Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Idea - Safety Validations #213

Closed
Tracked by #241
pinkforest opened this issue Nov 3, 2021 · 2 comments
Closed
Tracked by #241

Idea - Safety Validations #213

pinkforest opened this issue Nov 3, 2021 · 2 comments
Labels
rfc Request for comments

Comments

@pinkforest
Copy link
Collaborator

pinkforest commented Nov 3, 2021
edited
Loading

Currently it's a bit of effort of finding the needle from the haystack to figure out whether the output - which either have unsafe or don't have the unsafe code not allowed bit on - have been audited in any way so the information that the Geiger spits out can be a bit hellscape to understand thus has less value.

Nor there is a standard workflow to keep track of unsafe code blobs as to commenting to enable the maintainers to do the right thing with the unsafe code - everyone does it differently and you have to parse a lot of behind the scenes to know what is going on and even then probably doens't give any clear idea.

I've discussed this in Discord #crypto-and-security as well as in the cargo-crev matrix to come to find and suggest below.

Findings

Idea

  • Define a meta-data flag in the code to allow linkage to ongoing issue that tracks the relevant unsafe block use just like the associated safety documentation that Clippy looks out for
  • When meta-data flag has been added to the associated unsafe block that links to issue Geiger can validate the that the issue has been closed that has been linked from the code

This would go long way to allow devs to insert hookpoints for public commenting on any unsafe blocks and for automating the verification that at least some tracking issue is out there...

#![geiger(unsafe_tracker_base_url = "https://github.com/user/repo/issue/<default_unsafe_issue>")] #![geiger(unsafe_tracker = "https://github.com/user/repo/issue/<relevant_unsafe_issue>")]

@pinkforest pinkforest mentioned this issue Nov 3, 2021
Open
@8573
Copy link

8573 commented Nov 4, 2021

Some pieces of prior work that may be relevant are unsafety, launch-code, safety-guard (in descending order of how relevant I guess they are).

This was referenced Jan 5, 2022
Open
Open
Closed
@pinkforest pinkforest added the rfc Request for comments label Jan 6, 2022
@pinkforest pinkforest mentioned this issue Jan 7, 2022
Open
@pinkforest pinkforest mentioned this issue May 12, 2022
Closed
@pinkforest
Copy link
Collaborator Author

Converting this to discussion

@geiger-rs geiger-rs locked and limited conversation to collaborators May 13, 2022
@pinkforest pinkforest converted this issue into discussion #303 May 13, 2022

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
rfc Request for comments
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@8573 @pinkforest