0.10.0 (older version) Thoroughness: Medium Understanding: Medium
by weiznich on 2024-01-24
This review is from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.
The current version of tower-sessions-sqlx-store is 0.15.0.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open tower-sessions-sqlx-store. Alternatively, you can download the tarball of tower-sessions-sqlx-store v0.15.0 or view the source online.
This crate uses
format!to construct SQL queries. This is an anti-pattern that shouldn't be used in production ready code. It might result in SQL injections. This was reported as https://github.com/maxcountryman/tower-sessions-stores/issues/2.