logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

reviewer: KonradBorowski

https://lib.rs/KonradBorowski

$ cargo crev repo fetch url https://gitlab.com/KonradBorowski/crev-proofs
$ cargo crev id trust ZOm7om6WZyEf3SBmDC69BXs8sc1VPniYx7Nfz2Du6hM

repo: https://gitlab.com/KonradBorowski/crev-proofs

crate version
rating
date
reviewer
thoroughness, understanding
positive
2019-07-31
KonradBorowski
low, medium
strong
2019-07-30
KonradBorowski
low, high

Internally uses migrations_internals and migrations_macros, the crate itself doesn't do much.

positive
2019-07-30
KonradBorowski
high, high

I'm the author of this crate

strong
2019-07-30
KonradBorowski
high, high

This is my crate

positive
2019-10-01
KonradBorowski
medium, high

When programming for HermitCore, L4Re, UEFI or SGX on x86_64, this crate
will use rdrand as source of randomness, which may have a backdoor.
This looks fine on other platforms, using built-in operating system
CSPRNG generation functions, assuming the operating system vendors didn't
screw up those functions - and if they did, you have a problem, whatever
or not this crate is secure.

positive
2019-08-01
KonradBorowski
low, medium
negative
2022-04-08
KonradBorowski
none, none

Functions whose name starts with align_first are unsound as they create
allocations whose alignment doesn't match the alignment of an allocation.
This can cause hard to debug issues when using alignment aware allocator.

See https://github.com/tylerhawkes/maligned/issues/5

strong
2021-09-26
KonradBorowski
low, high

Does exactly what it's supposed to. For new projects it may make sense to
use matches! macro from standard library (https://doc.rust-lang.org/std/macro.matches.html),
but it's fine to use dependencies that use matches crate.

positive
2019-07-31
KonradBorowski
low, none

There is no unsafe usage, there are some tests, probably correct. Correctness of cryptography was not checked.

negative
2022-02-12
KonradBorowski
low, medium

crater has the following line in its code

median_three_quicksort = { skip-tests = true } # sorting library that sometimes doesn't sort (WTF)

I think that says enough. This crate doesn't work as it should - there
is probably some bug in an implementation.

positive
2019-10-01
KonradBorowski
low, low
positive
2019-07-30
KonradBorowski
low, high

Always causes UB, but that's exactly what this crate is supposed to do and it properly requires unsafe.

positive
2019-07-31
KonradBorowski
high, high

Doesn't support generic struts

neutral
2019-07-30
KonradBorowski
high, high

Doesn't support generic struts and checks for core/std incorrectly sometimes causing compilation errors when used in Edition 2015 code

positive
2019-07-31
KonradBorowski
low, medium
positive
2019-07-31
KonradBorowski
low, high

Bindings generated by bindgen. Quality of actual PostgreSQL code wasn't verified as it's a huge codebase.

positive
2019-07-31
KonradBorowski
low, medium
strong
2019-07-31
KonradBorowski
medium, high
positive
2019-10-02
KonradBorowski
low, medium
strong
2019-07-31
KonradBorowski
high, high
negative
2019-07-30
KonradBorowski
high, high

copy_over and prepend functions cause UB

negative
2019-07-31
KonradBorowski
high, high

copy_over and prepend functions cause UB

negative
2019-07-31
KonradBorowski
high, high

copy_over and prepend functions cause UB

positive
2019-12-11
KonradBorowski
low, medium
strong
2019-07-30
KonradBorowski
high, high

Re-export of serde to workaround crates being implicit features

strong
2019-10-02
KonradBorowski
medium, high

All implementations are correct, trait requirements seem fine and usable
for crates like rental (unlike std::pin::Pin).

positive
2019-07-31
KonradBorowski
medium, high
strong
2019-07-30
KonradBorowski
medium, high

Constants to be used by other crate, the values seem correct. Worth noting that changing values in this crate will cause unsafety unless a new release gets made.

negative
2019-12-11
KonradBorowski
medium, none

There is ridiculous amount of unsafe. I have no idea how anything in this
crate works, and miri complains about out of bounds reads (after I change
crate to use NonZeroUsize from standard library instead of janky
reference-based NonZeroUsize).

neutral
2019-07-31
KonradBorowski
low, high

Unlike unicase 2 it doesn't use case folding, so 'ß' would be considered different to 'SS'

positive
2019-07-30
KonradBorowski
medium, high

Does exactly what it should do, but it's based on Unicode 9.0, when at the time of the review the newest version was 12.1

strong
2019-10-01
KonradBorowski
low, high

Does exactly what it is meant to do. Probably useless outside of its
intended use-case.

© bestia.dev 2021, MIT Licence, Version: 2021.1208.1729

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/