Motivation
CI currently has no gates for:
- Supply-chain vulnerabilities —
cargo-audit checks Cargo.lock against the RustSec advisory database. A vulnerable transitive dep (e.g. in memchr, once_cell) would be silently shipped.
- Memory safety errors — The FFI boundary between Rust and LuaJIT is an unsafe surface. AddressSanitizer (ASAN) or Valgrind would catch use-after-free or buffer overruns that safe Rust alone cannot detect (e.g. bugs in pointer arithmetic in
src/ffi.rs, or misuse of the FFI from the Lua side).
Proposed work
cargo-audit job
- name: Security audit
run: |
cargo install cargo-audit --locked
cargo auditAdd to ci.yml as a standalone job (fast, ~30s) that runs on every push and PR.
ASAN job (Linux only)
- name: Build and test with ASAN
env:
RUSTFLAGS: "-Z sanitizer=address"
run: |
cargo +nightly test --release --target x86_64-unknown-linux-gnuRun a subset of integration tests (the FFI smoke suite) under ASAN nightly. Gate on nightly toolchain only — does not block stable CI.
Tradeoffs
cargo-audit is fast and has zero false-positive risk; add unconditionally.- ASAN requires nightly and ~2× slower builds; run as a separate optional job.
Affected files
Motivation
CI currently has no gates for:
cargo-auditchecksCargo.lockagainst the RustSec advisory database. A vulnerable transitive dep (e.g. inmemchr,once_cell) would be silently shipped.src/ffi.rs, or misuse of the FFI from the Lua side).Proposed work
cargo-audit job
Add to
ci.ymlas a standalone job (fast, ~30s) that runs on every push and PR.ASAN job (Linux only)
Run a subset of integration tests (the FFI smoke suite) under ASAN nightly. Gate on nightly toolchain only — does not block stable CI.
Tradeoffs
cargo-auditis fast and has zero false-positive risk; add unconditionally.Affected files
.github/workflows/ci.yml