To implement a part of wot-serve we had to implement a mapping between the uritemplates used in the WoT Forms and the Axum Paths.

We looked at the crates available and we noticed that uritemplate would fit our needs but it is not updated since 6 years ago, with short winded tries to update it as uritemplate-next.

Shortcomings

• Pre-2018 codebase
• Plenty of clippy triggers
• Missing CI
• Stale dependencies: regex and thread_local faults were caught by cargo audit

❯ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 485 security advisories (from /Users/lu_zero/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (12 crate dependencies)
Crate:         regex
Version:       0.1.80
Title:         Regexes with large repetitions on empty sub-expressions take a very long time to parse
Date:          2022-03-08
ID:            RUSTSEC-2022-0013
URL:           https://rustsec.org/advisories/RUSTSEC-2022-0013
Solution:      Upgrade to >=1.5.5
Dependency tree:
regex 0.1.80
└── uritemplate 0.1.2

Crate:         thread_local
Version:       0.2.7
Title:         Data race in `Iter` and `IterMut`
Date:          2022-01-23
ID:            RUSTSEC-2022-0006
URL:           https://rustsec.org/advisories/RUSTSEC-2022-0006
Solution:      Upgrade to >=1.1.4
Dependency tree:
thread_local 0.2.7
└── regex 0.1.80
    └── uritemplate 0.1.2

error: 2 vulnerabilities found!

Since we wanted to test how our sifis-generated CI behaved, we had Miri catch at least one problem while running the test suite.

test test_additional_examples_1 ... error: Undefined Behavior: trying to retag from <1436802> for Unique permission at alloc589893[0x0], but that tag does not exist in the borrow stack for this location
   --> /Users/lu_zero/.cargo/registry/src/github.com-1ecc6299db9ec823/thread_local-0.2.7/src/lib.rs:122:9
    |
122 |         mem::transmute(raw)
    |         ^^^^^^^^^^^^^^^^^^^
    |         |
    |         trying to retag from <1436802> for Unique permission at alloc589893[0x0], but that tag does not exist in the borrow stack for this location
    |         this error occurs as part of retag at alloc589893[0x0..0x20]
    |
    = help: this indicates a potential bug in the program: it performed an invalid operation, but the Stacked Borrows rules it violated are still experimental
    = help: see https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/stacked-borrows.md for further information
help: <1436802> was created by a SharedReadWrite retag at offsets [0x0..0x20]
   --> /Users/lu_zero/Sources/rust/rust-uritemplate/src/percent_encoding.rs:90:5
    |
90  |     Regex::new("%25(?P<hex>[0-9a-fA-F][0-9a-fA-F])")
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
help: <1436802> was later invalidated at offsets [0x0..0x20] by a Unique retag
   --> /Users/lu_zero/Sources/rust/rust-uritemplate/src/percent_encoding.rs:90:5
    |
90  |     Regex::new("%25(?P<hex>[0-9a-fA-F][0-9a-fA-F])")
    |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    = note: BACKTRACE (of the first span):
    = note: inside `<std::boxed::Box<thread_local::Table<std::cell::RefCell<regex::exec::ProgramCacheInner>>> as thread_local::BoxExt<thread_local::Table<std::cell::RefCell<regex::exec::ProgramCacheInner>>>>::from_raw` at /Users/lu_zero/.cargo/registry/src/github.com-1ecc6299db9ec823/thread_local-0.2.7/src/lib.rs:122:9: 122:28
    = note: inside `<thread_local::ThreadLocal<std::cell::RefCell<regex::exec::ProgramCacheInner>> as std::ops::Drop>::drop` at /Users/lu_zero/.cargo/registry/src/github.com-1ecc6299db9ec823/thread_local-0.2.7/src/lib.rs:174:36: 174:88
    = note: inside `std::ptr::drop_in_place::<thread_local::ThreadLocal<std::cell::RefCell<regex::exec::ProgramCacheInner>>> - shim(Some(thread_local::ThreadLocal<std::cell::RefCell<regex::exec::ProgramCacheInner>>))` at /Users/lu_zero/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:490:1: 490:56
    = note: inside `std::ptr::drop_in_place::<thread_local::CachedThreadLocal<std::cell::RefCell<regex::exec::ProgramCacheInner>>> - shim(Some(thread_local::CachedThreadLocal<std::cell::RefCell<regex::exec::ProgramCacheInner>>))` at /Users/lu_zero/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:490:1: 490:56
    = note: inside `std::ptr::drop_in_place::<regex::exec::Exec> - shim(Some(regex::exec::Exec))` at /Users/lu_zero/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:490:1: 490:56
    = note: inside `std::ptr::drop_in_place::<regex::re_unicode::_Regex> - shim(Some(regex::re_unicode::_Regex))` at /Users/lu_zero/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:490:1: 490:56
    = note: inside `std::ptr::drop_in_place::<regex::re_unicode::Regex> - shim(Some(regex::re_unicode::Regex))` at /Users/lu_zero/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:490:1: 490:56
note: inside `uritemplate::percent_encoding::encode_reserved`
   --> /Users/lu_zero/Sources/rust/rust-uritemplate/src/percent_encoding.rs:93:1
    |
93  | }
    | ^
note: inside `uritemplate::UriTemplate::build_varspec::<for<'a> fn(&'a str) -> std::string::String {uritemplate::percent_encoding::encode_unreserved}>`
   --> /Users/lu_zero/Sources/rust/rust-uritemplate/src/lib.rs:297:43
    |
297 | ...                   res.push_str(&encode_reserved(&v.name));
    |                                     ^^^^^^^^^^^^^^^^^^^^^^^^
note: inside `uritemplate::UriTemplate::build_varlist`
   --> /Users/lu_zero/Sources/rust/rust-uritemplate/src/lib.rs:419:17
    |
419 | /                 self.build_varspec(
420 | |                     varspec,
421 | |                     sep,
422 | |                     named,
423 | |                     ifemp,
424 | |                     encode_unreserved
425 | |                 )
    | |_________________^
note: inside `uritemplate::UriTemplate::build`
   --> /Users/lu_zero/Sources/rust/rust-uritemplate/src/lib.rs:459:21
    |
459 |                     self.build_varlist(op, varlist)
    |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: inside `test_additional_examples_1`
   --> tests/extended_tests.rs:58:42
    |
58  |     assert!(template_1_answers.contains(&templates[1].build().as_ref()));
    |                                          ^^^^^^^^^^^^^^^^^^^^
note: inside closure
   --> tests/extended_tests.rs:8:33
    |
7   | #[test]
    | ------- in this procedural macro expansion
8   | fn test_additional_examples_1() {
    |                                 ^
    = note: this error originates in the attribute macro `test` (in Nightly builds, run with -Z macro-backtrace for more info)

Miri works!

Mitigation

• Since the original developer literally disappeared in 2019 we created a full fork of the crate.
• We made sure to update it to the Rust edition 2021
• We addressed all the lints clippy found
• We updated the dependencies so cargo audit report is clear
• We set up the CI using the sifis-generate stock rust github template

Updates and Release

Once the project is clear we extended its API to fit the wot-serve needs, updated documentation and prepared a release.

We sent a PR to valico since it is a crate we might use in the future.