Adding new libraries is subject to Chromium’s standard policies, but of course also subject to security review. As you may be bringing in not just a single crate but also transitive dependencies, there may be a lot of code to review. On the other hand, safe Rust code can have limited negative side effects. How should you review it?
Over time Chromium aims to move to a process based around cargo vet.
Meanwhile, for each new crate addition, we are checking for the following:
- Understand why each crate is used. What’s the relationship between crates? If
the build system for each crate contains a
build.rsor procedural macros, work out what they’re for. Are they compatible with the way Chromium is normally built?
- Check each crate seems to be reasonably well maintained
cd third-party/rust/chromium_crates_io; cargo auditto check for known vulnerabilities (first you’ll need to
cargo install cargo-audit, which ironically involves downloading lots of dependencies from the internet2)
- Ensure any
unsafecode is good enough for the Rule of Two
- Check for any use of
- Read all the code at a sufficient level to look for anything out of place that might have been maliciously inserted. (You can’t realistically aim for 100% perfection here: there’s often just too much code.)
These are just guidelines — work with reviewers from
to work out the right way to become confident of the crate.