aboutsummaryrefslogtreecommitdiff
path: root/docs/user
diff options
context:
space:
mode:
authorbors[bot] <26634292+bors[bot]@users.noreply.github.com>2021-03-22 10:56:37 +0000
committerGitHub <[email protected]>2021-03-22 10:56:37 +0000
commitad39959361f32551ab788126b0a5b8b4b09138ef (patch)
tree1b647430ceec888023e72c82e88902182b8bf50f /docs/user
parent27befe6c7fe064b364182e2ad54825b5e5f9dee3 (diff)
parent2469af301780763cfcba728f275021da1ad42544 (diff)
Merge #8145
8145: Document our security stance r=matklad a=matklad bors r+ 🤖 Co-authored-by: Aleksey Kladov <[email protected]>
Diffstat (limited to 'docs/user')
-rw-r--r--docs/user/manual.adoc14
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc
index dba2197de..8656dd1da 100644
--- a/docs/user/manual.adoc
+++ b/docs/user/manual.adoc
@@ -516,6 +516,20 @@ See https://github.com/rust-analyzer/rust-project.json-example for a small examp
516 516
517You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading. 517You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading.
518 518
519== Security
520
521At the moment, rust-analyzer assumes that all code is trusted.
522Here is a **non-exhaustive** list of ways to make rust-analyzer execute arbitrary code:
523
524* proc macros and build scripts are executed by default
525* `.cargo/config` can override `rustc` with an arbitrary executable
526* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.
527* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.
528
529rust-analyzer itself doesn't access the network.
530The VS Code plugin doesn't access the network unless the nightly channel is selected in the settings.
531In that case, the plugin uses the GitHub API to check for and download updates.
532
519== Features 533== Features
520 534
521include::./generated_features.adoc[] 535include::./generated_features.adoc[]