As an experimental exploratory project, I wanted to try out building an analyser for Rust that would look through modules/crates and try to figure out what “permissions” each one would need. “Permissions” in the same sense as in Android/iOS apps: disk access, network access, etc.
This is motivated by cases of projects (though mostly in the Node.js and npm world) where a dependency turned out to do something unexpected.
I’m aware that this is likely going to be very hard to get right. As far as I can tell, I’ll have to ignore
unsafe blocks and just mark any affected code as overall “unsafe”. But I’m hoping that for the general case of popular crates out there, it should be possible to run an analyzer and get certain basic reassurances. For example - this crate that’s supposed to format input text in some way doesn’t need any disk access, or this crate that compresses files on disk doesn’t make any network calls.
Does anyone know if someone’s already built such a thing out there for Rust? Or can point me to similar analysers for other languages? Or just help me see if I’m missing something obvious here?