Add safety notes about docs fields in soroban-spec-rust#1650
Merged
leighmcculloch merged 4 commits intomainfrom Dec 17, 2025
Merged
Add safety notes about docs fields in soroban-spec-rust#1650leighmcculloch merged 4 commits intomainfrom
leighmcculloch merged 4 commits intomainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enhances security documentation in the soroban-spec-rust crate by adding and updating comments that explain why the "docs" fields from spec entries are not output as rustdocs in generated Rust code. The changes address a critical security concern: rustdocs can contain and execute Rust code, and since generated code may originate from untrusted WASM files with untrusted spec documentation, outputting these docs as rustdocs would create a code execution vulnerability.
Key Changes:
- Updated existing security comment in
types.rswith clearer wording about the code execution risk - Added identical security comments to
trait.rsandlib.rsto ensure the warning is visible in all files
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 9 comments.
| File | Description |
|---|---|
| soroban-spec-rust/src/types.rs | Updated the existing IMPORTANT comment with clearer explanation of the security risk |
| soroban-spec-rust/src/trait.rs | Added new IMPORTANT comment at top of file to document security rationale |
| soroban-spec-rust/src/lib.rs | Added new IMPORTANT comment at top of file to document security rationale |
dmkozh
approved these changes
Dec 17, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Add and update comments in soroban-spec-rust explaining why the "docs" fields from spec entries are intentionally not output as rustdocs in generated Rust code.
Why
Rustdocs can contain Rust code that gets executed. Generated code may come from untrusted WASMs with untrusted spec docs, creating a code execution risk.
We already have a comment about this in one of the files, but I wanted to put this important note at the top of all the files in this crate so it's present to anybody who's reading any of them.