Project Description

Look into things that make security/code reviews of rust code easier and play with cargo-crev.

Is there a lint or other automatic way like a deny compiler directive, to check a rust crate doesn't write any files? Can we come up with a list of these implicit capabilities in the standard library to make it easier to know which places to review? Maybe the crate cap-std can be inspiration? Is there a way to sandbox cargo build scripts?

cargo-crev allows coordination of reviews via a web of trust. How can it be extended with categories to differentiate a review that attests that the crate is e.g. safe to run with trusted input or fully sound? How can relation of these categories, like a proper sub-category, be made machine readable? See a draft of how machines could assist in collaborative review for more general ideas.

Goal for this Hackweek

cargo-crev doesn't support relating to GPG/OpenPGP yet: https://github.com/crev-dev/cargo-crev/issues/58 .

cargo-geiger which is also used by cargo-crev walks the source in a simplicst way ( https://github.com/rust-secure-code/cargo-geiger/blob/master/geiger/src/geiger_syn_visitor.rs ) so it will miss uses in macros. clippy has an easy to use lint for disallowed methods https://rust-lang.github.io/rust-clippy/master/index.html#disallowed_methods but I don't know if there are any uses it will miss.

Made it possible to walk repos and thus find reviews from people you did not yet trust: https://github.com/crev-dev/cargo-crev/pull/480

Resources

Looking for hackers with the skills:

rust security

This project is part of:

Hack Week 21

Activity

  • almost 2 years ago: fbonazzi liked this project.
  • almost 2 years ago: jzerebecki started this project.
  • almost 2 years ago: jzerebecki added keyword "security" to this project.
  • almost 2 years ago: jzerebecki added keyword "rust" to this project.
  • almost 2 years ago: jzerebecki originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    Kanidm - Account Policy by firstyear

    Project Description

    Kanidm is a identity ...


    toniowm by fabriziosestito

    toniowm is yet another window manager written i...


    Relm4-based user interface for Agama by IGonzalezSosa

    Motivation

    Disclaimer: the idea of this pr...


    Create a new markup language with parser in rust by nkrapp

    Project Description

    Write a parser for my...


    A Flight Dynamics Library written in Rust with an Entity Component System architecture by vcuadradojuan

    [comment]: # (Please use the project descriptio...


    Predefined app security policy template for NeuVector by feih

    Project Description

    Idea is to predefin...


    Port NeuVector zero-trust security functions to host/VM by feih

    Project Description

    Today, NeuVector on...


    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...