intel
diff --git a/‎fuzz/fuzz_cargo_lock.py‎
Lines changed: 74 additions & 0 deletions b/‎fuzz/fuzz_cargo_lock.py‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎fuzz/generated/cargo_lock_pb2.py‎
Lines changed: 30 additions & 0 deletions b/‎fuzz/generated/cargo_lock_pb2.py‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎fuzz/proto_files/cargo_lock.proto‎
Lines changed: 20 additions & 0 deletions b/‎fuzz/proto_files/cargo_lock.proto‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎sbom/cve-bin-tool-py3.8.json‎
Lines changed: 22 additions & 22 deletions b/‎sbom/cve-bin-tool-py3.8.json‎
Lines changed: 22 additions & 22 deletions
@@ -0,0 +1,74 @@
+# Copyright (C) 2023 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+import sys
+import tempfile
+from pathlib import Path
+
+import atheris
+import atheris_libprotobuf_mutator
+from google.protobuf.json_format import MessageToDict
+
+import fuzz.generated.cargo_lock_pb2 as cargo_lock_pb2
+from cve_bin_tool.cvedb import CVEDB
+from cve_bin_tool.log import LOGGER
+
+with atheris.instrument_imports():
+    from cve_bin_tool.parsers.rust import RustParser
+
+cve_db = CVEDB()
+logger = LOGGER.getChild("Fuzz")
+
+
+def CargoLockBuilder(data):
+    json_data = MessageToDict(
+        data, preserving_proto_field_name=True, including_default_value_fields=True
+    )
+
+    with open(file_path, "w") as f:
+        for package_data in json_data.get("packages", []):
+            package_name = package_data.get("name", "")
+            package_version = package_data.get("version", "")
+            f.write("[[package]]\n")
+            f.write(f'name = "{package_name}"\n')
+            f.write(f'version = "{package_version}"\n')
+            package_source = package_data.get("source", "")
+            if package_source != "":
+                f.write(f'source = "{package_source}"\n')
+            package_checksum = package_data.get("checksum", "")
+            if package_checksum != "":
+                f.write(f'checksum = "{package_checksum}"\n')
+
+            dependencies = package_data.get("dependency", [])
+            f.write("dependencies = [\n")
+            for dependency in dependencies:
+                name = dependency.get("name", "")
+                version = dependency.get("version", "")
+                url = dependency.get("url", "")
+                f.write(f' "{name}')
+                if version != "":
+                    f.write(f" {version}")
+                if url != "":
+                    f.write(f" {url}")
+                f.write('",\n')
+            f.write("]\n")
+            f.write("\n")
+
+
+def TestParseData(data):
+    try:
+        CargoLockBuilder(data)
+
+        rust_parser = RustParser(cve_db, logger)
+        rust_parser.run_checker(file_path)
+
+    except SystemExit:
+        return
+
+
+file_path = str(Path(tempfile.mkdtemp(prefix="cve-bin-tool-")) / "Cargo.lock")
+
+atheris_libprotobuf_mutator.Setup(
+    sys.argv, TestParseData, proto=cargo_lock_pb2.CargoLock
+)
+atheris.Fuzz()
@@ -0,0 +1,20 @@
+// Copyright (C) 2023 Intel Corporation
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+syntax = "proto3";
+
+message CargoLock {
+    message Package {
+        string name = 1;
+        string version = 2;
+        optional string source = 3;
+        optional string checksum = 4;
+        repeated Dependencies dependency = 5;
+    }
+    message Dependencies {
+        string name = 1;
+        optional string version = 2;
+        optional string url = 3;
+    }
+    repeated Package packages = 1;
+}
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:59585fe9-a8d6-4aeb-9105-511d0b303e62",
+  "serialNumber": "urn:uuid:bd4dc772-3281-4b09-82cb-4c763a0777b2",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-10-23T00:27:16Z",
+    "timestamp": "2023-10-30T00:27:18Z",
     "tools": {
       "components": [
         {
@@ -506,7 +506,7 @@
       "type": "library",
       "bom-ref": "16-gsutil",
       "name": "gsutil",
-      "version": "5.26",
+      "version": "5.27",
       "supplier": {
         "name": "Google Inc .",
         "contact": [
@@ -515,7 +515,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*",
       "description": "A command line tool for interacting with cloud storage services.",
       "licenses": [
         {
@@ -527,12 +527,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/gsutil/5.26",
+          "url": "https://pypi.org/project/gsutil/5.27",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/gsutil@5.26",
+      "purl": "pkg:pypi/gsutil@5.27",
       "properties": [
         {
           "name": "License Comments",
@@ -1021,7 +1021,7 @@
       "type": "library",
       "bom-ref": "31-pyopenssl",
       "name": "pyopenssl",
-      "version": "23.2.0",
+      "version": "23.3.0",
       "supplier": {
         "name": "The pyOpenSSL developers",
         "contact": [
@@ -1030,7 +1030,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*",
       "description": "Python wrapper module around the OpenSSL library",
       "licenses": [
         {
@@ -1042,12 +1042,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/pyOpenSSL/23.2.0",
+          "url": "https://pypi.org/project/pyOpenSSL/23.3.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/pyopenssl@23.2.0",
+      "purl": "pkg:pypi/pyopenssl@23.3.0",
       "properties": [
         {
           "name": "License Comments",
@@ -1059,7 +1059,7 @@
       "type": "library",
       "bom-ref": "32-cryptography",
       "name": "cryptography",
-      "version": "41.0.4",
+      "version": "41.0.5",
       "supplier": {
         "name": "The Python Cryptographic Authority and individual contributors",
         "contact": [
@@ -1068,7 +1068,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.5:*:*:*:*:*:*:*",
       "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
       "licenses": [
         {
@@ -1077,12 +1077,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cryptography/41.0.4",
+          "url": "https://pypi.org/project/cryptography/41.0.5",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].4"
+      "purl": "pkg:pypi/[email protected].5"
     },
     {
       "type": "library",
@@ -1266,7 +1266,7 @@
       "type": "library",
       "bom-ref": "38-cachetools",
       "name": "cachetools",
-      "version": "5.3.1",
+      "version": "5.3.2",
       "supplier": {
         "name": "Thomas Kemmer",
         "contact": [
@@ -1275,7 +1275,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*",
       "description": "Extensible memoizing collections and decorators",
       "licenses": [
         {
@@ -1287,12 +1287,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/cachetools/5.3.1",
+          "url": "https://pypi.org/project/cachetools/5.3.2",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/[email protected].1"
+      "purl": "pkg:pypi/[email protected].2"
     },
     {
       "type": "library",
@@ -1763,7 +1763,7 @@
       "type": "library",
       "bom-ref": "55-plotly",
       "name": "plotly",
-      "version": "5.17.0",
+      "version": "5.18.0",
       "supplier": {
         "name": "Chris P",
         "contact": [
@@ -1772,7 +1772,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:*",
       "description": "An open-source, interactive data visualization library for Python",
       "licenses": [
         {
@@ -1784,12 +1784,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/plotly/5.17.0",
+          "url": "https://pypi.org/project/plotly/5.18.0",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/plotly@5.17.0"
+      "purl": "pkg:pypi/plotly@5.18.0"
     },
     {
       "type": "library",