rustinel-core 0.1.1

Defensive Rust supply-chain risk analysis: static signals, policy and risk diff for Cargo lockfiles.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

//! Hardening primitives that make rustinel safe to run against *fully
//! untrusted* inputs (lockfiles, manifests, source trees, advisory databases,
//! registry caches).
//!
//! rustinel is a supply-chain tool, so it must never become a supply-chain
//! attack vector itself. Every value that originates from analyzed data is
//! treated as hostile:
//!
//! - **No code execution.** The core never runs `build.rs`, never compiles, and
//!   never spawns processes. (The CLI's `advisory update` shells out to `git`
//!   with a fixed argument vector and no shell interpolation.)
//! - **No attacker-controlled network.** The optional metadata lookup (in the
//!   CLI) fetches the crates.io sparse index over HTTPS with a *fixed* host and a
//!   validated crate-name path; no request target is ever derived from analyzed
//!   data, which removes SSRF as a class of bug.
//! - **Bounded I/O.** Every file read is size-capped; directory walks are depth-
//!   and entry-bounded; symlinks are never followed during traversal.
//! - **Validated identifiers.** Crate names/versions are validated before they
//!   are ever used to build a filesystem path or an index lookup, blocking path
//!   traversal and separator injection.

use std::fs::File;
use std::io::Read;
use std::path::{Component, Path};

/// Maximum bytes read from a single source/manifest file.
pub const MAX_SOURCE_FILE_BYTES: u64 = 8 * 1024 * 1024;
/// Maximum bytes read from a single advisory document.
pub const MAX_ADVISORY_FILE_BYTES: u64 = 1024 * 1024;
/// Maximum directory recursion depth for any walk.
pub const MAX_DIR_DEPTH: usize = 32;
/// Maximum number of filesystem entries visited in a single walk.
pub const MAX_DIR_ENTRIES: usize = 200_000;
/// Maximum length accepted for a crate name or version token.
pub const MAX_NAME_LEN: usize = 64;
pub const MAX_VERSION_LEN: usize = 64;

/// Validate a Cargo crate name for safe use in filesystem paths and index
/// lookups. Conservative allowlist: ASCII alphanumerics plus `-` and `_`.
///
/// This rejects path separators, `..`, NUL, whitespace, URL metacharacters and
/// any non-ASCII — i.e. everything an attacker would need for traversal or
/// request smuggling.
pub fn is_safe_crate_name(name: &str) -> bool {
    !name.is_empty()
        && name.len() <= MAX_NAME_LEN
        && name
            .bytes()
            .all(|b| b.is_ascii_alphanumeric() || b == b'-' || b == b'_')
}

/// Validate a version token for safe use in a filesystem path. Allows the
/// semver character set (alnum, `.`, `+`, `-`, `_`) and nothing else.
pub fn is_safe_version(version: &str) -> bool {
    !version.is_empty()
        && version.len() <= MAX_VERSION_LEN
        && version
            .bytes()
            .all(|b| b.is_ascii_alphanumeric() || matches!(b, b'.' | b'+' | b'-' | b'_'))
        // Defense in depth: reject anything that could be a parent reference.
        && version != ".."
        && !version.contains("..")
}

/// A single path segment that is safe to join onto a trusted base directory:
/// non-empty, no separators, not a `.`/`..` component.
pub fn is_safe_path_segment(segment: &str) -> bool {
    if segment.is_empty() || segment.len() > 255 {
        return false;
    }
    if segment.contains('/') || segment.contains('\\') || segment.contains('\0') {
        return false;
    }
    !matches!(segment, "." | "..")
}

/// True if `child`, once resolved, is contained within `base`. Both are
/// canonicalized; if either cannot be canonicalized the check fails closed.
pub fn is_contained_within(base: &Path, child: &Path) -> bool {
    match (base.canonicalize(), child.canonicalize()) {
        (Ok(b), Ok(c)) => c.starts_with(&b),
        _ => false,
    }
}

/// A path is "lexically clean" if it contains no `..` components (used as a
/// cheap pre-check before any join).
pub fn has_no_parent_components(path: &Path) -> bool {
    !path.components().any(|c| matches!(c, Component::ParentDir))
}

/// Read a regular file, refusing anything larger than `max_bytes`, anything that
/// is not a regular file, and reading at most `max_bytes` even if the file grows
/// underneath us. Returns `None` (never an error) so callers degrade gracefully.
///
/// Callers should additionally skip symlinks during directory traversal; this
/// function guards the read itself via an fstat on the open handle plus a capped
/// reader.
pub fn read_file_capped(path: &Path, max_bytes: u64) -> Option<String> {
    let file = File::open(path).ok()?;
    let meta = file.metadata().ok()?;
    if !meta.is_file() {
        return None;
    }
    if meta.len() > max_bytes {
        return None;
    }
    let mut bytes = Vec::new();
    // `take` bounds the read regardless of fstat (defense against TOCTOU growth).
    file.take(max_bytes).read_to_end(&mut bytes).ok()?;
    // Decode lossily: the scanners do ASCII substring matching, so a single
    // non-UTF-8 byte must not drop a whole source file from analysis (that would
    // be a trivial evasion gap). TOML callers still fail to parse malformed input.
    Some(String::from_utf8_lossy(&bytes).into_owned())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn crate_name_allows_normal() {
        assert!(is_safe_crate_name("serde"));
        assert!(is_safe_crate_name("openssl-sys"));
        assert!(is_safe_crate_name("wasm_bindgen"));
        assert!(is_safe_crate_name("a1"));
    }

    #[test]
    fn crate_name_rejects_traversal_and_injection() {
        assert!(!is_safe_crate_name(""));
        assert!(!is_safe_crate_name(".."));
        assert!(!is_safe_crate_name("../etc"));
        assert!(!is_safe_crate_name("foo/bar"));
        assert!(!is_safe_crate_name("foo\\bar"));
        assert!(!is_safe_crate_name("foo bar"));
        assert!(!is_safe_crate_name("foo\0"));
        assert!(!is_safe_crate_name("a/../../b"));
        assert!(!is_safe_crate_name("café")); // non-ASCII
        assert!(!is_safe_crate_name(&"a".repeat(65)));
        // URL/host-confusion attempts
        assert!(!is_safe_crate_name("evil.com"));
        assert!(!is_safe_crate_name("crate@host"));
    }

    #[test]
    fn version_validation() {
        assert!(is_safe_version("1.0.0"));
        assert!(is_safe_version("0.9.99"));
        assert!(is_safe_version("1.0.0+spec-1.1.0"));
        assert!(!is_safe_version("../1.0.0"));
        assert!(!is_safe_version("1.0.0/.."));
        assert!(!is_safe_version(".."));
        assert!(!is_safe_version("1 0"));
        assert!(!is_safe_version(""));
    }

    #[test]
    fn path_segment_validation() {
        assert!(is_safe_path_segment("serde-1.0.0"));
        assert!(!is_safe_path_segment(".."));
        assert!(!is_safe_path_segment("a/b"));
        assert!(!is_safe_path_segment(""));
    }

    #[test]
    fn containment_blocks_escape() {
        let base = std::env::temp_dir();
        assert!(is_contained_within(&base, &base));
        // A sibling/parent path must not be considered contained.
        assert!(!is_contained_within(&base, std::path::Path::new("/")));
    }

    #[test]
    fn no_parent_components_detects_dotdot() {
        assert!(has_no_parent_components(Path::new("a/b/c")));
        assert!(!has_no_parent_components(Path::new("a/../b")));
    }

    #[test]
    fn read_cap_rejects_oversize() {
        let dir = std::env::temp_dir();
        let path = dir.join("rustinel_safety_big.txt");
        std::fs::write(&path, vec![b'a'; 1024]).unwrap();
        assert!(read_file_capped(&path, 4096).is_some());
        assert!(read_file_capped(&path, 512).is_none());
        let _ = std::fs::remove_file(&path);
    }

    #[test]
    fn read_cap_decodes_non_utf8_lossily() {
        // A single non-UTF-8 byte must NOT drop the whole file (an evasion gap) —
        // the ASCII fingerprints the scanners look for must still survive.
        let dir = std::env::temp_dir();
        let path = dir.join("rustinel_safety_nonutf8.rs");
        let mut bytes = b"fn x(){ reqwest::get(\"https://x.workers.dev\");".to_vec();
        bytes.push(0xFF);
        bytes.extend_from_slice(b" }");
        std::fs::write(&path, &bytes).unwrap();
        let got = read_file_capped(&path, 4096).expect("file must not be dropped");
        assert!(got.contains(".workers.dev"));
        let _ = std::fs::remove_file(&path);
    }
}