safety-dance
safety-dance copied to clipboard
rust-secure-code
Auditing crates for unsafe code which can be safely replaced
Audit url
url: [GitHub](https://github.com/servo/rust-url), [crates.io](https://crates.io/crates/url) `cargo-geiger` reports numerous usages of unsafe, though only 6 seem to be local to the `url` crate itself. Example [unsafe usage](https://github.com/servo/rust-url/blob/7d2c9d6ceb3307a3fad4c4bcb7f5b07b5e24c755/src/query_encoding.rs#L32) in `decode_utf8_lossy` A majority of the...
https://crates.io/crates/arrayref Macros to take fixed-length slices of memory instead of regular slices. 5000 downloads/day.
We might care to store a list of `cargo crev` URLs in a markdown file so that people can discover IDs more easily. We don't even need to specifically endorse...
* [crates.io](https://crates.io/crates/ncurses) * [github repo](https://github.com/jeaye/ncurses-rs) * [A "safe" function which they admit in the docs can segfault](https://docs.rs/ncurses/5.99.0/ncurses/fn.printw.html) It's a very low-download crate, but people still use it. I've [filed an...
https://crates.io/crates/rayon Parallel processing made easy. Needs no introduction. 10,000 downloads/day. Plenty of `unsafe`. Part of the code is split into `rayon-core` crate, but they are effectively the same project.
https://crates.io/crates/claxon FLAC decoder in Rust, within 10% performance margin compared to reference C implementation. Not terribly widely used (300 downloads/day) but high-risk due to being a binary format decoder. Uses...
https://crates.io/crates/reqwest Popular HTTP client library. 5000 downloads/day. High-risk due to handling untrusted input from the network. Uses unsafe.
https://crates.io/crates/imageproc Extra image processing operations on top of `image` crate. Had plenty of unsafe code last time I checked. Relatively low-profile (at about 100 downloads a day), but could be...
https://crates.io/crates/crossbeam has about 6000 downloads a day*, has 162 inverse dependencies (of which a non-zero amount operates on untrusted input) and is generally considered a core piece of infrastructure. A...
Over 10k downloads/day and contains a lot of unsafe. Has had a number of vulnerabilities in the past.
Metadata
Owner
Metadata
Auditing crates for unsafe code which can be safely replaced