New kid on the block: undetected plutonium #101
Labels
Comments
najamelan
changed the title
|
Seems like the solution isn't in cargo-geiger, but rather to have cargo-audit flag it? |
|
Thanks for the report! This is related to #102 |
anderejd
added
bug
This was referenced Apr 23, 2020
37 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a crate that allows calling unsafe code without the unsafe keyword. It specifically works to undermine cargo-geiger detection.
I have added it in my cargo-deny config, but it's probably good that cargo geiger prints a big warning on every crate that has this in their dependency graph.
Author also wants to disable
forbid(unsafe). The danger seems lesser becauseforbidonly works in the local crate, so I don't really see the point, but it could be a tool to insert malicious code in another library undetected.The text was updated successfully, but these errors were encountered: