Evaluation of Rust Codebases Using Public Information
(2023) In LU-CS-EX EDAM05 20231Department of Computer Science
- Abstract
- Understanding the content of a software project is a complex endeavour. While the Rust programming language promises developers a safer programming language, a program may still include vulnerable code through its dependencies. In this thesis we present a CLI tool, cargo-indicate, to query the dependency tree of Rust projects using standard GraphQL. This tool aggregates data from a variety of sources, such as program analysis tools (cargo-geiger), source control platforms (GitHub), and package registries (crates.io) and exposes them in a schema. We use this tool to collect data about popular Rust packages, and describe their distribution. We employ a clustering strategy to identify categories of Rust projects. We conclude that some, but... (More)
- Understanding the content of a software project is a complex endeavour. While the Rust programming language promises developers a safer programming language, a program may still include vulnerable code through its dependencies. In this thesis we present a CLI tool, cargo-indicate, to query the dependency tree of Rust projects using standard GraphQL. This tool aggregates data from a variety of sources, such as program analysis tools (cargo-geiger), source control platforms (GitHub), and package registries (crates.io) and exposes them in a schema. We use this tool to collect data about popular Rust packages, and describe their distribution. We employ a clustering strategy to identify categories of Rust projects. We conclude that some, but not all, data contain useful information that can help developers understand their dependency tree. We describe three categories of Rust packages, and have reason to believe that project marketing is a significant factor in separating projects. We believe that our tool provides a novel approach to aggregate data about the Rust ecosystem from different sources, with an interface that can easily be developed further. For developers this tool is a possible stage in a future CI pipeline, and for researchers it provides a way of analyzing the Rust ecosystem. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9133685
- author
- Eriksson, Emil LU
- supervisor
- organization
- alternative title
- Utvärdering av kodbaser i Rust utifrån publik information
- course
- EDAM05 20231
- year
- 2023
- type
- H2 - Master's Degree (Two Years)
- subject
- keywords
- Rust, Code Evaluation, Open Source, Crates.io, Cargo, GraphQL, Query, Dependencies
- publication/series
- LU-CS-EX
- report number
- 2023-39
- ISSN
- 1650-2884
- language
- English
- id
- 9133685
- date added to LUP
- 2023-09-15 12:47:47
- date last changed
- 2023-09-15 12:47:47
@misc{9133685, abstract = {{Understanding the content of a software project is a complex endeavour. While the Rust programming language promises developers a safer programming language, a program may still include vulnerable code through its dependencies. In this thesis we present a CLI tool, cargo-indicate, to query the dependency tree of Rust projects using standard GraphQL. This tool aggregates data from a variety of sources, such as program analysis tools (cargo-geiger), source control platforms (GitHub), and package registries (crates.io) and exposes them in a schema. We use this tool to collect data about popular Rust packages, and describe their distribution. We employ a clustering strategy to identify categories of Rust projects. We conclude that some, but not all, data contain useful information that can help developers understand their dependency tree. We describe three categories of Rust packages, and have reason to believe that project marketing is a significant factor in separating projects. We believe that our tool provides a novel approach to aggregate data about the Rust ecosystem from different sources, with an interface that can easily be developed further. For developers this tool is a possible stage in a future CI pipeline, and for researchers it provides a way of analyzing the Rust ecosystem.}}, author = {{Eriksson, Emil}}, issn = {{1650-2884}}, language = {{eng}}, note = {{Student Paper}}, series = {{LU-CS-EX}}, title = {{Evaluation of Rust Codebases Using Public Information}}, year = {{2023}}, }