Skip to content

JumpiiX/cargo-trust

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cargo-trust

Cargo Subcommand CLI with Clap Traversal with WalkDir Serialization with Serde
Code Style: rustfmt Linted with Clippy Rust 2024 Edition

A security-focused Cargo subcommand for auditing unsafe code in Rust projects. Recursively scans your codebase to identify and report all unsafe blocks, functions, traits, and implementations.

Why cargo-trust?

Rust's memory safety guarantees are bypassed when using unsafe code. While sometimes necessary for FFI, performance optimizations, or low-level operations, unsafe code introduces potential security vulnerabilities that can be difficult to track across a growing codebase.

cargo-trust makes unsafe code visible, helping teams maintain security awareness and audit unsafe usage patterns.

Installation

cargo install cargo-trust

Usage

# Audit current project
cargo trust

# Audit specific directory
cargo trust /path/to/project

# JSON output for tooling integration
cargo trust --format json

# Compact output for grep/scripts
cargo trust --format compact

What it detects

  • unsafe fn - Unsafe functions
  • unsafe {} - Unsafe blocks
  • unsafe trait - Unsafe trait definitions
  • unsafe impl - Unsafe trait implementations
  • extern "C" - Foreign function interfaces

Output formats

Human (default)

╔══════════════════════════════════════╗
║     cargo-trust Security Report      ║
╚══════════════════════════════════════╝

► src/ffi.rs
  ├─ unsafe function at 42:1
  │  unsafe fn raw_pointer_deref() -> i32 {
  ├─ unsafe block at 67:5
  │  unsafe { *ptr.add(offset) }

Compact

src/ffi.rs:42:1: unsafe function
src/ffi.rs:67:5: unsafe block

JSON

{
  "project_root": ".",
  "files_with_unsafe": {
    "src/ffi.rs": [
      {
        "line": 42,
        "column": 1,
        "kind": "Function",
        "context": "unsafe fn raw_pointer_deref() -> i32 {"
      }
    ]
  },
  "total_unsafe_count": 1,
  "errors": []
}

Integration

Perfect for CI/CD pipelines, pre-commit hooks, and security audits:

# Fail CI if unsafe code is found
cargo trust && echo "No unsafe code detected" || exit 1

# Generate audit reports
cargo trust --format json > unsafe-audit.json

Architecture

  • Zero-copy parsing - Efficient line-by-line analysis
  • Walkdir traversal - Recursive filesystem scanning with smart filtering
  • Trait-based formatters - Extensible output system
  • Serde serialization - Structured data for tooling integration

Development

# Build
cargo build --release

# Test
cargo test

# Install locally
cargo install --path .

License

MIT OR Apache-2.0

About

Security audit tool for Rust projects. Recursively scans codebases to identify and report unsafe blocks, functions, traits, and implementations with precise line numbers.

Topics

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Contributors

Languages