[go: nahoru, domu]
Google Git
Sign in
chromium / chromium / src / 9fb9c6af8d47cf0fae6200709c198eb19d554d75 / . / third_party / rust / chromium_crates_io / supply-chain / audits.toml
blob: d62b19b134ee4325ed8568604349ea9c8218c14e [file] [log] [blame]
# cargo-vet audits file
[criteria.crypto-safe]
description = """
All crypto algorithms in this crate have been reviewed by a relevant expert.
**Note**: If a crate does not implement crypto, use `does-not-implement-crypto`,
which implies `crypto-safe`, but does not require expert review in order to
audit for."""
[criteria.does-not-implement-crypto]
description = """
Inspection reveals that the crate in question does not attempt to implement any
cryptographic algorithms on its own.
Note that certification of this does not require an expert on all forms of
cryptography: it's expected for crates we import to be \"good enough\" citizens,
so they'll at least be forthcoming if they try to implement something
cryptographic. When in doubt, please ask an expert."""
implies = "crypto-safe"
[criteria.ub-risk-0]
description = """
No unsafe code.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0
"""
implies = "ub-risk-1"
[criteria.ub-risk-1]
description = """
Excellent soundness.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1
"""
implies = "ub-risk-2"
[criteria.ub-risk-2]
description = """
Negligible unsoundness or average soundness.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2
"""
implies = "ub-risk-3"
[criteria.ub-risk-3]
description = """
Mild unsoundness or suboptimal soundness.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3
"""
implies = "ub-risk-4"
[criteria.ub-risk-4]
description = """
Extreme unsoundness.
Full description of the audit criteria can be found at
https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4
"""
[[audits.aho-corasick]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.1.2"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.aho-corasick]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.1.2 -> 1.1.3"
[[audits.anstyle]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.4"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.anstyle]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.4 -> 1.0.6"
[[audits.anstyle]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.6 -> 1.0.7"
[[audits.anyhow]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.75 -> 1.0.79"
notes = """
1.0.75 has been previously audited as \"safe-to-run\",
\"does-not-implement-crypto\" - see
https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L277-L305
The \"1.0.75 -> 1.0.79\" delta meets the same criteria.
This is an incremental/delta audit - we don't claim any particular `ub-risk-N`
level for the baseline or for the final version. OTOH note that additional
uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the
**delta** was evaluated as `ub-risk-3` - no known unsoundness but:
* Little safety comments to explain why a particular usage of `unsafe`
is safe and/or necessary
* Safety analysis couldn't be done locally, but required considering the
whole crate (e.g. checking if the public `Ref.ptr` is mutated anywhere)
"""
[[audits.anyhow]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.79 -> 1.0.80"
[[audits.anyhow]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.80 -> 1.0.81"
[[audits.anyhow]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.81 -> 1.0.82"
[[audits.anyhow]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.82 -> 1.0.83"
notes = "No change to UB-risk profile either."
[[audits.anyhow]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.83 -> 1.0.86"
notes = "Delta only updates the ensure macro implementation, still safe to run, no crypto"
[[audits.autocfg]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "1.1.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for reasonable, client-controlled usage of
`std::fs` in `AutoCfg::with_dir`.
This crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb
The CL description contains a link to a Google-internal document with audit details.
"""
[[audits.autocfg]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.1.0 -> 1.2.0"
notes = '''
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and nothing changed from the baseline audit of 1.1.0. Skimmed through the
1.1.0 => 1.2.0 delta and everything seemed okay.
'''
[[audits.base64]]
who = "Adam Langley <agl@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "0.13.1"
notes = "Skimmed the uses of `std` to ensure that nothing untoward is happening. Code uses `forbid(unsafe_code)` and, indeed, there are no uses of `unsafe`"
[[audits.bitflags]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "2.4.2"
notes = """
Audit notes:
* I've checked for any discussion in Google-internal cl/546819168 (where audit
of version 2.3.3 happened)
* `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]`
* There are 2 cases of `unsafe` in `src/external.rs` but they seem to be
correct in a straightforward way - they just propagate the marker trait's
impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type
* Additional discussion and/or notes may be found in https://crrev.com/c/5238056
"""
[[audits.bitflags]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "2.4.2 -> 2.5.0"
[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "safe-to-deploy"
version = "1.14.3"
notes = "Additional review notes may be found in https://crrev.com/c/5362675."
[[audits.bytemuck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["does-not-implement-crypto", "ub-risk-2"]
delta = "1.13.1 -> 1.14.3"
notes = "Additional review notes may be found in https://crrev.com/c/5362675."
[[audits.bytemuck]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.14.3 -> 1.15.0"
[[audits.bytemuck]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.15.0 -> 1.16.0"
[[audits.bytemuck_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.6.0"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no
hits except for 8 occurrences of `unsafe`. Additional `unsafe` review comments
can be found in https://crrev.com/c/5445719.
"""
[[audits.bytemuck_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.6.0 -> 1.6.1"
notes = """
No behavior/code changes AFAICT - only adding
`#[allow(clippy::multiple_bound_locations)]`, doc comments, and making
some cosmetic changes in non-`.rs` files.
"""
[[audits.bytemuck_derive]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.6.1 -> 1.7.0"
notes = """
Added support for Zeroable enums, which requires them to be represented as an integer and to have 0 as one of their values.
Other trivial/formatting changes.
"""
[[audits.bytes]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.4.0 -> 1.5.0"
[[audits.bytes]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.5.0 -> 1.6.0"
notes = "Update removes some unsafe, and includes verifiable safety comments for newly-added unsafe."
[[audits.cfg-if]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.0"
notes = '''
I grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were
no hits. This is a really small crate (only `lib.rs` which is less than 200
lines + one end-to-end test) so I also skimmed through the macro's definition
and everything looks okay to me.
'''
[[audits.clap]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "4.4.8"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "4.5.0"
notes = "No `unsafe`"
[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.4.8 -> 4.4.14"
[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.4.14 -> 4.5.0"
[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.0 -> 4.5.1"
[[audits.clap]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.1 -> 4.5.2"
notes = "Reviewed in https://crrev.com/c/5362201"
[[audits.clap]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.2 -> 4.5.3"
[[audits.clap]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.3 -> 4.5.4"
notes = "Minimal diff - only module naming/nesting-related changes."
[[audits.clap]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.4 -> 4.5.7"
[[audits.clap_builder]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "4.4.8"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "4.5.0"
notes = "No `unsafe`"
[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.4.8 -> 4.4.14"
[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.4.14 -> 4.5.0"
[[audits.clap_builder]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.0 -> 4.5.1"
[[audits.clap_builder]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.1 -> 4.5.2"
notes = "Reviewed in https://crrev.com/c/5362201"
[[audits.clap_builder]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "4.5.2 -> 4.5.7"
[[audits.clap_lex]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.6.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.clap_lex]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.6.0 -> 0.7.0"
[[audits.clap_lex]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.7.0 -> 0.7.1"
[[audits.codespan-reporting]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.11.1"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.cxx]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.110"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.cxx]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "does-not-implement-crypto"
version = "1.0.117"
notes = """
Grepped for \"crypt\", \"cipher\" - there were no hits
(except for benign hits in `MODULE.bazel.lock`)
"""
[[audits.cxx]]
who = "danakj <danakj@chromium.org>"
criteria = "does-not-implement-crypto"
version = "1.0.122"
notes = """
safe-to-deploy and ub-risk-2 are provided by exemption.
"""
[[audits.cxx]]
who = "danakj <danakj@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.117 -> 1.0.119"
notes = "Reviewed in https://crrev.com/c/5362739"
[[audits.cxx]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.119 -> 1.0.120"
notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544."
[[audits.cxx]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.120 -> 1.0.121"
[[audits.cxx]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.122 -> 1.0.123"
notes = "safe-to-deploy and ub-risk-2 are provided by exemption"
[[audits.cxx]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.123 -> 1.0.124"
[[audits.cxxbridge]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.110"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.cxxbridge-cmd]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.110"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.110 -> 1.0.115"
[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.115 -> 1.0.116"
[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.116 -> 1.0.117"
[[audits.cxxbridge-cmd]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.117 -> 1.0.118"
[[audits.cxxbridge-cmd]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.118 -> 1.0.119"
notes = "Reviewed in https://crrev.com/c/5362136"
[[audits.cxxbridge-cmd]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.119 -> 1.0.120"
notes = "Version bump only."
[[audits.cxxbridge-cmd]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.120 -> 1.0.121"
[[audits.cxxbridge-cmd]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.121 -> 1.0.122"
[[audits.cxxbridge-cmd]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.122 -> 1.0.123"
[[audits.cxxbridge-cmd]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.123 -> 1.0.124"
notes = "No changes except to dependencies"
[[audits.cxxbridge-flags]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.110"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.cxxbridge-flags]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.122"
notes = "no grep hits for cipher, crypto, fs, net, or unsafe"
[[audits.cxxbridge-flags]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.122 -> 1.0.123"
[[audits.cxxbridge-flags]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.123 -> 1.0.124"
notes = "No changes in this delta"
[[audits.cxxbridge-macro]]
who = "danakj <danakj@chromium.org>"
criteria = "does-not-implement-crypto"
version = "1.0.122"
notes = """
no grep hits for cipher, crypto.
safe-to-deploy and ub-risk-2 are provided by exemption.
"""
[[audits.cxxbridge-macro]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.122 -> 1.0.123"
[[audits.cxxbridge-macro]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "1.0.123 -> 1.0.124"
[[audits.either]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.9.0"
[[audits.either]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.9.0 -> 1.10.0"
[[audits.either]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.0 -> 1.11.0"
[[audits.either]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.11.0 -> 1.12.0"
notes = "Only changes the MSRV and adds a (safe) trait specialization."
[[audits.fend-core]]
who = "jiwan@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.4.6"
[[audits.fend-core]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.4.6 -> 1.4.8"
[[audits.font-types]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "0.4.2"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits.
The initial version of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/a59c3c448941f92f870d0c18c6d53d5c6104ab72
The CL description contains a link to a Google-internal document with audit details.
"""
[[audits.font-types]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "0.5.2"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no
hits except for 3 `unsafe impl bytemuck::SomeTrait for ...`. Each `impl` had a
reasonable safety comment and there were no actual `unsafe` blocks, so I think
this can be treated as `ub-risk-1`. Additional `unsafe` review comments can be
found in https://crrev.com/c/5445719.
For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly
relying on certification by the Chromium engineers who work on the library
(mostly drott@chromium.org).
"""
[[audits.font-types]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.4.2 -> 0.4.3"
notes = "Reviewed in https://crrev.com/c/5362378. No new use of unsafe."
[[audits.font-types]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.5.2 -> 0.5.3"
[[audits.font-types]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.5.3 -> 0.5.4"
notes = """
The delta just adds `impl From<GlyphId> for u32` - no impact on `unsafe impl`s
elsewhere.
"""
[[audits.font-types]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
delta = "0.5.4 -> 0.5.5"
notes = "No unsafe changes."
[[audits.getrandom]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.2.11"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.getrandom]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "0.2.11 -> 0.2.12"
[[audits.getrandom]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.2.12 -> 0.2.14"
[[audits.getrandom]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.2.14 -> 0.2.15"
[[audits.heck]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "0.4.1"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits.
`heck` (version `0.3.3`) has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
"""
[[audits.hex-literal]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.4.1"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.itertools]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.11.0"
notes = """
This is 12K lines of code, plus 6K lines of tests and benchmarks.
It has minimal use of unsafe and so I have paged though it all with \"::\"
highlighted and paid attention to which imported functions are being called.
"""
[[audits.itoa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.10"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.
There are a few places where `unsafe` is used. Unsafe review notes can be found
in https://crrev.com/c/5350697.
Version 1.0.1 of this crate has been added to Chromium in
https://crrev.com/c/3321896.
'''
[[audits.itoa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.10 -> 1.0.11"
notes = """
Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits:
* Bumping up the version
* A touch up of comments
* And my own PR to make `unsafe` blocks more granular:
https://github.com/dtolnay/itoa/pull/42
"""
[[audits.lazy_static]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.4.0"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.
There are two places where `unsafe` is used. Unsafe review notes can be found
in https://crrev.com/c/5347418.
This crate has been added to Chromium in https://crrev.com/c/3321895.
'''
[[audits.log]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.20 -> 0.4.21"
notes = """
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. I also skimmed
through the 0.4.20 => 0.4.21 delta and there was no new crypto-related code AFAICT.
"""
[[audits.memchr]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = "does-not-implement-crypto"
delta = "2.7.2 -> 2.7.4"
[[audits.minimal-lexical]]
who = "danakj@chromium.org"
criteria = "ub-risk-3"
version = "0.2.1"
notes = """
Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/4977110
- Unsound unsafe blocks present.
- Safe traits that can cause soundness bugs.
"""
[[audits.nom]]
who = "danakj@chromium.org"
criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-1"]
version = "7.1.3"
notes = """
Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153
"""
[[audits.ppv-lite86]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.2.17"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.78"
notes = """
Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for a benign \"fs\" hit in a doc comment)
Notes from the `unsafe` review can be found in https://crrev.com/c/5385745.
"""
[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.69 -> 1.0.76"
notes = """
1.0.69 has been previously audited as \"safe-to-run\",
\"does-not-implement-crypto\" - see
https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L3939-L3979
The \"1.0.69 -> 1.0.76\" delta meets the same criteria.
This is an incremental/delta audit - we don't claim any particular `ub-risk-N`
level for the baseline or for the final version. OTOH note that additional
uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the
**delta** was evaluated as `ub-risk-2`. There are some new `unsafe` blocks
but they seem sound - additional `unsafe` audit notes can be found in
https://crrev.com/c/5178771/comment/32dbab4e_c7402137 and
https://crrev.com/c/5178771/4/third_party/rust/chromium_crates_io/vendor/proc-macro2-1.0.76/src/wrapper.rs#783
"""
[[audits.proc-macro2]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.78 -> 1.0.79"
[[audits.proc-macro2]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.79 -> 1.0.80"
[[audits.proc-macro2]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.80 -> 1.0.81"
notes = "Comment changes only"
[[audits.proc-macro2]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.81 -> 1.0.82"
[[audits.proc-macro2]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.82 -> 1.0.83"
notes = "Substantive change is replacing String with Box<str>, saving memory."
[[audits.proc-macro2]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.83 -> 1.0.84"
notes = "Only doc comment changes in `src/lib.rs`."
[[audits.proc-macro2]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.84 -> 1.0.85"
notes = "Test-only changes."
[[audits.prost]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.12.3"
[[audits.prost]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.12.3 -> 0.12.4"
[[audits.prost]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.12.4 -> 0.12.6"
notes = "No concerning changes for safe-to-run."
[[audits.prost-derive]]
who = "agl@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
version = "0.12.3"
[[audits.prost-derive]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.12.3 -> 0.12.5"
[[audits.prost-derive]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.12.5 -> 0.12.6"
notes = "No changes here; presumably a bump of the `prost` crate."
[[audits.qr_code]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "2.0.0"
notes = """
* This crate was imported into Chromium back in May 2023:
- CL: https://crrev.com/c/4497329
- Google-internal audit notes: go/qr-code-chromium-security-review
* Certification today is mostly based on the old audit.
The only checks performed today are:
- `grep`ped for `unsafe` and verified that the only hit comes
from `#![forbid(unsafe_code)]`
"""
[[audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "1.0.33"
notes = 'Grepped for `\bunsafe\b` - there were no hits'
[[audits.quote]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.35"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for benign \"net\" hit in tests and \"fs\" hit in README.md)
"""
[[audits.quote]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.35 -> 1.0.36"
[[audits.rand]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.8.5"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.rand_chacha]]
who = "Allen Webb <allenwebb@google.com>"
criteria = "crypto-safe"
version = "0.3.1"
notes = """
This crate doesn't actually implement ChaCha, it uses the implementation in
`c2-chacha`. Note that this review has been internally tracked in b/330501364.
"""
[[audits.rand_pcg]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.3.1"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.read-fonts]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.19.0"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for a benign \"fs\" hit in a comment).
For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly
relying on certification by the Chromium engineers who work on the library
(mostly drott@chromium.org).
"""
[[audits.read-fonts]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.0 -> 0.19.1"
[[audits.read-fonts]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.1 -> 0.19.2"
notes = """
The delta is a bug fix in `src/tables/cmap.rs`.
No new `unsafe` - still `ub-risk-0`.
"""
[[audits.read-fonts]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.2 -> 0.19.3"
notes = "No unsafe."
[[audits.regex]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.10.2"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.regex]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.2 -> 1.10.3"
[[audits.regex]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.3 -> 1.10.4"
notes = "Docs changes only."
[[audits.regex]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.10.4 -> 1.10.5"
[[audits.regex-automata]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.4.3"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.regex-automata]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.3 -> 0.4.5"
[[audits.regex-automata]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.5 -> 0.4.6"
notes = "Reviewed in https://crrev.com/c/5362200"
[[audits.regex-automata]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.4.6 -> 0.4.7"
[[audits.regex-syntax]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.8.2"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.regex-syntax]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.8.2 -> 0.8.3"
[[audits.regex-syntax]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.8.3 -> 0.8.4"
[[audits.rstest]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
version = "0.17.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.rstest_macros]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.17.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.rstest_reuse]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"]
version = "0.5.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.rustc-demangle]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.1.23"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.rustc-demangle]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.23 -> 0.1.24"
[[audits.rustc_version]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.4.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.rustversion]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "1.0.14"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for:
* Using trivially-safe `unsafe` in test code:
```
tests/test_const.rs:unsafe fn _unsafe() {}
tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() };
```
* Using `unsafe` in a string:
```
src/constfn.rs: \"unsafe\" => Qualifiers::Unsafe,
```
* Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr`
which is later read back via `include!` used in `src/lib.rs`.
Version `1.0.6` of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057
"""
[[audits.rustversion]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.14 -> 1.0.15"
[[audits.rustversion]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.15 -> 1.0.16"
[[audits.rustversion]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.16 -> 1.0.17"
notes = "Just updates windows compat"
[[audits.semver]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.20"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.semver]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.20 -> 1.0.21"
[[audits.semver]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.21 -> 1.0.22"
[[audits.semver]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.22 -> 1.0.23"
[[audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.197"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.
There were some hits for `net`, but they were related to serialization and
not actually opening any connections or anything like that.
There were 2 hits of `unsafe` when grepping:
* In `fn as_str` in `impl Buf`
* In `fn serialize` in `impl Serialize for net::Ipv4Addr`
Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this
review also covered `serde_json_lenient`).
Version 1.0.130 of the crate has been added to Chromium in
https://crrev.com/c/3265545. The CL description contains a link to a
(Google-internal, sorry) document with a mini security review.
"""
[[audits.serde]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.197 -> 1.0.198"
[[audits.serde]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.198 -> 1.0.201"
[[audits.serde]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.201 -> 1.0.202"
notes = "Trivial changes"
[[audits.serde]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "1.0.202 -> 1.0.203"
notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes"
[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "1.0.193"
notes = 'Grepped for `\bunsafe\b` - there were no hits'
[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.195"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"
[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.196"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"
[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "1.0.197"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"
[[audits.serde_derive]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.197 -> 1.0.201"
[[audits.serde_derive]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.201 -> 1.0.202"
[[audits.serde_derive]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "1.0.202 -> 1.0.203"
notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits"
[[audits.serde_json]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.108"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.108 -> 1.0.111"
[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.111 -> 1.0.113"
[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.113 -> 1.0.114"
[[audits.serde_json]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.114 -> 1.0.115"
[[audits.serde_json]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.115 -> 1.0.116"
notes = "No changes that affect safety to run, and no crypto"
[[audits.serde_json]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.0.116 -> 1.0.117"
[[audits.serde_json_lenient]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "0.1.8"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`.
There were some hits for `fs` and `net`, but they were in comments.
Unsafe review comments can be found in https://crrev.com/c/5350573/2.
There were 8 hits of `unsafe` when grepping.
Version 0.1.4 of the crate was added to Chromium in
https://crrev.com/c/3511416.
"""
[[audits.serde_json_lenient]]
who = "danakj@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.1.8 -> 0.2.0"
notes = """
Reviewed in https://crrev.com/c/5361256
"""
[[audits.serde_json_lenient]]
who = "djmitche@chromium.org"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
delta = "0.2.0 -> 0.2.1"
notes = """
Reviewed in https://crrev.com/c/5385822
"""
[[audits.skrifa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
version = "0.19.0"
notes = """
Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits
(except for benign \"fs\" hit in `skrifa-0.19.0/src/color/traversal_tests/mod.rs`).
For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly
relying on certification by the Chromium engineers who work on the library
(mostly drott@chromium.org).
"""
[[audits.skrifa]]
who = "drott@chromium.org"
criteria = ["ub-risk-1", "safe-to-deploy", "does-not-implement-crypto"]
delta = "0.15.2 -> 0.15.4"
[[audits.skrifa]]
who = "Dustin J. Mitchell <djmitche@chromium.org>"
criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-0"]
delta = "0.19.0 -> 0.19.1"
notes = "Crate has `forbid_unsafe` and no unsafe code. Changes all appear font-related and safe."
[[audits.skrifa]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.1 -> 0.19.2"
[[audits.skrifa]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"]
delta = "0.19.2 -> 0.19.3"
[[audits.small_ctor]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.1.1"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.static_assertions]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"]
version = "1.1.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`
and there were no hits except for one `unsafe`.
The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code
never runs) and is only introduced for some compile-time checks. Additional
unsafe review comments can be found in https://crrev.com/c/5353376.
This crate has been added to Chromium in https://crrev.com/c/3736562. The CL
description contains a link to a document with an additional security review.
"""
[[audits.strsim]]
who = "danakj@chromium.org"
criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"]
version = "0.10.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.strsim]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "0.11.0"
notes = "No `unsafe`"
[[audits.strsim]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.10.0 -> 0.11.0"
[[audits.strsim]]
who = "Adrian Taylor <adetaylor@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.11.0 -> 0.11.1"
[[audits.strum]]
who = "danakj@chromium.org"
criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"]
version = "0.25.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.strum_macros]]
who = "danakj@chromium.org"
criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"]
version = "0.25.3"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.syn]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.0.109"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.termcolor]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "1.4.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.termcolor]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = "ub-risk-0"
version = "1.4.0"
notes = "No `unsafe`."
[[audits.termcolor]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "1.4.0 -> 1.4.1"
[[audits.tinyvec]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "1.6.0"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits except for some \"unsafe\" appearing in comments:
```
src/arrayvec.rs: // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on
src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the
src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this
src/lib.rs://! crate* introduces no new `unsafe` code into your project.
src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code
```
This crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b
"""
[[audits.unicode-ident]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
version = "1.0.12"
notes = '''
I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits.
All two functions from the public API of this crate use `unsafe` to avoid bound
checks for an array access. Cross-module analysis shows that the offsets can
be statically proven to be within array bounds. More details can be found in
the unsafe review CL at https://crrev.com/c/5350386.
This crate has been added to Chromium in https://crrev.com/c/3891618.
'''
[[audits.unicode-linebreak]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"]
version = "0.1.5"
notes = """
Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'``
and there were no hits.
Version `0.1.2` of this crate has been added to Chromium in
https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb
The CL description contains a link to a Google-internal document with audit details.
"""
[[audits.unicode-width]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.1.11"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.unicode-width]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.11 -> 0.1.12"
[[audits.unicode-width]]
who = "Lukasz Anforowicz <lukasza@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.12 -> 0.1.13"
[[audits.winapi]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.3.9"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.winapi-util]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.1.6"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[audits.winapi-util]]
who = "danakj <danakj@chromium.org>"
criteria = ["safe-to-run", "does-not-implement-crypto"]
delta = "0.1.6 -> 0.1.8"
[[audits.wycheproof]]
who = "danakj@chromium.org"
criteria = ["safe-to-run", "does-not-implement-crypto"]
version = "0.4.0"
notes = """
Reviewed in https://crrev.com/c/5171063
Previously reviewed during security review and the audit is grandparented in.
"""
[[trusted.libc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 51017
start = "2020-03-17"
end = "2025-05-23"
notes = """
Chromium implicitly trusts the Rust toolchain (e.g. the `rustc` and
`cargo` binaries maintained and published by the
https://github.com/rust-lang organization and packaged and distributed
via Chromium's `tools/rust/package_rust.py` scripts). Here we extend
this trust to the system libraries that are maintained and published by
the same organization.
user-id 51017 maps to https://crates.io/users/JohnTitor who has
published https://crates.io/crates/libc/0.2.154
"""
[[trusted.libc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 5820 # the8472
start = "2020-03-17"
end = "2025-05-23"
notes = """
Same justification as for the other `trusted.libc` entry above.
user-id 5820 maps to https://crates.io/users/the8472 who has published
https://crates.io/crates/libc/0.2.155
"""
[[trusted.windows-sys]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-11-15"
end = "9999-05-15"
notes = """
This crate and its deps are published by Microsoft as the official Rust SDK for Windows APIs at https://github.com/microsoft/windows-rs
user-id 64539 maps to https://crates.io/users/kennykerr who has published version 0.52.0.
"""
[[trusted.windows-targets]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2022-09-09"
end = "9999-05-15"
notes = """
This crate is part of the official Rust SDK from Microsoft, see windows-sys.
"""
[[trusted.windows_aarch64_msvc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-11-05"
end = "9999-05-15"
notes = """
This crate is part of the official Rust SDK from Microsoft, see windows-sys.
"""
[[trusted.windows_i686_msvc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-10-27"
end = "9999-05-15"
notes = """
This crate is part of the official Rust SDK from Microsoft, see windows-sys.
"""
[[trusted.windows_x86_64_msvc]]
criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"]
user-id = 64539 # Kenny Kerr (kennykerr)
start = "2021-10-27"
end = "9999-05-15"
notes = """
This crate is part of the official Rust SDK from Microsoft, see windows-sys.
"""