Better docs (#1598)

* More descriptive example advisory * README: note that all Cargo selectors are supported
2025-12-27 01:54:07 -05:00 · 2023-02-11 15:37:46 +01:00
parent b83953fdf1
commit 8dcbf2905f
2 changed files with 7 additions and 3 deletions
--- a/EXAMPLE_ADVISORY.md
+++ b/EXAMPLE_ADVISORY.md
@@ -4,19 +4,21 @@ id = "RUSTSEC-0000-0000"
 package = "crate-name"
 date = "2020-01-31"
 url = "https://example.com"
+# Valid categories: "code-execution", "crypto-failure", "denial-of-service", "file-disclosure"
+# "format-injection", "memory-corruption", "memory-exposure", "privilege-escalation"
 categories = ["code-execution", "privilege-escalation"]
 keywords = ["example", "freeform", "keywords"]
 #aliases = ["CVE-YYYY-NNNN"]
 #cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"

 [versions]
-patched = [">= 1.2.3"]
-unaffected = ["0.1.2"]
+patched = [">= 1.2.3, < 1.3.0", ">= 1.3.4"]
+unaffected = ["<= 0.1.2"]

 [affected]
 #arch = ["x86"]
 #os = ["windows"]
-functions = { "crate_name::MyStruct::vulnerable_fn" = ["< 1.2.3"] }
+#functions = { "crate_name::MyStruct::vulnerable_fn" = [">= 1.3.0, < 1.3.4"] }
 ```

 # RustSec Advisory Template - Advisory Title Goes Here
--- a/README.md
+++ b/README.md
@@ -115,6 +115,8 @@ keywords = ["ssl", "mitm"]
 functions = { "mycrate::MyType::vulnerable_function" = ["< 1.2.0, >= 1.1.0"] }

 # Versions which include fixes for this vulnerability (mandatory)
+# All selectors supported by Cargo are supported here:
+# https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html
 # use patched = [] e.g. in case of unmaintained where there is no fix
 [versions]
 patched = [">= 1.2.0"]