RustRover 2024.3 Help

Project security

To prevent potential security risks, RustRover lets you decide how to open a project if you're not sure about its source. RustRover warns you about tasks or configurations that will be executed during the opening process and lets you configure sources that you can trust.

Open a project from unknown sources

Every time you open a project for the first time, the IDE shows the Trust Project dialog. This helps to ensure that the project is safe to perform the following actions:

  • Invoke Cargo, rustc, Rustfmt, and other Rust tools, which can be overridden to execute arbitrary (potentially malicious) code.

  • Execute build scripts and procedural macros, which can also contain arbitrary code.

  • Interact with VCS.

  • Perform other tasks that execute code.

Untrusted Project

You can select one of the following actions:

  • Preview in Safe Mode: in this case, RustRover opens the project in Safe Mode, meaning you can browse the project's sources, but there are restrictions in executing code, performing build-related activities, and running scripts. Essentially, the IDE functions as a text editor.

    RustRover notifies you about Safe Mode on top of the editor area. You can click the Trust project link and load your project at any time.

    In-editor notification for untrusted projects in Safe Mode

    If you try to reload the project or execute targets using menu items, dedicated tool windows, or the Run Anything window, RustRover will prompt you to confirm that you trust the project before proceeding:

    Trust project for actions
  • Trust Project: in this case, RustRover opens and initializes the project, resolves project plugins, adds dependencies, and enables all RustRover features.

  • Don't Open: in this case, RustRover cancels the action.

Startup tasks

When you open a project created on a different machine, it might contain some scripts or tasks that are executed during the opening process. If such tasks are found, RustRover displays a notification suggesting that the code you are about to execute might be harmful.

You can review what tasks will be executed and modify the settings.

Review the startup tasks

  1. In the Settings dialog (Ctrl+Alt+S) , go to Tools | Startup Tasks.

  2. On the Startup Tasks settings page, you can review and modify the startup tasks.

Safe mode preview limitations

If you open a project in Safe Mode, the following limitations will apply:

  • Cargo importing is disabled. As a result, build scripts and macros are not executed, and dependencies are not resolved.

  • The Rust compiler (rustc) is disabled.

  • External Rust tools, such as cargo-check, Clippy, and Rustfmt, are disabled.

  • Startup tasks: any scripts or tasks that are executed during the opening process are disabled.

  • VCS support: VCS support is fully disabled.

  • File Watcher scripts will not wake up and run corresponding tools.

Trusted locations

You can configure what sources RustRover should consider safe and trust implicitly. For example, you can add your home directory to the trusted locations. In this case, RustRover will implicitly trust all projects located there.

Configure trusted locations

  1. In the Settings dialog (Ctrl+Alt+S) , go to Build, Execution, Deployment | Trusted Locations.

  2. On the Trusted Locations settings page, specify the local directories that the IDE should trust. Click OK to save the changes.

    Trusted Locations

    The next time you open a project from one of those locations, RustRover will implicitly trust it.

Last modified: 19 December 2024