feat: Allow disabling cargo-audit (#4092)

dfinity · Jan 31, 2025 · a701813 · a701813
1 parent 834f4e2
commit a701813
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 # UNRELEASED
 
+### feat: `skip_cargo_audit` flag in dfx.json to skip `cargo audit` build step
+
 ### fix: `dfx canister install` and `dfx deploy` with `--no-asset-upgrade` no longer hang indefinitely when wasm is not up to date
 
 ### fix: `dfx` downloads `.did` files for remote canisters

diff --git a/docs/dfx-json-schema.json b/docs/dfx-json-schema.json
@@ -246,6 +246,12 @@
               "description": "Name of the Rust package that compiles this canister's Wasm.",
               "type": "string"
             },
+            "skip_cargo_audit": {
+              "title": "`cargo-audit` check",
+              "description": "If set to true, does not run `cargo audit` before building.",
+              "default": false,
+              "type": "boolean"
+            },
             "type": {
               "type": "string",
               "enum": [

diff --git a/e2e/tests-dfx/build_rust.bash b/e2e/tests-dfx/build_rust.bash
@@ -34,4 +34,7 @@ teardown() {
   dfx canister create --all
   assert_command dfx build
   assert_match "Audit found vulnerabilities"
+  jq '.canisters.hello.skip_cargo_audit=true' dfx.json | sponge dfx.json
+  assert_command dfx build
+  assert_not_match "Audit found vulnerabilities"
 }
diff --git a/src/dfx-core/src/config/model/dfinity.rs b/src/dfx-core/src/config/model/dfinity.rs
@@ -355,6 +355,11 @@ pub enum CanisterTypeProperties {
         /// # Candid File
         /// Path of this canister's candid interface declaration.
         candid: PathBuf,
+
+        /// # `cargo-audit` check
+        /// If set to true, does not run `cargo audit` before building.
+        #[serde(default)]
+        skip_cargo_audit: bool,
     },
     /// # Asset-Specific Properties
     Assets {
@@ -1296,6 +1301,7 @@ impl<'de> Visitor<'de> for PropertiesVisitor {
         let mut wasm = None;
         let mut candid = None;
         let mut package = None;
+        let mut skip_cargo_audit = None;
         let mut crate_name = None;
         let mut source = None;
         let mut build = None;
@@ -1313,6 +1319,7 @@ impl<'de> Visitor<'de> for PropertiesVisitor {
                 "type" => r#type = Some(map.next_value::<String>()?),
                 "id" => id = Some(map.next_value()?),
                 "workspace" => workspace = Some(map.next_value()?),
+                "skip_cargo_audit" => skip_cargo_audit = Some(map.next_value()?),
                 _ => continue,
             }
         }
@@ -1321,6 +1328,7 @@ impl<'de> Visitor<'de> for PropertiesVisitor {
             Some("rust") => CanisterTypeProperties::Rust {
                 candid: PathBuf::from(candid.ok_or_else(|| missing_field("candid"))?),
                 package: package.ok_or_else(|| missing_field("package"))?,
+                skip_cargo_audit: skip_cargo_audit.unwrap_or(false),
                 crate_name,
             },
             Some("assets") => CanisterTypeProperties::Assets {

diff --git a/src/dfx/src/lib/canister_info.rs b/src/dfx/src/lib/canister_info.rs
@@ -145,6 +145,7 @@ impl CanisterInfo {
                         package: _,
                         crate_name: _,
                         candid,
+                        skip_cargo_audit: _,
                     } => workspace_root.join(candid),
                     CanisterTypeProperties::Assets { .. } => output_root.join("assetstorage.did"),
                     CanisterTypeProperties::Custom {
@@ -360,6 +361,10 @@ impl CanisterInfo {
         matches!(self.type_specific, CanisterTypeProperties::Rust { .. })
     }
 
+    pub fn should_cargo_audit(&self) -> bool {
+        matches!(self.type_specific, CanisterTypeProperties::Rust { skip_cargo_audit, .. } if !skip_cargo_audit)
+    }
+
     pub fn is_assets(&self) -> bool {
         matches!(self.type_specific, CanisterTypeProperties::Assets { .. })
     }

diff --git a/src/dfx/src/lib/canister_info/rust.rs b/src/dfx/src/lib/canister_info/rust.rs
@@ -34,14 +34,13 @@ impl CanisterInfoFactory for RustCanisterInfo {
             bail!("`cargo metadata` was unsuccessful");
         }
 
-        let (package, crate_name) = if let CanisterTypeProperties::Rust {
+        let CanisterTypeProperties::Rust {
             package,
             crate_name,
             candid: _,
+            skip_cargo_audit: _,
         } = info.type_specific.clone()
-        {
-            (package, crate_name)
-        } else {
+        else {
             bail!(
                 "Attempted to construct a custom canister from a type:{} canister config",
                 info.type_specific.name()

diff --git a/src/dfx/src/lib/models/canister.rs b/src/dfx/src/lib/models/canister.rs
@@ -682,13 +682,13 @@ impl CanisterPool {
         if self
             .canisters_to_build(build_config)
             .iter()
-            .any(|can| can.info.is_rust())
+            .any(|can| can.info.should_cargo_audit())
         {
             self.run_cargo_audit()?;
         } else {
             trace!(
                 self.logger,
-                "No canister of type 'rust' found. Not trying to run 'cargo audit'."
+                "No canister of type 'rust' found (or it disabled the audit step). Not trying to run 'cargo audit'."
             )
         }