Import our Rust crate audits from elsewhere
This commit is contained in:
parent
f3717d9427
commit
3f11ba5c74
|
@ -4,6 +4,9 @@
|
|||
[cargo-vet]
|
||||
version = "0.9"
|
||||
|
||||
[imports.zcash]
|
||||
url = "https://raw.githubusercontent.com/zcash/rust-ecosystem/main/supply-chain/audits.toml"
|
||||
|
||||
[policy.equihash]
|
||||
audit-as-crates-io = true
|
||||
|
||||
|
@ -491,10 +494,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.11.17"
|
||||
criteria = "safe-to-run"
|
||||
|
||||
[[exemptions.inout]]
|
||||
version = "0.1.3"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.is-terminal]]
|
||||
version = "0.4.9"
|
||||
criteria = "safe-to-run"
|
||||
|
@ -519,10 +518,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.10.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.known-folders]]
|
||||
version = "1.0.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.lazy_static]]
|
||||
version = "1.4.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -559,10 +554,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.7.3"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.maybe-rayon]]
|
||||
version = "0.1.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.memchr]]
|
||||
version = "2.6.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -791,10 +782,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.6.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rand_xorshift]]
|
||||
version = "0.3.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rayon]]
|
||||
version = "1.8.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -807,10 +794,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.5.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.redjubjub]]
|
||||
version = "0.7.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.redox_syscall]]
|
||||
version = "0.4.1"
|
||||
criteria = "safe-to-deploy"
|
||||
|
@ -827,10 +810,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.7.5"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.regex-syntax]]
|
||||
version = "0.8.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rgb]]
|
||||
version = "0.8.37"
|
||||
criteria = "safe-to-run"
|
||||
|
@ -1127,34 +1106,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.9.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wagyu-zcash-parameters]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wagyu-zcash-parameters-1]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wagyu-zcash-parameters-2]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wagyu-zcash-parameters-3]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wagyu-zcash-parameters-4]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wagyu-zcash-parameters-5]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wagyu-zcash-parameters-6]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.wait-timeout]]
|
||||
version = "0.2.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
@ -147,3 +147,111 @@ when = "2024-01-15"
|
|||
user-id = 169181
|
||||
user-login = "nuttycom"
|
||||
user-name = "Kris Nuttycombe"
|
||||
|
||||
[[audits.zcash.audits.inout]]
|
||||
who = "Daira Hopwood <daira@jacaranda.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.1.3"
|
||||
notes = "Reviewed in full."
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.known-folders]]
|
||||
who = "Jack Grigg <thestr4d@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "1.0.1"
|
||||
notes = """
|
||||
Uses `unsafe` blocks to interact with `windows-sys` crate.
|
||||
- `SHGetKnownFolderPath` safety requirements are met.
|
||||
- `CoTaskMemFree` has no effect if passed `NULL`, so there is no issue if some
|
||||
future refactor created a pathway where `ffi::Guard` could be dropped before
|
||||
`SHGetKnownFolderPath` is called.
|
||||
- Small nit: `ffi::Guard::as_pwstr` takes `&self` but returns `PWSTR` which is
|
||||
the mutable type; it should instead return `PCWSTR` which is the const type
|
||||
(and what `lstrlenW` takes) instead of implicitly const-casting the pointer,
|
||||
as this would better reflect the intent to take an immutable reference.
|
||||
- The slice constructed from the `PWSTR` correctly goes out of scope before
|
||||
`guard` is dropped.
|
||||
- A code comment says that `path_ptr` is valid for `len` bytes, but `PCWSTR` is
|
||||
a `*const u16` and `lstrlenW` returns its length \"in characters\" (which the
|
||||
Windows documentation confirms means the number of `WCHAR` values). This is
|
||||
likely a typo; the code checks that `len * size_of::<u16>() <= isize::MAX`.
|
||||
"""
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.maybe-rayon]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.1.1"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.rand_xorshift]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.3.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.redjubjub]]
|
||||
who = "Daira Emma Hopwood <daira@jacaranda.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.7.0"
|
||||
notes = """
|
||||
This crate is a thin wrapper around the `reddsa` crate, which I did not review. I also
|
||||
did not review tests or verify test vectors.
|
||||
|
||||
The comment on `batch::Verifier::verify` has an error in the batch verification equation,
|
||||
filed as https://github.com/ZcashFoundation/redjubjub/issues/163 . It does not affect the
|
||||
implementation which just delegates to `reddsa`. `reddsa` has the same comment bug filed as
|
||||
https://github.com/ZcashFoundation/reddsa/issues/52 , but its batch verification implementation
|
||||
is correct. (I checked the latter against https://zips.z.cash/protocol/protocol.pdf#reddsabatchvalidate
|
||||
which has had previous cryptographic review by NCC group; see finding NCC-Zcash2018-009 in
|
||||
https://research.nccgroup.com/wp-content/uploads/2020/07/NCC_Group_Zcash2018_Public_Report_2019-01-30_v1.3.pdf ).
|
||||
"""
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.regex-syntax]]
|
||||
who = "Jack Grigg <jack@electriccoin.co>"
|
||||
criteria = "safe-to-deploy"
|
||||
delta = "0.7.5 -> 0.8.2"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.wagyu-zcash-parameters]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.wagyu-zcash-parameters-1]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.wagyu-zcash-parameters-2]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.wagyu-zcash-parameters-3]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.wagyu-zcash-parameters-4]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.wagyu-zcash-parameters-5]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.wagyu-zcash-parameters-6]]
|
||||
who = "Sean Bowe <ewillbefull@gmail.com>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "0.2.0"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
|
Loading…
Reference in New Issue