logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

crate: zip

https://lib.rs/crates/zip/

Rust links:

Rust-lang.org

lib.rs

crates.io

docs.rs

Add the last reviewed version to Cargo.toml / [dependencies]:

zip = "0.5.3"

Please, use mobile in landscape.

Filter reviews clicking on the numbers in the summary.

Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.

Neg
Neu
Pos
Str
tho
und
rev
crate
2
2
2
0.5.3
1
1
1
0.5.2
1
1
1
crate version
rating
date
reviewer
thoroughness, understanding
zip 0.5.3
positive
2019-09-03
MaulingMonkey
low, medium

0.5.3: Replaced libflate with flate2, minor touchups. LGTM.
0.5.2: Looks like a solid crate. A few minor concerns:

  • 755 permissions. Necessary, but bandied about.
  • Unsanitized path names are accessible, easy to misuse.
  • Doesn't ban access to CON or similar.
  • Lacks fuzz tests

Detail

FileRatingNotes
benches/read_entry.rs+1
examples/extract_lorem.rs+1
examples/extract.rs+1
examples/file_info.rs+1
examples/stdin_info.rs+1
examples/write_dir.rs0755 permissions make me slightly nervous, but I think it's safe
examples/write_sample.rs0755 permissions make me slightly nervous, but I think it's safe
script/doc-upload.cfg+1
src/compression.rs+1
src/cp437.rs+1
src/crc32.rs+1
src/lib.rs+1
src/read.rs+1
src/result.rs+1
src/spec.rs+1
src/types.rs0Could be a little more defensive towards misue, but pretty solid.
src/write.rs+1
tests/data/*.zipUnreviewed... probably OK though
tests/end_to_end.rs+1
tests/invalid_date.rs+1
tests/zip64_large.rs+1
.gitignore+1
.travis.yml-1
appveyor.yml-1
Cargo.toml+1
Cargo.toml.orig+1
LICENSE+1MIT
README.md+1
OtherRatingNotes
unsafe+1No unsafe code
fs+1Examples/tests appear safe.
io+1
docs+1
tests+1Could use more fuzzing tests

src/types.rs

LineNotes
215I'd like this to have a scarier name... but eh, at least it's sound.
250This drops invalid components... I think it should return an error on invalid components. But at least it's sound and shouldn't be vulnerable to path navigation attacks?
250This doesn't forbid CON or similar.
298Excellent test, this is exactly what I want to see!
zip 0.5.2
positive
2019-07-31
MaulingMonkey
low, medium

Looks like a solid crate. A few minor concerns:

  • 755 permissions. Necessary, but bandied about.
  • Unsanitized path names are accessible, easy to misuse.
  • Doesn't ban access to CON or similar.
  • Lacks fuzz tests

Detail

FileRatingNotes
benches/read_entry.rs+1
examples/extract_lorem.rs+1
examples/extract.rs+1
examples/file_info.rs+1
examples/stdin_info.rs+1
examples/write_dir.rs0755 permissions make me slightly nervous, but I think it's safe
examples/write_sample.rs0755 permissions make me slightly nervous, but I think it's safe
script/doc-upload.cfg+1
src/compression.rs+1
src/cp437.rs+1
src/crc32.rs+1
src/lib.rs+1
src/read.rs+1
src/result.rs+1
src/spec.rs+1
src/types.rs0Could be a little more defensive towards misue, but pretty solid.
src/write.rs+1
tests/data/*.zipUnreviewed... probably OK though
tests/end_to_end.rs+1
tests/invalid_date.rs+1
tests/zip64_large.rs+1
.gitignore+1
.travis.yml-1
appveyor.yml-1
Cargo.toml+1
Cargo.toml.orig+1
LICENSE+1MIT
README.md+1
OtherRatingNotes
unsafe+1No unsafe code
fs+1Examples/tests appear safe.
io+1
docs+1
tests+1Could use more fuzzing tests

src/types.rs

LineNotes
215I'd like this to have a scarier name... but eh, at least it's sound.
250This drops invalid components... I think it should return an error on invalid components. But at least it's sound and shouldn't be vulnerable to path navigation attacks?
250This doesn't forbid CON or similar.
298Excellent test, this is exactly what I want to see!

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/