Skip to content

Commit

Permalink
Add audits
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexcrichton
alexcrichton committed Oct 24, 2022
1 parent fb066dd commit d3bd159
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 27 deletions.
63 changes: 63 additions & 0 deletions supply-chain/audits.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,16 @@ criteria = "safe-to-deploy"
version = "2.2.1"
notes = "I am the author of this crate."

[[audits.indexmap-nostd]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
version = "0.4.0"
notes = """
I've verified that this is a sliced-down version of the `indexmap` crate which
is otherwise certified. This doesn't contain unnecessary `unsafe` and
additionally doesn't reach for ambient capabilities.
"""

[[audits.is-terminal]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -220,6 +230,15 @@ Contains unsafe blocks but are encapsulated and required for the operation at
hand.
"""

[[audits.memory_units]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
delta = "0.3.0 -> 0.4.0"
notes = """
This bump only changed from a function to an associated `const` and trivially
contains no significant changes.
"""

[[audits.peeking_take_while]]
who = "Nick Fitzgerald <fitzgen@gmail.com>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -256,6 +275,18 @@ criteria = "safe-to-deploy"
delta = "0.9.9 -> 0.10.2"
notes = "This upgrade is mostly a code refactor, as far as I can tell. No new uses of unsafe nor any new ambient capabilities usage."

[[audits.spin]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
version = "0.9.4"
notes = """
I've verified the contents of this crate and that while they contain `unsafe`
it's exclusively around implementing atomic primitive where some `unsafe` is to
be expected. Otherwise this crate does not unduly access ambient capabilities
and does what it says on the tin, providing spin-based synchronization
primitives.
"""

[[audits.system-interface]]
who = "Dan Gohman <dev@sunfishcode.online>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -352,6 +383,27 @@ criteria = "safe-to-deploy"
version = "0.11.6"
notes = "The Bytecode Alliance is the author of this crate."

[[audits.wasmi_arena]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
version = "0.1.0"
notes = """
This crate contains no `unsafe` code and doesn't reach in unnecessarily to the
standard library or anything like that. This only contains a few data structures
used by `wasmi` and various idiomatic Rust trait implementations.
"""

[[audits.wasmi_core]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
version = "0.4.0"
notes = """
This crate contains no `unsafe` code and otherwise is only the bits and bobs for
the internals of a wasm implementation. Reading over this crate there is no
unexpected usage of the filesystem or things like that and otherwise is mostly
plumbing for all the integer operations in core wasm.
"""

[[audits.wasmparser]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -388,6 +440,17 @@ criteria = "safe-to-deploy"
version = "0.92.0"
notes = "The Bytecode Alliance is the author of this crate."

[[audits.wasmparser-nostd]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-run"
version = "0.91.0"
notes = """
I have certified that this crate is a one-to-one fork of `wasmparser` with
updates exclusively for the usage on targets without the standard library.
This crate is otherwise primarily authored by the Bytecode Alliance and
otherwise certified.
"""

[[audits.wasmprinter]]
who = "Alex Crichton <alex@alexcrichton.com>"
criteria = "safe-to-deploy"
Expand Down
10 changes: 1 addition & 9 deletions supply-chain/config.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -578,10 +578,6 @@ criteria = "safe-to-deploy"
version = "0.9.0"
criteria = "safe-to-deploy"

[[exemptions.parity-wasm]]
version = "0.42.2"
criteria = "safe-to-run"

[[exemptions.parking_lot]]
version = "0.11.2"
criteria = "safe-to-deploy"
Expand Down Expand Up @@ -1031,11 +1027,7 @@ version = "0.2.80"
criteria = "safe-to-run"

[[exemptions.wasmi]]
version = "0.11.0"
criteria = "safe-to-run"

[[exemptions.wasmi-validation]]
version = "0.4.1"
version = "0.19.0"
criteria = "safe-to-run"

[[exemptions.web-sys]]
Expand Down
18 changes: 0 additions & 18 deletions supply-chain/imports.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,18 +200,6 @@ who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.5.4 -> 0.5.7"

[[audits.mozilla.audits.num-bigint]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "0.2.6"
notes = "All code written or reviewed by Josh Stone."

[[audits.mozilla.audits.num-bigint]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "0.4.3"
notes = "All code written or reviewed by Josh Stone."

[[audits.mozilla.audits.num-integer]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
Expand All @@ -224,12 +212,6 @@ criteria = "safe-to-deploy"
version = "0.1.43"
notes = "All code written or reviewed by Josh Stone."

[[audits.mozilla.audits.num-rational]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
version = "0.4.1"
notes = "All code written or reviewed by Josh Stone."

[[audits.mozilla.audits.num-traits]]
who = "Josh Stone <jistone@redhat.com>"
criteria = "safe-to-deploy"
Expand Down

0 comments on commit d3bd159

Please sign in to comment.