Detects usage of unsafe Rust in a Rust crate and its dependencies.

Overview

cargo-geiger ☢️

Build Status unsafe forbidden Code Coverage crates.io Crates.io

A program that lists statistics related to the usage of unsafe Rust code in a Rust crate and all its dependencies.

This cargo plugin were originally based on the code from two other projects: https://github.com/icefoxen/cargo-osha and https://github.com/sfackler/cargo-tree.

Installation

Try to find and use a system-wide installed OpenSSL library:

cargo install cargo-geiger

Or, build and statically link OpenSSL as part of the cargo-geiger executable:

cargo install cargo-geiger --features vendored-openssl

Usage

  1. Navigate to the same directory as the Cargo.toml you want to analyze.
  2. cargo geiger

Output example

Example output

Why even care about unsafe Rust usage?

When and why to use unsafe Rust is out of scope for this project; it is simply a tool that provides information to aid auditing and hopefully to guide dependency selection. It is, however, the opinion of the author of this project that libraries choosing to abstain from unsafe Rust usage when possible should be promoted.

This project is an attempt to create pressure against unnecessary usage of unsafe Rust in public Rust libraries.

Why the name?

https://en.wikipedia.org/wiki/Geiger_counter

Unsafe code, like ionizing radiation, is unavoidable in some situations and should be safely contained!

Known issues

  • Unsafe code inside macros is not detected. Needs macro expansion(?).
  • Unsafe code generated by build.rs is probably not detected.
  • More on the GitHub issue tracker.

Roadmap

  • There should be no false negatives. All unsafe code should be identified. This is probably too ambitious, but scanning for #![forbid(unsafe_code)] should be a reliable alternative (implemented since 0.6.0). Please see the changelog.
  • An optional whitelist file at the root crate level to specify crates that are trusted to use unsafe (should only have an effect when placed in the project's root).

Libraries

Cargo Geiger exposes three libraries:

  • cargo-geiger - Unversioned and highly unstable library exposing the internals of the cargo-geiger binary. As such, any function contained within this library may be subject to change.
  • cargo-geiger-serde - A library containing the serializable report types
  • geiger - A library containing a few decoupled cargo components used by cargo-geiger

Changelog

View the changelog here

Cargo Geiger Safety Report


Metric output format: x/y
    x = unsafe code used by the build
    y = total unsafe code found in the crate

Symbols: 
    🔒  = No `unsafe` usage found, declares #![forbid(unsafe_code)]
    ❓  = No `unsafe` usage found, missing #![forbid(unsafe_code)]
    ☢️  = `unsafe` usage found

Functions  Expressions  Impls  Traits  Methods  Dependency

0/0        0/0          0/0    0/0     0/0      🔒  cargo-geiger 0.11.1
15/18      432/439      3/3    0/0     11/11    ☢️  ├── anyhow 1.0.40
0/26       0/623        0/6    0/0     0/5      ❓  │   └── backtrace 0.3.56
0/0        0/23         0/0    0/0     0/0      ❓  │       ├── addr2line 0.14.1
0/0        0/51         0/2    0/0     0/0      ❓  │       │   ├── gimli 0.23.0
0/0        37/42        1/1    0/0     0/0      ☢️  │       │   │   └── indexmap 1.6.2
2/2        1006/1098    16/19  0/0     35/39    ☢️  │       │   │       ├── hashbrown 0.9.1
0/0        4/4          0/0    0/0     0/0      ☢️  │       │   │       │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │       └── serde_derive 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │           ├── proc-macro2 1.0.24
0/0        0/0          0/0    0/0     0/0      🔒  │       │   │       │           │   └── unicode-xid 0.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │           ├── quote 1.0.9
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │           │   └── proc-macro2 1.0.24
0/0        45/45        3/3    0/0     2/2      ☢️  │       │   │       │           └── syn 1.0.67
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │               ├── proc-macro2 1.0.24
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │       │               ├── quote 1.0.9
0/0        0/0          0/0    0/0     0/0      🔒  │       │   │       │               └── unicode-xid 0.2.1
0/0        4/4          0/0    0/0     0/0      ☢️  │       │   │       └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │       │   ├── rustc-demangle 0.1.18
1/1        392/392      7/7    1/1     13/13    ☢️  │       │   └── smallvec 1.6.1
0/0        4/4          0/0    0/0     0/0      ☢️  │       │       └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │       ├── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      🔒  │       ├── miniz_oxide 0.4.4
0/0        0/0          0/0    0/0     0/0      🔒  │       │   └── adler 1.0.2
0/0        0/21         0/0    0/1     0/0      ❓  │       ├── object 0.23.0
5/6        108/156      0/0    0/0     0/0      ☢️  │       │   ├── crc32fast 1.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │   └── cfg-if 1.0.0
4/4        129/129      2/2    0/0     2/2      ☢️  │       │   ├── flate2 1.0.20
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │   ├── cfg-if 1.0.0
5/6        108/156      0/0    0/0     0/0      ☢️  │       │   │   ├── crc32fast 1.2.1
0/19       10/311       0/0    0/0     5/27     ☢️  │       │   │   ├── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │       │   │   ├── libz-sys 1.1.2
0/19       10/311       0/0    0/0     5/27     ☢️  │       │   │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      🔒  │       │   │   └── miniz_oxide 0.4.4
0/0        37/42        1/1    0/0     0/0      ☢️  │       │   └── indexmap 1.6.2
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── rustc-demangle 0.1.18
0/0        4/4          0/0    0/0     0/0      ☢️  │       └── serde 1.0.125
4/4        341/347      0/0    0/0     3/3      ☢️  ├── cargo 0.52.0
15/18      432/439      3/3    0/0     11/11    ☢️  │   ├── anyhow 1.0.40
2/2        45/45        0/0    0/0     0/0      ☢️  │   ├── atty 0.2.14
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── bytesize 1.0.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── cargo-platform 0.1.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        1/1          0/0    0/0     0/0      ☢️  │   ├── clap 2.33.3
0/0        23/23        0/0    0/0     0/0      ☢️  │   │   ├── ansi_term 0.11.0
2/2        45/45        0/0    0/0     0/0      ☢️  │   │   ├── atty 0.2.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── bitflags 1.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── strsim 0.8.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── textwrap 0.11.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   └── unicode-width 0.1.8
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── unicode-width 0.1.8
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── vec_map 0.8.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │       └── serde 1.0.125
0/0        606/606      12/12  4/4     12/12    ☢️  │   ├── core-foundation 0.9.1
0/0        3/3          0/0    0/0     2/2      ☢️  │   │   ├── core-foundation-sys 0.8.2
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── crates-io 0.33.0
15/18      432/439      3/3    0/0     11/11    ☢️  │   │   ├── anyhow 1.0.40
4/4        875/876      5/5    0/0     2/2      ☢️  │   │   ├── curl 0.4.35
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── curl-sys 0.4.41+curl-7.75.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │   ├── libc 0.2.92
0/0        0/1          0/0    0/0     0/0      ❓  │   │   │   │   ├── libnghttp2-sys 0.1.6+1.43.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   │   └── libz-sys 1.1.2
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   ├── libc 0.2.92
0/0        644/1122     0/0    0/0     5/9      ☢️  │   │   │   └── socket2 0.3.19
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │       ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │       └── libc 0.2.92
0/0        3/3          0/0    0/0     0/0      ☢️  │   │   ├── percent-encoding 2.1.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   │   ├── serde_json 1.0.64
0/0        37/42        1/1    0/0     0/0      ☢️  │   │   │   ├── indexmap 1.6.2
0/0        1/1          0/0    0/0     0/0      ☢️  │   │   │   ├── itoa 0.4.7
8/12       674/921      0/0    0/0     2/2      ☢️  │   │   │   ├── ryu 1.0.5
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── url 2.2.1
0/0        2/2          0/0    0/0     0/0      ☢️  │   │       ├── form_urlencoded 1.0.1
0/0        0/0          0/0    0/0     0/0      ❓  │   │       │   ├── matches 0.1.8
0/0        3/3          0/0    0/0     0/0      ☢️  │   │       │   └── percent-encoding 2.1.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │       ├── idna 0.2.2
0/0        0/0          0/0    0/0     0/0      ❓  │   │       │   ├── matches 0.1.8
0/0        0/0          0/0    0/0     0/0      🔒  │   │       │   ├── unicode-bidi 0.3.4
0/0        0/0          0/0    0/0     0/0      ❓  │   │       │   │   ├── matches 0.1.8
0/0        4/4          0/0    0/0     0/0      ☢️  │   │       │   │   └── serde 1.0.125
0/0        20/20        0/0    0/0     0/0      ☢️  │   │       │   └── unicode-normalization 0.1.17
0/0        0/0          0/0    0/0     0/0      🔒  │   │       │       └── tinyvec 1.1.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │       │           ├── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │       │           └── tinyvec_macros 0.1.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │       ├── matches 0.1.8
0/0        3/3          0/0    0/0     0/0      ☢️  │   │       ├── percent-encoding 2.1.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │       └── serde 1.0.125
4/4        79/79        14/14  0/0     2/2      ☢️  │   ├── crossbeam-utils 0.8.3
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── cfg-if 1.0.0
0/0        7/7          1/1    0/0     0/0      ☢️  │   │   └── lazy_static 1.4.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── crypto-hash 0.3.4
0/0        23/23        0/0    0/0     0/0      ☢️  │   │   ├── commoncrypto 0.2.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   └── commoncrypto-sys 0.2.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │       └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── hex 0.3.2
4/4        875/876      5/5    0/0     2/2      ☢️  │   ├── curl 0.4.35
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── curl-sys 0.4.41+curl-7.75.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── env_logger 0.8.3
2/2        45/45        0/0    0/0     0/0      ☢️  │   │   ├── atty 0.2.14
0/0        0/0          0/0    0/0     0/0      🔒  │   │   ├── humantime 2.1.0
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── cfg-if 1.0.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        34/34        1/2    0/0     2/2      ☢️  │   │   ├── regex 1.4.5
19/19      678/678      0/0    0/0     22/22    ☢️  │   │   │   ├── aho-corasick 0.7.15
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   │   │   │   └── memchr 2.3.4
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │       └── libc 0.2.92
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   │   │   ├── memchr 2.3.4
0/0        0/0          0/0    0/0     0/0      🔒  │   │   │   └── regex-syntax 0.6.23
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── termcolor 1.1.2
0/0        35/78        0/0    0/0     0/0      ☢️  │   ├── filetime 0.2.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
4/4        129/129      2/2    0/0     2/2      ☢️  │   ├── flate2 1.0.20
9/9        3745/3765    3/3    0/0     81/81    ☢️  │   ├── git2 0.13.17
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── bitflags 1.2.1
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   ├── libc 0.2.92
0/0        18/18        0/0    0/0     0/0      ☢️  │   │   ├── libgit2-sys 0.12.18+1.1.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   ├── libc 0.2.92
2/2        6/6          0/0    0/0     0/0      ☢️  │   │   │   ├── libssh2-sys 0.2.21
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │   ├── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   │   ├── libz-sys 1.1.2
42/42      149/149      0/0    0/0     0/0      ☢️  │   │   │   │   └── openssl-sys 0.9.61
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │       └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── libz-sys 1.1.2
42/42      149/149      0/0    0/0     0/0      ☢️  │   │   │   └── openssl-sys 0.9.61
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── url 2.2.1
1/1        17/19        0/0    0/0     0/0      ☢️  │   ├── git2-curl 0.14.1
4/4        875/876      5/5    0/0     2/2      ☢️  │   │   ├── curl 0.4.35
9/9        3745/3765    3/3    0/0     81/81    ☢️  │   │   ├── git2 0.13.17
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── url 2.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── glob 0.3.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── hex 0.4.3
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        0/14         0/0    0/0     0/0      ❓  │   ├── home 0.5.3
0/0        0/0          0/0    0/0     0/0      🔒  │   ├── humantime 2.1.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── ignore 0.4.17
4/4        79/79        14/14  0/0     2/2      ☢️  │   │   ├── crossbeam-utils 0.8.3
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── globset 0.4.6
19/19      678/678      0/0    0/0     22/22    ☢️  │   │   │   ├── aho-corasick 0.7.15
8/8        377/377      0/0    0/0     0/0      ☢️  │   │   │   ├── bstr 0.2.15
0/0        7/7          1/1    0/0     0/0      ☢️  │   │   │   │   ├── lazy_static 1.4.0
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   │   │   │   ├── memchr 2.3.4
0/0        225/225      5/5    1/1     14/14    ☢️  │   │   │   │   ├── regex-automata 0.1.9
0/1        176/193      0/0    0/0     0/0      ☢️  │   │   │   │   │   ├── byteorder 1.4.3
0/0        0/0          0/0    0/0     0/0      🔒  │   │   │   │   │   └── regex-syntax 0.6.23
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── fnv 1.0.7
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   │   ├── log 0.4.14
0/0        34/34        1/2    0/0     2/2      ☢️  │   │   │   ├── regex 1.4.5
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        7/7          1/1    0/0     0/0      ☢️  │   │   ├── lazy_static 1.4.0
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   │   ├── memchr 2.3.4
0/0        34/34        1/2    0/0     2/2      ☢️  │   │   ├── regex 1.4.5
0/0        3/3          0/0    0/0     0/0      ☢️  │   │   ├── same-file 1.0.6
0/0        109/109      1/1    0/0     4/4      ☢️  │   │   ├── thread_local 1.1.3
1/1        75/94        4/6    0/0     2/3      ☢️  │   │   │   └── once_cell 1.7.2
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── walkdir 2.3.2
0/0        3/3          0/0    0/0     0/0      ☢️  │   │       └── same-file 1.0.6
1/1        122/122      2/2    0/0     4/4      ☢️  │   ├── im-rc 15.0.0
0/0        100/100      0/0    0/0     9/9      ☢️  │   │   ├── bitmaps 2.1.0
0/0        0/0          0/0    0/0     0/0      🔒  │   │   │   └── typenum 1.13.0
0/0        22/22        0/0    0/0     0/0      ☢️  │   │   ├── rand_core 0.5.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── rand_xoshiro 0.4.0
0/0        22/22        0/0    0/0     0/0      ☢️  │   │   │   ├── rand_core 0.5.1
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   ├── serde 1.0.125
0/1        311/631      0/0    0/0     20/39    ☢️  │   │   ├── sized-chunks 0.6.4
0/0        100/100      0/0    0/0     9/9      ☢️  │   │   │   ├── bitmaps 2.1.0
0/0        0/0          0/0    0/0     0/0      🔒  │   │   │   └── typenum 1.13.0
0/0        0/0          0/0    0/0     0/0      🔒  │   │   └── typenum 1.13.0
0/0        188/282      0/2    0/0     4/6      ☢️  │   ├── jobserver 0.1.21
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        7/7          1/1    0/0     0/0      ☢️  │   ├── lazy_static 1.4.0
0/0        43/43        2/2    0/0     0/0      ☢️  │   ├── lazycell 1.3.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/19       10/311       0/0    0/0     5/27     ☢️  │   ├── libc 0.2.92
0/0        18/18        0/0    0/0     0/0      ☢️  │   ├── libgit2-sys 0.12.18+1.1.0
1/1        16/16        1/1    0/0     0/0      ☢️  │   ├── log 0.4.14
26/27      1823/1896    0/0    0/0     0/0      ☢️  │   ├── memchr 2.3.4
0/0        65/72        0/0    0/0     0/0      ☢️  │   ├── num_cpus 1.13.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        6/6          0/0    0/0     0/0      ☢️  │   ├── opener 0.4.1
30/30      5630/5630    33/33  3/3     16/16    ☢️  │   ├── openssl 0.10.33
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── bitflags 1.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── cfg-if 1.0.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── foreign-types 0.3.2
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   └── foreign-types-shared 0.1.1
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   ├── libc 0.2.92
1/1        75/94        4/6    0/0     2/3      ☢️  │   │   ├── once_cell 1.7.2
42/42      149/149      0/0    0/0     0/0      ☢️  │   │   └── openssl-sys 0.9.61
0/0        3/3          0/0    0/0     0/0      ☢️  │   ├── percent-encoding 2.1.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── rustc-workspace-hack 1.0.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── rustfix 0.5.1
15/18      432/439      3/3    0/0     11/11    ☢️  │   │   ├── anyhow 1.0.40
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   ├── log 0.4.14
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   │   └── serde_json 1.0.64
0/0        3/3          0/0    0/0     0/0      ☢️  │   ├── same-file 1.0.6
0/0        0/4          0/0    0/0     0/0      ❓  │   ├── semver 0.10.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── semver-parser 0.7.0
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        4/4          0/0    0/0     0/0      ☢️  │   ├── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── serde_ignored 0.1.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   ├── serde_json 1.0.64
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── shell-escape 0.1.5
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── strip-ansi-escapes 0.1.0
0/0        4/5          0/0    0/0     0/0      ☢️  │   │   └── vte 0.3.3
1/1        5/5          0/0    0/0     0/0      ☢️  │   │       └── utf8parse 0.1.1
2/2        52/52        0/0    0/0     0/0      ☢️  │   ├── tar 0.4.33
0/0        35/78        0/0    0/0     0/0      ☢️  │   │   ├── filetime 0.2.14
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        36/82        0/0    0/0     0/0      ☢️  │   ├── tempfile 3.2.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   ├── libc 0.2.92
0/0        20/20        0/0    0/0     0/0      ☢️  │   │   ├── rand 0.8.3
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   ├── libc 0.2.92
1/1        16/16        1/1    0/0     0/0      ☢️  │   │   │   ├── log 0.4.14
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   ├── rand_chacha 0.3.0
2/2        565/641      0/0    0/0     14/22    ☢️  │   │   │   │   ├── ppv-lite86 0.2.10
0/0        15/15        0/0    0/0     0/0      ☢️  │   │   │   │   └── rand_core 0.6.2
1/4        47/144       1/1    0/0     3/3      ☢️  │   │   │   │       ├── getrandom 0.2.2
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │   │       │   ├── cfg-if 1.0.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   │   │       │   └── libc 0.2.92
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   │       └── serde 1.0.125
0/0        15/15        0/0    0/0     0/0      ☢️  │   │   │   ├── rand_core 0.6.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │   └── serde 1.0.125
0/0        0/79         0/0    0/0     0/0      ❓  │   │   └── remove_dir_all 0.5.3
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── termcolor 1.1.2
0/0        0/0          0/0    0/0     0/0      🔒  │   ├── toml 0.5.8
0/0        37/42        1/1    0/0     0/0      ☢️  │   │   ├── indexmap 1.6.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── unicode-width 0.1.8
0/0        0/0          0/0    0/0     0/0      🔒  │   ├── unicode-xid 0.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── url 2.2.1
0/0        0/0          0/0    0/0     0/0      ❓  │   └── walkdir 2.3.2
0/0        0/0          0/0    0/0     0/0      🔒  ├── cargo-geiger-serde 0.2.0
0/0        0/4          0/0    0/0     0/0      ❓  │   ├── semver 0.11.0
0/0        0/0          0/0    0/0     0/0      ❓  │   │   ├── semver-parser 0.10.2
2/2        57/57        0/0    0/0     2/2      ☢️  │   │   │   └── pest 2.1.3
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   │       ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   │   │       ├── serde_json 1.0.64
0/0        0/0          0/0    0/0     0/0      ❓  │   │   │       └── ucd-trie 0.1.3
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        4/4          0/0    0/0     0/0      ☢️  │   ├── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   └── url 2.2.1
0/0        0/0          0/0    0/0     0/0      ❓  ├── cargo-platform 0.1.1
0/0        0/0          0/0    0/0     0/0      ❓  ├── cargo_metadata 0.13.1
1/1        50/50        0/0    0/0     2/2      ☢️  │   ├── camino 1.0.4
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   └── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── cargo-platform 0.1.1
0/0        0/4          0/0    0/0     0/0      ❓  │   ├── semver 0.11.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── semver-parser 0.10.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  │   └── serde_json 1.0.64
0/0        13/13        0/0    0/0     0/0      ☢️  ├── colored 2.0.0
2/2        45/45        0/0    0/0     0/0      ☢️  │   ├── atty 0.2.14
0/0        7/7          1/1    0/0     0/0      ☢️  │   └── lazy_static 1.4.0
0/1        55/235       0/0    0/0     0/0      ☢️  ├── console 0.14.1
0/0        7/7          1/1    0/0     0/0      ☢️  │   ├── lazy_static 1.4.0
0/19       10/311       0/0    0/0     5/27     ☢️  │   ├── libc 0.2.92
0/0        34/34        1/2    0/0     2/2      ☢️  │   ├── regex 1.4.5
0/0        5/12         0/0    0/0     0/0      ☢️  │   ├── terminal_size 0.1.16
0/19       10/311       0/0    0/0     5/27     ☢️  │   │   └── libc 0.2.92
0/0        0/0          0/0    0/0     0/0      ❓  │   └── unicode-width 0.1.8
0/0        0/0          0/0    0/0     0/0      🔒  ├── geiger 0.4.6
0/0        0/0          0/0    0/0     0/0      🔒  │   ├── cargo-geiger-serde 0.2.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── proc-macro2 1.0.24
0/0        45/45        3/3    0/0     2/2      ☢️  │   └── syn 1.0.67
0/0        0/0          0/0    0/0     0/0      ❓  ├── krates 0.7.0
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── cargo_metadata 0.13.1
0/0        0/0          0/0    0/0     0/0      ❓  │   ├── cfg-expr 0.7.4
1/1        392/392      7/7    1/1     13/13    ☢️  │   │   └── smallvec 1.6.1
2/2        75/75        4/4    1/1     1/1      ☢️  │   ├── petgraph 0.5.1
0/0        62/62        0/0    0/0     0/0      ☢️  │   │   ├── fixedbitset 0.2.0
0/0        37/42        1/1    0/0     0/0      ☢️  │   │   ├── indexmap 1.6.2
0/0        4/4          0/0    0/0     0/0      ☢️  │   │   ├── serde 1.0.125
0/0        0/0          0/0    0/0     0/0      ❓  │   │   └── serde_derive 1.0.125
0/0        0/4          0/0    0/0     0/0      ❓  │   └── semver 0.11.0
2/2        75/75        4/4    1/1     1/1      ☢️  ├── petgraph 0.5.1
0/0        0/0          0/0    0/0     0/0      🔒  ├── pico-args 0.4.0
0/0        34/34        1/2    0/0     2/2      ☢️  ├── regex 1.4.5
0/0        4/4          0/0    0/0     0/0      ☢️  ├── serde 1.0.125
0/0        6/6          0/0    0/0     0/0      ☢️  ├── serde_json 1.0.64
0/0        0/0          0/0    0/0     0/0      ❓  ├── strum 0.20.0
0/0        0/0          0/0    0/0     0/0      ❓  │   └── strum_macros 0.20.1
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── heck 0.3.2
0/0        0/0          0/0    0/0     0/0      ❓  │       │   └── unicode-segmentation 1.7.1
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── proc-macro2 1.0.24
0/0        0/0          0/0    0/0     0/0      ❓  │       ├── quote 1.0.9
0/0        45/45        3/3    0/0     2/2      ☢️  │       └── syn 1.0.67
0/0        0/0          0/0    0/0     0/0      ❓  ├── strum_macros 0.20.1
0/0        0/0          0/0    0/0     0/0      ❓  ├── url 2.2.1
0/0        0/0          0/0    0/0     0/0      ❓  └── walkdir 2.3.2

200/260    20550/23557  121/137 10/11   296/361

Comments
  • Make it available as a library?

    Make it available as a library?

    I want to make a website that gives statistics on various crates, including unsafe usage. Naturally I immediately thought of this, but using cargo-geiger to output data and then attempting to re-parse it seems excessively hard. Would you accept a PR that refactors most of the actual work into a library crate?

    I don't think I would ever really expect a stable API or such, but being able to keep all the processing in one program would be nice.

    enhancement 
    opened by icefoxen 33
  • Use cargo_metadata to explore the dependency tree.

    Use cargo_metadata to explore the dependency tree.

    Switch out the cargo API pieces currently used for exploring the dependency graph and use https://crates.io/crates/cargo_metadata instead.

    Found here: https://github.com/sfackler/cargo-tree/issues/41

    This is a subtask of #69

    Consider using https://crates.io/crates/krates as part of this migration.

    enhancement help wanted important 
    opened by anderejd 17
  • Idea: safety badges

    Idea: safety badges

    I want crate readme files to show their unsafe-ness.

    • badge unsafe for crates without #![forbid(unsafe_code)]
    • badge unsafe-deps for crates with deps that lack #![forbid(unsafe_code)]
    • badge safe for crates with #![forbid(unsafe_code)]

    Clicking on the badge would show the cargo-geiger report for that version of the crate.

    Is anyone else interested in setting up something like this?

    SVG sources: badges-svg.zip

    enhancement question 
    opened by mleonhard 15
  • 'features' flags does not work

    'features' flags does not work

    This one:

            --features <FEATURES>     Space-separated list of features to activate
            --all-features            Activate all available features
            --no-default-features     Do not activate the `default` feature
    
    opened by RazrFalcon 15
  • use ExampleBin by default for example target

    use ExampleBin by default for example target

    This fixes a a part of test failure in #193 - at the moment cargo-geiger sets CustomBuildRoot for code files in examples and as a result itertools/examples/iris.rs also is assumed to be a custom build root.

    opened by qrilka 14
  • Feature: safety report in readme

    Feature: safety report in readme

    I want a tool to automatically update update a safety report section in my project's readme file. Requirements:

    • Run cargo-geiger on the current project
    • Convert the report into Markdown format
    • Look for a # Safety Report section in Readme.md and replace it with the generated report

    Advanced features:

    • An argument with the name of the markdown file to update
    • An argument with the name of the section to replace
    • Check the git repository, see if there's a tag at HEAD in the current branch, and include the tag in the report. This could be a separate program.
    • An option to include the branch name in the report.
    • An option to include the git commit ID in the report.
    • For each unsafe crate, link to a ticket about making the crate safer. So folks can easily express their desire for more safety in code and dependencies. For crates without such tickets, link to a page explaining how to file the ticket and add the link to cargo-geiger (make a PR). When crate maintainers delete tickets that ask for more safety, include a link to a ticket in a different repository. The isaacs/github repository is an example of this technique.

    Similar tools: clog-cli

    opened by mleonhard 14
  • Emoji rendering error under rxvt-unicode which isn't fixed by --charset ascii

    Emoji rendering error under rxvt-unicode which isn't fixed by --charset ascii

    On a brand new cargo-geiger install (cargo install cargo-geiger producing version 0.7.2), I get the following less-than-ideal output when running cargo-geiger under a stack of rxvt-unicode and GNU screen:

    screenshot6

    --charset ascii does change the tree-view line-drawing characters (which render just fine in the default UTF-8 mode), but doesn't change the more important icons.

    (I haven't checked your code but, when using the radioactive symbol emoji in your README for testing, the problem is that rxvt-unicode doesn't like U+FE0F (VARIATION SELECTOR-16))

    bug help wanted 
    opened by ssokolow 13
  • NOISSUE - Create `lib.rs`, to allow documentation tests to be written…

    NOISSUE - Create `lib.rs`, to allow documentation tests to be written…

    … and

    run:

    • Add high level description of public modules in lib.rs
    • Add docs and doc-tests for args module
    • Add clippy level to enforce use of doc markdown

    Signed-off-by: joshmc [email protected]

    opened by jmcconnell26 12
  • Expose the cargo crate feature: vendored-openssl.

    Expose the cargo crate feature: vendored-openssl.

    Fixes: #97

    Is this an acceptable solution? For macOS this seems like the right choice to me. If this PR passes the CI build I'm fine with using the vendored-openssl feature for all platforms.

    opened by anderejd 12
  • Manifest parse errors despite using latest version of Rust

    Manifest parse errors despite using latest version of Rust

    ❯ cargo build
        Finished dev [unoptimized + debuginfo] target(s) in 0.23s
    
    ❯ cargo geiger --version
    cargo-geiger 0.11.3
    
    ❯ cargo geiger
    error: failed to parse manifest at `C:\Path\To\Project\Cargo.toml`
    
    Caused by:
      namespaced features with the `dep:` prefix are only allowed on the nightly channel and requires the `-Z namespaced-features` flag on the command-line
    

    Which is odd, because namespaced features has been stable since 1.60 and none of the other cargo tools I have are choking on my Cargo.toml.

    opened by alexschrod 11
  • panic in .toml parser on some repos

    panic in .toml parser on some repos

    Version: cargo-geiger 0.9.0

    $ cargo geiger
    thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: ()', src/libcore/result.rs:1165:5
    stack backtrace:
    ...
      14: core::result::unwrap_failed
                 at src/libcore/result.rs:1165
      15: cargo::util::canonical_url::CanonicalUrl::new
      16: cargo::core::source::source_id::SourceId::new
      17: cargo::util::toml::DetailedTomlDependency::to_dependency
      18: cargo::util::toml::TomlDependency::to_dependency
      19: cargo::util::toml::TomlManifest::to_real_manifest::process_dependencies
      20: cargo::util::toml::TomlManifest::to_real_manifest
      21: cargo::util::toml::read_manifest
      22: cargo::core::workspace::Packages::load
      23: cargo::core::workspace::Workspace::find_root
      24: cargo::core::workspace::Workspace::new
      25: cargo_geiger::cli::get_workspace
      26: cargo_geiger::main
      27: std::rt::lang_start::{{closure}}
      28: std::rt::lang_start_internal::{{closure}}
                 at src/libstd/rt.rs:48
      29: std::panicking::try::do_call
                 at src/libstd/panicking.rs:287
      30: __rust_maybe_catch_panic
                 at src/libpanic_unwind/lib.rs:78
      31: std::panicking::try
                 at src/libstd/panicking.rs:265
      32: std::panic::catch_unwind
                 at src/libstd/panic.rs:396
      33: std::rt::lang_start_internal
                 at src/libstd/rt.rs:47
      34: main
      35: __libc_start_main
      36: _start
    

    it would be useful to get at least the line number in the .toml file that causes the problem.

    EDIT: I tried eliminating lines in my Cargo.toml to find the offending code, but even with my whole Cargo.toml commented I got the above error. Weird. geiger works fine in some other repos.

    bug help wanted 
    opened by emilk 11
  • build(deps): bump cargo_metadata from 0.15.0 to 0.15.2

    build(deps): bump cargo_metadata from 0.15.0 to 0.15.2

    Bumps cargo_metadata from 0.15.0 to 0.15.2.

    Changelog

    Sourced from cargo_metadata's changelog.

    Changelog

    Unreleased

    Added

    • Re-exported semver crate directly.

    Changed

    • Made parse_stream more versatile by accepting anything that implements Read.

    Removed

    • Removed re-exports for BuildMetadata and Prerelease from semver crate.

    Fixed

    • Added missing manifest_path field to Artifact. Fixes #187.
    Commits
    • 8319bd6 Publish new version
    • 711710b Merge pull request #213 from messense/fix-212
    • ad8bf92 Add #[serde(default)] to Artifact::manifest_path
    • 1af69df Merge pull request #211 from messense/stderr
    • d9cd00d Allow MetadataCommand to inherit stderr from parent
    • a0f55ac Disable semver again
    • b0a608d Add semver checks to CI
    • feac4af Version bump
    • 2d2998c Merge pull request #205 from msrd0/add-target-is-xxx
    • ecabef4 Add is_lib, is_bin etc to Target
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • build(deps): bump krates from 0.11.0 to 0.12.6

    build(deps): bump krates from 0.11.0 to 0.12.6

    Bumps krates from 0.11.0 to 0.12.6.

    Release notes

    Sourced from krates's releases.

    Release 0.12.5

    Fixed

    • PR#51 resolved #50 by no longer treating the feature set in the index as authoritative, but rather just merging in the keys that were not already located in the feature set from the crate itself. This would mean that features that are present in both but with different sub-features from the index will now be lost, but that can be fixed later if it is actually an issue.

    Release 0.12.4

    Fixed

    • PR#49 resolved #48 by not entering into an infinite loop in the presence of cyclic features. Oops.

    Release 0.12.3

    Fixed

    • PR#47 resolved #46 by both adding the prefer-index feature to get the actual correct feature information for a crate from the index, rather than the cargo metadata, as well as silently ignoring features that are resolved, but not available from the package manifest if the feature is not enabled.

    Release 0.12.2

    Fixed

    • PR#45 fixed a bug where optional dependencies could be pruned if their name differed from the feature that enabled them.

    Added

    • PR#45 added Krates::direct_dependencies as a complement to Krates::direct_dependents.

    Release 0.12.1

    Added

    • PR#43 and PR#44 added Krates::direct_dependents to more easily obtain the crates that directly depend on the specified crate/node, regardless of any features in between those crates.

    Release 0.12.0

    Added

    • PR#42 added support for features, adding nodes for each unique future, and linking edges between dependencies and features themselves. This (hopefully) properly takes into account the existing ways of pruning the graph via targets, exclusions etc. It also allows the retrieval of that final feature set via Krates::get_enabled_features.

    Fixed

    • PR#42 resolved #41 by properly pruning weak dependencies that were improperly resolved by cargo.
    Changelog

    Sourced from krates's changelog.

    [0.12.6] - 2022-11-25

    Changed

    • PR#52 updated cfg-expr to 0.12.
    • PR#52 changed Krates::search_matches and Krates::search_by_name to use impl Into<String> for the name to search, so that the lifetime of it is not paired with the graph itself.

    [0.12.5] - 2022-11-08

    Fixed

    • PR#51 resolved #50 by no longer treating the feature set in the index as authoritative, but rather just merging in the keys that were not already located in the feature set from the crate itself. This would mean that features that are present in both but with different sub-features from the index will now be lost, but that can be fixed later if it is actually an issue.

    [0.12.4] - 2022-11-02

    Fixed

    • PR#49 resolved #48 by not entering into an infinite loop in the presence of cyclic features. Oops.

    [0.12.3] - 2022-11-01

    Fixed

    • PR#47 resolved #46 by both adding the prefer-index feature to get the actual correct feature information for a crate from the index, rather than the cargo metadata, as well as silently ignoring features that are resolved, but not available from the package manifest if the feature is not enabled.

    [0.12.2] - 2022-10-28

    Fixed

    • PR#45 fixed a bug where optional dependencies could be pruned if their name differed from the feature that enabled them.

    Added

    • PR#45 added Krates::direct_dependencies as a complement to Krates::direct_dependents.

    [0.12.1] - 2022-10-25

    Added

    • PR#43 and PR#44 added Krates::direct_dependents to more easily obtain the crates that directly depend on the specified crate/node, regardless of any features in between those crates.

    [0.12.0] - 2022-10-06

    Added

    • PR#42 added support for features, adding nodes for each unique future, and linking edges between dependencies and features themselves. This (hopefully) properly takes into account the existing ways of pruning the graph via targets, exclusions etc. It also allows the retrieval of that final feature set via Krates::get_enabled_features.

    Fixed

    • PR#42 resolved #41 by properly pruning weak dependencies that were improperly resolved by cargo.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • cargo_metadata & krate coupling

    cargo_metadata & krate coupling

    Need to de-couple these and ensure they do not break between bumps...

    https://dev.azure.com/cargo-geiger/cargo-geiger/_build/results?buildId=819&view=logs&j=022b0a5d-2698-5f72-7610-a845972a8b4c&t=33e4d865-0676-5964-ba63-59b88208e67d&l=350

    error[E0609]: no field `krate` on type `&krates::Node<cargo_metadata::Package>`
       --> cargo-geiger\src\graph.rs:119:39
        |
    119 |             let package = krates_node.krate.clone();
        |                                       ^^^^^
    
    

    This is blocking https://github.com/rust-secure-code/cargo-geiger/pull/397

    opened by pinkforest 0
  • Adds the `filter_target` flag when gathering cargo metadata.

    Adds the `filter_target` flag when gathering cargo metadata.

    Unless building for all targets is specified, --filter_target will be added to the cargo command. The target is chosen as follows:

    1. If the user specified a target, that target is used
    2. Otherwise, attempt to invoke rustc and determine the default target
    3. If all else fails, build all targets.

    Similar to: https://github.com/rust-lang/rust-analyzer/pull/6912

    opened by amzn-aeline 5
  • Features flags do not work as expected

    Features flags do not work as expected

    If I put some unsafe usage behind a (not default) feature flag:

    #[cfg(feature = "foo")]
    pub mod foo {
        pub fn bar() -> &'static [i32] {
            let address = 0x01234usize;
            let r = address as *mut i32;
            unsafe { std::slice::from_raw_parts_mut(r, 10000) }
        }
    }
    

    And then run cargo geiger, it is showing use of an unsafe expression. Due to the presence of all-features and features flags for cargo-geiger, I would have expected this usage to be not be reported, unless I ran cargo-geiger with --all-features or --features foo. Am I missing something?

    enhancement 
    opened by kardeiz 3
  • Cargo geiger doesnt take into account [[bin]] and [lib] properties in Cargo.toml

    Cargo geiger doesnt take into account [[bin]] and [lib] properties in Cargo.toml

    I have a library that does not live in "/src/lib.rs" and cargo-geiger chokes with:

    thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Io(Os { code: 2, kind: NotFound, message: "No such file or directory" }, "/<redacted>/src/lib.rs")', /home/<redacted>/.cargo/registry/src/github.com-1ecc6299db9ec823/cargo-geiger-0.11.2/src/scan/default.rs:106:59
    

    Also passing the library name as parameter to the --package flag does not help.

    ps: After running cargo clean the problem is resolved. I have a shared target directory with CARGO_TARGET_DIR pointing to a ramdisk. That seems to provoke this. Feel free to close if that is not supported behavior.

    bug help wanted good first issue 
    opened by najamelan 2
Releases(cargo-geiger-0.11.4)
  • cargo-geiger-0.11.4(Aug 1, 2022)

    0.11.4

    Bump insta from 1.16 to 1.17 [#353], [#354]
    Bump regex from 0.5 to 0.6 [#348]
    Code clean-ups - thanks @jmcconnell26 [#333]
    Bump pico-args from 0.4 to 0.5 [#328]
    Upgraded from Cargo 0.62.0 to 0.63.0 [#345]
    Upgraded from Cargo 0.60.0 to 0.62.0 - thanks @jmcconnell26   [#317]
    Bump lockfile [#349]
    

    Special thanks to @alexschrod @jmcconnell26

    Source code(tar.gz)
    Source code(zip)
Owner
Rust Secure Code Working Group
Make it easy to write secure Rust code
Rust Secure Code Working Group
⚙️ A curated list of dynamic analysis tools for all programming languages, binaries, and more.

This repository lists dynamic analysis tools for all programming languages, build tools, config files and more. The official website, analysis-tools.d

Analysis Tools 650 Jan 4, 2023
Scans a given directory for software of unknown provinence (SOUP) and dumps them in a json-file

souper Scans a given directory for potential software of unknown provinence (SOUP) and writes them to a json-file. The json-file contains name, versio

Devies 2 Aug 26, 2022
Find the ideal fuzz targets in a Rust codebase

Siderophile Siderophile finds the "most unsafe" functions in your Rust codebase, so you can fuzz them or refactor them out entirely. It checks the cal

Trail of Bits 162 Dec 23, 2022
A cryptographically verifiable code review system for the cargo (Rust) package manager.

image credit cargo-crev A cryptographically verifiable code review system for the cargo (Rust) package manager. Introduction Crev is a language and ec

crev - Code REView system 1.8k Jan 5, 2023
Rust Memory Safety & Undefined Behavior Detection

Rudra is a static analyzer to detect common undefined behaviors in Rust programs. It is capable of analyzing single Rust packages as well as all the packages on crates.io.

gts3.org (SSLab@Gatech) 1.2k Dec 31, 2022
loc is a tool for counting lines of code. It's a rust implementation of cloc, but it's more than 100x faster.

2019-10-07: I really haven't been on top of accepting pull requests or looking at issues, you guy should definitely look at SCC. It's faster and more

cgag 2.1k Jan 2, 2023
Detects usage of unsafe Rust in a Rust crate and its dependencies.

cargo-geiger ☢️ A program that lists statistics related to the usage of unsafe Rust code in a Rust crate and all its dependencies. This cargo plugin w

Rust Secure Code Working Group 1.1k Jan 8, 2023
Detects usage of unsafe Rust in a Rust crate and its dependencies.

cargo-geiger ☢️ Looking for maintainer: https://github.com/rust-secure-code/cargo-geiger/issues/210 A program that lists statistics related to the usa

Rust Secure Code Working Group 1.1k Jan 4, 2023
DHCP Server programmed in rust with zero dependencies and unsafe.

RustyDHCP A simple and zero-dependency DHCP server written in Rust, with credit to Richard Warburton for contributions to parts of the code. Features

null 53 Nov 6, 2023
dua (-> Disk Usage Analyzer) is a tool to conveniently learn about the usage of disk space of a given directory

dua (-> Disk Usage Analyzer) is a tool to conveniently learn about the usage of disk space of a given directory. It's parallel by default and will max

Sebastian Thiel 1.8k Jan 2, 2023
Detects orphan configmaps and secrets in a Kubernetes cluster

KubExplorer Warning: Proof of concept. Feedback is much welcome. Discovers and prints out any Configmaps and Secrets not linked to any of the followin

Pavel Pscheidl 56 Oct 21, 2022
Detects whether a terminal supports color, and gives details about that support

Detects whether a terminal supports color, and gives details about that support. It takes into account the NO_COLOR environment variable. This crate i

Kat Marchán 30 Dec 29, 2022
A dynamic output configuration tool that automatically detects and configures connected outputs based on a set of profiles.

shikane A dynamic output configuration tool that automatically detects and configures connected outputs based on a set of profiles. Each profile speci

Hendrik Wolff 15 May 4, 2023
Detects whether a terminal supports unicode.

Detects whether a terminal supports unicode. This crate is a Rust port mashing together @sindresorhus' is-unicode-supported and @iarna's has-unicode N

Kat Marchán 11 Jul 29, 2022
Detects Linux input, notifies with bell sound

Keypress Notifier keypress-notifier는 리눅스에서 동작하는 입력 이벤트 감지 및 벨 소리 알림 프로젝트입니다. 소개 keypress-notifier는 Rust 언어로 개발되었으며, 키패드, 마우스 등의 입력 이벤트를 감지하고, 벨 소리로 사용

인준 4 Feb 15, 2024
A query-building & utility crate for SurrealDB and its SQL querying language that aims to be simple

Surreal simple querybuilder A simple query-builder for the Surreal Query Language, for SurrealDB. Aims at being simple to use and not too verbose firs

Thibault H 11 Dec 30, 2022
A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.

kdmp-parser A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger. This is a cross-platform crate that parses Window

Axel Souchet 30 Jul 11, 2024
Fastest and safest Rust implementation of parquet. `unsafe` free. Integration-tested against pyarrow

Parquet2 This is a re-write of the official parquet crate with performance, parallelism and safety in mind. The five main differentiators in compariso

Jorge Leitao 237 Jan 1, 2023
☢ Guerrilla (or Monkey) Patching in Rust for (unsafe) fun and profit.

Guerrilla Guerrilla (or Monkey) Patching in Rust for (unsafe) fun and profit. Provides aribtrary monkey patching in Rust. Please do not use this crate

Ryan Leckey 97 Dec 16, 2022
☢ Guerrilla (or Monkey) Patching in Rust for (unsafe) fun and profit.

Guerrilla Guerrilla (or Monkey) Patching in Rust for (unsafe) fun and profit. Provides aribtrary monkey patching in Rust. Please do not use this crate

Ryan Leckey 97 Dec 16, 2022