-
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathCargo.toml
More file actions
271 lines (247 loc) · 8.93 KB
/
Copy pathCargo.toml
File metadata and controls
271 lines (247 loc) · 8.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
[package]
name = "gold_digger"
version = "0.2.6"
edition = "2024"
authors = ["UncleSp1d3r <unclesp1d3r@evilbitlabs.io>"]
description = "A MySQL/MariaDB query tool with structured output (CSV, JSON, TSV) and rustls TLS"
readme = "README.md"
repository = "https://github.com/EvilBit-Labs/gold_digger"
homepage = "https://evilbit-labs.github.io/gold_digger/"
license = "MIT"
keywords = ["mysql", "query", "tool", "mariadb"]
categories = ["command-line-utilities", "database"]
exclude = [
".github/",
"CODE_OF_CONDUCT.md",
"CONTRIBUTING.md",
".editorconfig",
".gitignore",
".gitlint",
".chglog/",
"AGENTS.md",
]
[package.metadata.wix]
upgrade-guid = "1193C717-3A21-4D74-B2FB-D840FC3ECC66"
path-guid = "7641C7C8-5EB9-4BCF-8317-8A21B53B2997"
license = false
eula = false
[package.metadata.cargo-machete]
ignored = ["mysql_common", "rustls-native-certs"]
# Workspace lint configuration
[workspace.lints.rust]
# Security: Forbid unsafe code globally
unsafe_code = "forbid"
# Zero warnings policy
warnings = "deny"
[workspace.lints.clippy]
# Pedantic clippy configuration with proper priorities
correctness = { level = "deny", priority = -1 }
suspicious = { level = "warn", priority = -1 }
pedantic = { level = "warn", priority = -1 }
nursery = { level = "warn", priority = -1 }
cargo = { level = "warn", priority = -1 }
# Security-focused linting
as_conversions = "warn"
as_ptr_cast_mut = "warn"
cast_ptr_alignment = "warn"
float_cmp = "warn"
indexing_slicing = "warn"
arithmetic_side_effects = "warn"
integer_division = "warn"
modulo_arithmetic = "warn"
expect_used = "warn"
# Security anti-patterns
# allow_attributes = "warn" # I think we need them for test and benchmarks
dbg_macro = "warn"
# print_stdout = "warn" # TODO: Revisit this
# print_stderr = "warn"
todo = "warn"
unimplemented = "warn"
unreachable = "warn"
panic = "deny" # DON'T PANIC IN PRODUCTION (it would be forbidden, but it breaks clap for some reason, so just don't do it)
unwrap_used = "deny" # DON'T UNWRAP IN PRODUCTION
exhaustive_enums = "warn"
# Performance and correctness
perf = { level = "warn", priority = -1 }
await_holding_lock = "deny"
clone_on_ref_ptr = "warn"
create_dir = "warn"
exit = "warn"
filetype_is_file = "warn"
float_equality_without_abs = "warn"
if_then_some_else_none = "warn"
# invalid_from_utf8_unchecked = "warn" # Not available in clippy
large_stack_arrays = "warn"
let_underscore_must_use = "warn"
lossy_float_literal = "warn"
map_err_ignore = "warn"
match_same_arms = "warn"
missing_assert_message = "warn"
missing_docs_in_private_items = "allow"
mixed_read_write_in_expression = "warn"
mutex_atomic = "warn"
mutex_integer = "warn"
non_ascii_literal = "warn"
non_send_fields_in_send_ty = "warn"
partial_pub_fields = "warn"
pattern_type_mismatch = "warn"
rc_buffer = "warn"
rc_mutex = "warn"
redundant_type_annotations = "warn"
ref_binding_to_reference = "warn"
same_name_method = "warn"
self_named_module_files = "warn"
semicolon_inside_block = "warn"
semicolon_outside_block = "warn"
shadow_reuse = "warn"
shadow_same = "warn"
shadow_unrelated = "warn"
str_to_string = "warn"
string_add = "warn"
string_add_assign = "warn"
string_lit_as_bytes = "warn"
string_slice = "warn"
suspicious_operation_groupings = "warn"
trailing_empty_array = "warn"
transmute_undefined_repr = "warn"
trivial_regex = "warn"
undocumented_unsafe_blocks = "deny" # We should not have unsafe code in this project, but if we do, we should document it
unnecessary_self_imports = "warn"
unseparated_literal_suffix = "warn"
unused_async = "warn"
unused_peekable = "warn"
unused_rounding = "warn"
use_debug = "warn"
verbose_file_reads = "warn"
wildcard_enum_match_arm = "warn"
zero_sized_map_values = "warn"
# Allow specific lints that are too noisy for this project
missing_errors_doc = "allow" # TODO: Revisit this
missing_panics_doc = "allow" # TODO: Revisit this
must_use_candidate = "allow" # TODO: Revisit this
cast_possible_truncation = "allow" # TODO: Revisit this
cast_precision_loss = "allow" # TODO: Revisit this
cast_sign_loss = "allow" # TODO: Revisit this
module_name_repetitions = "allow" # TODO: Revisit this
similar_names = "allow" # TODO: Revisit this
too_many_lines = "allow" # TODO: Revisit this
type_complexity = "allow" # TODO: Revisit this
async_yields_async = "allow" # TODO: Revisit this
large_futures = "allow" # TODO: Revisit this
result_large_err = "allow" # TODO: Revisit this
cargo_common_metadata = "allow" # TODO: Revisit this
multiple_crate_versions = "allow"
[features]
default = ["additional_mysql_types", "verbose"]
# NOTE (todo #011): the former `json` and `csv` features were empty marker
# flags -- the modules were always compiled, the `csv` crate was always
# linked, and `--no-default-features --features "json csv"` produced a
# binary byte-identical to the default build. Gating JSON/CSV output is
# therefore not a real build-time choice; the flags were removed to stop
# advertising a non-existent attack-surface reduction.
# Extended MySQL type support for complex data types
additional_mysql_types = [
"mysql_common",
# Base MySQL type extensions
"mysql_common?/bigdecimal",
# High-precision decimal arithmetic
"mysql_common?/rust_decimal",
# Fixed-point decimal types
"mysql_common?/time",
# Enhanced date/time handling
"mysql_common?/frunk", # Generic programming utilities
]
# Development and debugging support
verbose = [] # Enable detailed logging and diagnostic output
# Integration testing support
integration_tests = [] # Enable heavy integration tests requiring external databases
[dependencies]
anyhow = "1.0.102"
clap = { version = "4.6.1", features = ["derive", "env"] }
clap_complete = "4.6.5"
csv = "1.4.0"
indicatif = "0.18.4"
# Stack-buffered numeric formatters: itoa for integers, ryu for floats.
# Used by `TypeTransformer::value_to_string` to avoid one heap allocation
# per numeric cell on the streaming sink path (todo #071).
itoa = "1.0.18"
mysql = { version = "28.0.0", default-features = false, features = ["rustls-tls", "minimal"] }
mysql_common = { version = "0.37.2", optional = true }
owo-colors = { version = "4.3.0", features = ["supports-colors"] }
regex = "1.12.4"
# TLS dependencies
rustls = { version = "0.23.40", features = ["ring"] }
rustls-native-certs = "0.8.4"
rustls-pki-types = "1.14.1"
ryu = "1.0.23"
serde_json = "1.0.150"
thiserror = "2.0.18"
# Structured logging with credential redaction. The default feature set of
# `tracing-subscriber` (fmt, ansi, tracing-log, smallvec, std) is enough for
# the human-readable plain-text output this binary emits on stderr; the
# `env-filter` feature adds `EnvFilter` which is used to wire `cli.verbose` /
# `cli.quiet` / `RUST_LOG` into per-level filtering.
tracing = "0.1.44"
tracing-subscriber = { version = "0.3.23", features = ["env-filter"] }
url = "2.5.8"
# Linux-only: provides `renameat2(2)` with `RENAME_NOREPLACE` for an atomic
# fail-on-clobber rename in `sink::commit_tmp` (CRITICAL #2 — TOCTOU rename
# race). Plain `std::fs::rename` would unconditionally overwrite a target
# planted in the window between the pre-flight `output.exists()` check and
# the rename. macOS / non-Linux Unix use `std::fs::hard_link` for the same
# guarantee; Windows uses `OpenOptions::create_new` to acquire exclusive
# ownership of the target.
[target.'cfg(target_os = "linux")'.dependencies]
nix = { version = "0.31.2", default-features = false, features = ["fs"] }
# Unix-only: provides `O_NOFOLLOW` for O_NOFOLLOW path-safety on output
# file creation (todo #024). Used only via `OpenOptions::custom_flags`.
[target.'cfg(unix)'.dependencies]
libc = "0.2.186"
[dev-dependencies]
assert_cmd = "2.2.2"
criterion = { version = "0.8.2", features = ["html_reports"] }
insta = "1.47.2"
predicates = "3.1.4"
process_control = "5.2.0"
proptest = "1.11.0"
rcgen = "0.14.8"
regex = "1.12.4"
rstest = "0.26.1"
sysinfo = "0.39.3"
temp-env = "0.3.6"
tempfile = "3.27.0"
testcontainers = { version = "0.27.3", features = ["blocking"] }
testcontainers-modules = { version = "0.15.0", features = ["mariadb", "mysql", "blocking"] }
time = { version = "0.3.47", features = ["macros"] }
tokio = { version = "1.52.3", features = ["full"] }
walkdir = "2.5.0"
# Benchmarks for performance testing
[[bench]]
name = "rows_processing"
harness = false
[[bench]]
name = "output_formats"
harness = false
[[bench]]
name = "value_conversion"
harness = false
[[bench]]
name = "memory_usage"
harness = false
[[bench]]
name = "memory_ceiling"
harness = false
[profile.release]
strip = true
codegen-units = 1
lto = "fat"
# Keep unwinding on panic. The streaming sinks in `src/sink.rs` and the
# `ProgressGuard` in `src/run.rs` rely on `Drop` to clean up partial
# `<output>.tmp` files and to clear the progress bar. `panic = "abort"`
# would skip those `Drop` impls and leak partial output to disk if an
# unexpected panic ever escapes the streaming path.
panic = "unwind"
# The profile that 'dist' will build with
[profile.dist]
inherits = "release"
overflow-checks = true