aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorAleksey Kladov <[email protected]>2021-03-22 10:53:00 +0000
committerAleksey Kladov <[email protected]>2021-03-22 10:53:00 +0000
commit63e083122cefbc2eff2f420a67946e4c6d4baf16 (patch)
treecc071d0d850b25d4112c48145306024719c20e41 /docs
parent27befe6c7fe064b364182e2ad54825b5e5f9dee3 (diff)
Document our security stance
changelog: feature
Diffstat (limited to 'docs')
-rw-r--r--docs/user/manual.adoc14
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc
index dba2197de..9305d9d1a 100644
--- a/docs/user/manual.adoc
+++ b/docs/user/manual.adoc
@@ -516,6 +516,20 @@ See https://github.com/rust-analyzer/rust-project.json-example for a small examp
516 516
517You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading. 517You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading.
518 518
519== Security
520
521At the moment, rust-analyzer assumes that all code is trusted.
522Here is a **no-exhaustive** list of ways to make rust-analyzer execute arbitrary code:
523
524* proc macros and build scripts are executed by default
525* `.cargo/config` can override `rustc` with an arbitrary executable
526* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.
527* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.
528
529rust-analyzer itself doesn't access the network.
530VS Code plugin doesn't access the network unless the nightly channel is selected in the settings.
531In that case, the plugin uses GitHub API to check for and download updates.
532
519== Features 533== Features
520 534
521include::./generated_features.adoc[] 535include::./generated_features.adoc[]