• Stars
    star
    1,223
  • Rank 38,351 (Top 0.8 %)
  • Language
    Rust
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Detects usage of unsafe Rust in a Rust crate and its dependencies.

cargo-geiger ☢️

Build Status unsafe forbidden Code Coverage crates.io Crates.io

A tool that lists statistics related to the usage of unsafe Rust code in a Rust crate and all its dependencies.

This cargo plugin was originally based on the code from two other projects:

Installation

Try to find and use a system-wide installed OpenSSL library:

cargo install cargo-geiger

Or, build and statically link OpenSSL as part of the cargo-geiger executable:

cargo install cargo-geiger --features vendored-openssl

Usage

  1. Navigate to the same directory as the Cargo.toml you want to analyze.
  2. cargo geiger

Intended Use

This tool is not meant to advise directly whether the code ultimately is truly insecure or not.

The purpose of cargo-geiger is to provide statistical input to auditing e.g. with:

The use of unsafe is nuanced and necessary in some cases and any motivation to use it is outside the scope of cargo-geiger.

It is important that any reporting is handled with care:

Output example

Example output

Known issues

Libraries

Cargo Geiger exposes three libraries:

  • cargo-geiger - Unversioned and highly unstable library exposing the internals of the cargo-geiger binary. As such, any function contained within this library may be subject to change.
  • cargo-geiger-serde - A library containing the serializable report types
  • geiger - A library containing a few decoupled cargo components used by cargo-geiger

Changelog

See the changelog.

Why the name?

https://en.wikipedia.org/wiki/Geiger_counter

Unsafe code, like ionizing radiation, is unavoidable in some situations and should be safely contained!