From 1c37f2a74cbbd947e913fe267d3918d8b61709a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Wed, 21 Jan 2026 12:01:21 +0100 Subject: [PATCH 1/8] add regression tests --- .../src/enterprise/firewall/tests.rs | 176 ++++++++++++++++++ 1 file changed, 176 insertions(+) diff --git a/crates/defguard_core/src/enterprise/firewall/tests.rs b/crates/defguard_core/src/enterprise/firewall/tests.rs index abad1a6910..8ee27a94dd 100644 --- a/crates/defguard_core/src/enterprise/firewall/tests.rs +++ b/crates/defguard_core/src/enterprise/firewall/tests.rs @@ -3952,3 +3952,179 @@ async fn test_destination_alias_only_acl(_: PgPoolOptions, options: PgConnectOpt Some("ACL 1 - test rule, ALIAS 2 - redis DENY".to_string()) ); } + +#[sqlx::test] +async fn test_gh1868_ipv6_rule_is_not_created_with_v4_only_destination( + _: PgPoolOptions, + options: PgConnectOptions, +) { + let pool = setup_pool(options).await; + + let mut rng = thread_rng(); + + // Create test location with both IPv4 and IPv6 subnet + let location = WireguardNetwork { + id: NoId, + acl_enabled: true, + address: vec![ + IpNetwork::new(IpAddr::V4(Ipv4Addr::new(10, 0, 80, 1)), 24).unwrap(), + IpNetwork::new( + IpAddr::V6(Ipv6Addr::new(0x2001, 0xdb8, 0, 0, 0, 0, 0, 1)), + 64, + ) + .unwrap(), + ], + ..Default::default() + }; + let location = location.save(&pool).await.unwrap(); + + // setup user & device + let user: User = rng.r#gen(); + let user = user.save(&pool).await.unwrap(); + + let device = Device { + id: NoId, + name: format!("device-{}", user.id), + user_id: user.id, + device_type: DeviceType::User, + description: None, + wireguard_pubkey: Default::default(), + created: Default::default(), + configured: true, + }; + let device = device.save(&pool).await.unwrap(); + + // assign network address to device + let mut conn = pool.acquire().await.unwrap(); + location + .add_device_to_network(&mut conn, &device, None) + .await + .unwrap(); + + // create a rule with only an IPv4 destination + let acl_rule = AclRule { + id: NoId, + name: "Web Access".into(), + all_networks: true, + expires: None, + allow_all_users: true, + deny_all_users: false, + allow_all_network_devices: false, + deny_all_network_devices: false, + destination: vec!["192.168.1.0/24".parse().unwrap()], + ports: vec![ + PortRange::new(80, 80).into(), + PortRange::new(443, 443).into(), + ], + protocols: vec![Protocol::Tcp.into()], + enabled: true, + parent_id: None, + state: RuleState::Applied, + }; + acl_rule.save(&pool).await.unwrap(); + + // verify only IPv4 rules are created + let generated_firewall_config = location + .try_get_firewall_config(&mut conn) + .await + .unwrap() + .unwrap(); + let generated_firewall_rules = generated_firewall_config.rules; + assert_eq!(generated_firewall_rules.len(), 2); + + let allow_rule = &generated_firewall_rules[0]; + assert_eq!(allow_rule.verdict, i32::from(FirewallPolicy::Allow)); + assert_eq!(allow_rule.ip_version, i32::from(IpVersion::Ipv4)); + + let deny_rule = &generated_firewall_rules[1]; + assert_eq!(deny_rule.verdict, i32::from(FirewallPolicy::Deny)); + assert_eq!(allow_rule.ip_version, i32::from(IpVersion::Ipv4)); +} + +#[sqlx::test] +async fn test_gh1868_ipv4_rule_is_not_created_with_v6_only_destination( + _: PgPoolOptions, + options: PgConnectOptions, +) { + let pool = setup_pool(options).await; + + let mut rng = thread_rng(); + + // Create test location with both IPv4 and IPv6 subnet + let location = WireguardNetwork { + id: NoId, + acl_enabled: true, + address: vec![ + IpNetwork::new(IpAddr::V4(Ipv4Addr::new(10, 0, 80, 1)), 24).unwrap(), + IpNetwork::new( + IpAddr::V6(Ipv6Addr::new(0x2001, 0xdb8, 0, 0, 0, 0, 0, 1)), + 64, + ) + .unwrap(), + ], + ..Default::default() + }; + let location = location.save(&pool).await.unwrap(); + + // setup user & device + let user: User = rng.r#gen(); + let user = user.save(&pool).await.unwrap(); + + let device = Device { + id: NoId, + name: format!("device-{}", user.id), + user_id: user.id, + device_type: DeviceType::User, + description: None, + wireguard_pubkey: Default::default(), + created: Default::default(), + configured: true, + }; + let device = device.save(&pool).await.unwrap(); + + // assign network address to device + let mut conn = pool.acquire().await.unwrap(); + location + .add_device_to_network(&mut conn, &device, None) + .await + .unwrap(); + + // create a rule with only an IPv4 destination + let acl_rule = AclRule { + id: NoId, + name: "Web Access".into(), + all_networks: true, + expires: None, + allow_all_users: true, + deny_all_users: false, + allow_all_network_devices: false, + deny_all_network_devices: false, + destination: vec!["fc00::0/112".parse().unwrap()], + ports: vec![ + PortRange::new(80, 80).into(), + PortRange::new(443, 443).into(), + ], + protocols: vec![Protocol::Tcp.into()], + enabled: true, + parent_id: None, + state: RuleState::Applied, + }; + acl_rule.save(&pool).await.unwrap(); + + // verify only IPv4 rules are created + let generated_firewall_config = location + .try_get_firewall_config(&mut conn) + .await + .unwrap() + .unwrap(); + let generated_firewall_rules = generated_firewall_config.rules; + assert_eq!(generated_firewall_rules.len(), 2); + + let allow_rule = &generated_firewall_rules[0]; + assert_eq!(allow_rule.verdict, i32::from(FirewallPolicy::Allow)); + assert_eq!(allow_rule.ip_version, i32::from(IpVersion::Ipv6)); + + let deny_rule = &generated_firewall_rules[1]; + assert_eq!(deny_rule.verdict, i32::from(FirewallPolicy::Deny)); + assert_eq!(allow_rule.ip_version, i32::from(IpVersion::Ipv6)); +} From 279387a782974990436ee36c6d6334a2863ecd29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Wed, 21 Jan 2026 12:01:38 +0100 Subject: [PATCH 2/8] prevent creation of invalid rules --- .../src/enterprise/firewall/mod.rs | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/crates/defguard_core/src/enterprise/firewall/mod.rs b/crates/defguard_core/src/enterprise/firewall/mod.rs index eebb8bcc50..e833bf6bd1 100644 --- a/crates/defguard_core/src/enterprise/firewall/mod.rs +++ b/crates/defguard_core/src/enterprise/firewall/mod.rs @@ -55,8 +55,8 @@ pub async fn generate_firewall_rules_from_acls( let location = WireguardNetwork::find_by_id(&mut *conn, location_id) .await? .ok_or(ModelError::NotFound)?; - let has_ipv4_addresses = location.address.iter().any(IpNetwork::is_ipv4); - let has_ipv6_addresses = location.address.iter().any(IpNetwork::is_ipv6); + let location_has_ipv4_addresses = location.address.iter().any(IpNetwork::is_ipv4); + let location_has_ipv6_addresses = location.address.iter().any(IpNetwork::is_ipv6); // convert each ACL into a corresponding `FirewallRule`s for acl in acl_rules { @@ -148,8 +148,9 @@ pub async fn generate_firewall_rules_from_acls( // skip creating default firewall rules if given ACL includes only destination aliases and no manual destination config // at this point component aliases have been added to the manual config so they don't need to be handled separately - let has_no_manual_destination = dest_addrs_v4.is_empty() - && dest_addrs_v6.is_empty() + let has_v4_destination = !dest_addrs_v4.is_empty(); + let has_v6_destination = !dest_addrs_v6.is_empty(); + let has_no_manual_destination = !(has_v4_destination || has_v6_destination) && destination_ports.is_empty() && protocols.is_empty(); let has_destination_aliases = !destination_aliases.is_empty(); @@ -157,7 +158,7 @@ pub async fn generate_firewall_rules_from_acls( if !is_destination_alias_only_rule { let comment = format!("ACL {} - {}", acl.id, acl.name); - if has_ipv4_addresses { + if location_has_ipv4_addresses && has_v4_destination { // create IPv4 rules let ipv4_rules = create_rules( acl.id, @@ -174,7 +175,7 @@ pub async fn generate_firewall_rules_from_acls( deny_rules.push(ipv4_rules.1); } - if has_ipv6_addresses { + if location_has_ipv6_addresses && has_v6_destination { // create IPv6 rules let ipv6_rules = create_rules( acl.id, @@ -222,7 +223,7 @@ pub async fn generate_firewall_rules_from_acls( "ACL {} - {}, ALIAS {} - {}", acl.id, acl.name, alias.id, alias.name ); - if has_ipv4_addresses { + if location_has_ipv4_addresses { // create IPv4 rules let ipv4_rules = create_rules( alias.id, @@ -239,7 +240,7 @@ pub async fn generate_firewall_rules_from_acls( deny_rules.push(ipv4_rules.1); } - if has_ipv6_addresses { + if location_has_ipv6_addresses { // create IPv6 rules let ipv6_rules = create_rules( alias.id, From 59d7ddc662fa53dc909eadb8395509a119f6fa39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Wed, 21 Jan 2026 12:47:18 +0100 Subject: [PATCH 3/8] update existing tests --- .../src/enterprise/firewall/tests.rs | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/crates/defguard_core/src/enterprise/firewall/tests.rs b/crates/defguard_core/src/enterprise/firewall/tests.rs index 8ee27a94dd..6347ebce52 100644 --- a/crates/defguard_core/src/enterprise/firewall/tests.rs +++ b/crates/defguard_core/src/enterprise/firewall/tests.rs @@ -2433,6 +2433,7 @@ async fn test_expired_acl_rules_ipv4(_: PgPoolOptions, options: PgConnectOptions expires: Some(DateTime::UNIX_EPOCH.naive_utc()), enabled: true, state: RuleState::Applied, + destination: vec!["10.0.20.0/24".parse().unwrap()], ..Default::default() } .save(&pool) @@ -2443,6 +2444,7 @@ async fn test_expired_acl_rules_ipv4(_: PgPoolOptions, options: PgConnectOptions expires: Some(DateTime::UNIX_EPOCH.naive_utc()), enabled: true, state: RuleState::Applied, + destination: vec!["10.0.22.0/24".parse().unwrap()], ..Default::default() } .save(&pool) @@ -2504,6 +2506,7 @@ async fn test_expired_acl_rules_ipv6(_: PgPoolOptions, options: PgConnectOptions expires: Some(DateTime::UNIX_EPOCH.naive_utc()), enabled: true, state: RuleState::Applied, + destination: vec!["fb00::0/112".parse().unwrap()], ..Default::default() } .save(&pool) @@ -2514,6 +2517,7 @@ async fn test_expired_acl_rules_ipv6(_: PgPoolOptions, options: PgConnectOptions expires: Some(DateTime::UNIX_EPOCH.naive_utc()), enabled: true, state: RuleState::Applied, + destination: vec!["fc00::0/112".parse().unwrap()], ..Default::default() } .save(&pool) @@ -2578,6 +2582,10 @@ async fn test_expired_acl_rules_ipv4_and_ipv6(_: PgPoolOptions, options: PgConne expires: Some(DateTime::UNIX_EPOCH.naive_utc()), enabled: true, state: RuleState::Applied, + destination: vec![ + "10.0.20.0/24".parse().unwrap(), + "fb00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) @@ -2588,6 +2596,10 @@ async fn test_expired_acl_rules_ipv4_and_ipv6(_: PgPoolOptions, options: PgConne expires: Some(DateTime::UNIX_EPOCH.naive_utc()), enabled: true, state: RuleState::Applied, + destination: vec![ + "10.0.30.0/24".parse().unwrap(), + "fa00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) @@ -2648,6 +2660,7 @@ async fn test_disabled_acl_rules_ipv4(_: PgPoolOptions, options: PgConnectOption expires: None, enabled: false, state: RuleState::Applied, + destination: vec!["10.0.10.10".parse().unwrap()], ..Default::default() } .save(&pool) @@ -2658,6 +2671,7 @@ async fn test_disabled_acl_rules_ipv4(_: PgPoolOptions, options: PgConnectOption expires: None, enabled: false, state: RuleState::Applied, + destination: vec!["10.0.10.10".parse().unwrap()], ..Default::default() } .save(&pool) @@ -2718,6 +2732,7 @@ async fn test_disabled_acl_rules_ipv6(_: PgPoolOptions, options: PgConnectOption id: NoId, expires: None, enabled: false, + destination: vec!["fc00::0/112".parse().unwrap()], state: RuleState::Applied, ..Default::default() } @@ -2728,6 +2743,7 @@ async fn test_disabled_acl_rules_ipv6(_: PgPoolOptions, options: PgConnectOption id: NoId, expires: None, enabled: false, + destination: vec!["fb00::0/112".parse().unwrap()], state: RuleState::Applied, ..Default::default() } @@ -2793,6 +2809,10 @@ async fn test_disabled_acl_rules_ipv4_and_ipv6(_: PgPoolOptions, options: PgConn expires: None, enabled: false, state: RuleState::Applied, + destination: vec![ + "10.0.10.0/24".parse().unwrap(), + "fc00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) @@ -2803,6 +2823,10 @@ async fn test_disabled_acl_rules_ipv4_and_ipv6(_: PgPoolOptions, options: PgConn expires: None, enabled: false, state: RuleState::Applied, + destination: vec![ + "10.0.20.0/24".parse().unwrap(), + "fb00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) @@ -2863,6 +2887,7 @@ async fn test_unapplied_acl_rules_ipv4(_: PgPoolOptions, options: PgConnectOptio expires: None, enabled: true, state: RuleState::New, + destination: vec!["10.0.20.0/24".parse().unwrap()], ..Default::default() } .save(&pool) @@ -2873,6 +2898,7 @@ async fn test_unapplied_acl_rules_ipv4(_: PgPoolOptions, options: PgConnectOptio expires: None, enabled: true, state: RuleState::Modified, + destination: vec!["10.1.20.0/24".parse().unwrap()], ..Default::default() } .save(&pool) @@ -2934,6 +2960,10 @@ async fn test_unapplied_acl_rules_ipv6(_: PgPoolOptions, options: PgConnectOptio expires: None, enabled: true, state: RuleState::New, + destination: vec![ + "10.0.20.0/24".parse().unwrap(), + "fa00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) @@ -2944,6 +2974,7 @@ async fn test_unapplied_acl_rules_ipv6(_: PgPoolOptions, options: PgConnectOptio expires: None, enabled: true, state: RuleState::Modified, + destination: vec!["fb00::0/112".parse().unwrap()], ..Default::default() } .save(&pool) @@ -3008,6 +3039,10 @@ async fn test_unapplied_acl_rules_ipv4_and_ipv6(_: PgPoolOptions, options: PgCon expires: None, enabled: true, state: RuleState::New, + destination: vec![ + "10.0.20.0/24".parse().unwrap(), + "fb00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) @@ -3018,6 +3053,10 @@ async fn test_unapplied_acl_rules_ipv4_and_ipv6(_: PgPoolOptions, options: PgCon expires: None, enabled: true, state: RuleState::Modified, + destination: vec![ + "10.2.20.0/24".parse().unwrap(), + "eb00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) @@ -3153,6 +3192,7 @@ async fn test_acl_rules_all_locations_ipv4(_: PgPoolOptions, options: PgConnectO enabled: true, all_networks: true, state: RuleState::Applied, + destination: vec!["192.168.2.0/24".parse().unwrap()], ..Default::default() } .save(&pool) @@ -3166,6 +3206,7 @@ async fn test_acl_rules_all_locations_ipv4(_: PgPoolOptions, options: PgConnectO all_networks: true, allow_all_users: true, state: RuleState::Applied, + destination: vec!["192.168.3.0/24".parse().unwrap()], ..Default::default() } .save(&pool) @@ -3315,6 +3356,7 @@ async fn test_acl_rules_all_locations_ipv6(_: PgPoolOptions, options: PgConnectO enabled: true, all_networks: true, state: RuleState::Applied, + destination: vec!["fb00::0/112".parse().unwrap()], ..Default::default() } .save(&pool) @@ -3328,6 +3370,7 @@ async fn test_acl_rules_all_locations_ipv6(_: PgPoolOptions, options: PgConnectO all_networks: true, allow_all_users: true, state: RuleState::Applied, + destination: vec!["fa00::0/112".parse().unwrap()], ..Default::default() } .save(&pool) @@ -3491,6 +3534,10 @@ async fn test_acl_rules_all_locations_ipv4_and_ipv6(_: PgPoolOptions, options: P enabled: true, all_networks: true, state: RuleState::Applied, + destination: vec![ + "192.168.2.0/24".parse().unwrap(), + "fb00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) @@ -3504,6 +3551,10 @@ async fn test_acl_rules_all_locations_ipv4_and_ipv6(_: PgPoolOptions, options: P all_networks: true, allow_all_users: true, state: RuleState::Applied, + destination: vec![ + "192.168.3.0/24".parse().unwrap(), + "fa00::0/112".parse().unwrap(), + ], ..Default::default() } .save(&pool) From 678428edad447bfb0c7b35a566a91e1936b15fd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Wed, 21 Jan 2026 13:00:34 +0100 Subject: [PATCH 4/8] avoid stripping /32 from IPv6 --- .../src/enterprise/db/models/acl.rs | 28 +++++++++++++++---- web/src/i18n/i18n-types.ts | 4 +-- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/crates/defguard_core/src/enterprise/db/models/acl.rs b/crates/defguard_core/src/enterprise/db/models/acl.rs index 069a9ebe81..80723848e9 100644 --- a/crates/defguard_core/src/enterprise/db/models/acl.rs +++ b/crates/defguard_core/src/enterprise/db/models/acl.rs @@ -185,7 +185,16 @@ impl AclRuleInfo { // process single addresses let addrs = match &self.destination { d if d.is_empty() => String::new(), - d => d.iter().map(|a| a.to_string() + ", ").collect::(), + d => d + .iter() + .map(|a| { + let mut addr_string = a.to_string() + ", "; + if a.is_ipv4() { + addr_string = addr_string.replace("/32", ""); + }; + addr_string + }) + .collect::(), }; // process address ranges let ranges = match &self.destination_ranges { @@ -196,7 +205,7 @@ impl AclRuleInfo { }; // remove full mask from resulting string - let destination = (addrs + &ranges).replace("/32", ""); + let destination = addrs + &ranges; if destination.is_empty() { destination } else { @@ -1365,10 +1374,19 @@ pub struct AclAliasInfo { impl AclAliasInfo { /// Constructs a [`String`] of comma-separated addresses and address ranges pub fn format_destination(&self) -> String { - // process single addresses + // process single addresses and subnets let addrs = match &self.destination { d if d.is_empty() => String::new(), - d => d.iter().map(|a| a.to_string() + ", ").collect::(), + d => d + .iter() + .map(|a| { + let mut addr_string = a.to_string() + ", "; + if a.is_ipv4() { + addr_string = addr_string.replace("/32", ""); + }; + addr_string + }) + .collect::(), }; // process address ranges let ranges = match &self.destination_ranges { @@ -1379,7 +1397,7 @@ impl AclAliasInfo { }; // remove full mask from resulting string - let destination = (addrs + &ranges).replace("/32", ""); + let destination = addrs + &ranges; if destination.is_empty() { destination } else { diff --git a/web/src/i18n/i18n-types.ts b/web/src/i18n/i18n-types.ts index 813e6609f6..966b6227f8 100644 --- a/web/src/i18n/i18n-types.ts +++ b/web/src/i18n/i18n-types.ts @@ -5598,7 +5598,7 @@ type RootTranslation = { title: string /** * - ​I​f​ ​y​o​u​ ​n​e​e​d​ ​a​s​s​i​s​t​a​n​c​e​ ​o​r​ ​y​o​u​ ​w​e​r​e​ ​a​s​k​e​d​ ​t​o​ ​g​e​n​e​r​a​t​e​ ​s​u​p​p​o​r​t​ ​d​a​t​a​ ​b​y​ ​o​u​r​ ​t​e​a​m​ ​(​f​o​r​ ​e​x​a​m​p​l​e​ ​o​n​ ​o​u​r​ ​M​a​t​r​i​x​ ​s​u​p​p​o​r​t​ ​c​h​a​n​n​e​l​:​ ​*​*​#​d​e​f​g​u​a​r​d​-​s​u​p​p​o​r​t​:​t​e​o​n​i​t​e​.​c​o​m​*​*​)​,​ ​y​o​u​ ​h​a​v​e​ ​t​w​o​ ​o​p​t​i​o​n​s​:​ + ​I​f​ ​y​o​u​ ​n​e​e​d​ ​a​s​s​i​s​t​a​n​c​e​ ​o​r​ ​y​o​u​ ​w​e​r​e​ ​a​s​k​e​d​ ​t​o​ ​g​e​n​e​r​a​t​e​ ​s​u​p​p​o​r​t​ ​d​a​t​a​ ​b​y​ ​o​u​r​ ​t​e​a​m​ ​y​o​u​ ​h​a​v​e​ ​t​w​o​ ​o​p​t​i​o​n​s​:​ ​*​ ​E​i​t​h​e​r​ ​y​o​u​ ​c​a​n​ ​c​o​n​f​i​g​u​r​e​ ​S​M​T​P​ ​s​e​t​t​i​n​g​s​ ​a​n​d​ ​c​l​i​c​k​ ​"​S​e​n​d​ ​s​u​p​p​o​r​t​ ​d​a​t​a​"​ ​*​ ​O​r​ ​c​l​i​c​k​ ​"​D​o​w​n​l​o​a​d​ ​s​u​p​p​o​r​t​ ​d​a​t​a​"​ ​a​n​d​ ​c​r​e​a​t​e​ ​a​ ​b​u​g​ ​r​e​p​o​r​t​ ​i​n​ ​o​u​r​ ​G​i​t​H​u​b​ ​a​t​t​a​c​h​i​n​g​ ​t​h​i​s​ ​f​i​l​e​.​ @@ -12349,7 +12349,7 @@ export type TranslationFunctions = { title: () => LocalizedString /** * - If you need assistance or you were asked to generate support data by our team (for example on our Matrix support channel: **#defguard-support:teonite.com**), you have two options: + If you need assistance or you were asked to generate support data by our team you have two options: * Either you can configure SMTP settings and click "Send support data" * Or click "Download support data" and create a bug report in our GitHub attaching this file. From b86828e05914a000279d45e3f1312f307d65e13a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Wed, 21 Jan 2026 13:08:02 +0100 Subject: [PATCH 5/8] bump version --- Cargo.lock | 2 +- Cargo.toml | 2 +- crates/defguard_common/Cargo.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c074d72b22..df144b1823 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1116,7 +1116,7 @@ dependencies = [ [[package]] name = "defguard_common" -version = "1.6.1" +version = "1.6.2" dependencies = [ "anyhow", "base64 0.22.1", diff --git a/Cargo.toml b/Cargo.toml index f4199df53b..f7a5a18db4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ resolver = "2" [workspace.dependencies] # internal crates -defguard_common = { path = "./crates/defguard_common", version = "1.5.2" } +defguard_common = { path = "./crates/defguard_common", version = "1.6.2" } defguard_core = { path = "./crates/defguard_core", version = "0.0.0" } defguard_event_logger = { path = "./crates/defguard_event_logger", version = "0.0.0" } defguard_event_router = { path = "./crates/defguard_event_router", version = "0.0.0" } diff --git a/crates/defguard_common/Cargo.toml b/crates/defguard_common/Cargo.toml index d505a0c27d..e372f1162a 100644 --- a/crates/defguard_common/Cargo.toml +++ b/crates/defguard_common/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "defguard_common" -version = "1.6.1" +version = "1.6.2" edition.workspace = true license-file.workspace = true homepage.workspace = true From 0931a83711e2a49e91ec6546d75c634b979a5ae7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Wed, 21 Jan 2026 13:11:58 +0100 Subject: [PATCH 6/8] update dependencies --- Cargo.lock | 229 +++++++++++++++++++++++++++-------------------------- flake.lock | 12 +-- 2 files changed, 122 insertions(+), 119 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index df144b1823..f4f9233221 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -404,9 +404,9 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "base64ct" -version = "1.8.2" +version = "1.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d809780667f4410e7c41b07f52439b94d2bdf8528eeedc287fa38d3b7f95d82" +checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" [[package]] name = "base64urlsafedata" @@ -437,7 +437,7 @@ dependencies = [ "proc-macro2", "quote", "syn", - "thiserror 2.0.17", + "thiserror 2.0.18", ] [[package]] @@ -574,9 +574,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.52" +version = "1.2.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd4932aefd12402b36c60956a4fe0035421f544799057659ff86f923657aada3" +checksum = "755d2fce177175ffca841e9a06afdb2c4ab0f593d53b4dee48147dfaade85932" dependencies = [ "find-msvc-tools", "jobserver", @@ -607,9 +607,9 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" [[package]] name = "chrono" -version = "0.4.42" +version = "0.4.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "145052bdd345b87320e369255277e3fb5152762ad123a901ef5c262dd38fe8d2" +checksum = "fac4744fb15ae8337dc853fee7fb3f4e48c0fbaa23d0afe49c447b4fab126118" dependencies = [ "iana-time-zone", "js-sys", @@ -703,9 +703,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.7.6" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d" +checksum = "c3e64b0cc0439b12df2fa678eae89a1c56a529fd067a9115f7827f1fffd22b32" [[package]] name = "cmac" @@ -754,7 +754,7 @@ version = "0.1.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f9d839f2a20b0aee515dc581a6172f2321f96cab76c1a38a4c584a194955390e" dependencies = [ - "getrandom 0.2.16", + "getrandom 0.2.17", "once_cell", "tiny-keccak", ] @@ -1083,9 +1083,9 @@ dependencies = [ [[package]] name = "data-encoding" -version = "2.9.0" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476" +checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea" [[package]] name = "dbl" @@ -1136,7 +1136,7 @@ dependencies = [ "serde", "sqlx", "struct-patch", - "thiserror 2.0.17", + "thiserror 2.0.18", "tonic", "tracing", "utoipa", @@ -1199,7 +1199,7 @@ dependencies = [ "strum", "strum_macros", "tera", - "thiserror 2.0.17", + "thiserror 2.0.18", "time", "tokio", "tokio-stream", @@ -1233,7 +1233,7 @@ dependencies = [ "defguard_core", "serde_json", "sqlx", - "thiserror 2.0.17", + "thiserror 2.0.18", "tokio", "tracing", ] @@ -1245,7 +1245,7 @@ dependencies = [ "defguard_core", "defguard_event_logger", "defguard_mail", - "thiserror 2.0.17", + "thiserror 2.0.18", "tokio", "tracing", ] @@ -1264,7 +1264,7 @@ dependencies = [ "serde_json", "sqlx", "tera", - "thiserror 2.0.17", + "thiserror 2.0.18", "tokio", "tracing", ] @@ -1289,7 +1289,7 @@ dependencies = [ "os_info", "semver", "serde", - "thiserror 2.0.17", + "thiserror 2.0.18", "tonic", "tower", "tracing", @@ -1701,9 +1701,9 @@ checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "find-msvc-tools" -version = "0.1.7" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f449e6c6c08c865631d4890cfacf252b3d396c9bcc83adb6623cdb02a8336c41" +checksum = "8591b0bcc8a98a64310a2fae1bb3e9b8564dd10e381e6e28010fde8e8e8568db" [[package]] name = "fixedbitset" @@ -1713,13 +1713,13 @@ checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99" [[package]] name = "flate2" -version = "1.1.5" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfe33edd8e85a12a67454e37f8c75e730830d83e313556ab9ebf9ee7fbeb3bfb" +checksum = "b375d6465b98090a5f25b1c7703f3859783755aa9a80433b36e0379a3ec2f369" dependencies = [ "crc32fast", - "libz-rs-sys", "miniz_oxide", + "zlib-rs", ] [[package]] @@ -1917,9 +1917,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.16" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" dependencies = [ "cfg-if", "js-sys", @@ -2574,9 +2574,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.83" +version = "0.3.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "464a3709c7f55f1f721e5389aa6ea4e3bc6aba669353300af094b29ffbdde1d8" +checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" dependencies = [ "once_cell", "wasm-bindgen", @@ -2753,15 +2753,6 @@ dependencies = [ "vcpkg", ] -[[package]] -name = "libz-rs-sys" -version = "0.5.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c10501e7805cee23da17c7790e59df2870c0d4043ec6d03f67d31e2b53e77415" -dependencies = [ - "zlib-rs", -] - [[package]] name = "libz-sys" version = "1.1.23" @@ -3132,7 +3123,7 @@ checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d" dependencies = [ "base64 0.22.1", "chrono", - "getrandom 0.2.16", + "getrandom 0.2.17", "http", "rand 0.8.5", "reqwest", @@ -3416,9 +3407,9 @@ checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" [[package]] name = "openssl-probe" -version = "0.2.0" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f50d9b3dabb09ecd771ad0aa242ca6894994c130308ca3d7684634df8037391" +checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" [[package]] name = "openssl-sys" @@ -3647,11 +3638,12 @@ dependencies = [ [[package]] name = "petgraph" -version = "0.7.1" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3672b37090dbd86368a4145bc067582552b29c27377cad4e0a306c97f9bd7772" +checksum = "8701b58ea97060d5e5b155d383a69952a60943f0e6dfe30b04c287beb0b27455" dependencies = [ "fixedbitset", + "hashbrown 0.15.5", "indexmap 2.13.0", ] @@ -3915,9 +3907,9 @@ dependencies = [ [[package]] name = "prost" -version = "0.14.1" +version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7231bd9b3d3d33c86b58adbac74b5ec0ad9f496b19d22801d773636feaa95f3d" +checksum = "d2ea70524a2f82d518bce41317d0fae74151505651af45faf1ffbd6fd33f0568" dependencies = [ "bytes", "prost-derive", @@ -3925,15 +3917,14 @@ dependencies = [ [[package]] name = "prost-build" -version = "0.14.1" +version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac6c3320f9abac597dcbc668774ef006702672474aad53c6d596b62e487b40b1" +checksum = "343d3bd7056eda839b03204e68deff7d1b13aba7af2b2fd16890697274262ee7" dependencies = [ "heck", "itertools 0.14.0", "log", "multimap", - "once_cell", "petgraph", "prettyplease", "prost", @@ -3947,9 +3938,9 @@ dependencies = [ [[package]] name = "prost-derive" -version = "0.14.1" +version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9120690fafc389a67ba3803df527d0ec9cbbc9cc45e4cc20b332996dfb672425" +checksum = "27c6023962132f4b30eb4c172c91ce92d933da334c59c23cddee82358ddafb0b" dependencies = [ "anyhow", "itertools 0.14.0", @@ -3960,9 +3951,9 @@ dependencies = [ [[package]] name = "prost-types" -version = "0.14.1" +version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9b4db3d6da204ed77bb26ba83b6122a73aeb2e87e25fbf7ad2e84c4ccbf8f72" +checksum = "8991c4cbdb8bc5b11f0b074ffe286c30e523de90fee5ba8132f1399f23cb3dd7" dependencies = [ "prost", ] @@ -4014,9 +4005,9 @@ checksum = "007d8adb5ddab6f8e3f491ac63566a7d5002cc7ed73901f72057943fa71ae1ae" [[package]] name = "pulldown-cmark-to-cmark" -version = "21.1.0" +version = "22.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8246feae3db61428fd0bb94285c690b460e4517d83152377543ca802357785f1" +checksum = "50793def1b900256624a709439404384204a5dc3a6ec580281bfaac35e882e90" dependencies = [ "pulldown-cmark", ] @@ -4035,7 +4026,7 @@ dependencies = [ "rustc-hash", "rustls", "socket2", - "thiserror 2.0.17", + "thiserror 2.0.18", "tokio", "tracing", "web-time", @@ -4056,7 +4047,7 @@ dependencies = [ "rustls", "rustls-pki-types", "slab", - "thiserror 2.0.17", + "thiserror 2.0.18", "tinyvec", "tracing", "web-time", @@ -4121,7 +4112,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" dependencies = [ "rand_chacha 0.9.0", - "rand_core 0.9.3", + "rand_core 0.9.5", ] [[package]] @@ -4141,7 +4132,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" dependencies = [ "ppv-lite86", - "rand_core 0.9.3", + "rand_core 0.9.5", ] [[package]] @@ -4150,14 +4141,14 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom 0.2.16", + "getrandom 0.2.17", ] [[package]] name = "rand_core" -version = "0.9.3" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" +checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" dependencies = [ "getrandom 0.3.4", ] @@ -4297,7 +4288,7 @@ checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" dependencies = [ "cc", "cfg-if", - "getrandom 0.2.16", + "getrandom 0.2.17", "libc", "untrusted", "windows-sys 0.52.0", @@ -4335,9 +4326,9 @@ dependencies = [ [[package]] name = "rust-embed" -version = "8.9.0" +version = "8.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "947d7f3fad52b283d261c4c99a084937e2fe492248cb9a68a8435a861b8798ca" +checksum = "04113cb9355a377d83f06ef1f0a45b8ab8cd7d8b1288160717d66df5c7988d27" dependencies = [ "rust-embed-impl", "rust-embed-utils", @@ -4346,9 +4337,9 @@ dependencies = [ [[package]] name = "rust-embed-impl" -version = "8.9.0" +version = "8.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fa2c8c9e8711e10f9c4fd2d64317ef13feaab820a4c51541f1a8c8e2e851ab2" +checksum = "da0902e4c7c8e997159ab384e6d0fc91c221375f6894346ae107f47dd0f3ccaa" dependencies = [ "proc-macro2", "quote", @@ -4359,9 +4350,9 @@ dependencies = [ [[package]] name = "rust-embed-utils" -version = "8.9.0" +version = "8.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60b161f275cb337fe0a44d924a5f4df0ed69c2c39519858f931ce61c779d3475" +checksum = "5bcdef0be6fe7f6fa333b1073c949729274b05f123a0ad7efcb8efd878e5c3b1" dependencies = [ "globset", "sha2", @@ -4437,7 +4428,7 @@ version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "612460d5f7bea540c490b2b6395d8e34a953e52b491accd6c86c8164c5932a63" dependencies = [ - "openssl-probe 0.2.0", + "openssl-probe 0.2.1", "rustls-pki-types", "schannel", "security-framework 3.5.1", @@ -4445,9 +4436,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.13.2" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21e6f2ab2928ca4291b86736a8bd920a277a399bba1589409d72154ff87c1282" +checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" dependencies = [ "web-time", "zeroize", @@ -4455,9 +4446,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.8" +version = "0.103.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ffdfa2f5286e2247234e03f680868ac2815974dc39e00ea15adc445d0aafe52" +checksum = "d7df23109aa6c1567d1c575b9952556388da57401e4ace1d15f79eedad0d8f53" dependencies = [ "ring", "rustls-pki-types", @@ -4709,7 +4700,7 @@ checksum = "f3faaf9e727533a19351a43cc5a8de957372163c7d35cc48c90b75cdda13c352" dependencies = [ "percent-encoding", "serde", - "thiserror 2.0.17", + "thiserror 2.0.18", ] [[package]] @@ -4894,7 +4885,7 @@ checksum = "297f631f50729c8c99b84667867963997ec0b50f32b2a7dbcab828ef0541e8bb" dependencies = [ "num-bigint", "num-traits", - "thiserror 2.0.17", + "thiserror 2.0.18", "time", ] @@ -5022,7 +5013,7 @@ dependencies = [ "serde_json", "sha2", "smallvec", - "thiserror 2.0.17", + "thiserror 2.0.18", "tokio", "tokio-stream", "tracing", @@ -5106,7 +5097,7 @@ dependencies = [ "smallvec", "sqlx-core", "stringprep", - "thiserror 2.0.17", + "thiserror 2.0.18", "tracing", "uuid", "whoami", @@ -5146,7 +5137,7 @@ dependencies = [ "smallvec", "sqlx-core", "stringprep", - "thiserror 2.0.17", + "thiserror 2.0.18", "tracing", "uuid", "whoami", @@ -5172,7 +5163,7 @@ dependencies = [ "serde", "serde_urlencoded", "sqlx-core", - "thiserror 2.0.17", + "thiserror 2.0.18", "tracing", "url", "uuid", @@ -5442,11 +5433,11 @@ dependencies = [ [[package]] name = "thiserror" -version = "2.0.17" +version = "2.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f63587ca0f12b72a0600bcba1d40081f830876000bb46dd2337a3051618f4fc8" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" dependencies = [ - "thiserror-impl 2.0.17", + "thiserror-impl 2.0.18", ] [[package]] @@ -5462,9 +5453,9 @@ dependencies = [ [[package]] name = "thiserror-impl" -version = "2.0.17" +version = "2.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ff15c8ecd7de3849db632e14d18d2571fa09dfc5ed93479bc4485c7a517c913" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" dependencies = [ "proc-macro2", "quote", @@ -5482,9 +5473,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.44" +version = "0.3.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e7d9e3bb61134e77bde20dd4825b97c010155709965fedf0f49bb138e52a9d" +checksum = "f9e442fc33d7fdb45aa9bfeb312c095964abdf596f7567261062b2a7107aaabd" dependencies = [ "deranged", "itoa", @@ -5492,22 +5483,22 @@ dependencies = [ "num-conv", "num_threads", "powerfmt", - "serde", + "serde_core", "time-core", "time-macros", ] [[package]] name = "time-core" -version = "0.1.6" +version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b" +checksum = "8b36ee98fd31ec7426d599183e8fe26932a8dc1fb76ddb6214d05493377d34ca" [[package]] name = "time-macros" -version = "0.2.24" +version = "0.2.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3" +checksum = "71e552d1249bf61ac2a52db88179fd0673def1e1ad8243a00d9ec9ed71fee3dd" dependencies = [ "num-conv", "time-core", @@ -5747,9 +5738,9 @@ dependencies = [ [[package]] name = "tower" -version = "0.5.2" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" dependencies = [ "futures-core", "futures-util", @@ -6104,15 +6095,15 @@ checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" [[package]] name = "vergen" -version = "9.0.6" +version = "9.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b2bf58be11fc9414104c6d3a2e464163db5ef74b12296bda593cac37b6e4777" +checksum = "b849a1f6d8639e8de261e81ee0fc881e3e3620db1af9f2e0da015d4382ceaf75" dependencies = [ "anyhow", "derive_builder", "rustversion", "time", - "vergen-lib", + "vergen-lib 9.1.0", ] [[package]] @@ -6127,7 +6118,7 @@ dependencies = [ "rustversion", "time", "vergen", - "vergen-lib", + "vergen-lib 0.1.6", ] [[package]] @@ -6141,6 +6132,17 @@ dependencies = [ "rustversion", ] +[[package]] +name = "vergen-lib" +version = "9.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b34a29ba7e9c59e62f229ae1932fb1b8fb8a6fdcc99215a641913f5f5a59a569" +dependencies = [ + "anyhow", + "derive_builder", + "rustversion", +] + [[package]] name = "version_check" version = "0.9.5" @@ -6174,9 +6176,9 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" [[package]] name = "wasip2" -version = "1.0.1+wasi-0.2.4" +version = "1.0.2+wasi-0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7" +checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" dependencies = [ "wit-bindgen", ] @@ -6189,9 +6191,9 @@ checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" [[package]] name = "wasm-bindgen" -version = "0.2.106" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d759f433fa64a2d763d1340820e46e111a7a5ab75f993d1852d70b03dbb80fd" +checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" dependencies = [ "cfg-if", "once_cell", @@ -6202,11 +6204,12 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.56" +version = "0.4.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836d9622d604feee9e5de25ac10e3ea5f2d65b41eac0d9ce72eb5deae707ce7c" +checksum = "70a6e77fd0ae8029c9ea0063f87c46fde723e7d887703d74ad2616d792e51e6f" dependencies = [ "cfg-if", + "futures-util", "js-sys", "once_cell", "wasm-bindgen", @@ -6215,9 +6218,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.106" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48cb0d2638f8baedbc542ed444afc0644a29166f1595371af4fecf8ce1e7eeb3" +checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -6225,9 +6228,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.106" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cefb59d5cd5f92d9dcf80e4683949f15ca4b511f4ac0a6e14d4e1ac60c6ecd40" +checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" dependencies = [ "bumpalo", "proc-macro2", @@ -6238,9 +6241,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.106" +version = "0.2.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cbc538057e648b67f72a982e708d485b2efa771e1ac05fec311f9f63e5800db4" +checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" dependencies = [ "unicode-ident", ] @@ -6260,9 +6263,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.83" +version = "0.3.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b32828d774c412041098d182a8b38b16ea816958e07cf40eec2bc080ae137ac" +checksum = "312e32e551d92129218ea9a2452120f4aabc03529ef03e4d0d82fb2780608598" dependencies = [ "js-sys", "wasm-bindgen", @@ -6731,9 +6734,9 @@ dependencies = [ [[package]] name = "wit-bindgen" -version = "0.46.0" +version = "0.51.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" [[package]] name = "writeable" @@ -6927,9 +6930,9 @@ checksum = "40990edd51aae2c2b6907af74ffb635029d5788228222c4bb811e9351c0caad3" [[package]] name = "zmij" -version = "1.0.12" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fc5a66a20078bf1251bde995aa2fdcc4b800c70b5d92dd2c62abc5c60f679f8" +checksum = "dfcd145825aace48cff44a8844de64bf75feec3080e0aa5cdbde72961ae51a65" [[package]] name = "zopfli" diff --git a/flake.lock b/flake.lock index b2ef29d1e0..ecf3280c53 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1765779637, - "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=", + "lastModified": 1768886240, + "narHash": "sha256-C2TjvwYZ2VDxYWeqvvJ5XPPp6U7H66zeJlRaErJKoEM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4", + "rev": "80e4adbcf8992d3fd27ad4964fbb84907f9478b0", "type": "github" }, "original": { @@ -48,11 +48,11 @@ ] }, "locked": { - "lastModified": 1765852971, - "narHash": "sha256-rQdOMqfQNhcfqvh1dFIVWh09mrIWwerUJqqBdhIsf8g=", + "lastModified": 1768963622, + "narHash": "sha256-n6VHiUgrYD9yjagzG6ncVVqFbVTsKCI54tR9PNAFCo0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "5f98ccecc9f1bc1c19c0a350a659af1a04b3b319", + "rev": "2ef5b3362af585a83bafd34e7fc9b1f388c2e5e2", "type": "github" }, "original": { From ff529bf5778b91885eaaa8a0ec1e7237e2c507bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Wed, 21 Jan 2026 13:33:28 +0100 Subject: [PATCH 7/8] reduce code duplication --- .../src/enterprise/db/models/acl.rs | 73 +++++++++---------- 1 file changed, 34 insertions(+), 39 deletions(-) diff --git a/crates/defguard_core/src/enterprise/db/models/acl.rs b/crates/defguard_core/src/enterprise/db/models/acl.rs index 80723848e9..eccb3314ed 100644 --- a/crates/defguard_core/src/enterprise/db/models/acl.rs +++ b/crates/defguard_core/src/enterprise/db/models/acl.rs @@ -179,23 +179,37 @@ pub struct AclRuleInfo { pub protocols: Vec, } +/// Constructs a [`String`] of comma-separated addresses. +fn format_destination(destination: &[IpNetwork]) -> String { + match destination { + d if d.is_empty() => String::new(), + d => d + .iter() + .map(|a| { + let mut addr_string = a.to_string() + ", "; + if a.is_ipv4() { + addr_string = addr_string.replace("/32", ""); + }; + addr_string + }) + .collect::(), + } +} +/// Constructs a [`String`] of comma-separated ports and port ranges. +fn format_ports(ports: &[PortRange]) -> String { + ports + .iter() + .map(ToString::to_string) + .collect::>() + .join(", ") +} + impl AclRuleInfo { /// Constructs a [`String`] of comma-separated addresses and address ranges. pub(crate) fn format_destination(&self) -> String { - // process single addresses - let addrs = match &self.destination { - d if d.is_empty() => String::new(), - d => d - .iter() - .map(|a| { - let mut addr_string = a.to_string() + ", "; - if a.is_ipv4() { - addr_string = addr_string.replace("/32", ""); - }; - addr_string - }) - .collect::(), - }; + // process single addresses and subnets + let addrs = format_destination(&self.destination); + // process address ranges let ranges = match &self.destination_ranges { r if r.is_empty() => String::new(), @@ -204,7 +218,7 @@ impl AclRuleInfo { }), }; - // remove full mask from resulting string + // combine resulting strings let destination = addrs + &ranges; if destination.is_empty() { destination @@ -216,11 +230,7 @@ impl AclRuleInfo { /// Constructs a [`String`] of comma-separated ports and port ranges. pub(crate) fn format_ports(&self) -> String { - self.ports - .iter() - .map(ToString::to_string) - .collect::>() - .join(", ") + format_ports(&self.ports) } } @@ -1375,19 +1385,8 @@ impl AclAliasInfo { /// Constructs a [`String`] of comma-separated addresses and address ranges pub fn format_destination(&self) -> String { // process single addresses and subnets - let addrs = match &self.destination { - d if d.is_empty() => String::new(), - d => d - .iter() - .map(|a| { - let mut addr_string = a.to_string() + ", "; - if a.is_ipv4() { - addr_string = addr_string.replace("/32", ""); - }; - addr_string - }) - .collect::(), - }; + let addrs = format_destination(&self.destination); + // process address ranges let ranges = match &self.destination_ranges { r if r.is_empty() => String::new(), @@ -1396,7 +1395,7 @@ impl AclAliasInfo { }), }; - // remove full mask from resulting string + // combine resulting strings let destination = addrs + &ranges; if destination.is_empty() { destination @@ -1408,11 +1407,7 @@ impl AclAliasInfo { /// Constructs a [`String`] of comma-separated ports and port ranges pub fn format_ports(&self) -> String { - self.ports - .iter() - .map(ToString::to_string) - .collect::>() - .join(", ") + format_ports(&self.ports) } } From 7d1b53326cf2583fbaccbc1f94d14b2ff48bec15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Wed, 21 Jan 2026 13:41:52 +0100 Subject: [PATCH 8/8] clippy fix --- crates/defguard_core/src/enterprise/db/models/acl.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/defguard_core/src/enterprise/db/models/acl.rs b/crates/defguard_core/src/enterprise/db/models/acl.rs index eccb3314ed..2256d38df0 100644 --- a/crates/defguard_core/src/enterprise/db/models/acl.rs +++ b/crates/defguard_core/src/enterprise/db/models/acl.rs @@ -182,7 +182,7 @@ pub struct AclRuleInfo { /// Constructs a [`String`] of comma-separated addresses. fn format_destination(destination: &[IpNetwork]) -> String { match destination { - d if d.is_empty() => String::new(), + [] => String::new(), d => d .iter() .map(|a| {