safety-dance
safety-dance copied to clipboard
rust-secure-code
Auditing crates for unsafe code which can be safely replaced
https://crates.io/crates/encoding_rs Implementation of the [encoding standard](https://encoding.spec.whatwg.org/). 7000 downloads/day, used by **Firefox,** reqwest, actix-web, etc. Plenty of unsafe code.
https://crates.io/crates/scroll - 140K downloads; - a bunch of `unsafe` blocks, with one used within a macro thats uses an input type to transmute into it; - at the very least...
https://crates.io/crates/goblin Parser for binary formats: ELF, Mach-O, PE. 750 downloads/day. High-risk due to being a binary parser and potentially exposed to untrusted input. At a glance the ELF module contains...
https://crates.io/crates/crc32fast Implementation of crc32 with hardware acceleration where applicable. Over 9000 downloads per day. Exposed to untrusted input through a zillion of compression/decompression libraries. Contains unsafe code around CPU feature...
Otherwise 2 years later we have a misleading notice saying 'X is safe' when a new PR added 50 extra unsafe blocks.
> * If the `unsafe` block is sound, but can be converted to safe code without losing performance, that's a great thing to do! This is often the case thanks...
As described: https://github.com/strawlab/iana-time-zone/issues/64 This crate is now used by chrono and has become very important in the ecosystem All these blocks seem documented $ naive grep -R unsafe * ```...
> [the upcoming dramatically simpler runtime, `smol`](https://github.com/rust-secure-code/safety-dance/issues/57#issuecomment-608951185) ...is still not nearly as popular as Tokio, but it does get 210k downloads per month [by Lib.rs's count](https://lib.rs/crates/smol). [They are preparing to...
> Project Mentat is a persistent, embedded knowledge base. It draws heavily on [DataScript](https://github.com/tonsky/datascript) and [Datomic](http://datomic.com/). > > This project was started by Mozilla, but [is no longer being developed...
Metadata
Owner
Metadata
Auditing crates for unsafe code which can be safely replaced