Skip to content

Commit

Permalink
[chore] README update
Browse files Browse the repository at this point in the history
  • Loading branch information
MangoIV committed Jun 15, 2024
1 parent 6ef378b commit f613e10
Showing 1 changed file with 21 additions and 14 deletions.
35 changes: 21 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<div align="center">
<a href="https://github.com/mangoiv/cabal-audit/actions">
<img src="https://github.com/mangoiv/cabal-audit/actions/workflows/cabal-audit.yml/badge.svg" alt="CI">
<img src="https://github.com/MangoIV/cabal-audit/actions/workflows/haskell-ci.yml/badge.svg" ald="CI">
</a>
<h1> <code> cabal-audit </code> </h1>
</div>
Expand Down Expand Up @@ -31,11 +32,12 @@ You can also [download a static executable from one of the latest workflow runs]
Run `cabal-audit` to scan your project for known vulnerabilities:

```console
λ cabal run cabal-audit -- --help
λ cabal-audit --help
Welcome to cabal audit

Usage: cabal-audit [(-p|--file-path FILEPATH) | (-r|--repository REPOSITORY)]
[--verbosity ARG] [-m|--json] [-o|--to-file FILEPATH]
[--verbosity ARG] [-m|--json] [-o|--to-file FILEPATH]
[-b|--no-color|--no-colour] [--fail-on-warning]

audit your cabal projects for vulnerabilities

Expand All @@ -49,31 +51,36 @@ Available options:
-m,--json whether to format as json mapping package names to
osvs that apply
-o,--to-file FILEPATH specify a file to write to, instead of stdout
-b,--no-color,--no-colour
don't colour the output
--fail-on-warning Exits with an error code if any advisories are found
in the build plan
```

```console
λ cabal run cabal-audit
λ cabal-audit --no-color
trying to clone https://github.com/haskell/security-advisories
Cloning into '/tmp/cabal-audit-726d3e9345b766bc'...
remote: Enumerating objects: 172, done.
remote: Counting objects: 100% (172/172), done.
remote: Compressing objects: 100% (129/129), done.
remote: Total 172 (delta 6), reused 114 (delta 1), pack-reused 0
Receiving objects: 100% (172/172), 116.55 KiB | 1.31 MiB/s, done.
Resolving deltas: 100% (6/6), done.
Cloning into '/tmp/cabal-audit3119166'...
remote: Enumerating objects: 183, done.
remote: Counting objects: 100% (183/183), done.
remote: Compressing objects: 100% (140/140), done.
remote: Total 183 (delta 5), reused 123 (delta 0), pack-reused 0
Receiving objects: 100% (183/183), 131.50 KiB | 2.19 MiB/s, done.
Resolving deltas: 100% (5/5), done.


Found advisories:

dependency "base" at version 4.18.1.0 is vulnerable for:
dependency "base" at version 4.19.1.0 is vulnerable for:
HSEC-2023-0007 "readFloat: memory exhaustion with large exponent"
published: 2024-04-23 12:43:30 +1000
published: 2024-06-13 06:04:41 UTC
https://haskell.github.io/security-advisories/advisory/HSEC-2023-0007
No fix version available
toml, parser, dos

dependency "process" at version 1.6.17.0 is vulnerable for:
dependency "process" at version 1.6.18.0 is vulnerable for:
HSEC-2024-0003 "process: command injection via argument list on Windows"
published: 2024-04-23 12:43:30 +1000
published: 2024-06-13 06:04:41 UTC
https://haskell.github.io/security-advisories/advisory/HSEC-2024-0003
Fix available since version 1.6.19.0
windows
Expand Down

0 comments on commit f613e10

Please sign in to comment.