Cargo audit fix (#512)

* Change from `chrono` implementation to impl based on `time` crate, as it has addressed the issues present in RUSTSEC-2020-0159 in its own security advisory: RUSTSEC-2020-071.

* Update feather/server/src/logging.rs

Co-authored-by: Nick Paladino <[email protected]>

* Remove 'simple_logger' from Cargo.toml in feather/utils

* Remove 'simple_logger' from Cargo.toml in feather/utils, adding `logging` module that mimics the `feather-server` setup.

* Update zeroize in Cargo.lock to avoid RUSTSEC-2021-0115

* Update Cargo.toml/Cargo.lock to new `rsa-der` version 0.3.0

Note that this still leaves the `rsa` issue until the `pem-rfc7468`/`pkcs8` dependency issues are resolved within that crate.

* Pin `base64ct` to "=1.1.1" to avoid `edition="2021"`

* Update `rsa` to v0.5, Update `rand` to v0.8.0, fix implementation to account for new `RsaPrivateKey` capitalization.

* Run cargo update
Added `host-fs` and `sys` to `wasmer-wasi` dependencies
Removed `time` from the list of `zip` dependencies

* Relaxed version constraints on base64ct and time

* Removed exact version dependency.

Co-authored-by: Noah Coetsee <[email protected]>
Co-authored-by: Noah Coetsee <[email protected]>
Co-authored-by: Nick Paladino <[email protected]>
Co-authored-by: Jacob Emil Ulvedal Rosborg <[email protected]>

Author: 4 people

Cargo.lock

@@ -13,4 +13,4 @@ serde_json = "1"
 smartstring = { version = "0.2", features = [ "serde" ] }
 thiserror = "1"
 ureq = { version = "2", default-features = false, features = [ "tls" ] }
-zip = "0.5"
+zip = { version = "0.5", default-features = false, features = [ "deflate", "bzip2" ] }

feather/datapacks/Cargo.toml

@@ -24,7 +24,7 @@ serde = "1"
 tempfile = "3"
 vec-arena = "1"
 wasmer = { version = "2", default-features = false, features = [ "jit" ] }
-wasmer-wasi = { version = "2", default-features = false }
+wasmer-wasi = { version = "2", default-features = false, features = [ "host-fs", "sys" ] }
 
 [features]
 llvm = [ "wasmer/llvm" ]

feather/plugin-host/Cargo.toml

@@ -17,7 +17,7 @@ ahash = "0.7"
 anyhow = "1"
 base = { path = "../base", package = "feather-base" }
 base64 = "0.13"
-chrono = "0.4"
+time = { version = "0.3", features = ["local-offset", "formatting", "macros"] }
 colored = "2"
 common = { path = "../common", package = "feather-common" }
 crossbeam-utils = "0.8"
@@ -36,10 +36,14 @@ parking_lot = "0.11"
 plugin-host = { path = "../plugin-host", package = "feather-plugin-host" }
 protocol = { path = "../protocol", package = "feather-protocol" }
 quill-common = { path = "../../quill/common" }
-rand = "0.7"
+
+rand = "0.8"
 ring = "0.16"
-rsa = "0.3"
-rsa-der = "0.2"
+
+rsa = "0.5"
+rsa-der = "0.3"
+base64ct = "1"
+
 serde = { version = "1", features = [ "derive" ] }
 serde_json = "1"
 sha-1 = "0.9"

feather/server/Cargo.toml

@@ -19,7 +19,7 @@ use protocol::{
     ServerLoginPacket, ServerPlayPacket, ServerStatusPacket,
 };
 use rand::rngs::OsRng;
-use rsa::{PaddingScheme, PublicKeyParts, RSAPrivateKey};
+use rsa::{PaddingScheme, PublicKeyParts, RsaPrivateKey};
 use serde::{Deserialize, Serialize};
 use sha1::Sha1;
 use std::convert::TryInto;
@@ -205,8 +205,8 @@ fn offline_mode_uuid(username: &str) -> Uuid {
 const RSA_BITS: usize = 1024;
 
 /// Cached RSA key used by this server instance.
-static RSA_KEY: Lazy<RSAPrivateKey> =
-    Lazy::new(|| RSAPrivateKey::new(&mut OsRng, RSA_BITS).expect("failed to create RSA key"));
+static RSA_KEY: Lazy<RsaPrivateKey> =
+    Lazy::new(|| RsaPrivateKey::new(&mut OsRng, RSA_BITS).expect("failed to create RSA key"));
 static RSA_KEY_ENCODED: Lazy<Vec<u8>> = Lazy::new(|| {
     rsa_der::public_key_to_der(&RSA_KEY.n().to_bytes_be(), &RSA_KEY.e().to_bytes_be())
 });

feather/server/src/initial_handler.rs

@@ -1,5 +1,7 @@
 use colored::Colorize;
 use log::{Level, LevelFilter};
+use time::macros::format_description;
+use time::OffsetDateTime;
 
 pub fn init(level: LevelFilter) {
     fern::Dispatch::new()
@@ -16,9 +18,18 @@ pub fn init(level: LevelFilter) {
             } else {
                 record.module_path().unwrap_or_default()
             };
+
+            let datetime: OffsetDateTime = match OffsetDateTime::now_local() {
+                Ok(x) => x,
+                Err(_) => OffsetDateTime::now_utc(),
+            };
             out.finish(format_args!(
                 "{} {:<5} [{}] {}",
-                chrono::Local::now().format("%Y-%m-%d %H:%M:%S,%3f"),
+                datetime
+                    .format(format_description!(
+                        "[year]-[month]-[day] [hour]:[minute]:[second],[subsecond digits:3]"
+                    ))
+                    .unwrap(),
                 level_string,
                 target,
                 message,

feather/server/src/logging.rs

@@ -7,4 +7,3 @@ edition = "2018"
 [dependencies]
 
 [dev-dependencies]
-simple_logger = "1"

feather/utils/Cargo.toml

@@ -12,5 +12,8 @@ futures-lite = "1"
 argh = "0.1"
 anyhow = "1"
 log = "0.4"
-simple_logger = "1"
 either = "1"
+colored = "2"
+fern = "0.6"
+time = { version = "0.3", features = ["local-offset", "formatting", "macros"] }
+

tools/proxy/Cargo.toml

@@ -0,0 +1,42 @@
+use colored::Colorize;
+use log::{Level, LevelFilter};
+use time::macros::format_description;
+use time::OffsetDateTime;
+
+pub fn init(level: LevelFilter) {
+    fern::Dispatch::new()
+        .format(|out, message, record| {
+            let level_string = match record.level() {
+                Level::Error => record.level().to_string().red(),
+                Level::Warn => record.level().to_string().yellow(),
+                Level::Info => record.level().to_string().cyan(),
+                Level::Debug => record.level().to_string().purple(),
+                Level::Trace => record.level().to_string().normal(),
+            };
+            let target = if !record.target().is_empty() {
+                record.target()
+            } else {
+                record.module_path().unwrap_or_default()
+            };
+
+            let datetime: OffsetDateTime = match OffsetDateTime::now_local() {
+                Ok(x) => x,
+                Err(_) => OffsetDateTime::now_utc(),
+            };
+            out.finish(format_args!(
+                "{} {:<5} [{}] {}",
+                datetime
+                    .format(format_description!(
+                        "[year]-[month]-[day] [hour]:[minute]:[second],[subsecond digits:3]"
+                    ))
+                    .unwrap(),
+                level_string,
+                target,
+                message,
+            ));
+        })
+        .level(level)
+        .chain(std::io::stdout())
+        .apply()
+        .unwrap();
+}

tools/proxy/src/logging.rs

@@ -1,5 +1,7 @@
 use std::net::{SocketAddr, TcpListener, TcpStream};
 
+mod logging;
+
 use anyhow::{bail, Context};
 use argh::FromArgs;
 use async_executor::Executor;
@@ -11,7 +13,6 @@ use feather_protocol::{
 };
 use futures_lite::FutureExt;
 use futures_lite::{AsyncReadExt, AsyncWriteExt};
-use simple_logger::SimpleLogger;
 
 /// A proxy for debugging and inspecting the Minecraft protocol.
 #[derive(Debug, FromArgs)]
@@ -26,10 +27,7 @@ struct Args {
 }
 
 fn main() -> anyhow::Result<()> {
-    SimpleLogger::new()
-        .with_level(log::LevelFilter::Debug)
-        .init()
-        .unwrap();
+    logging::init(log::LevelFilter::Debug);
     let args: Args = argh::from_env();
 
     let addr = format!("127.0.0.1:{}", args.port);