Have rustsec_advisories display expected readme contents

Author: smoelius

rustsec_util/Cargo.lock

@@ -8,6 +8,7 @@ publish = false
 [dependencies]
 anyhow = { version = "1.0", features = ["backtrace"] }
 cargo_metadata = "0.18"
+chrono = "0.4"
 log = "0.4"
 octocrab = "0.34"
 once_cell = "1.19"

rustsec_util/Cargo.toml

@@ -1,18 +1,19 @@
 use anyhow::{ensure, Context, Result};
 use cargo_metadata::MetadataCommand;
+use chrono::Utc;
 use once_cell::sync::Lazy;
 use regex::Regex;
 use rustsec::{advisory::Informational, Advisory, Database};
 use rustsec_util::{cargo_unmaintained, command_output, display_advisory_outcomes, Outcome};
-use std::{io::Write, path::Path, process::Command};
+use std::{env::var, io::Write, path::Path, process::Command};
 use strum_macros::{Display, EnumIter};
 
 // smoelius: See comment in rustsec_issues.rs regarding "../../../".
 #[path = "../../../src/packaging.rs"]
 mod packaging;
 use packaging::temp_package;
 
-#[derive(Display, EnumIter, Eq, PartialEq)]
+#[derive(Clone, Copy, Display, EnumIter, Eq, PartialEq)]
 #[strum(serialize_all = "kebab_case")]
 enum Reason {
     Error,
@@ -118,17 +119,62 @@ fn main() -> Result<()> {
 
     display_advisory_outcomes(
         &advisory_outcomes
-            .into_iter()
+            .iter()
             .map(|(advisory, outcome)| {
-                let url = advisory_url(&advisory);
-                (advisory.metadata.package, url, outcome)
+                let url = advisory_url(advisory);
+                (&advisory.metadata.package, url, *outcome)
             })
             .collect::<Vec<_>>(),
     );
 
+    if var("GITHUB_TOKEN_PATH").is_ok() {
+        println!("---");
+        display_expected_readme_contents(
+            &advisory_outcomes
+                .iter()
+                .map(|&(_, outcome)| outcome)
+                .collect::<Vec<_>>(),
+        );
+    }
+
     Ok(())
 }
 
+macro_rules! count {
+    ($outcomes:expr, $pat:pat) => {
+        $outcomes
+            .iter()
+            .filter(|outcome| matches!(outcome, $pat))
+            .count()
+    };
+}
+
+fn display_expected_readme_contents(outcomes: &[Outcome<Reason>]) {
+    let today = Utc::now().date_naive();
+    let count = outcomes.len();
+    let found = count!(outcomes, Outcome::Found);
+    let not_found = count!(outcomes, Outcome::NotFound(_));
+    let error = count!(outcomes, Outcome::NotFound(Reason::Error));
+    let leaf = count!(outcomes, Outcome::NotFound(Reason::Leaf));
+    let recently_updated = count!(outcomes, Outcome::NotFound(Reason::RecentlyUpdated));
+    let other = count!(outcomes, Outcome::NotFound(Reason::Other));
+    assert!(found * 3 > count * 2);
+    println!(
+        "As of {today}, the RustSec Advisory Database contains {count} active advisories for \
+         unmaintained packages. Using the above conditions, `cargo-unmaintained` automatically \
+         identifies {found} of them (more than two thirds). These results can be reproduced by \
+         running the [`rustsec_advisories`] binary within this repository.",
+    );
+    println!(
+        "- Of the {not_found} packages in the RustSec Advisory Database _not_ identified by \
+         `cargo-unmaintained`:"
+    );
+    println!("  - {error} do not build");
+    println!("  - {leaf} are existent, unarchived leaves");
+    println!("  - {recently_updated} were updated within the past 365 days");
+    println!("  - {other} were not identified for other reasons",);
+}
+
 fn advisory_url(advisory: &Advisory) -> String {
     format!("https://rustsec.org/advisories/{}.html", advisory.id())
 }

rustsec_util/src/bin/rustsec_advisories.rs

@@ -16,7 +16,7 @@ pub struct Output {
     pub stderr: String,
 }
 
-#[derive(Eq, PartialEq)]
+#[derive(Clone, Copy, Eq, PartialEq)]
 pub enum Outcome<T> {
     NotFound(T),
     Found,

rustsec_util/src/lib.rs

@@ -4,6 +4,9 @@ use similar_asserts::SimpleDiff;
 use std::{env::remove_var, fs::read_to_string, path::Path};
 use tempfile::tempdir;
 
+mod util;
+use util::split_at_cut_line;
+
 static DIRS: &[&str] = &[".", "rustsec_util"];
 
 #[ctor::ctor]
@@ -157,6 +160,23 @@ fn prettier() {
         .success();
 }
 
+#[test]
+fn readme_contains_expected_contents() {
+    let readme = read_to_string("README.md").unwrap();
+    let contents = read_to_string("tests/rustsec_advisories.with_token.stdout").unwrap();
+    let expected_contents = below_cut_line(&contents).unwrap();
+    for expected_line in expected_contents.lines() {
+        assert!(
+            readme.lines().any(|line| line == expected_line),
+            "failed to find line:\n```\n{expected_line}\n```",
+        );
+    }
+}
+
+fn below_cut_line(s: &str) -> Option<&str> {
+    split_at_cut_line(s).map(|(_, below)| below)
+}
+
 #[test]
 fn readme_contains_usage() {
     let readme = read_to_string("README.md").unwrap();

tests/ci.rs

@@ -1,8 +1,8 @@
-use snapbox::{assert_matches, Data};
-use std::{env::remove_var, path::PathBuf, process::Command};
+use snapbox::assert_matches;
+use std::{env::remove_var, fs::read_to_string, process::Command};
 
 mod util;
-use util::{tee, token_modifier, Tee};
+use util::{split_at_cut_line, tee, token_modifier, Tee};
 
 #[ctor::ctor]
 fn initialize() {
@@ -19,16 +19,19 @@ fn rustsec_advisories() {
 
     let output = tee(command, Tee::Stdout).unwrap();
 
+    let stdout_expected = read_to_string(format!(
+        "tests/rustsec_advisories.{}.stdout",
+        token_modifier()
+    ))
+    .unwrap();
     let stdout_actual = std::str::from_utf8(&output.captured).unwrap();
 
     assert_matches(
-        Data::read_from(
-            &PathBuf::from(format!(
-                "tests/rustsec_advisories.{}.stdout",
-                token_modifier()
-            )),
-            None,
-        ),
-        stdout_actual,
+        above_cut_line(&stdout_expected),
+        above_cut_line(stdout_actual),
     );
 }
+
+fn above_cut_line(s: &str) -> &str {
+    split_at_cut_line(s).map_or(s, |(above, _)| above)
+}

tests/rustsec_advisories.rs

@@ -226,3 +226,10 @@ found (65)
     safemem              https://rustsec.org/advisories/RUSTSEC-2023-0081.html
     generational-arena   https://rustsec.org/advisories/RUSTSEC-2024-0014.html
     filesystem           https://rustsec.org/advisories/RUSTSEC-2024-0015.html
+---
+As of 2024-02-22, the RustSec Advisory Database contains 92 active advisories for unmaintained packages. Using the above conditions, `cargo-unmaintained` automatically identifies 65 of them (more than two thirds). These results can be reproduced by running the [`rustsec_advisories`] binary within this repository.
+- Of the 27 packages in the RustSec Advisory Database _not_ identified by `cargo-unmaintained`:
+  - 7 do not build
+  - 3 are existent, unarchived leaves
+  - 3 were updated within the past 365 days
+  - 14 were not identified for other reasons

tests/rustsec_advisories.with_token.stdout

@@ -71,3 +71,11 @@ pub fn token_modifier() -> &'static str {
 pub fn enabled(key: &str) -> bool {
     var(key).map_or(false, |value| value != "0")
 }
+
+#[must_use]
+pub fn split_at_cut_line(s: &str) -> Option<(&str, &str)> {
+    const CUT_LINE: &str = "\n---\n";
+    // smoelius: Preserve initial newline.
+    s.find(CUT_LINE)
+        .map(|i| (&s[..=i], &s[i + CUT_LINE.len()..]))
+}