On 16.04.2016 20:48, FreeSlave wrote:
github repo: https://github.com/MyLittleRobo/mimeapps (examples included)
You've got some bad `@trusted`s in your code:
<https://github.com/MyLittleRobo/mimeapps/blob/03b53ce35d2f4f56fdf76e0b6f5c681660b9d23a/source/mimeapps.d#L29>:
The constraint allows user-defined types that implicitly convert to
const(char)[] via alias this. Such a type may, for example, have an
unsafe opAssign, which you're mistakenly trusting here.
<https://github.com/MyLittleRobo/mimeapps/blob/03b53ce35d2f4f56fdf76e0b6f5c681660b9d23a/source/mimeapps.d#L191>,
<https://github.com/MyLittleRobo/mimeapps/blob/03b53ce35d2f4f56fdf76e0b6f5c681660b9d23a/source/mimeapps.d#L308>:
Similarly, IniLikeReader may do unsafe stuff and can't be trusted.
Related libraries:
https://github.com/MyLittleRobo/desktopfile - reading and executing
.desktop files.
https://github.com/MyLittleRobo/mime - parsing shared MIME type database
and detecting MIME types of files.
These have bad `@trusted`s, too. I'm not going to go over all of them,
but here are some examples:
<https://github.com/MyLittleRobo/desktopfile/blob/1f2e7a4162493ef292b4c23b152875d83f84a89a/source/desktopfile/utils.d#L754>,
<https://github.com/MyLittleRobo/desktopfile/blob/1f2e7a4162493ef292b4c23b152875d83f84a89a/source/desktopfile/file.d#L705>,
<https://github.com/MyLittleRobo/desktopfile/blob/1f2e7a4162493ef292b4c23b152875d83f84a89a/source/desktopfile/file.d#L718>:
Trusting template arguments again.
<https://github.com/MyLittleRobo/mime/blob/c781948be3ba3f43fa4974592e6a7d7534baaeeb/source/mime/cache.d#L44>:
Reversing the bytes of arbitrary data, including pointers, is not
memory-safe.