{"id":13647913,"url":"https://github.com/rust-secure-code/safety-dance","last_synced_at":"2025-04-22T06:32:25.357Z","repository":{"id":35717527,"uuid":"196406212","full_name":"rust-secure-code/safety-dance","owner":"rust-secure-code","description":"Auditing crates for unsafe code which can be safely replaced","archived":false,"fork":false,"pushed_at":"2022-03-25T17:24:27.000Z","size":105,"stargazers_count":529,"open_issues_count":41,"forks_count":10,"subscribers_count":42,"default_branch":"master","last_synced_at":"2024-08-03T01:38:16.604Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rust-secure-code.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-07-11T14:03:33.000Z","updated_at":"2024-07-10T09:55:12.000Z","dependencies_parsed_at":"2022-08-08T10:30:48.777Z","dependency_job_id":null,"html_url":"https://github.com/rust-secure-code/safety-dance","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-secure-code%2Fsafety-dance","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-secure-code%2Fsafety-dance/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-secure-code%2Fsafety-dance/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-secure-code%2Fsafety-dance/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rust-secure-code","download_url":"https://codeload.github.com/rust-secure-code/safety-dance/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223892058,"owners_count":17220694,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:03:50.032Z","updated_at":"2024-11-09T22:30:35.189Z","avatar_url":"https://github.com/rust-secure-code.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# Rust Safety Dance\n\n\u003cimg src=\"https://raw.githubusercontent.com/rust-secure-code/safety-dance/master/img/safety-dance.png\" width=\"320\"\u003e\n\n## About\n\nThis is a place for people to communicate about auditing `unsafe` code in core\nRust crates and replacing it with safe code where feasible.\n\n**Everyone is invited to participate!**\n\nYou **do not** have to be an `unsafe` expert to help out. There's a lot of work\nto do just picking crates (ones with a lot of reverse-dependencies are best),\nand then sorting out where they use `unsafe` and why. If you think something\nisn't right just post it in the tracking issue and others can have a look and\ntalk it out.\n\n## Process\n\nOur process is as follows:\n\n1) File a tracking issue _in this repo_ about a particular crate, giving its\n   name and a link to their github (or other repository location).\n2) Audit `unsafe` usage in that crate.\n    * This is easy to start! Note that the GitHub search isn't very good, so it's\n      best to clone the project and use an editor on your own computer. The\n      [cargo geiger](https://github.com/anderejd/cargo-geiger) command can also\n      help here.\n    * Once you know where the `unsafe` blocks are it gets harder: you have to\n      carefully determine if the `unsafe` is being used appropriately. We've been\n      [requesting Clippy lints](https://github.com/rust-secure-code/safety-dance/issues/21)\n      for known antipatterns, so running `cargo +nightly clippy` is a good\n      starting point. If you don't know if a certain `unsafe` block is okay,\n      post the questionable block in a comment in the tracking issue here\n      and someone else can have a look too, or ask in\n      `#black-magic` on [Rust Community Discord](https://discord.gg/aVESxV8).\n3) When problems are found with an `unsafe` block we want to file bug reports in\n   that crate's repo, send PRs with fixes if possible, and also write up\n   [security advisories](https://github.com/RustSec/advisory-db) if necessary.\n    * If the `unsafe` block is sound, but can be converted to safe code without\n      losing performance, that's a great thing to do! This is often the case\n      thanks to Rust adding new safe abstractions and improving the optimizer\n      since the code was originally written.\n    * It's possible that `unsafe` can't be eliminated without a performance\n      loss. Unfortunate, but it will happen some of the time. Note that benchmarks\n      _must_ actually be used to back up any performance loss claims. There are\n      already many cases where switching from `unsafe` to safe alternatives has\n      _increased_ performance, so simply guessing that performance will regress\n      is not enough.\n    * If switching away from unsafe is impossible because of missing abstractions\n      then that's important to know! We can work on improving the language, the\n      standard library, and/or the crates.io ecosystem until the necessary gaps\n      are filled in.\n4) Once a crate has been gone over enough we close that issue. If the crate\n   needs re-checking again later on we just open a new issue.\n5) (Optional) If you have completely cleansed a crate of `unsafe`, add a\n   `#![forbid(unsafe_code)]` attribute to its `src/lib.rs` or `main.rs`.\n   After doing that, help others discover Safety Dance by adding a badge to\n   your README.md: ![unsafe forbidden](https://img.shields.io/badge/unsafe-forbidden-success.svg)\n\nMarkdown code:\n\n```\n[![unsafe forbidden](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/)\n```\n\n## 🏆 Trophy Case 🏆\n\nCheck out the safety improvements already done!\n\n### [gif](https://crates.io/crates/gif)\n\nGIF image encoder/decoder written in Rust ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/24))\n\n - Unsafe blocks before: **6** (ignoring C API)\n - Unsafe blocks after: **2** (ignoring C API)\n\n100% safety blocked by [Polonius integration in rustc](https://github.com/rust-lang/rust/issues/51545)\n\nDone by: [Shnatsel](https://github.com/Shnatsel/)\n\n### [flate2](https://crates.io/crates/flate2)\n\nA streaming compression/decompression library DEFLATE-based streams in Rust. Has C and Rust backends ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/32))\n\n - Unsafe blocks before: **21** (when using Rust backend)\n - Unsafe blocks after: **2** (when using Rust backend)\n - Switched to using Rust backend by default (see [miniz_oxide](#miniz_oxide) below)\n\nDone by: [oyvindln](https://github.com/oyvindln/), [Shnatsel](https://github.com/Shnatsel/), [Alex Crichton](https://github.com/alexcrichton)\n\n### [http](https://crates.io/crates/http)\n\nA general purpose library of common HTTP types ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/37))\n\n - **Security bugs fixed: [RUSTSEC-2019-0033](https://rustsec.org/advisories/RUSTSEC-2019-0033.html), [RUSTSEC-2019-0034](https://rustsec.org/advisories/RUSTSEC-2019-0034.html)**\n \nDone by: [Qwaz](https://github.com/Qwaz), [Sean McArthur](https://github.com/seanmonstar)\n\n### [image](https://crates.io/crates/image)\n\nImage operations and conversions to/from image formats ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/3))\n\n- Unsafe blocks before: **21** (many of them unsound)\n- Unsafe blocks after: **6**\n- **Security bug fixed: [RUSTSEC-2019-0014](https://rustsec.org/advisories/RUSTSEC-2019-0014.html)**\n\nThe remaining unsafe blocks are inherent and cannot be removed. They have been audited and found to be sound.\n\nDone by: [fintelia](https://github.com/fintelia), [HeroicKatora](https://github.com/HeroicKatora), [64](https://github.com/64)\n\n### [libflate](https://crates.io/crates/libflate)\n\nPopular DEFLATE compression/decompression library ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/1))\n\n- Unsafe blocks before: **16** (4 of them unsound)\n- Unsafe blocks after: **0** plus 2 moved to shared crates\n- **Security bug fixed: [RUSTSEC-2019-0010](https://rustsec.org/advisories/RUSTSEC-2019-0010.html)**\n\nDone by: [DevQps](https://github.com/DevQps), [Shnatsel](https://github.com/Shnatsel), [WanzenBug](https://github.com/WanzenBug), [mleonhard](https://github.com/mleonhard)\n\n### [miniz_oxide](https://crates.io/crates/miniz_oxide)\n\nThe fastest DEFLATE compression/decompression library in Rust, backend for [flate2](https://crates.io/crates/flate2) ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/2))\n\n- Unsafe blocks before: **28** (2 of them unsound)\n- **100% safe code now** - while being faster than the C version!\n- Potential security issue fixed: [Frommi/miniz_oxide#36](https://github.com/Frommi/miniz_oxide/pull/36) (unclear if exploitable or not)\n\nDone by: [Shnatsel](https://github.com/Shnatsel/), [oyvindln](https://github.com/oyvindln/)\n\n### [qbsdiff](https://crates.io/crates/qbsdiff)\n\nFast and memory saving bsdiff 4.x compatible delta compressor and patcher ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/55))\n\n - Unsafe blocks before: **3**\n - **100% safe code now**\n\nDone by: [Nicolas Braud-Santoni](https://github.com/nbraud)\n\n### [spin](https://crates.io/crates/spin)\n\nA spinlock for Rust ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/18))\n\n- `spin::RwLock` found to be unsound,completely rewritten based on Facebook's [Folly](https://github.com/facebook/folly) implementation, new implementation audited for soundness\n- **Security bug fixed: [RUSTSEC-2019-0013](https://rustsec.org/advisories/RUSTSEC-2019-0013.html)**\n- Unsafe code in `spin::Once` audited and found sound as of version 0.5.2\n\nDone by: [Matt Taylor](https://github.com/64), [Acrimon](https://github.com/xacrimon)\n\n### [suffix-array](https://crates.io/crates/suffix_array)\n\nSuffix array construction and searching algorithms for in-memory binary data ([tracking issue](https://github.com/rust-secure-code/safety-dance/issues/56))\n\n - Unsafe blocks before: **2**\n - **100% safe code now**\n\nDone by: [Nicolas Braud-Santoni](https://github.com/nbraud)\n\n## We need your help!\n\nYou can help by:\n\n1. Nominating crates for auditing - we're looking for widely used crates with `unsafe` in them\n1. Auditing nominated crates for soundness\n1. Replacing unsafe code with safe code where possible (where not possible - documenting why)\n1. Inspecting crates that have been made safer and [requesting Clippy lints](https://github.com/rust-secure-code/safety-dance/issues/21) for the antipatterns discovered\n\nCheck out what's in progress or pick up a work item on the [issue tracker](https://github.com/rust-secure-code/safety-dance/issues)!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-secure-code%2Fsafety-dance","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frust-secure-code%2Fsafety-dance","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-secure-code%2Fsafety-dance/lists"}