cargo-deny icon indicating copy to clipboard operation
cargo-deny copied to clipboard

Published 20 hours ago verified publisher icon EmbarkStudios

cargo deny does not apply bans to path dependencies

Open Moxinilian opened this issue 3 years ago • 1 comments

Describe the bug If a crate imported by path in the same workspace is mentioned in the ban deny list, cargo check will not error. This also seems to happen transitively.

To Reproduce

  1. Create a worspace with crateA and crateB.
  2. Make crateA have a path dependency on crateB by doing crateB = { path = "../crateB" }
  3. In the deny.toml of crateA, make crateB banned in the deny list.
  4. Ask for a cargo deny check on crateA from within crateA's folder.

Expected behavior cargo deny check should error as crateB is not allowed as a crateA dependency. Instead, checks pass.

Device:

  • OS: Linux

Additional context The reason I want to deny a crate from the same workspace as a dependency is that I am making a client and a server in the same workspace so they can share a common network crate. However when the workspace will inevitably have a more intricate dependency graph, I would like to ensure I don't accidentally link server code in the client.

Moxinilian avatar Apr 25 '21 14:04 Moxinilian

I have some free time available so if this is indeed unwanted behavior I can try to look into it @Jake-Shadle

Moxinilian avatar Apr 25 '21 21:04 Moxinilian