1.0.9 (older version) Thoroughness: High Understanding: Medium
by LovecraftianHorror on 2023-02-10
This review is from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.
The current version of bloomfilter is 1.0.13.
Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository with a git tag matching the version. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.
To review the actual code of the crate, it's best to use cargo crev open bloomfilter. Alternatively, you can download the tarball of bloomfilter v1.0.13 or view the source online.
A simple and straightforward bloomfilter implementation
There could be better documentation (many places can panic without documenting as such), better tests, more focus on avoiding overflows, and being less panic happy on errors, but aside from that everything seems good
There do seem to be issues with The ability to overflow the bitmap bit size in
Bloom::new_with_seed, possible issues with a lot of casting betweenu64andusize, and finally issues with the possibility to serialize and deserialize the bloomfilter on computers that have differentusizesizes. The worst that I think could happen would be changing which values are considered to be in the filter, but considering the common use would use a random seed for the hash which should make that pretty hard to exploit