Idea - Safety Validations

[pinkforest]

Currently it's a bit of effort of finding the needle from the haystack to figure out whether the output - which either have unsafe or don't have the unsafe code not allowed bit on - have been audited in any way so the information that the Geiger spits out can be a bit hellscape to understand thus has less value.

Nor there is a standard workflow to keep track of unsafe code blobs as to commenting to enable the maintainers to do the right thing with the unsafe code - everyone does it differently and you have to parse a lot of behind the scenes to know what is going on and even then probably doens't give any clear idea.

I've discussed this in Discord #crypto-and-security as well as in the cargo-crev matrix to come to find and suggest below.

Findings

• Clippy already checks for safety documentation some sort Rust API Guideline: Unsafe functions are documented with a "Safety" section rust-lang/rust-clippy#2207
• There is no easily parseable metadata to get any easy indication whether unsafe blocks have been audited / reviewed / whatever

Idea

• Define a meta-data flag in the code to allow linkage to ongoing issue that tracks the relevant unsafe block use just like the associated safety documentation that Clippy looks out for
• When meta-data flag has been added to the associated unsafe block that links to issue Geiger can validate the that the issue has been closed that has been linked from the code

This would go long way to allow devs to insert hookpoints for public commenting on any unsafe blocks and for automating the verification that at least some tracking issue is out there...

#![geiger(unsafe_tracker_base_url = "https://github.com/user/repo/issue/<default_unsafe_issue>")] #![geiger(unsafe_tracker = "https://github.com/user/repo/issue/<relevant_unsafe_issue>")]

[8573]

Some pieces of prior work that may be relevant are unsafety, launch-code, safety-guard (in descending order of how relevant I guess they are).

[pinkforest]

Converting this to discussion