alex
commented
4 years ago Seems like the solution isn't in cargo-geiger, but rather to have cargo-audit flag it?
Open najamelan opened 4 years ago
alex
commented
4 years ago Seems like the solution isn't in cargo-geiger, but rather to have cargo-audit flag it?
anderejd
commented
4 years ago Thanks for the report!
This is related to #102
This is a crate that allows calling unsafe code without the unsafe keyword. It specifically works to undermine cargo-geiger detection. I have added it in my cargo-deny config, but it's probably good that cargo geiger prints a big warning on every crate that has this in their dependency graph.
Author also wants to disable
forbid(unsafe). The danger seems lesser becauseforbidonly works in the local crate, so I don't really see the point, but it could be a tool to insert malicious code in another library undetected.