fanzeyi / cargo-play Goto Github PK
View Code? Open in Web Editor NEWA local Rust playground
License: MIT License
A local Rust playground
License: MIT License
https://doc.rust-lang.org/rustc/tests/index.html
cargo play --test
don't' support pass option to cargo --test
Example cargo play test.rs -- 1 2 3
so that std::env::args()
would receive 1,2,3
.
This seems to be an almost-duplicate of https://github.com/DanielKeep/cargo-script, or am I missing something?
Add a flag that will skip compilation and run any existing binary. This will reduce startup time for existing scripts.
It's better not to print lines like
Finished release [optimized] target(s) in 0.20s
Running `/var/folders/5v/g3zxt_7d64g3sd_56bzpqbvh0000gn/T/cargo-play.EcaT1SNHADVuJ2ex5_j0YiUjBv8/target/release/ecat1snhadvuj2ex5_j0yiujbv8
unless a --verbose
flag is supplied. Alternatively, add a --quiet
flag.
Since 2021 Edition is now officially stable, this plugin should support it. I already made a pull request with the changes done. It only needs to be accepted and released
#70
Hello. A few minutes ago I starred this repo, then I installed cargo-play using cargo install cargo-play
, and then used it to test out some code for a crate (uuid
).
A few minutes later, I received an unexpected email.
Sender: 开源社区OSCS [email protected]
Title: "Venryx,您关注的开源项目 fanzeyi/cargo-play 受到 4 个存在安全缺陷开源组件的影响"
Contents:
<html><body>
<!--StartFragment--><div style="background:#ffffff;background-color:#ffffff;margin:0px auto;max-width:600px;">
开发者Venryx,您好: 当前不管是开源项目还是企业代码项目,都正在遭受来自开源社区的一些存在安全缺陷组件的影响。来自Synopsys OSSRA reports 2021的开源安全调查报告显示,平均每个项目会引入55个存在安全缺陷的组件,平均每个项目受这些有缺陷的开源组件影响会导致161个漏洞。 OSCS 安全社区会关注一批开源项目,并主动去检测并提示项目存在的风险: 提示这些开源项目的作者和贡献者,他的项目正在受到有安全缺陷的开源组件影响 提示Star&Fork这些项目的开发者,您可能也会受到这些存在安全缺陷的开源组件影响 您好,因为 fanzeyi/cargo-play 正在被 OSCS 关注且受到有安全缺陷的组件影响,所以冒昧通过邮件提醒您。如果 OSCS 安全社区的信息对您没有帮助,请点击取消退订,我们会标记为暂不关心,后续不会再次提示您。 fanzeyi/cargo-play 项目一共引入了 4 个有漏洞的缺陷组件,以下是部分主要信息:完整报告: https://www.oscs1024.com/cd/1530611384193359872?sign=076a7713&report=1 | 开发者Venryx,您好: | 开发者Venryx,您好: | 当前不管是开源项目还是企业代码项目,都正在遭受来自开源社区的一些存在安全缺陷组件的影响。来自Synopsys OSSRA reports 2021的开源安全调查报告显示,平均每个项目会引入55个存在安全缺陷的组件,平均每个项目受这些有缺陷的开源组件影响会导致161个漏洞。 OSCS 安全社区会关注一批开源项目,并主动去检测并提示项目存在的风险: 提示这些开源项目的作者和贡献者,他的项目正在受到有安全缺陷的开源组件影响 提示Star&Fork这些项目的开发者,您可能也会受到这些存在安全缺陷的开源组件影响 | 当前不管是开源项目还是企业代码项目,都正在遭受来自开源社区的一些存在安全缺陷组件的影响。来自Synopsys OSSRA reports 2021的开源安全调查报告显示,平均每个项目会引入55个存在安全缺陷的组件,平均每个项目受这些有缺陷的开源组件影响会导致161个漏洞。 OSCS 安全社区会关注一批开源项目,并主动去检测并提示项目存在的风险: 提示这些开源项目的作者和贡献者,他的项目正在受到有安全缺陷的开源组件影响 提示Star&Fork这些项目的开发者,您可能也会受到这些存在安全缺陷的开源组件影响 | 您好,因为 fanzeyi/cargo-play 正在被 OSCS 关注且受到有安全缺陷的组件影响,所以冒昧通过邮件提醒您。如果 OSCS 安全社区的信息对您没有帮助,请点击取消退订,我们会标记为暂不关心,后续不会再次提示您。 fanzeyi/cargo-play 项目一共引入了 4 个有漏洞的缺陷组件,以下是部分主要信息:完整报告: https://www.oscs1024.com/cd/1530611384193359872?sign=076a7713&report=1 | 您好,因为 fanzeyi/cargo-play 正在被 OSCS 关注且受到有安全缺陷的组件影响,所以冒昧通过邮件提醒您。如果 OSCS 安全社区的信息对您没有帮助,请点击取消退订,我们会标记为暂不关心,后续不会再次提示您。 | fanzeyi/cargo-play 项目一共引入了 4 个有漏洞的缺陷组件,以下是部分主要信息:完整报告: https://www.oscs1024.com/cd/1530611384193359872?sign=076a7713&report=1
-- | -- | -- | -- | -- | -- | -- | --
开发者Venryx,您好: | 开发者Venryx,您好:
开发者Venryx,您好:
当前不管是开源项目还是企业代码项目,都正在遭受来自开源社区的一些存在安全缺陷组件的影响。来自Synopsys OSSRA reports 2021的开源安全调查报告显示,平均每个项目会引入55个存在安全缺陷的组件,平均每个项目受这些有缺陷的开源组件影响会导致161个漏洞。 OSCS 安全社区会关注一批开源项目,并主动去检测并提示项目存在的风险: 提示这些开源项目的作者和贡献者,他的项目正在受到有安全缺陷的开源组件影响 提示Star&Fork这些项目的开发者,您可能也会受到这些存在安全缺陷的开源组件影响 | 当前不管是开源项目还是企业代码项目,都正在遭受来自开源社区的一些存在安全缺陷组件的影响。来自Synopsys OSSRA reports 2021的开源安全调查报告显示,平均每个项目会引入55个存在安全缺陷的组件,平均每个项目受这些有缺陷的开源组件影响会导致161个漏洞。 OSCS 安全社区会关注一批开源项目,并主动去检测并提示项目存在的风险: 提示这些开源项目的作者和贡献者,他的项目正在受到有安全缺陷的开源组件影响 提示Star&Fork这些项目的开发者,您可能也会受到这些存在安全缺陷的开源组件影响
当前不管是开源项目还是企业代码项目,都正在遭受来自开源社区的一些存在安全缺陷组件的影响。来自Synopsys OSSRA reports 2021的开源安全调查报告显示,平均每个项目会引入55个存在安全缺陷的组件,平均每个项目受这些有缺陷的开源组件影响会导致161个漏洞。 OSCS 安全社区会关注一批开源项目,并主动去检测并提示项目存在的风险: 提示这些开源项目的作者和贡献者,他的项目正在受到有安全缺陷的开源组件影响 提示Star&Fork这些项目的开发者,您可能也会受到这些存在安全缺陷的开源组件影响
您好,因为 fanzeyi/cargo-play 正在被 OSCS 关注且受到有安全缺陷的组件影响,所以冒昧通过邮件提醒您。如果 OSCS 安全社区的信息对您没有帮助,请点击取消退订,我们会标记为暂不关心,后续不会再次提示您。 fanzeyi/cargo-play 项目一共引入了 4 个有漏洞的缺陷组件,以下是部分主要信息:完整报告: https://www.oscs1024.com/cd/1530611384193359872?sign=076a7713&report=1 | 您好,因为 fanzeyi/cargo-play 正在被 OSCS 关注且受到有安全缺陷的组件影响,所以冒昧通过邮件提醒您。如果 OSCS 安全社区的信息对您没有帮助,请点击取消退订,我们会标记为暂不关心,后续不会再次提示您。 | fanzeyi/cargo-play 项目一共引入了 4 个有漏洞的缺陷组件,以下是部分主要信息:完整报告: https://www.oscs1024.com/cd/1530611384193359872?sign=076a7713&report=1
您好,因为 fanzeyi/cargo-play 正在被 OSCS 关注且受到有安全缺陷的组件影响,所以冒昧通过邮件提醒您。如果 OSCS 安全社区的信息对您没有帮助,请点击取消退订,我们会标记为暂不关心,后续不会再次提示您。
fanzeyi/cargo-play 项目一共引入了 4 个有漏洞的缺陷组件,以下是部分主要信息:完整报告: https://www.oscs1024.com/cd/1530611384193359872?sign=076a7713&report=1
</div><!--EndFragment-->
</body>
</html>
```开发者Venryx,您好:
当前不管是开源项目还是企业代码项目,都正在遭受来自开源社区的一些存在安全缺陷组件的影响。来自Synopsys OSSRA reports 2021的开源安全调查报告显示,平均每个项目会引入55个存在安全缺陷的组件,平均每个项目受这些有缺陷的开源组件影响会导致161个漏洞。
OSCS 安全社区会关注一批开源项目,并主动去检测并提示项目存在的风险:
提示这些开源项目的作者和贡献者,他的项目正在受到有安全缺陷的开源组件影响
提示Star&Fork这些项目的开发者,您可能也会受到这些存在安全缺陷的开源组件影响
您好,因为 fanzeyi/cargo-play 正在被 OSCS 关注且受到有安全缺陷的组件影响,所以冒昧通过邮件提醒您。如果 OSCS 安全社区的信息对您没有帮助,请[点击取消退订](https://sctrack.sendcloud.net/track/unsubscribe.do?p=eyJ1c2VyX2lkIjogMTYwNzcwLCAidGFza19pZCI6ICIiLCAiZW1haWxfaWQiOiAiMTY1NTc4NzY5MDUyNV8xNjA3NzBfNDI4MTRfNjQyOC5zYy0xMF85XzEzXzIxMy1pbmJvdW5kMCR2ZW5yeXhAZ21haWwuY29tIiwgInNpZ24iOiAiNWRkZjhkMTE5NjE0OTljMWJkMmQ4Y2M4ZGZjNTNjODkiLCAidXNlcl9oZWFkZXJzIjoge30sICJsYWJlbCI6ICIyMjMxNDA2MSIsICJ0cmFja19kb21haW4iOiAic2N0cmFjay5zZW5kY2xvdWQubmV0IiwgInJlYWxfdHlwZSI6ICIiLCAibmV0ZWFzZSI6ICJmYWxzZSIsICJvdXRfaXAiOiAiMTE3LjUwLjM2LjExMCIsICJjb250ZW50X3R5cGUiOiAzLCAicmVjZWl2ZXIiOiAidmVucnl4QGdtYWlsLmNvbSIsICJtYWlsbGlzdF9pZCI6IDAsICJvdmVyc2VhcyI6ICJmYWxzZSIsICJjYXRlZ29yeV9pZCI6IDI1NzM0NywgInBhZ2VfaWQiOiAtMX0%3D),我们会标记为暂不关心,后续不会再次提示您。
fanzeyi/cargo-play 项目一共引入了 4 个有漏洞的缺陷组件,以下是部分主要信息:
完整报告: [https://www.oscs1024.com/cd/1530611384193359872?sign=076a7713&report=1](https://sctrack.sendcloud.net/track/click/eyJuZXRlYXNlIjogImZhbHNlIiwgIm1haWxsaXN0X2lkIjogMCwgInRhc2tfaWQiOiAiIiwgImVtYWlsX2lkIjogIjE2NTU3ODc2OTA1MjVfMTYwNzcwXzQyODE0XzY0Mjguc2MtMTBfOV8xM18yMTMtaW5ib3VuZDAkdmVucnl4QGdtYWlsLmNvbSIsICJzaWduIjogImJkODdkOGJhYmQ4M2JhMzA0YTRiYjQ2MTZiNDU4ZWQ5IiwgInVzZXJfaGVhZGVycyI6IHt9LCAibGFiZWwiOiAiMjIzMTQwNjEiLCAidHJhY2tfZG9tYWluIjogInNjdHJhY2suc2VuZGNsb3VkLm5ldCIsICJyZWFsX3R5cGUiOiAiIiwgImxpbmsiOiAiaHR0cHMlM0EvL3d3dy5vc2NzMTAyNC5jb20vY2QvMTUzMDYxMTM4NDE5MzM1OTg3MiUzRnNpZ24lM0QwNzZhNzcxMyUyNnJlcG9ydCUzRDEiLCAib3V0X2lwIjogIjExNy41MC4zNi4xMTAiLCAiY29udGVudF90eXBlIjogMywgInVzZXJfaWQiOiAxNjA3NzAsICJvdmVyc2VhcyI6ICJmYWxzZSIsICJjYXRlZ29yeV9pZCI6IDI1NzM0N30=.html)
缺陷组件:[email protected] - 间接引入
漏洞标题:lodash 命令注入漏洞
影响描述:lodash是一款开源的JavaScript实用程序库。Lodash中存在命令注入漏洞,该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
CVE编号:CVE-2021-23337
国家漏洞库信息:
影响范围::(∞, 4.17.21)
最小修复版本:4.17.21
组件引入路径:[email protected]>[email protected]>[email protected]>[email protected]
漏洞详情:[https://www.oscs1024.com/hd/MPS-2021-2638](https://sctrack.sendcloud.net/track/click/eyJuZXRlYXNlIjogImZhbHNlIiwgIm1haWxsaXN0X2lkIjogMCwgInRhc2tfaWQiOiAiIiwgImVtYWlsX2lkIjogIjE2NTU3ODc2OTA1MjVfMTYwNzcwXzQyODE0XzY0Mjguc2MtMTBfOV8xM18yMTMtaW5ib3VuZDAkdmVucnl4QGdtYWlsLmNvbSIsICJzaWduIjogImU5N2M0NmE3ZjQ1YzA3ODMwN2ViOTExOGRkZTQ0NjgxIiwgInVzZXJfaGVhZGVycyI6IHt9LCAibGFiZWwiOiAiMjIzMTQwNjEiLCAidHJhY2tfZG9tYWluIjogInNjdHJhY2suc2VuZGNsb3VkLm5ldCIsICJyZWFsX3R5cGUiOiAiIiwgImxpbmsiOiAiaHR0cHMlM0EvL3d3dy5vc2NzMTAyNC5jb20vaGQvTVBTLTIwMjEtMjYzOCUzRnMlM0RtIiwgIm91dF9pcCI6ICIxMTcuNTAuMzYuMTEwIiwgImNvbnRlbnRfdHlwZSI6IDMsICJ1c2VyX2lkIjogMTYwNzcwLCAib3ZlcnNlYXMiOiAiZmFsc2UiLCAiY2F0ZWdvcnlfaWQiOiAyNTczNDd9.html)
缺陷组件:[email protected] - 间接引入
漏洞标题:nodejs 资源管理错误漏洞
影响描述:nodejs是是一个基于ChromeV8引擎的JavaScript运行环境通过对Chromev8引擎进行了封装以及使用事件驱动和非阻塞IO的应用让Javascript开发高性能的后台应用成为了可能。nodejs-glob-parent 存在安全漏洞,该漏洞源于正则表达式拒绝服务。
CVE编号:CVE-2020-28469
国家漏洞库信息:
影响范围::(∞, 5.1.2)
最小修复版本:5.1.2
组件引入路径:[email protected]>[email protected]>[email protected]>[email protected]
漏洞详情:[https://www.oscs1024.com/hd/MPS-2021-7827](https://sctrack.sendcloud.net/track/click/eyJuZXRlYXNlIjogImZhbHNlIiwgIm1haWxsaXN0X2lkIjogMCwgInRhc2tfaWQiOiAiIiwgImVtYWlsX2lkIjogIjE2NTU3ODc2OTA1MjVfMTYwNzcwXzQyODE0XzY0Mjguc2MtMTBfOV8xM18yMTMtaW5ib3VuZDAkdmVucnl4QGdtYWlsLmNvbSIsICJzaWduIjogImFhODAwY2ZmZTVmODQxMzJiNDMyZTIzMGU2NjQxMjEzIiwgInVzZXJfaGVhZGVycyI6IHt9LCAibGFiZWwiOiAiMjIzMTQwNjEiLCAidHJhY2tfZG9tYWluIjogInNjdHJhY2suc2VuZGNsb3VkLm5ldCIsICJyZWFsX3R5cGUiOiAiIiwgImxpbmsiOiAiaHR0cHMlM0EvL3d3dy5vc2NzMTAyNC5jb20vaGQvTVBTLTIwMjEtNzgyNyUzRnMlM0RtIiwgIm91dF9pcCI6ICIxMTcuNTAuMzYuMTEwIiwgImNvbnRlbnRfdHlwZSI6IDMsICJ1c2VyX2lkIjogMTYwNzcwLCAib3ZlcnNlYXMiOiAiZmFsc2UiLCAiY2F0ZWdvcnlfaWQiOiAyNTczNDd9.html)
OSCS安全社区敬上
祝您工作顺利,生活愉快
对此信息不感兴趣,[不希望再次收到](https://sctrack.sendcloud.net/track/unsubscribe.do?p=eyJ1c2VyX2lkIjogMTYwNzcwLCAidGFza19pZCI6ICIiLCAiZW1haWxfaWQiOiAiMTY1NTc4NzY5MDUyNV8xNjA3NzBfNDI4MTRfNjQyOC5zYy0xMF85XzEzXzIxMy1pbmJvdW5kMCR2ZW5yeXhAZ21haWwuY29tIiwgInNpZ24iOiAiNWRkZjhkMTE5NjE0OTljMWJkMmQ4Y2M4ZGZjNTNjODkiLCAidXNlcl9oZWFkZXJzIjoge30sICJsYWJlbCI6ICIyMjMxNDA2MSIsICJ0cmFja19kb21haW4iOiAic2N0cmFjay5zZW5kY2xvdWQubmV0IiwgInJlYWxfdHlwZSI6ICIiLCAibmV0ZWFzZSI6ICJmYWxzZSIsICJvdXRfaXAiOiAiMTE3LjUwLjM2LjExMCIsICJjb250ZW50X3R5cGUiOiAzLCAicmVjZWl2ZXIiOiAidmVucnl4QGdtYWlsLmNvbSIsICJtYWlsbGlzdF9pZCI6IDAsICJvdmVyc2VhcyI6ICJmYWxzZSIsICJjYXRlZ29yeV9pZCI6IDI1NzM0NywgInBhZ2VfaWQiOiAtMX0%3D)
Anyone know what this is and/or why I received the email?
My guess is that this is something like Dependabot, where a service scans repositories for vulnerability and then emails maintainers about security issues that should be patched -- except in this case, for anyone that stars the repo as well?
Anyway, it's kind of a weird thing to get emailed about a repo merely for starring it, so thought I'd mention it here in case it was not intended to have this behavior.
The Playground now supports implicitly adding dependencies by just importing something with use
.
I think this would be a great addition to this crate.
You could potentially check imports against the crate index and automatically add them as dependencies if they exist. (There is the https://github.com/frewsxcv/rust-crates-index crate for example that allows this)
Having a standalone file on /tmp/foo.rs
fn main(){
println!("Hello, World")
}
#[test]
fn test_foo() {
assert_eq!(1, 1);
}
Currenty I can use cargo play /tmp/foo.rs
to have the main function output.
Cargo play is creating a temporary project and then calling cargo run
on it.
I suggest adding an option to run tests cargo play /tmp/foo.rs --tests
and then it runs cargo test
instead of run
If the hash is different from the last compilation, don't use the cached version. An implementation can be seen at this link.
Find a way to support rls.
The function will check if the system install cargo play
and check filetype=rust
~/.config/init.lua
+require "user.cargoplay"
https://github.com/laris/Neovim-from-scratch/blob/laris/lua/user/cargoplay.lua
I liked your project a bit, so I decided to make an entire intellij plugin completely integrating the official Intellij Rust plugin and your program! You can find it here or here @ the marketplace
Thanks for your playground program!
If you make the first line #!/usr/bin/env cargo-play
, then you can use it as an executable without needing to call cargo play
directly. Currently, it seems as if processing begins immediately to search for the prefix //#
First of all, congrats for the awesome work you've put in here!
I've got the following files:
src
├── foo.rs
├── lib.rs
├── main.rs
I am trying to use some content from my lib, but the imports won't resolve even if I use cargo play src/main.rs src/lib.rs src/foo.rs
How can I use my own library?
Would appreciate feedback on my research and proposal.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.