safety-dance
safety-dance copied to clipboard
rust-secure-code
Auditing crates for unsafe code which can be safely replaced
https://crates.io/crates/httparse is a widely used HTTP parsing crate, most notably powering `hyper` and `reqwest`. cargo-geiger shows the following when `httparse` is used via `reqwest`: ``` Functions Expressions Impls Traits Methods...
`color-eyre` is a popular crate for error handling, with over 1 million downloads, and the `eyre` itself has over 3 million downloads. It relies on a surprising amount of unsafe...
The curve25519-dalek crate has almost 5 million downloads (1.3 million of those in the last 90 days). It is a building block for many crypto libraries. The library only uses...
[prost](https://github.com/danburkert/prost) is a [protobuf](https://developers.google.com/protocol-buffers/) implementation with 3000 daily downloads. It is a high-risk component because it is exposed to untrusted data from the network. Protocol buffers involve code generation, so...
Some crates, e.g. reqwest (see #5) clearly indicate the need for better safe abstractions, as their logic cannot be expressed in terms of the existing ones. The worst offender by...
https://crates.io/crates/httparse HTTP protocol parser. 10,000 downloads/day. Used in `reqwest` among others, exposed to untrusted input from the network. Contains unsafe code, some of it is for SIMD but there is...
Is anyone up for an unsafe challenge? It is my understanding that the people around these parts are capable of taming the unsafe beast in Rust code. I wanted to...
Seahash is an implementation of a fast non-cryptographic hashing algorithm, comparable to xxHash or MetroHash. https://gitlab.redox-os.org/redox-os/seahash
Audit rand
https://crates.io/crates/rand Currently the most downloaded crate on crates.io. Contains quite a few `unsafe` ``` Functions Expressions Impls Traits Methods Dependency 0/0 37/95 0/0 0/0 0/0 ! rand 0.7.2 0/4 4/80...
https://crates.io/crates/arrayvec Vec, but backed by a stack-allocated array instead of a heap allocation. Effectively 5,000 downloads/day. (crates.io numbers are higher - 23,000 downloads/day, but 18,000 of those are due to...
Metadata
Owner
Metadata
Auditing crates for unsafe code which can be safely replaced