# cargo-vet imports lock [audits.chromeos.criteria.crypto-safe] description = """ All crypto algorithms in this crate have been reviewed by a relevant expert. **Note**: If a crate does not implement crypto, use `does-not-implement-crypto`, which implies `crypto-safe`, but does not require expert review in order to audit for.""" [audits.chromeos.criteria.does-not-implement-crypto] description = """ Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own. Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be \"good enough\" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.""" implies = "crypto-safe" [audits.chromeos.criteria.rule-of-two-safe-to-deploy] description = """ This is a stronger requirement than the built-in safe-to-deploy criteria, motivated by Chromium's rule-of-two related requirements: https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md#unsafe-code-in-safe-languages This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. Auditors are not required to perform a full logic review of the entire crate. Rather, they must review enough to fully reason about the behavior of all unsafe blocks and usage of powerful imports. For any reasonable usage of the crate in real-world software, an attacker must not be able to manipulate the runtime behavior of these sections in an exploitable or surprising way. Ideally, ambient capabilities (e.g. filesystem access) are hardened against manipulation and consistent with the advertised behavior of the crate. However, some discretion is permitted. In such cases, the nature of the discretion should be recorded in the `notes` field of the audit record. Any unsafe code in this crate must, in general, be kept well-contained, and documentation must exist to describe how Rust's invariants are being upheld despite the unsafe block(s). Nontrivial uses of unsafe must be reviewed by an expert in Rust's unsafety guarantees/non-guarantees. For crates which generate deployed code (e.g. build dependencies or procedural macros), reasonable usage of the crate should output code which meets the above criteria.""" implies = "safe-to-deploy" [[audits.chromeos.audits.libfuzzer-sys]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.4" [[audits.chromeos.audits.miniz_oxide]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.6.2" [[audits.chromeos.audits.static_assertions]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.1.0" [[audits.embark-studios.audits.anyhow]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "1.0.58" [[audits.embark-studios.audits.anyhow]] who = "Johan Andersson " criteria = "safe-to-deploy" delta = "1.0.58 -> 1.0.66" notes = "New unsafe usage, looks sane. Expert maintainer" [[audits.embark-studios.audits.cty]] who = "Johan Andersson " criteria = "safe-to-deploy" version = "0.2.2" notes = "Inspected it and is a tiny crate with just type definitions" [[audits.isrg.audits.block-buffer]] who = "David Cook " criteria = "safe-to-deploy" version = "0.9.0" [[audits.isrg.audits.opaque-debug]] who = "David Cook " criteria = "safe-to-deploy" version = "0.3.0" [[audits.isrg.audits.universal-hash]] who = "David Cook " criteria = "safe-to-deploy" version = "0.4.1" [[audits.mozilla.audits.autocfg]] who = "Josh Stone " criteria = "safe-to-deploy" version = "1.1.0" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-set]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.5.2" notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.bit-vec]] who = "Aria Beingessner " criteria = "safe-to-deploy" version = "0.6.3" notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.crypto-common]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.3 -> 0.1.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.either]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.6.1" notes = """ Straightforward crate providing the Either enum and trait implementations with no unsafe code. """ aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.encoding_rs]] who = "Henri Sivonen " criteria = "safe-to-deploy" version = "0.8.31" notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.flagset]] who = "Ryan Hunt " criteria = "safe-to-deploy" version = "0.4.3" notes = "Uses no ambient capabilities, vetted the one instance of unsafe." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "1.0.7" notes = "Simple hasher implementation with no unsafe code." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.fxhash]] who = "Bobby Holley " criteria = "safe-to-deploy" version = "0.2.1" notes = "Straightforward crate with no unsafe code, does what it says on the tin." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.half]] who = "John M. Schanck " criteria = "safe-to-deploy" version = "1.8.2" notes = """ This crate contains unsafe code for bitwise casts to/from binary16 floating-point format. I've reviewed these and found no issues. There are no uses of ambient capabilities. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.hashbrown]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.12.3" notes = "This version is used in rust's libstd, so effectively we're already trusting it" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.hermit-abi]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.19 -> 0.2.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.lazy_static]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.4.0" notes = "I have read over the macros, and audited the unsafe code." aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" [[audits.mozilla.audits.log]] who = "Mike Hommey " criteria = "safe-to-deploy" version = "0.4.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.memoffset]] who = "Gabriele Svelto " criteria = "safe-to-deploy" delta = "0.6.5 -> 0.7.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-integer]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.1.45" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-iter]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.1.43" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num-traits]] who = "Josh Stone " criteria = "safe-to-deploy" version = "0.2.15" notes = "All code written or reviewed by Josh Stone." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num_cpus]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.13.1 -> 1.14.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.num_cpus]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.14.0 -> 1.15.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.once_cell]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.12.0 -> 1.13.1" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.once_cell]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "1.13.1 -> 1.16.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.quote]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "1.0.18" notes = """ `quote` is a utility crate used by proc-macros to generate TokenStreams conveniently from source code. The bulk of the logic is some complex interlocking `macro_rules!` macros which are used to parse and build the `TokenStream` within the proc-macro. This crate contains no unsafe code, and the internal logic, while difficult to read, is generally straightforward. I have audited the the quote macros, ident formatter, and runtime logic. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.synstructure]] who = "Nika Layzell " criteria = "safe-to-deploy" version = "0.12.6" notes = """ I am the primary author of the `synstructure` crate, and its current maintainer. The one use of `unsafe` is unnecessary, but documented and harmless. It will be removed in the next version. """ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.19 -> 0.1.20" notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.unicode-normalization]] who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.1.20 -> 0.1.21" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"