
i32::from_be_bytes(int_bytes.try_into().expect("Failed to convert to u8"))
}

/// Uses 8 byte
/// Uses 8 bytes
/// If no bytes left it will always return default (`0`)
pub fn take_data_i64(input: &mut &[u8]) -> i64 {
let byte_len = std::mem::size_of::<i64>();
Expand All @@ -164,7 +164,7 @@ pub fn take_data_i64(input: &mut &[u8]) -> i64 {
i64::from_be_bytes(int_bytes.try_into().expect("Failed to convert to u8"))
}

/// Uses 2 byte
/// Uses 2 bytes
/// If no bytes left it will always return default (`0`)
pub fn take_data_u16(input: &mut &[u8]) -> u16 {
let byte_len = std::mem::size_of::<u16>();
Expand All @@ -176,7 +176,7 @@ pub fn take_data_u16(input: &mut &[u8]) -> u16 {
u16::from_be_bytes(int_bytes.try_into().expect("Failed to convert to u8"))
}

/// Uses 4 byte
/// Uses 4 bytes
/// If no bytes left it will always return default (`0`)
pub fn take_data_u32(input: &mut &[u8]) -> u32 {
let byte_len = std::mem::size_of::<u32>();
Expand All @@ -188,7 +188,7 @@ pub fn take_data_u32(input: &mut &[u8]) -> u32 {
u32::from_be_bytes(int_bytes.try_into().expect("Failed to convert to u8"))
}

/// Uses 8 byte
/// Uses 8 bytes
/// If no bytes left it will always return default (`0`)
pub fn take_data_u64(input: &mut &[u8]) -> u64 {
let byte_len = std::mem::size_of::<u64>();
Expand All @@ -200,7 +200,7 @@ pub fn take_data_u64(input: &mut &[u8]) -> u64 {
u64::from_be_bytes(int_bytes.try_into().expect("Failed to convert to u8"))
}

/// Uses max 8 byte
/// Uses max 8 bytes
/// If no bytes left it will always return default (`0`)
pub fn take_data_usize(input: &mut &[u8]) -> usize {
let byte_len = std::mem::size_of::<usize>();
Expand All @@ -212,7 +212,7 @@ pub fn take_data_usize(input: &mut &[u8]) -> usize {
usize::from_be_bytes(int_bytes.try_into().expect("Failed to convert to u8"))
}

/// Uses max 8 byte
/// Uses max 8 bytes
/// If no bytes left it will always return default (`0`)
pub fn take_data_isize(input: &mut &[u8]) -> isize {
let byte_len = std::mem::size_of::<isize>();
Expand Down
2 changes: 1 addition & 1 deletion rrule-afl-fuzz/src/take_rrule.rs
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ pub fn take_rrule_from_data(mut data: &[u8]) -> Option<RRuleSet> {
// Total: 166 bytes
//
// We use at least x bytes of data.
// If we don't have enough data it will just use default data (`0` or `vec![]`).
// If we don't have enough data, it will just use default data (`0` or `vec![]`).
// if data.len() < 166 {
// return None;
// }
Expand Down
7 changes: 4 additions & 3 deletions rrule-debugger/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,17 +1,18 @@
[package]
name = "rrule-debugger"
version = "0.1.0"
edition = "2021"
authors = ["Ralph Bisschops <[email protected]>"]
publish = false
license.workspace = true
edition.workspace = true
rust-version.workspace = true

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
rrule = { path = "../rrule" }
chrono = "0.4.19"
chrono-tz = "0.6.1"
clap = { version = "3.2.5", features = ["derive"] }
clap = { version = "4.1.9", features = ["derive"] }
rrule-afl-fuzz = { version = "0.1.0", path = "../rrule-afl-fuzz" }
log = "0.4.16"
yansi = "0.5.1"
Expand Down
6 changes: 4 additions & 2 deletions rrule-debugger/src/debug.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ fn test_from_string() {
RRULE:FREQ=YEARLY;BYDAY=20MO"
.parse()
.unwrap();
println!("RRule: {:#?}", rrule);
println!("RRule: {rrule:#?}");
let result = rrule.all(20);
println!("Limited: {}", result.limited);
crate::print_all_datetimes(&result.dates);
Expand All @@ -36,5 +36,7 @@ fn test_parsed_rrule() {
}

fn ymd_hms(year: i32, month: u32, day: u32, hour: u32, minute: u32, second: u32) -> DateTime<Tz> {
Tz::UTC.ymd(year, month, day).and_hms(hour, minute, second)
Tz::UTC
.with_ymd_and_hms(year, month, day, hour, minute, second)
.unwrap()
}
8 changes: 4 additions & 4 deletions rrule-debugger/src/iter_rrule.rs
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
pub fn from_crash_file(id: u32, data: &[u8]) {
println!("--------- Test file {} -----------", id);
println!("--------- Test file {id} -----------");

let result = std::panic::catch_unwind(|| {
rrule_from_bin(data);
});
println!("Test {} status: {:?}", id, result);
println!("--------- Done test {} -----------", id);
println!("Test {id} status: {result:?}");
println!("--------- Done test {id} -----------");
}

pub fn rrule_from_bin(data: &[u8]) {
match rrule_afl_fuzz::take_rrule::take_rrule_from_data(data) {
Some(rule) => {
println!("RRule data: {:#?}", rule);
println!("RRule data: {rule:#?}");
let result = rule.all(50);
crate::print_all_datetimes(&result.dates);
if result.limited {
Expand Down
Loading