| |
| # cargo-vet audits file |
| |
| [criteria.crypto-safe] |
| description = """ |
| All crypto algorithms in this crate have been reviewed by a relevant expert. |
| |
| **Note**: If a crate does not implement crypto, use `does-not-implement-crypto`, |
| which implies `crypto-safe`, but does not require expert review in order to |
| audit for.""" |
| |
| [criteria.does-not-implement-crypto] |
| description = """ |
| Inspection reveals that the crate in question does not attempt to implement any |
| cryptographic algorithms on its own. |
| |
| Note that certification of this does not require an expert on all forms of |
| cryptography: it's expected for crates we import to be \"good enough\" citizens, |
| so they'll at least be forthcoming if they try to implement something |
| cryptographic. When in doubt, please ask an expert.""" |
| implies = "crypto-safe" |
| |
| [criteria.ub-risk-0] |
| description = """ |
| No unsafe code. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0 |
| """ |
| implies = "ub-risk-1" |
| |
| [criteria.ub-risk-1] |
| description = """ |
| Excellent soundness. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1 |
| """ |
| implies = "ub-risk-2" |
| |
| [criteria.ub-risk-2] |
| description = """ |
| Negligible unsoundness or average soundness. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2 |
| """ |
| implies = "ub-risk-3" |
| |
| [criteria.ub-risk-3] |
| description = """ |
| Mild unsoundness or suboptimal soundness. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3 |
| """ |
| implies = "ub-risk-4" |
| |
| [criteria.ub-risk-4] |
| description = """ |
| Extreme unsoundness. |
| |
| Full description of the audit criteria can be found at |
| https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4 |
| """ |
| |
| [[audits.aho-corasick]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.1.2" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.aho-corasick]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.1.2 -> 1.1.3" |
| |
| [[audits.anstyle]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.0.4" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.anstyle]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.4 -> 1.0.6" |
| |
| [[audits.anstyle]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.6 -> 1.0.7" |
| |
| [[audits.anyhow]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.75 -> 1.0.79" |
| notes = """ |
| 1.0.75 has been previously audited as \"safe-to-run\", |
| \"does-not-implement-crypto\" - see |
| https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L277-L305 |
| The \"1.0.75 -> 1.0.79\" delta meets the same criteria. |
| |
| This is an incremental/delta audit - we don't claim any particular `ub-risk-N` |
| level for the baseline or for the final version. OTOH note that additional |
| uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the |
| **delta** was evaluated as `ub-risk-3` - no known unsoundness but: |
| * Little safety comments to explain why a particular usage of `unsafe` |
| is safe and/or necessary |
| * Safety analysis couldn't be done locally, but required considering the |
| whole crate (e.g. checking if the public `Ref.ptr` is mutated anywhere) |
| """ |
| |
| [[audits.anyhow]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.79 -> 1.0.80" |
| |
| [[audits.anyhow]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.80 -> 1.0.81" |
| |
| [[audits.anyhow]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.81 -> 1.0.82" |
| |
| [[audits.anyhow]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.82 -> 1.0.83" |
| notes = "No change to UB-risk profile either." |
| |
| [[audits.anyhow]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.83 -> 1.0.86" |
| notes = "Delta only updates the ensure macro implementation, still safe to run, no crypto" |
| |
| [[audits.autocfg]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] |
| version = "1.1.0" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
| and there were no hits except for reasonable, client-controlled usage of |
| `std::fs` in `AutoCfg::with_dir`. |
| |
| This crate has been added to Chromium in |
| https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb |
| The CL description contains a link to a Google-internal document with audit details. |
| """ |
| |
| [[audits.autocfg]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.1.0 -> 1.2.0" |
| notes = ''' |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
| and nothing changed from the baseline audit of 1.1.0. Skimmed through the |
| 1.1.0 => 1.2.0 delta and everything seemed okay. |
| ''' |
| |
| [[audits.base64]] |
| who = "Adam Langley <agl@chromium.org>" |
| criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] |
| version = "0.13.1" |
| notes = "Skimmed the uses of `std` to ensure that nothing untoward is happening. Code uses `forbid(unsafe_code)` and, indeed, there are no uses of `unsafe`" |
| |
| [[audits.bitflags]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] |
| version = "2.4.2" |
| notes = """ |
| Audit notes: |
| |
| * I've checked for any discussion in Google-internal cl/546819168 (where audit |
| of version 2.3.3 happened) |
| * `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` |
| * There are 2 cases of `unsafe` in `src/external.rs` but they seem to be |
| correct in a straightforward way - they just propagate the marker trait's |
| impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type |
| * Additional discussion and/or notes may be found in https://crrev.com/c/5238056 |
| """ |
| |
| [[audits.bitflags]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "2.4.2 -> 2.5.0" |
| |
| [[audits.bytemuck]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "safe-to-deploy" |
| version = "1.14.3" |
| notes = "Additional review notes may be found in https://crrev.com/c/5362675." |
| |
| [[audits.bytemuck]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.13.1 -> 1.14.3" |
| notes = "Additional review notes may be found in https://crrev.com/c/5362675." |
| |
| [[audits.bytemuck]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.14.3 -> 1.15.0" |
| |
| [[audits.bytemuck]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.15.0 -> 1.16.0" |
| |
| [[audits.bytemuck_derive]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| version = "1.6.0" |
| notes = """ |
| Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no |
| hits except for 8 occurrences of `unsafe`. Additional `unsafe` review comments |
| can be found in https://crrev.com/c/5445719. |
| """ |
| |
| [[audits.bytemuck_derive]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.6.0 -> 1.6.1" |
| notes = """ |
| No behavior/code changes AFAICT - only adding |
| `#[allow(clippy::multiple_bound_locations)]`, doc comments, and making |
| some cosmetic changes in non-`.rs` files. |
| """ |
| |
| [[audits.bytemuck_derive]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.6.1 -> 1.7.0" |
| notes = """ |
| Added support for Zeroable enums, which requires them to be represented as an integer and to have 0 as one of their values. |
| |
| Other trivial/formatting changes. |
| """ |
| |
| [[audits.bytes]] |
| who = "agl@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.4.0 -> 1.5.0" |
| |
| [[audits.bytes]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.5.0 -> 1.6.0" |
| notes = "Update removes some unsafe, and includes verifiable safety comments for newly-added unsafe." |
| |
| [[audits.cfg-if]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "1.0.0" |
| notes = ''' |
| I grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were |
| no hits. This is a really small crate (only `lib.rs` which is less than 200 |
| lines + one end-to-end test) so I also skimmed through the macro's definition |
| and everything looks okay to me. |
| ''' |
| |
| [[audits.clap]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "4.4.8" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.clap]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "ub-risk-0" |
| version = "4.5.0" |
| notes = "No `unsafe`" |
| |
| [[audits.clap]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.4.8 -> 4.4.14" |
| |
| [[audits.clap]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.4.14 -> 4.5.0" |
| |
| [[audits.clap]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.5.0 -> 4.5.1" |
| |
| [[audits.clap]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.5.1 -> 4.5.2" |
| notes = "Reviewed in https://crrev.com/c/5362201" |
| |
| [[audits.clap]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.5.2 -> 4.5.3" |
| |
| [[audits.clap]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.5.3 -> 4.5.4" |
| notes = "Minimal diff - only module naming/nesting-related changes." |
| |
| [[audits.clap]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.5.4 -> 4.5.7" |
| |
| [[audits.clap_builder]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "4.4.8" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.clap_builder]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "ub-risk-0" |
| version = "4.5.0" |
| notes = "No `unsafe`" |
| |
| [[audits.clap_builder]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.4.8 -> 4.4.14" |
| |
| [[audits.clap_builder]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.4.14 -> 4.5.0" |
| |
| [[audits.clap_builder]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.5.0 -> 4.5.1" |
| |
| [[audits.clap_builder]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.5.1 -> 4.5.2" |
| notes = "Reviewed in https://crrev.com/c/5362201" |
| |
| [[audits.clap_builder]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "4.5.2 -> 4.5.7" |
| |
| [[audits.clap_lex]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.6.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.clap_lex]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.6.0 -> 0.7.0" |
| |
| [[audits.clap_lex]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.7.0 -> 0.7.1" |
| |
| [[audits.codespan-reporting]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.11.1" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.cxx]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.0.110" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.cxx]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| version = "1.0.117" |
| notes = """ |
| Grepped for \"crypt\", \"cipher\" - there were no hits |
| (except for benign hits in `MODULE.bazel.lock`) |
| """ |
| |
| [[audits.cxx]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| version = "1.0.122" |
| notes = """ |
| safe-to-deploy and ub-risk-2 are provided by exemption. |
| """ |
| |
| [[audits.cxx]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "1.0.117 -> 1.0.119" |
| notes = "Reviewed in https://crrev.com/c/5362739" |
| |
| [[audits.cxx]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "1.0.119 -> 1.0.120" |
| notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544." |
| |
| [[audits.cxx]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "1.0.120 -> 1.0.121" |
| |
| [[audits.cxx]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "1.0.122 -> 1.0.123" |
| notes = "safe-to-deploy and ub-risk-2 are provided by exemption" |
| |
| [[audits.cxx]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "1.0.123 -> 1.0.124" |
| |
| [[audits.cxxbridge]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.0.110" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.cxxbridge-cmd]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.0.110" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.cxxbridge-cmd]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.110 -> 1.0.115" |
| |
| [[audits.cxxbridge-cmd]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.115 -> 1.0.116" |
| |
| [[audits.cxxbridge-cmd]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.116 -> 1.0.117" |
| |
| [[audits.cxxbridge-cmd]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.117 -> 1.0.118" |
| |
| [[audits.cxxbridge-cmd]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.118 -> 1.0.119" |
| notes = "Reviewed in https://crrev.com/c/5362136" |
| |
| [[audits.cxxbridge-cmd]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.119 -> 1.0.120" |
| notes = "Version bump only." |
| |
| [[audits.cxxbridge-cmd]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.120 -> 1.0.121" |
| |
| [[audits.cxxbridge-cmd]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.121 -> 1.0.122" |
| |
| [[audits.cxxbridge-cmd]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.122 -> 1.0.123" |
| |
| [[audits.cxxbridge-cmd]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.123 -> 1.0.124" |
| notes = "No changes except to dependencies" |
| |
| [[audits.cxxbridge-flags]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.0.110" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.cxxbridge-flags]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "1.0.122" |
| notes = "no grep hits for cipher, crypto, fs, net, or unsafe" |
| |
| [[audits.cxxbridge-flags]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.0.122 -> 1.0.123" |
| |
| [[audits.cxxbridge-flags]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.0.123 -> 1.0.124" |
| notes = "No changes in this delta" |
| |
| [[audits.cxxbridge-macro]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| version = "1.0.122" |
| notes = """ |
| no grep hits for cipher, crypto. |
| |
| safe-to-deploy and ub-risk-2 are provided by exemption. |
| """ |
| |
| [[audits.cxxbridge-macro]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "1.0.122 -> 1.0.123" |
| |
| [[audits.cxxbridge-macro]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "1.0.123 -> 1.0.124" |
| |
| [[audits.either]] |
| who = "agl@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.9.0" |
| |
| [[audits.either]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.9.0 -> 1.10.0" |
| |
| [[audits.either]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.10.0 -> 1.11.0" |
| |
| [[audits.either]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.11.0 -> 1.12.0" |
| notes = "Only changes the MSRV and adds a (safe) trait specialization." |
| |
| [[audits.fend-core]] |
| who = "jiwan@chromium.org" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "1.4.6" |
| |
| [[audits.fend-core]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.4.6 -> 1.4.8" |
| |
| [[audits.font-types]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] |
| version = "0.4.2" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
| and there were no hits. |
| |
| The initial version of this crate has been added to Chromium in |
| https://source.chromium.org/chromium/chromium/src/+/a59c3c448941f92f870d0c18c6d53d5c6104ab72 |
| The CL description contains a link to a Google-internal document with audit details. |
| """ |
| |
| [[audits.font-types]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] |
| version = "0.5.2" |
| notes = """ |
| Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no |
| hits except for 3 `unsafe impl bytemuck::SomeTrait for ...`. Each `impl` had a |
| reasonable safety comment and there were no actual `unsafe` blocks, so I think |
| this can be treated as `ub-risk-1`. Additional `unsafe` review comments can be |
| found in https://crrev.com/c/5445719. |
| |
| For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly |
| relying on certification by the Chromium engineers who work on the library |
| (mostly drott@chromium.org). |
| """ |
| |
| [[audits.font-types]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "0.4.2 -> 0.4.3" |
| notes = "Reviewed in https://crrev.com/c/5362378. No new use of unsafe." |
| |
| [[audits.font-types]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] |
| delta = "0.5.2 -> 0.5.3" |
| |
| [[audits.font-types]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] |
| delta = "0.5.3 -> 0.5.4" |
| notes = """ |
| The delta just adds `impl From<GlyphId> for u32` - no impact on `unsafe impl`s |
| elsewhere. |
| """ |
| |
| [[audits.font-types]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] |
| delta = "0.5.4 -> 0.5.5" |
| notes = "No unsafe changes." |
| |
| [[audits.getrandom]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.2.11" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.getrandom]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "0.2.11 -> 0.2.12" |
| |
| [[audits.getrandom]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.2.12 -> 0.2.14" |
| |
| [[audits.getrandom]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.2.14 -> 0.2.15" |
| |
| [[audits.heck]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] |
| version = "0.4.1" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
| and there were no hits. |
| |
| `heck` (version `0.3.3`) has been added to Chromium in |
| https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 |
| """ |
| |
| [[audits.hex-literal]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.4.1" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.itertools]] |
| who = "agl@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.11.0" |
| notes = """ |
| This is 12K lines of code, plus 6K lines of tests and benchmarks. |
| It has minimal use of unsafe and so I have paged though it all with \"::\" |
| highlighted and paid attention to which imported functions are being called. |
| """ |
| |
| [[audits.itoa]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| version = "1.0.10" |
| notes = ''' |
| I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. |
| |
| There are a few places where `unsafe` is used. Unsafe review notes can be found |
| in https://crrev.com/c/5350697. |
| |
| Version 1.0.1 of this crate has been added to Chromium in |
| https://crrev.com/c/3321896. |
| ''' |
| |
| [[audits.itoa]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.10 -> 1.0.11" |
| notes = """ |
| Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: |
| |
| * Bumping up the version |
| * A touch up of comments |
| * And my own PR to make `unsafe` blocks more granular: |
| https://github.com/dtolnay/itoa/pull/42 |
| """ |
| |
| [[audits.lazy_static]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| version = "1.4.0" |
| notes = ''' |
| I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. |
| |
| There are two places where `unsafe` is used. Unsafe review notes can be found |
| in https://crrev.com/c/5347418. |
| |
| This crate has been added to Chromium in https://crrev.com/c/3321895. |
| ''' |
| |
| [[audits.log]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.4.20 -> 0.4.21" |
| notes = """ |
| I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. I also skimmed |
| through the 0.4.20 => 0.4.21 delta and there was no new crypto-related code AFAICT. |
| """ |
| |
| [[audits.memchr]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = "does-not-implement-crypto" |
| delta = "2.7.2 -> 2.7.4" |
| |
| [[audits.minimal-lexical]] |
| who = "danakj@chromium.org" |
| criteria = "ub-risk-3" |
| version = "0.2.1" |
| notes = """ |
| Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/4977110 |
| - Unsound unsafe blocks present. |
| - Safe traits that can cause soundness bugs. |
| """ |
| |
| [[audits.nom]] |
| who = "danakj@chromium.org" |
| criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-1"] |
| version = "7.1.3" |
| notes = """ |
| Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 |
| """ |
| |
| [[audits.ppv-lite86]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.2.17" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.proc-macro2]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| version = "1.0.78" |
| notes = """ |
| Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits |
| (except for a benign \"fs\" hit in a doc comment) |
| |
| Notes from the `unsafe` review can be found in https://crrev.com/c/5385745. |
| """ |
| |
| [[audits.proc-macro2]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.69 -> 1.0.76" |
| notes = """ |
| 1.0.69 has been previously audited as \"safe-to-run\", |
| \"does-not-implement-crypto\" - see |
| https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L3939-L3979 |
| The \"1.0.69 -> 1.0.76\" delta meets the same criteria. |
| |
| This is an incremental/delta audit - we don't claim any particular `ub-risk-N` |
| level for the baseline or for the final version. OTOH note that additional |
| uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the |
| **delta** was evaluated as `ub-risk-2`. There are some new `unsafe` blocks |
| but they seem sound - additional `unsafe` audit notes can be found in |
| https://crrev.com/c/5178771/comment/32dbab4e_c7402137 and |
| https://crrev.com/c/5178771/4/third_party/rust/chromium_crates_io/vendor/proc-macro2-1.0.76/src/wrapper.rs#783 |
| """ |
| |
| [[audits.proc-macro2]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.78 -> 1.0.79" |
| |
| [[audits.proc-macro2]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.79 -> 1.0.80" |
| |
| [[audits.proc-macro2]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.80 -> 1.0.81" |
| notes = "Comment changes only" |
| |
| [[audits.proc-macro2]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.81 -> 1.0.82" |
| |
| [[audits.proc-macro2]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.82 -> 1.0.83" |
| notes = "Substantive change is replacing String with Box<str>, saving memory." |
| |
| [[audits.proc-macro2]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.83 -> 1.0.84" |
| notes = "Only doc comment changes in `src/lib.rs`." |
| |
| [[audits.proc-macro2]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.84 -> 1.0.85" |
| notes = "Test-only changes." |
| |
| [[audits.prost]] |
| who = "agl@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.12.3" |
| |
| [[audits.prost]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.12.3 -> 0.12.4" |
| |
| [[audits.prost]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.12.4 -> 0.12.6" |
| notes = "No concerning changes for safe-to-run." |
| |
| [[audits.prost-derive]] |
| who = "agl@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] |
| version = "0.12.3" |
| |
| [[audits.prost-derive]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "0.12.3 -> 0.12.5" |
| |
| [[audits.prost-derive]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.12.5 -> 0.12.6" |
| notes = "No changes here; presumably a bump of the `prost` crate." |
| |
| [[audits.qr_code]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "2.0.0" |
| notes = """ |
| * This crate was imported into Chromium back in May 2023: |
| - CL: https://crrev.com/c/4497329 |
| - Google-internal audit notes: go/qr-code-chromium-security-review |
| * Certification today is mostly based on the old audit. |
| The only checks performed today are: |
| - `grep`ped for `unsafe` and verified that the only hit comes |
| from `#![forbid(unsafe_code)]` |
| """ |
| |
| [[audits.quote]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "ub-risk-0" |
| version = "1.0.33" |
| notes = 'Grepped for `\bunsafe\b` - there were no hits' |
| |
| [[audits.quote]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "1.0.35" |
| notes = """ |
| Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits |
| (except for benign \"net\" hit in tests and \"fs\" hit in README.md) |
| """ |
| |
| [[audits.quote]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.0.35 -> 1.0.36" |
| |
| [[audits.rand]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.8.5" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.rand_chacha]] |
| who = "Allen Webb <allenwebb@google.com>" |
| criteria = "crypto-safe" |
| version = "0.3.1" |
| notes = """ |
| This crate doesn't actually implement ChaCha, it uses the implementation in |
| `c2-chacha`. Note that this review has been internally tracked in b/330501364. |
| """ |
| |
| [[audits.rand_pcg]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.3.1" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.read-fonts]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "0.19.0" |
| notes = """ |
| Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits |
| (except for a benign \"fs\" hit in a comment). |
| |
| For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly |
| relying on certification by the Chromium engineers who work on the library |
| (mostly drott@chromium.org). |
| """ |
| |
| [[audits.read-fonts]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "0.19.0 -> 0.19.1" |
| |
| [[audits.read-fonts]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "0.19.1 -> 0.19.2" |
| notes = """ |
| The delta is a bug fix in `src/tables/cmap.rs`. |
| No new `unsafe` - still `ub-risk-0`. |
| """ |
| |
| [[audits.read-fonts]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "0.19.2 -> 0.19.3" |
| notes = "No unsafe." |
| |
| [[audits.regex]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.10.2" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.regex]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.10.2 -> 1.10.3" |
| |
| [[audits.regex]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.10.3 -> 1.10.4" |
| notes = "Docs changes only." |
| |
| [[audits.regex]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.10.4 -> 1.10.5" |
| |
| [[audits.regex-automata]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.4.3" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.regex-automata]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.4.3 -> 0.4.5" |
| |
| [[audits.regex-automata]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.4.5 -> 0.4.6" |
| notes = "Reviewed in https://crrev.com/c/5362200" |
| |
| [[audits.regex-automata]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.4.6 -> 0.4.7" |
| |
| [[audits.regex-syntax]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.8.2" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.regex-syntax]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.8.2 -> 0.8.3" |
| |
| [[audits.regex-syntax]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.8.3 -> 0.8.4" |
| |
| [[audits.rstest]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] |
| version = "0.17.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.rstest_macros]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.17.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.rstest_reuse]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] |
| version = "0.5.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.rustc-demangle]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.1.23" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.rustc-demangle]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.1.23 -> 0.1.24" |
| |
| [[audits.rustc_version]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.4.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.rustversion]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] |
| version = "1.0.14" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
| and there were no hits except for: |
| |
| * Using trivially-safe `unsafe` in test code: |
| |
| ``` |
| tests/test_const.rs:unsafe fn _unsafe() {} |
| tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() }; |
| ``` |
| |
| * Using `unsafe` in a string: |
| |
| ``` |
| src/constfn.rs: \"unsafe\" => Qualifiers::Unsafe, |
| ``` |
| |
| * Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr` |
| which is later read back via `include!` used in `src/lib.rs`. |
| |
| Version `1.0.6` of this crate has been added to Chromium in |
| https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 |
| """ |
| |
| [[audits.rustversion]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.0.14 -> 1.0.15" |
| |
| [[audits.rustversion]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.0.15 -> 1.0.16" |
| |
| [[audits.rustversion]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.16 -> 1.0.17" |
| notes = "Just updates windows compat" |
| |
| [[audits.semver]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.0.20" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.semver]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.20 -> 1.0.21" |
| |
| [[audits.semver]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.21 -> 1.0.22" |
| |
| [[audits.semver]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.22 -> 1.0.23" |
| |
| [[audits.serde]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| version = "1.0.197" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. |
| |
| There were some hits for `net`, but they were related to serialization and |
| not actually opening any connections or anything like that. |
| |
| There were 2 hits of `unsafe` when grepping: |
| * In `fn as_str` in `impl Buf` |
| * In `fn serialize` in `impl Serialize for net::Ipv4Addr` |
| |
| Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this |
| review also covered `serde_json_lenient`). |
| |
| Version 1.0.130 of the crate has been added to Chromium in |
| https://crrev.com/c/3265545. The CL description contains a link to a |
| (Google-internal, sorry) document with a mini security review. |
| """ |
| |
| [[audits.serde]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.197 -> 1.0.198" |
| |
| [[audits.serde]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.198 -> 1.0.201" |
| |
| [[audits.serde]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.201 -> 1.0.202" |
| notes = "Trivial changes" |
| |
| [[audits.serde]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "1.0.202 -> 1.0.203" |
| notes = "s/doc_cfg/docsrs/ + tuple_impls/tuple_impl_body-related changes" |
| |
| [[audits.serde_derive]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "ub-risk-0" |
| version = "1.0.193" |
| notes = 'Grepped for `\bunsafe\b` - there were no hits' |
| |
| [[audits.serde_derive]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "1.0.195" |
| notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" |
| |
| [[audits.serde_derive]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "1.0.196" |
| notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" |
| |
| [[audits.serde_derive]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "1.0.197" |
| notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" |
| |
| [[audits.serde_derive]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.0.197 -> 1.0.201" |
| |
| [[audits.serde_derive]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.0.201 -> 1.0.202" |
| |
| [[audits.serde_derive]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "1.0.202 -> 1.0.203" |
| notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" |
| |
| [[audits.serde_json]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.0.108" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.serde_json]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.108 -> 1.0.111" |
| |
| [[audits.serde_json]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.111 -> 1.0.113" |
| |
| [[audits.serde_json]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.113 -> 1.0.114" |
| |
| [[audits.serde_json]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.114 -> 1.0.115" |
| |
| [[audits.serde_json]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.115 -> 1.0.116" |
| notes = "No changes that affect safety to run, and no crypto" |
| |
| [[audits.serde_json]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.0.116 -> 1.0.117" |
| |
| [[audits.serde_json_lenient]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| version = "0.1.8" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. |
| |
| There were some hits for `fs` and `net`, but they were in comments. |
| |
| Unsafe review comments can be found in https://crrev.com/c/5350573/2. |
| There were 8 hits of `unsafe` when grepping. |
| |
| Version 0.1.4 of the crate was added to Chromium in |
| https://crrev.com/c/3511416. |
| """ |
| |
| [[audits.serde_json_lenient]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "0.1.8 -> 0.2.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5361256 |
| """ |
| |
| [[audits.serde_json_lenient]] |
| who = "djmitche@chromium.org" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| delta = "0.2.0 -> 0.2.1" |
| notes = """ |
| Reviewed in https://crrev.com/c/5385822 |
| """ |
| |
| [[audits.skrifa]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| version = "0.19.0" |
| notes = """ |
| Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits |
| (except for benign \"fs\" hit in `skrifa-0.19.0/src/color/traversal_tests/mod.rs`). |
| |
| For overall `safe-to-deploy` and `does-not-implement-crypto` I am mostly |
| relying on certification by the Chromium engineers who work on the library |
| (mostly drott@chromium.org). |
| """ |
| |
| [[audits.skrifa]] |
| who = "drott@chromium.org" |
| criteria = ["ub-risk-1", "safe-to-deploy", "does-not-implement-crypto"] |
| delta = "0.15.2 -> 0.15.4" |
| |
| [[audits.skrifa]] |
| who = "Dustin J. Mitchell <djmitche@chromium.org>" |
| criteria = ["safe-to-deploy", "crypto-safe", "ub-risk-0"] |
| delta = "0.19.0 -> 0.19.1" |
| notes = "Crate has `forbid_unsafe` and no unsafe code. Changes all appear font-related and safe." |
| |
| [[audits.skrifa]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "0.19.1 -> 0.19.2" |
| |
| [[audits.skrifa]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] |
| delta = "0.19.2 -> 0.19.3" |
| |
| [[audits.small_ctor]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.1.1" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.static_assertions]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] |
| version = "1.1.0" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` |
| and there were no hits except for one `unsafe`. |
| |
| The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code |
| never runs) and is only introduced for some compile-time checks. Additional |
| unsafe review comments can be found in https://crrev.com/c/5353376. |
| |
| This crate has been added to Chromium in https://crrev.com/c/3736562. The CL |
| description contains a link to a document with an additional security review. |
| """ |
| |
| [[audits.strsim]] |
| who = "danakj@chromium.org" |
| criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] |
| version = "0.10.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.strsim]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "ub-risk-0" |
| version = "0.11.0" |
| notes = "No `unsafe`" |
| |
| [[audits.strsim]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.10.0 -> 0.11.0" |
| |
| [[audits.strsim]] |
| who = "Adrian Taylor <adetaylor@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.11.0 -> 0.11.1" |
| |
| [[audits.strum]] |
| who = "danakj@chromium.org" |
| criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] |
| version = "0.25.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.strum_macros]] |
| who = "danakj@chromium.org" |
| criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] |
| version = "0.25.3" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.syn]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.0.109" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.termcolor]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "1.4.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.termcolor]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = "ub-risk-0" |
| version = "1.4.0" |
| notes = "No `unsafe`." |
| |
| [[audits.termcolor]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "1.4.0 -> 1.4.1" |
| |
| [[audits.tinyvec]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] |
| version = "1.6.0" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
| and there were no hits except for some \"unsafe\" appearing in comments: |
| |
| ``` |
| src/arrayvec.rs: // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on |
| src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the |
| src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this |
| src/lib.rs://! crate* introduces no new `unsafe` code into your project. |
| src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code |
| ``` |
| |
| This crate has been added to Chromium in |
| https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b |
| """ |
| |
| [[audits.unicode-ident]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| version = "1.0.12" |
| notes = ''' |
| I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. |
| |
| All two functions from the public API of this crate use `unsafe` to avoid bound |
| checks for an array access. Cross-module analysis shows that the offsets can |
| be statically proven to be within array bounds. More details can be found in |
| the unsafe review CL at https://crrev.com/c/5350386. |
| |
| This crate has been added to Chromium in https://crrev.com/c/3891618. |
| ''' |
| |
| [[audits.unicode-linebreak]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] |
| version = "0.1.5" |
| notes = """ |
| Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` |
| and there were no hits. |
| |
| Version `0.1.2` of this crate has been added to Chromium in |
| https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb |
| The CL description contains a link to a Google-internal document with audit details. |
| """ |
| |
| [[audits.unicode-width]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.1.11" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.unicode-width]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.1.11 -> 0.1.12" |
| |
| [[audits.unicode-width]] |
| who = "Lukasz Anforowicz <lukasza@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.1.12 -> 0.1.13" |
| |
| [[audits.winapi]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.3.9" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.winapi-util]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.1.6" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[audits.winapi-util]] |
| who = "danakj <danakj@chromium.org>" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| delta = "0.1.6 -> 0.1.8" |
| |
| [[audits.wycheproof]] |
| who = "danakj@chromium.org" |
| criteria = ["safe-to-run", "does-not-implement-crypto"] |
| version = "0.4.0" |
| notes = """ |
| Reviewed in https://crrev.com/c/5171063 |
| |
| Previously reviewed during security review and the audit is grandparented in. |
| """ |
| |
| [[trusted.libc]] |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| user-id = 51017 |
| start = "2020-03-17" |
| end = "2025-05-23" |
| notes = """ |
| Chromium implicitly trusts the Rust toolchain (e.g. the `rustc` and |
| `cargo` binaries maintained and published by the |
| https://github.com/rust-lang organization and packaged and distributed |
| via Chromium's `tools/rust/package_rust.py` scripts). Here we extend |
| this trust to the system libraries that are maintained and published by |
| the same organization. |
| |
| user-id 51017 maps to https://crates.io/users/JohnTitor who has |
| published https://crates.io/crates/libc/0.2.154 |
| """ |
| |
| [[trusted.libc]] |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| user-id = 5820 # the8472 |
| start = "2020-03-17" |
| end = "2025-05-23" |
| notes = """ |
| Same justification as for the other `trusted.libc` entry above. |
| |
| user-id 5820 maps to https://crates.io/users/the8472 who has published |
| https://crates.io/crates/libc/0.2.155 |
| """ |
| |
| [[trusted.windows-sys]] |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| user-id = 64539 # Kenny Kerr (kennykerr) |
| start = "2021-11-15" |
| end = "9999-05-15" |
| notes = """ |
| This crate and its deps are published by Microsoft as the official Rust SDK for Windows APIs at https://github.com/microsoft/windows-rs |
| |
| user-id 64539 maps to https://crates.io/users/kennykerr who has published version 0.52.0. |
| """ |
| |
| [[trusted.windows-targets]] |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| user-id = 64539 # Kenny Kerr (kennykerr) |
| start = "2022-09-09" |
| end = "9999-05-15" |
| notes = """ |
| This crate is part of the official Rust SDK from Microsoft, see windows-sys. |
| """ |
| |
| [[trusted.windows_aarch64_msvc]] |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| user-id = 64539 # Kenny Kerr (kennykerr) |
| start = "2021-11-05" |
| end = "9999-05-15" |
| notes = """ |
| This crate is part of the official Rust SDK from Microsoft, see windows-sys. |
| """ |
| |
| [[trusted.windows_i686_msvc]] |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| user-id = 64539 # Kenny Kerr (kennykerr) |
| start = "2021-10-27" |
| end = "9999-05-15" |
| notes = """ |
| This crate is part of the official Rust SDK from Microsoft, see windows-sys. |
| """ |
| |
| [[trusted.windows_x86_64_msvc]] |
| criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] |
| user-id = 64539 # Kenny Kerr (kennykerr) |
| start = "2021-10-27" |
| end = "9999-05-15" |
| notes = """ |
| This crate is part of the official Rust SDK from Microsoft, see windows-sys. |
| """ |