cargo-osha

A Cargo plugin to list unsafe code in a Rust project. Right now mostly a proof of concept.

Not actually a cargo plugin yet.

Example

Example from winit, a crate that does a large amount of platform-specific FFI:

> cargo run -- winit/src/**.rs
...
Unsafe functions: 20/85
Unsafe expressions: 222/16847
Unsafe traits: 0/14
Unsafe methods: 14/460
Unsafe impls: 21/136

Example from ggez, a crate that mostly uses dependencies that provide safe wrappers, and so needs little unsafe code itself:

> cargo run -- ggez/src/**.rs
...
Unsafe functions: 0/101
Unsafe expressions: 0/6786
Unsafe traits: 0/7
Unsafe methods: 0/312
Unsafe impls: 1/122

Usage

Right now it only provides a simple command line program that reads in N Rust source files. Doesn't walk dependencies or anything, you have to provide all files on the command line. It has no command line flags worth speaking of.

The code itself is nigh trivial, just read the source. It uses syn to walk a Rust source code file and counts up the occurances of unsafe in various places. There may be some it misses, just open an issue or whatever.

Should be split into a library someday maybe.