# cargo-vet audits file [criteria.crypto-safe] description = """ All crypto algorithms in this crate have been reviewed by a relevant expert. **Note**: If a crate does not implement crypto, use `does-not-implement-crypto`, which implies `crypto-safe`, but does not require expert review in order to audit for.""" [criteria.does-not-implement-crypto] description = """ Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own. Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be \"good enough\" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.""" implies = "crypto-safe" [criteria.ub-risk-0] description = """ No unsafe code. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0 """ implies = "ub-risk-1" [criteria.ub-risk-1] description = """ Excellent soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1 """ implies = "ub-risk-2" [criteria.ub-risk-2] description = """ Negligible unsoundness or average soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2 """ implies = "ub-risk-3" [criteria.ub-risk-3] description = """ Mild unsoundness or suboptimal soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3 """ implies = "ub-risk-4" [criteria.ub-risk-4] description = """ Extreme unsoundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4 """ [[audits.aho-corasick]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.2" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.aho-corasick]] who = "Dustin J. Mitchell " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.1.2 -> 1.1.3" [[audits.anstyle]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.4" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.anstyle]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.4 -> 1.0.6" [[audits.anyhow]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.75 -> 1.0.79" notes = """ 1.0.75 has been previously audited as \"safe-to-run\", \"does-not-implement-crypto\" - see https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L277-L305 The \"1.0.75 -> 1.0.79\" delta meets the same criteria. This is an incremental/delta audit - we don't claim any particular `ub-risk-N` level for the baseline or for the final version. OTOH note that additional uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the **delta** was evaluated as `ub-risk-3` - no known unsoundness but: * Little safety comments to explain why a particular usage of `unsafe` is safe and/or necessary * Safety analysis couldn't be done locally, but required considering the whole crate (e.g. checking if the public `Ref.ptr` is mutated anywhere) """ [[audits.anyhow]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.79 -> 1.0.80" [[audits.anyhow]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.80 -> 1.0.81" [[audits.anyhow]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.81 -> 1.0.82" [[audits.autocfg]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "1.1.0" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits except for reasonable, client-controlled usage of `std::fs` in `AutoCfg::with_dir`. This crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb The CL description contains a link to a Google-internal document with audit details. """ [[audits.autocfg]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] delta = "1.1.0 -> 1.2.0" notes = ''' Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and nothing changed from the baseline audit of 1.1.0. Skimmed through the 1.1.0 => 1.2.0 delta and everything seemed okay. ''' [[audits.base64]] who = "Adam Langley " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "0.13.1" notes = "Skimmed the uses of `std` to ensure that nothing untoward is happening. Code uses `forbid(unsafe_code)` and, indeed, there are no uses of `unsafe`" [[audits.bitflags]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] version = "2.4.2" notes = """ Audit notes: * I've checked for any discussion in Google-internal cl/546819168 (where audit of version 2.3.3 happened) * `src/lib.rs` contains `#![cfg_attr(not(test), forbid(unsafe_code))]` * There are 2 cases of `unsafe` in `src/external.rs` but they seem to be correct in a straightforward way - they just propagate the marker trait's impl (e.g. `impl bytemuck::Pod`) from the inner to the outer type * Additional discussion and/or notes may be found in https://crrev.com/c/5238056 """ [[audits.bitflags]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "2.4.2 -> 2.5.0" [[audits.bytemuck]] who = "Lukasz Anforowicz " criteria = "safe-to-deploy" version = "1.14.3" notes = "Additional review notes may be found in https://crrev.com/c/5362675." [[audits.bytemuck]] who = "Lukasz Anforowicz " criteria = ["does-not-implement-crypto", "ub-risk-2"] delta = "1.13.1 -> 1.14.3" notes = "Additional review notes may be found in https://crrev.com/c/5362675." [[audits.bytemuck]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.14.3 -> 1.15.0" [[audits.bytes]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.4.0 -> 1.5.0" [[audits.bytes]] who = "Dustin J. Mitchell " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.5.0 -> 1.6.0" notes = "Update removes some unsafe, and includes verifiable safety comments for newly-added unsafe." [[audits.cfg-if]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.0" notes = ''' I grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. This is a really small crate (only `lib.rs` which is less than 200 lines + one end-to-end test) so I also skimmed through the macro's definition and everything looks okay to me. ''' [[audits.clap]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "4.4.8" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.clap]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "4.5.0" notes = "No `unsafe`" [[audits.clap]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.4.8 -> 4.4.14" [[audits.clap]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.4.14 -> 4.5.0" [[audits.clap]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.0 -> 4.5.1" [[audits.clap]] who = "danakj " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.1 -> 4.5.2" notes = "Reviewed in https://crrev.com/c/5362201" [[audits.clap]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.2 -> 4.5.3" [[audits.clap]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.3 -> 4.5.4" notes = "Minimal diff - only module naming/nesting-related changes." [[audits.clap_builder]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "4.4.8" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.clap_builder]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "4.5.0" notes = "No `unsafe`" [[audits.clap_builder]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.4.8 -> 4.4.14" [[audits.clap_builder]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.4.14 -> 4.5.0" [[audits.clap_builder]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.0 -> 4.5.1" [[audits.clap_builder]] who = "danakj " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "4.5.1 -> 4.5.2" notes = "Reviewed in https://crrev.com/c/5362201" [[audits.clap_lex]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.clap_lex]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.6.0 -> 0.7.0" [[audits.codespan-reporting]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.1" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.cxx]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.110" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.cxx]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" version = "1.0.116" notes = """ Grepped for \"crypt\", \"cipher\" - there were no hits (except for benign hits in `MODULE.bazel.lock`) """ [[audits.cxx]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" version = "1.0.117" notes = """ Grepped for \"crypt\", \"cipher\" - there were no hits (except for benign hits in `MODULE.bazel.lock`) """ [[audits.cxx]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" delta = "1.0.110 -> 1.0.115" notes = """ Grepped for \"crypt\", \"cipher\" - there were no hits (except for benign hits in `MODULE.bazel.lock`) """ [[audits.cxx]] who = "danakj " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.117 -> 1.0.119" notes = "Reviewed in https://crrev.com/c/5362739" [[audits.cxx]] who = "Dustin J. Mitchell " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.119 -> 1.0.120" notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544." [[audits.cxxbridge]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.110" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.cxxbridge-cmd]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.110" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.cxxbridge-cmd]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.110 -> 1.0.115" [[audits.cxxbridge-cmd]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.115 -> 1.0.116" [[audits.cxxbridge-cmd]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.116 -> 1.0.117" [[audits.cxxbridge-cmd]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.117 -> 1.0.118" [[audits.cxxbridge-cmd]] who = "danakj " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.118 -> 1.0.119" notes = "Reviewed in https://crrev.com/c/5362136" [[audits.cxxbridge-cmd]] who = "Dustin J. Mitchell " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.119 -> 1.0.120" notes = "Version bump only." [[audits.cxxbridge-cmd]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.120 -> 1.0.121" [[audits.cxxbridge-flags]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.110" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.cxxbridge-flags]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" version = "1.0.116" notes = 'Grepped for \"crypt\", \"cipher\" - there were no hits' [[audits.cxxbridge-flags]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.117" notes = """ I grepped for \"crypt\", \"cipher\", \"fs\", \"net\", \"unsafe\" - there were no hits. The crate is very straightforward - it just defines a `pub const STD: &str`. The crate was added to Chromium in https://crrev.com/c/5029701. """ [[audits.cxxbridge-flags]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" delta = "1.0.110 -> 1.0.115" notes = 'Grepped for \"crypt\", \"cipher\" - there were no hits' [[audits.cxxbridge-flags]] who = "danakj " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.117 -> 1.0.119" notes = "Reviewed in https://crrev.com/c/5362739" [[audits.cxxbridge-flags]] who = "Dustin J. Mitchell " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.119 -> 1.0.120" notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544" [[audits.cxxbridge-macro]] who = "danakj " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.117 -> 1.0.119" notes = "Reviewed in https://crrev.com/c/5362739" [[audits.cxxbridge-macro]] who = "Dustin J. Mitchell " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.119 -> 1.0.120" notes = "Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5392544" [[audits.either]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.9.0" [[audits.either]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.9.0 -> 1.10.0" [[audits.either]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.10.0 -> 1.11.0" [[audits.fend-core]] who = "jiwan@chromium.org" criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.4.6" [[audits.font-types]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "0.4.2" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits. The initial version of this crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/a59c3c448941f92f870d0c18c6d53d5c6104ab72 The CL description contains a link to a Google-internal document with audit details. """ [[audits.font-types]] who = "danakj " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] delta = "0.4.2 -> 0.4.3" notes = "Reviewed in https://crrev.com/c/5362378. No new use of unsafe." [[audits.getrandom]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.11" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.getrandom]] who = "Lukasz Anforowicz " criteria = "does-not-implement-crypto" delta = "0.2.11 -> 0.2.12" [[audits.getrandom]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.12 -> 0.2.14" [[audits.heck]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "0.4.1" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits. `heck` (version `0.3.3`) has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 """ [[audits.hex-literal]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.1" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.itertools]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.11.0" notes = """ This is 12K lines of code, plus 6K lines of tests and benchmarks. It has minimal use of unsafe and so I have paged though it all with \"::\" highlighted and paid attention to which imported functions are being called. """ [[audits.itoa]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.0.10" notes = ''' I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. There are a few places where `unsafe` is used. Unsafe review notes can be found in https://crrev.com/c/5350697. Version 1.0.1 of this crate has been added to Chromium in https://crrev.com/c/3321896. ''' [[audits.itoa]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.10 -> 1.0.11" notes = """ Straightforward diff between 1.0.10 and 1.0.11 - only 3 commits: * Bumping up the version * A touch up of comments * And my own PR to make `unsafe` blocks more granular: https://github.com/dtolnay/itoa/pull/42 """ [[audits.lazy_static]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.4.0" notes = ''' I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. There are two places where `unsafe` is used. Unsafe review notes can be found in https://crrev.com/c/5347418. This crate has been added to Chromium in https://crrev.com/c/3321895. ''' [[audits.libc]] who = "Lukasz Anforowicz " criteria = "ub-risk-4" version = "0.2.152" notes = """ Discussions related to the `unsafe` audit can be found in https://crrev.com/c/5178771. (This audit covered multiple crates that have been rolled when processing a backlog of crate updates - `libc` was one of them.) The audit found an unsound usage of `unsafe` when the `extra_traits` feature of the `libc` crate is enabled. See https://github.com/rust-lang/libc/issues/3560 for more details. """ [[audits.log]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.20 -> 0.4.21" notes = """ I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. I also skimmed through the 0.4.20 => 0.4.21 delta and there was no new crypto-related code AFAICT. """ [[audits.minimal-lexical]] who = "danakj@chromium.org" criteria = "ub-risk-3" version = "0.2.1" notes = """ Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/4977110 - Unsound unsafe blocks present. - Safe traits that can cause soundness bugs. """ [[audits.nom]] who = "danakj@chromium.org" criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-1"] version = "7.1.3" notes = """ Reviewed in https://chromium-review.googlesource.com/c/chromium/src/+/5046153 """ [[audits.ppv-lite86]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.17" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.proc-macro2]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.0.78" notes = """ Grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits (except for a benign \"fs\" hit in a doc comment) Notes from the `unsafe` review can be found in https://crrev.com/c/5385745. """ [[audits.proc-macro2]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.69 -> 1.0.76" notes = """ 1.0.69 has been previously audited as \"safe-to-run\", \"does-not-implement-crypto\" - see https://github.com/google/rust-crate-audits/blob/c2d49cb6e80bb817f569debecf846161dcebd88c/audits.toml#L3939-L3979 The \"1.0.69 -> 1.0.76\" delta meets the same criteria. This is an incremental/delta audit - we don't claim any particular `ub-risk-N` level for the baseline or for the final version. OTOH note that additional uses of `unsafe` have been reviewed in https://crrev.com/c/5178771 and the **delta** was evaluated as `ub-risk-2`. There are some new `unsafe` blocks but they seem sound - additional `unsafe` audit notes can be found in https://crrev.com/c/5178771/comment/32dbab4e_c7402137 and https://crrev.com/c/5178771/4/third_party/rust/chromium_crates_io/vendor/proc-macro2-1.0.76/src/wrapper.rs#783 """ [[audits.proc-macro2]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.78 -> 1.0.79" [[audits.proc-macro2]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "1.0.79 -> 1.0.80" [[audits.prost]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.12.3" [[audits.prost-derive]] who = "agl@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] version = "0.12.3" [[audits.prost-derive]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.12.3 -> 0.12.4" [[audits.qr_code]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "2.0.0" notes = """ * This crate was imported into Chromium back in May 2023: - CL: https://crrev.com/c/4497329 - Google-internal audit notes: go/qr-code-chromium-security-review * Certification today is mostly based on the old audit. The only checks performed today are: - `grep`ped for `unsafe` and verified that the only hit comes from `#![forbid(unsafe_code)]` """ [[audits.quote]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "1.0.33" notes = 'Grepped for `\bunsafe\b` - there were no hits' [[audits.quote]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.35" notes = """ Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits (except for benign \"net\" hit in tests and \"fs\" hit in README.md) """ [[audits.quote]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] delta = "1.0.35 -> 1.0.36" [[audits.rand]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.5" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.rand_pcg]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.1" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.regex]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.10.2" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.regex]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.10.2 -> 1.10.3" [[audits.regex]] who = "Dustin J. Mitchell " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.10.3 -> 1.10.4" notes = "Docs changes only." [[audits.regex-automata]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.3" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.regex-automata]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.3 -> 0.4.5" [[audits.regex-automata]] who = "danakj " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.5 -> 0.4.6" notes = "Reviewed in https://crrev.com/c/5362200" [[audits.regex-syntax]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.8.2" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.regex-syntax]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.8.2 -> 0.8.3" [[audits.rstest]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] version = "0.17.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.rstest_macros]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.17.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.rstest_reuse]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto", "ub-risk-0"] version = "0.5.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.rustc-demangle]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.23" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.rustc_version]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.rustversion]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "1.0.14" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits except for: * Using trivially-safe `unsafe` in test code: ``` tests/test_const.rs:unsafe fn _unsafe() {} tests/test_const.rs:const _UNSAFE: () = unsafe { _unsafe() }; ``` * Using `unsafe` in a string: ``` src/constfn.rs: \"unsafe\" => Qualifiers::Unsafe, ``` * Using `std::fs` in `build/build.rs` to write `${OUT_DIR}/version.expr` which is later read back via `include!` used in `src/lib.rs`. Version `1.0.6` of this crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/28841c33c77833cc30b286f9ae24c97e7a8f4057 """ [[audits.rustversion]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] delta = "1.0.14 -> 1.0.15" [[audits.semver]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.20" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.semver]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.20 -> 1.0.21" [[audits.semver]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.21 -> 1.0.22" [[audits.serde]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.0.197" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. There were some hits for `net`, but they were related to serialization and not actually opening any connections or anything like that. There were 2 hits of `unsafe` when grepping: * In `fn as_str` in `impl Buf` * In `fn serialize` in `impl Serialize for net::Ipv4Addr` Unsafe review comments can be found in https://crrev.com/c/5350573/2 (this review also covered `serde_json_lenient`). Version 1.0.130 of the crate has been added to Chromium in https://crrev.com/c/3265545. The CL description contains a link to a (Google-internal, sorry) document with a mini security review. """ [[audits.serde_derive]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "1.0.193" notes = 'Grepped for `\bunsafe\b` - there were no hits' [[audits.serde_derive]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.195" notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" [[audits.serde_derive]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.196" notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" [[audits.serde_derive]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-0"] version = "1.0.197" notes = "Grepped for \"unsafe\", \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits" [[audits.serde_json]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.108" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.serde_json]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.108 -> 1.0.111" [[audits.serde_json]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.111 -> 1.0.113" [[audits.serde_json]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.113 -> 1.0.114" [[audits.serde_json]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.114 -> 1.0.115" [[audits.serde_json_lenient]] who = "danakj@chromium.org" criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "0.1.8" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'`. There were some hits for `fs` and `net`, but they were in comments. Unsafe review comments can be found in https://crrev.com/c/5350573/2. There were 8 hits of `unsafe` when grepping. Version 0.1.4 of the crate was added to Chromium in https://crrev.com/c/3511416. """ [[audits.serde_json_lenient]] who = "danakj@chromium.org" criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "0.1.8 -> 0.2.0" notes = """ Reviewed in https://crrev.com/c/5361256 """ [[audits.serde_json_lenient]] who = "djmitche@chromium.org" criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "0.2.0 -> 0.2.1" notes = """ Reviewed in https://crrev.com/c/5385822 """ [[audits.skrifa]] who = "drott@chromium.org" criteria = ["ub-risk-1", "safe-to-deploy", "does-not-implement-crypto"] delta = "0.15.2 -> 0.15.4" [[audits.small_ctor]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.1" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.static_assertions]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-1"] version = "1.1.0" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'`, `'\bnet\b'`, `'\bunsafe\b'` and there were no hits except for one `unsafe`. The lambda where `unsafe` is used is never invoked (e.g. the `unsafe` code never runs) and is only introduced for some compile-time checks. Additional unsafe review comments can be found in https://crrev.com/c/5353376. This crate has been added to Chromium in https://crrev.com/c/3736562. The CL description contains a link to a document with an additional security review. """ [[audits.strsim]] who = "danakj@chromium.org" criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] version = "0.10.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.strsim]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "0.11.0" notes = "No `unsafe`" [[audits.strsim]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.10.0 -> 0.11.0" [[audits.strsim]] who = "Adrian Taylor " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.11.0 -> 0.11.1" [[audits.strum]] who = "danakj@chromium.org" criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] version = "0.25.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.strum_macros]] who = "danakj@chromium.org" criteria = ["does-not-implement-crypto", "safe-to-deploy", "ub-risk-0"] version = "0.25.3" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.syn]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.109" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.syn]] who = "Adrian Taylor " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "2.0.52 -> 2.0.53" [[audits.syn]] who = "Dustin J. Mitchell " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] delta = "2.0.53 -> 2.0.55" notes = "Mostly clippy, test changes - no changed unsafe." [[audits.termcolor]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.4.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.termcolor]] who = "Lukasz Anforowicz " criteria = "ub-risk-0" version = "1.4.0" notes = "No `unsafe`." [[audits.termcolor]] who = "Lukasz Anforowicz " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.4.0 -> 1.4.1" [[audits.tinyvec]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "1.6.0" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits except for some \"unsafe\" appearing in comments: ``` src/arrayvec.rs: // Note: This shouldn't use A::CAPACITY, because unsafe code can't rely on src/lib.rs://! All of this is done with no `unsafe` code within the crate. Technically the src/lib.rs://! `Vec` type from the standard library uses `unsafe` internally, but *this src/lib.rs://! crate* introduces no new `unsafe` code into your project. src/array.rs:/// Just a reminder: this trait is 100% safe, which means that `unsafe` code ``` This crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/24773c33e1b7a1b5069b9399fd034375995f290b """ [[audits.unicode-ident]] who = "Lukasz Anforowicz " criteria = ["safe-to-deploy", "does-not-implement-crypto", "ub-risk-2"] version = "1.0.12" notes = ''' I grepped for \"crypt\", \"cipher\", \"fs\", \"net\" - there were no hits. All two functions from the public API of this crate use `unsafe` to avoid bound checks for an array access. Cross-module analysis shows that the offsets can be statically proven to be within array bounds. More details can be found in the unsafe review CL at https://crrev.com/c/5350386. This crate has been added to Chromium in https://crrev.com/c/3891618. ''' [[audits.unicode-linebreak]] who = "Lukasz Anforowicz " criteria = ["ub-risk-0", "safe-to-deploy", "does-not-implement-crypto"] version = "0.1.5" notes = """ Grepped for `-i cipher`, `-i crypto`, `'\bfs\b'``, `'\bnet\b'``, `'\bunsafe\b'`` and there were no hits. Version `0.1.2` of this crate has been added to Chromium in https://source.chromium.org/chromium/chromium/src/+/591a0f30c5eac93b6a3d981c2714ffa4db28dbcb The CL description contains a link to a Google-internal document with audit details. """ [[audits.unicode-width]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.11" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.winapi]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.3.9" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.winapi-util]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.6" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """ [[audits.wycheproof]] who = "danakj@chromium.org" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.0" notes = """ Reviewed in https://crrev.com/c/5171063 Previously reviewed during security review and the audit is grandparented in. """