Wasmtime GitHub notifications bot (Mar 30 2023 at 00:10): Wasmtime GitHub notifications bot (Mar 30 2023 at 00:10):pchickey opened PR #6121 from pch/wasi_http_supply_chain to main:
The audits are straightforward, and took the majority of a day to review. The exemptions, as always, need to be justified:
core-foundation, core-foundation-sys, security-framework, security-framework-sys: these are large crates which are FFI bindings to Mac OS frameworks. As such they contain tons of unsafe code to make these FFI calls and manage memory. These crates are too big to audit.
schannel: same as the above, except this is a windows component, which I'm also unfamiliar with.
openssl, openssl-sys: also large FFI bindings which are impractical to audit.
futures-macro, futures-task: while not as complex as futures-util, these are beyond my personal understanding of futures to vet practically. I've asked Alex to look at auditing these, and he will after he returns from vacation next week.
futures-util: 25kloc of code, over 149 instances of the substring "unsafe" (case insensitive), this is impractical to audit in the extreme.
h2, http, httparse, hyper, mio, tokio: this so-called tokio/hyper family are very large and challenging to audit. Bobby Holley has indicated that he is working to get the AWS engineers who maintain these crates to publish their own audits, which we can then import. We expect to exempt these until those imports are available.
Additionally, there is a cargo-deny exception made for duplicate versions of the windows-sys crate, which is just because part of the ecosystem is lagging a little bit, and looks like a totally benign difference.
Wasmtime GitHub notifications bot (Mar 30 2023 at 00:10):pchickey requested elliottt for a review on PR #6121.
Wasmtime GitHub notifications bot (Mar 30 2023 at 00:10):pchickey requested wasmtime-default-reviewers for a review on PR #6121.
Wasmtime GitHub notifications bot (Mar 30 2023 at 00:10):pchickey requested cfallin for a review on PR #6121.
Wasmtime GitHub notifications bot (Mar 30 2023 at 00:14):pchickey edited PR #6121 from pch/wasi_http_supply_chain to main:
The audits are straightforward, and took the majority of a day to review. The exemptions, as always, need to be justified:
core-foundation, core-foundation-sys, security-framework, security-framework-sys: these are large crates which are FFI bindings to Mac OS frameworks. As such they contain tons of unsafe code to make these FFI calls and manage memory. These crates are too big to audit.
schannel: same as the above, except this is a windows component, which I'm also unfamiliar with.
openssl, openssl-sys: also large FFI bindings which are impractical to audit.
futures-macro, futures-task: while not as complex as futures-util, these are beyond my personal understanding of futures to vet practically. I've asked Alex to look at auditing these, and he will after he returns from vacation next week.
futures-util: 25kloc of code, over 149 instances of the substring "unsafe" (case insensitive), this is impractical to audit in the extreme.
h2, http, httparse, hyper, mio, tokio: this so-called tokio/hyper family are very large and challenging to audit. @bholley told me he is working to get the AWS engineers who maintain these crates to publish their own audits, which we can then import. We expect to exempt these until those imports are available.
Additionally, there is a cargo-deny exception made for duplicate versions of the windows-sys crate, which is just because part of the ecosystem is lagging a little bit, and looks like a totally benign difference.
Wasmtime GitHub notifications bot (Mar 30 2023 at 00:17):cfallin submitted PR review.
Wasmtime GitHub notifications bot (Mar 30 2023 at 00:25):pchickey has enabled auto merge for PR #6121.
Wasmtime GitHub notifications bot (Mar 30 2023 at 00:59):pchickey merged PR #6121.
Last updated: Nov 22 2024 at 16:03 UTC