Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Evaluation of Rust Codebases Using Public Information

Eriksson, Emil LU (2023) In LU-CS-EX EDAM05 20231
Department of Computer Science
Abstract
Understanding the content of a software project is a complex endeavour. While the Rust programming language promises developers a safer programming language, a program may still include vulnerable code through its dependencies. In this thesis we present a CLI tool, cargo-indicate, to query the dependency tree of Rust projects using standard GraphQL. This tool aggregates data from a variety of sources, such as program analysis tools (cargo-geiger), source control platforms (GitHub), and package registries (crates.io) and exposes them in a schema. We use this tool to collect data about popular Rust packages, and describe their distribution. We employ a clustering strategy to identify categories of Rust projects. We conclude that some, but... (More)
Understanding the content of a software project is a complex endeavour. While the Rust programming language promises developers a safer programming language, a program may still include vulnerable code through its dependencies. In this thesis we present a CLI tool, cargo-indicate, to query the dependency tree of Rust projects using standard GraphQL. This tool aggregates data from a variety of sources, such as program analysis tools (cargo-geiger), source control platforms (GitHub), and package registries (crates.io) and exposes them in a schema. We use this tool to collect data about popular Rust packages, and describe their distribution. We employ a clustering strategy to identify categories of Rust projects. We conclude that some, but not all, data contain useful information that can help developers understand their dependency tree. We describe three categories of Rust packages, and have reason to believe that project marketing is a significant factor in separating projects. We believe that our tool provides a novel approach to aggregate data about the Rust ecosystem from different sources, with an interface that can easily be developed further. For developers this tool is a possible stage in a future CI pipeline, and for researchers it provides a way of analyzing the Rust ecosystem. (Less)
Please use this url to cite or link to this publication:
author
Eriksson, Emil LU
supervisor
organization
alternative title
Utvärdering av kodbaser i Rust utifrån publik information
course
EDAM05 20231
year
type
H2 - Master's Degree (Two Years)
subject
keywords
Rust, Code Evaluation, Open Source, Crates.io, Cargo, GraphQL, Query, Dependencies
publication/series
LU-CS-EX
report number
2023-39
ISSN
1650-2884
language
English
id
9133685
date added to LUP
2023-09-15 12:47:47
date last changed
2023-09-15 12:47:47
@misc{9133685,
  abstract     = {{Understanding the content of a software project is a complex endeavour. While the Rust programming language promises developers a safer programming language, a program may still include vulnerable code through its dependencies. In this thesis we present a CLI tool, cargo-indicate, to query the dependency tree of Rust projects using standard GraphQL. This tool aggregates data from a variety of sources, such as program analysis tools (cargo-geiger), source control platforms (GitHub), and package registries (crates.io) and exposes them in a schema. We use this tool to collect data about popular Rust packages, and describe their distribution. We employ a clustering strategy to identify categories of Rust projects. We conclude that some, but not all, data contain useful information that can help developers understand their dependency tree. We describe three categories of Rust packages, and have reason to believe that project marketing is a significant factor in separating projects. We believe that our tool provides a novel approach to aggregate data about the Rust ecosystem from different sources, with an interface that can easily be developed further. For developers this tool is a possible stage in a future CI pipeline, and for researchers it provides a way of analyzing the Rust ecosystem.}},
  author       = {{Eriksson, Emil}},
  issn         = {{1650-2884}},
  language     = {{eng}},
  note         = {{Student Paper}},
  series       = {{LU-CS-EX}},
  title        = {{Evaluation of Rust Codebases Using Public Information}},
  year         = {{2023}},
}