Close Open Privacy Scan
App Privacy Score
Medium risk · 1221 finding(s)
Dependency score: 57 (Medium risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz External domains
docs.rsgithub.comhttpbin.orghyper.rsoauth2.googleapis.compyo3.rsqdrant.tech
</> First-Party Code
first-party (rust)
rust first-partyexpand_more 123 low-confidence finding(s)
log::error!("Internal telemetry service failed for peer {peer_id}: {err:#?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Creating missing collection snapshots directory for {collection_name}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Partial snapshot download completed: path={}, size={:.2} MB, duration={:.2}s, speed={:.2} MB/s, shard_id={}",
partial_snapshot_temp_path.display(),
total_size_mb,
download_duration.as_secs_f64(),
download_speed_mbps,
shard_id
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to refresh server TLS certificate, keeping current: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = File::open(path).map_err(|err| Error::OpenFile(err, path.into()))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!("Error processing request: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"TLS enabled for metrics API (TTL: {})",
settings
.tls
.as_ref()
.and_then(|tls| tls.cert_ttl)
.map(|ttl| ttl.to_string())
.unwrap_or_else(|| "none".into()),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("TLS disabled for metrics API");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Qdrant metrics listening on {port}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"REST transport settings: keep_alive={}s, client_request_timeout={}s, client_disconnect_timeout={}s",
settings.service.http_keep_alive_timeout_sec,
settings.service.http_client_request_timeout_sec,
settings.service.http_client_disconnect_timeout_sec,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"TLS enabled for REST API (TTL: {})",
settings
.tls
.as_ref()
.and_then(|tls| tls.cert_ttl)
.map(|ttl| ttl.to_string())
.unwrap_or_else(|| "none".into()),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("TLS disabled for REST API");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Qdrant HTTP listening on {port}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Static content folder for Web UI '{}' does not exist",
static_folder_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to build telemetry reporter client: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Telemetry panic report was not sent: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("HealthChecker task panicked, retrying{separator}{message}",);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
.inspect_err(|err| log::error!("GetConsensusCommit request failed: {err}"))
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let cert = fs::read_to_string(&tls_config.cert)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let key = fs::read_to_string(&tls_config.key)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let pem = fs::read_to_string(ca_cert_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"Failed to load CA certificate, skipping HTTPS client CA certificate configuration: {err}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let ca_cert_pem = fs::read(ca_cert.as_ref())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::read(cert).map_err(|err| Error::failed_to_read(err, "certificate", cert))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Err(err) => log::warn!("Error reading procfs infos: {err:?}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if let Ok(tmpdir) = std::env::var("TMPDIR") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Failed to create TMPDIR {tmpdir}: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Starting pyroscope CPU agent with identifier {}",
&config.identifier
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Starting pyroscope heap agent with identifier {}",
&config.identifier
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::env::var("MALLOC_CONF")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Pyroscope CPU agent failed to start: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Pyroscope heap agent started (MALLOC_CONF has prof:true)"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Pyroscope heap agent failed to start: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Jemalloc profiling not enabled, skipping heap agent. Set MALLOC_CONF=\"prof:true,prof_active:true\" to enable."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Stopped pyroscope {name} agent. Shutting it down");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Pyroscope {name} agent shut down completed.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Pyroscope {name} agent failed to stop: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Stopping pyroscope agents");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Failed to advance Jemalloc stats epoch");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to report telemetry: resp status:{:?} resp body:{:?}",
resp.status(),
resp.text().await?
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to report telemetry {err}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed to set high thread priority for consensus, ignoring: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Consensus stopped with error: {err:#}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Consensus stopped");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed to set high thread priority for consensus, ignoring: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can not forward new entry to consensus as it was stopped.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Clearing WAL on the bootstrap peer to force snapshot transfer");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Local raft state found - bootstrap and uri cli arguments were ignored")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Local raft state found - skipping initialization");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Bootstrapping from peer with address: {bootstrap_peer}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Bootstrapping is disabled. Assuming this peer is the first in the network"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"With current tick period of {tick_period}ms, leader will be established in approximately {leader_established_in_ms}ms. To avoid rejected operations - add peers and submit operations only after this period.",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to recover from peer with id {peer_id} at {peer_uri} with error {res:?}, trying others"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Successfully recovered from peer with id {peer_id} at {peer_uri}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Retrying recovering from known peers (retry {})",
RECOVERY_MAX_RETRY_COUNT - tries
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to add origin peer to consensus: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Rejected peer {peer_id} to join consensus, URI is already registered by peer {registered_peer_id} ({uri})",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Proposing network configuration change: {change:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Proposing network configuration change: {change:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Proposing promotion for learner {learner} to voter");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Applying snapshot {:?}", snapshot.get_metadata());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to apply snapshot: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Appending {} entries to raft log", ready.entries().len());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Changing hard state. New hard state: {hs:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Changing soft state. New soft state: {ss:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Updating commit index to {commit}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Spawning message sender task for peer {peer_id}...");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to forward message {message:?} to message sender task {peer_id}: \
{description}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to forward message to message sender task {peer_id}: {description}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to send Raft message {message:?} to peer {peer_id}: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to send Raft message to peer {peer_id}: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can not forward new entry to consensus as it was stopped.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
match env::var("COLORTERM") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"There is a potential issue with the filesystem for storage path {}. Details: {details}",
storage_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Filesystem check failed for storage path {}. Details: {details}",
storage_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Unable to check mmap functionality for storage path {}. Details: {details}, error: {e}",
storage_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Filesystem check failed for storage path {}. Details: {details}",
storage_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't initialize GPU devices manager: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Bootstrap URI is the same as this peer URI. Consider this peer as a first in a new deployment.",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Qdrant is loaded in recovery mode: {recovery_warning}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Read more: https://qdrant.tech/documentation/guides/administration/#recovery-mode"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Feature flags: {flags:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Loaded collection: {collection}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("All transfers if any cancelled");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't cancel related transfers: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Distributed mode disabled");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Telemetry reporting enabled, id: {reporting_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Telemetry reporting disabled");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Hardware reporting enabled");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Error while starting {server_name} server: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Inference service init failed: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("gRPC endpoint disabled");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Waiting for thread {} to finish",
handle.thread().name().unwrap()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let env = env::var("RUN_MODE").unwrap_or_else(|_| "development".into());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("JWT RBAC configured but no API key set, JWT RBAC is not enabled")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"It is highly recommended to use an API key of {JWT_RECOMMENDED_SECRET_LENGTH} bytes when JWT RBAC is enabled",
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Self::Warn(msg) => log::warn!("{msg}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Self::Error(msg) => log::error!("{msg}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let config_file = BufReader::new(File::open(config_path).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::env::var("QDRANT_INIT_FILE_PATH")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!("Panic backtrace: \n{backtrace}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Panic occurred{loc}: {message}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if let Err(err) = fs::write(get_init_file_path(), "") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Failed to create init file indicator: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to remove init file indicator: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Peer {} is replacing peer {old_peer_id} which has no shards ({uri})",
peer.id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("gRPC request error {method_name}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"gRPC {} failed with {} {:?} {:.6}",
method_name,
grpc_status.code(),
grpc_status.message(),
elapsed_sec,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
| Code::Unknown => log::error!(
"gRPC {} unexpectedly failed with {} {:?} {:.6}",
method_name,
grpc_status.code(),
grpc_status.message(),
elapsed_sec,
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"gRPC redirection {} {} {:.6}",
method_name,
response_tonic.status(),
elapsed_sec,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"gRPC client error {} {} {:.6}",
method_name,
response_tonic.status(),
elapsed_sec,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"gRPC server error {} {} {:.6}",
method_name,
response_tonic.status(),
elapsed_sec,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"gRPC {} unknown status code {} {:.6}",
method_name,
response_tonic.status(),
elapsed_sec,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Stopping {for_what} on SIGINT");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Qdrant gRPC listening on {grpc_port}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("TLS enabled for gRPC API (TTL not supported)");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("TLS disabled for gRPC API");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Qdrant internal gRPC listening on {internal_grpc_port}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("TLS enabled for internal gRPC API (TTL not supported)");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("TLS disabled for internal gRPC API");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): lib/api
rust first-partyexpand_more 1 low-confidence finding(s)
let build_out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (rust): lib/collection
rust first-partyexpand_more 228 low-confidence finding(s)
let flamegraph_file = File::create(&flamegraph_path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(pprof_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!("Failed to join shard clean task: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Background task to clean shard {shard_id} failed: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Ok(Err(err)) => log::error!(
"Failed to recreate optimizers for collection {collection_id} in background: {err}",
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Err(err) => log::error!(
"Optimizer recreation task for collection {collection_id} failed: {err}",
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Collection {}: {}", self.name(), warning.message);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Migrating collection {stored_version} -> {app_version}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Cannot upgrade version {stored_version} to {app_version}.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Changing shard {}:{shard_id} replica state from {:?} to {new_state:?}",
self.id,
replica_set.peer_state(peer_id),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to abort resharding {} while removing peer {peer_id}: {err}",
state.key(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Transfer {:?} does not exist, but not reported as cancelled. Reporting now.",
transfer.key(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Transfer {:?} is finished successfully, but not reported. Reporting now.",
transfer.key(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Transfer {:?} is failed, but not reported as failed. Reporting now.",
transfer.key(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Recovering shard {}:{shard_id} on peer {this_peer_id} by requesting it from {replica_id}",
self.name(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Received update operation forwarded from another peer with {ordering:?} \
with non-`None` clock tag {clock_tag:?} (operation: {:#?})",
operation.operation,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Undersampling detected. Collection: {}, Best last shard score: {}, Worst merged score: {}",
self.id,
best_last_result.score,
worst_merged_point.score
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to update and save collection config during resharding: {err}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("commit_read_hashring: no resharding in progress, skipping");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"commit_read_hashring: already at stage {:?}, skipping",
state.stage,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("commit_write_hashring: no resharding in progress, skipping");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"commit_write_hashring: already at stage {:?}, skipping",
state.stage,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to update and save collection config during resharding: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Invalidating local cleanup tasks and aborting resharding {resharding_key} (force: {force})"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Force-aborting resharding {resharding_key}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
&& let Ok(secs) = std::env::var("QDRANT_STAGING_RESHARDING_ABORT_DELAY_SEC")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!(
"Failed to update and save collection config during resharding: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Using snapshot transfer method because prevent_unoptimized is enabled");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"No shard transfer method selected, defaulting to {default_method:?} \
(cluster contains peers older than 1.18.0)",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Transfer result: {transfer_result:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't finish resharding shard transfer correctly, \
because resharding is not in progress anymore!",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Transfer finish registered: {is_finish_registered}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Aborting shard transfer {transfer:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Aborting shard transfer {transfer_key:?}, but shard {shard_id} does not exist"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Unwrapping proxy shard {shard_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Initiating transfer to dummy shard {}. Initializing empty local shard first",
replica_set.shard_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Removed shard initializing flag {shard_flag:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"failed to abort resharding {} while deleting shard key {shard_key}: {err}",
state.key(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to invalidate local shard cleaning task, ignoring: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Creating collection snapshot {snapshot_name} into {snapshot_path:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let tar = BuilderExt::new_seekable_owned(File::create(snapshot_temp_arc_file.path())?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("Aborting shard transfer: {transfer:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Aborting shard transfer: {transfer:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"WAL config of collection {} updated when applying Raft snapshot, \
but updated WAL config will only be applied on Qdrant restart",
self.id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Update operation failed: {collection_error}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Update operation declined: {collection_error}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("suggested_to_optimize = {suggested_to_optimize:#?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"numer_of_optimizations = {numer_of_optimizations}, number_of_segments = {number_of_segments}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Search to re-run without sampling on segment_id: {segment_id} segment_lowest_score: {segment_lowest_score}, lowest_batch_score: {lowest_batch_score}, retrieved_points: {retrieved_points}, required_limit: {required_limit}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"adaptive search pool: switching mode {} -> {} (cpu ratio {:.2})",
current.as_str(),
next.as_str(),
ratio,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to remove file {}: {err}", path.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Computing checksum for file: {file_path:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let input_file = File::open(file_path).await?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Failed to delete checksum file for snapshot, ignoring: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Stoppable task handle error for unknown reason: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let mut file = File::open(config_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("GroupBy timeout reached: {timeout:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{context}, but expected state of hashrings is reversed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{context}, but {shard} is not a target shard");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("{context}, but shard {shard} does not exist in the hashring");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("{context}, because the rerouting for resharding is done");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("{context}, but rerouting for resharding is not done yet");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = File::open(source_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!(
"Object storage snapshot download completed: path={}, size={:.2} MB, duration={:.2}s, speed={:.2} MB/s",
target_path.display(),
total_size_mb,
download_duration.as_secs_f64(),
download_speed_mbps
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
.inspect_err(|e| log::info!("Failed to parse retry-after header: {e}"))
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Failed to parse retry-after value in gRPC metadata (value: {v}): {e}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("{description} has validation errors:");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
.for_each(|(key, msg)| log::warn!("- {key}: {msg}"));
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Removing temp_segments directory: {temp_segments_path:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to remove temp_segments directory: {temp_segments_path:?}, error: {err:?}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("SlowRequestsListener is not initialized");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("RequestsCollector is not initialized");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to send message: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Not all peers at version:{version} because there are peers without metadata:{peers_without_metadata:?}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Not all peers at version:{version} peers:{id_to_metadata:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"ForwardProxyShard initialized with resharding hashring, \
but wrapped shard id and remote shard id are the same",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed to get free space for path: {} due to: {}",
self.disk_path.as_path().display(),
err
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Local shard {} is not explicitly stopped before drop. Attempting to stop background workers.",
self.shard_path().display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to background ask workers to stop: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to get vector size from segment: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Moving local shard from {} to {}",
from.display(),
to.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Segments path entry prefixed with a period, ignoring: {}",
entry.path().display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Segments path entry is not a directory, skipping: {}",
entry.path().display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Deduplicated {res} points for {collection_id}/{shard_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Shard has no appendable segments, this should never happen. Creating new appendable segment now",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Recovering shard {} starting reading WAL from {} up to {} (last_applied_seq:{:?})",
self.path.display(),
from,
to,
self.applied_seq_handler.op_num(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Recovering shard {}: 0/{} (0%)",
self.path.display(),
wal_entries_to_replay,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't apply WAL operation: {error}, \
collection: {collection_id}, \
shard: {path}, \
op_num: {op_num}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Backtrace: {backtrace}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Err(err @ CollectionError::NotFound { .. }) => log::warn!("{err}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Err(err) => log::error!("{err}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Slow WAL operation during recovery: {op_name} took {op_elapsed:.2?}, \
collection: {collection_id}, \
op_num: {op_num}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"{progress}/{} ({}%)",
wal_entries_to_replay,
(progress as f32 / wal_entries_to_replay as f32 * 100.0) as usize,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Recovered collection {collection_id}: {wal_entries_to_replay}/{wal_entries_to_replay} (100%)"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Loading remaining {} WAL entries from:{to} into update queue",
last_wal_index - to
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Checking data consistency for shard {:?}", self.path);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Segment {:?} is inconsistent: {}",
segment_guard.segment_path,
err
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to get deferred point counts: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Err(err) => log::error!("Failed to get local_shard_status: {err}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to get local shard info: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Read rate limit error on {context} with {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Query scroll timeout reached: {timeout:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Search timeout reached: {timeout:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Shard stopped with {pending_count} pending update operations in channel"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Update workers failed with: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Restoring shard snapshot {}", snapshot_path.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::env::var("QDRANT__STAGING__SNAPSHOT_SHARD_CLOCKS_DELAY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("Staging: Delaying snapshotting WAL for {delay_secs}s");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Staging: Delay complete, snapshotting WAL");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let tar = tar_ext::BuilderExt::new_seekable_owned(File::create(snapshot_file.path()).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut tar = tar::Archive::new(File::open(snapshot_file.path()).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Shard path already exists, removing and creating again: {shard_path:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("All peers failed to synchronize consensus, waiting until timeout: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"All peers failed to synchronize consensus, continuing after timeout: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Timeout {attempt_timeout:?} while waiting for the wrapped shard to finish the update queue, retrying",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to transfer batch of updates to peer {}, retrying: {err}",
self.remote_shard.peer_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Non-transient error transferring batch of updates to peer {}, \
retrying operations individually: {err}",
remote_shard.peer_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Skipping operation permanently rejected by peer {} during shard \
transfer (non-transient): {err}",
remote_shard.peer_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"StagingOperation::Delay: skipping remote shard {} (duration: {delay:?})",
self.id
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Read operation failed: {error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Shard {collection_id}:{shard_id} is not fully initialized - loading as dummy shard"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to load local shard {shard_path:?}, \
initializing \"dummy\" shard instead: \
{err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Changing local shard {}:{} state from {:?} to {state:?}",
self.collection_id,
self.shard_id,
self.replica_state.read().get_peer_state(peer_id),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Cannot locally disable last active peer {peer_id} for replica");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Resolving consensus/local state inconsistency");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Notify peer failure: {peer_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Abort {}:{} / {} -> {} shard transfer",
self.collection_id,
transfer.shard_id,
transfer.from,
transfer.to,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Dropped {} WAL records from shard {}:{}",
removed_records_count,
self.collection_id,
self.shard_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to proxify shard, reverting to local shard: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to queue proxify shard, reverting to local shard: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Directly unproxifying queue proxy shard, this should not happen normally"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to un-proxify local shard because transferring remaining queue \
items to remote failed: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Forgetting queue proxy updates and reverting to local shard");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to transform queue proxy shard into forward proxy, reverting to local shard: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Deleting file {}", path.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Deleting directory {}", path.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Moving file from {} to {}", from.display(), to.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Replacing directory {} with {}",
to.display(),
from.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Merging directory from {} to {}",
from.display(),
to.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to cleanup shard {} directory ({}) after restore failed: \
{cleanup_err}",
self.shard_id,
self.shard_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Operation affecting point IDs {ids:?} rejected on this peer, force flag required in recovery state",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Operation {operation:?} rejected on this peer, force flag required in recovery state",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Operation affecting point IDs {ids:?} was rejected by some node(s), retrying... \
(attempt {attempt}/{UPDATE_MAX_CLOCK_REJECTED_RETRIES})"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Operation {operation:?} was rejected by some node(s), retrying... \
(attempt {attempt}/{UPDATE_MAX_CLOCK_REJECTED_RETRIES})"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to update shard {}:{} on peer {peer_id}, error: {err}",
self.collection_id,
self.shard_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Err(err) => log::error!("Estimating cardinality: {err:?}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Deactivating peer {peer_id} because of failed update of shard {}:{}",
self.collection_id,
self.shard_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Resolved WAL delta from {version}, which counts {} records",
wal.wal.lock().await.last_index().saturating_sub(version),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Resolved WAL delta that is empty");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Detected missing shard config file in {shard_path:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to remove shard config file before removing the rest of the files: {err}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Local shard {collection_id}:{} stuck in Initializing state, changing to Active",
replica_set.shard_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let tar = BuilderExt::new_seekable_owned(File::create(temp_file.path())?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!(
"Failed to remove temporary directory {}: {err}",
snapshot_temp_dir_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to remove temporary directory {}: {err}",
snapshot_temp_dir_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to stream shard snapshot: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to extract payload index schema from payload index info: \
{err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Shard {shard_id} already exists during resharding start, \
treating as idempotent re-apply and reusing existing replica set",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"commit_read_hashring: no resharding in progress for {resharding_key}, treating as already committed",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"commit_read_hashring: read hashring already committed for {resharding_key}, skipping",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"commit_write_hashring: no resharding in progress for {resharding_key}, treating as already committed",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"commit_write_hashring: write hashring already committed for {resharding_key}, skipping",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"check_finish_resharding: no resharding in progress for {resharding_key}, treating as already finished",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"check_abort_resharding: resharding {resharding_key} not found, current resharding has key {}, treating as already aborted",
state.key(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Aborting resharding {resharding_key} (force: {force})");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("reverting resharding hashring for shard {shard_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"aborting resharding {resharding_key}, \
but {shard_key:?} hashring does not exist"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"removing peer {peer_id} with state {replica_state:?} from replica set {shard_id}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("removing replica set {shard_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"aborting resharding {resharding_key}, \
but shard holder does not contain {shard_id} replica set",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to do shard diff transfer, falling back to default method {fallback_shard_transfer_method:?}: {err}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed shard transfer fallback, because it would use the same transfer method: {fallback_method:?}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Retrying shard transfer {collection_id}:{} -> {} (retry {attempt})",
transfer.shard_id,
transfer.to,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to transfer shard {collection_id}:{} -> {}: {err}",
transfer.shard_id,
transfer.to,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to propose recovered operation to consensus: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to confirm recovered operation on consensus: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to propose state switch operation to consensus: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to confirm state switch operation on consensus: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to confirm start shard transfer operation on consensus: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to confirm restart shard transfer operation on consensus: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to confirm abort shard transfer operation on consensus: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to confirm commit read hashring operation on consensus: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to confirm commit write hashring operation on consensus: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("There are no other peers, skipped synchronizing consensus");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Starting shard {shard_id} transfer to peer {remote_peer_id} by reshard streaming records"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Ending shard {shard_id} transfer to peer {remote_peer_id} by reshard streaming records"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Starting shard {shard_id} transfer to peer {remote_peer_id} using snapshot transfer"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to delete shard transfer snapshot after recovery, \
snapshot file may be left behind: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Ending shard {shard_id} transfer to peer {remote_peer_id} using snapshot transfer"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let staging_delay = std::env::var("QDRANT_STAGING_SHARD_TRANSFER_DELAY_SEC")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("Starting shard {shard_id} transfer to peer {remote_peer_id} by streaming records");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Ending shard {shard_id} transfer to peer {remote_peer_id} by streaming records");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Transfer of shard {}:{} -> {} finished",
self.collection_id,
transfer_key.shard_id,
transfer_key.to,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Transfer of shard {}:{} -> {} stopped",
self.collection_id,
transfer_key.shard_id,
transfer_key.to,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Transfer task for shard {}:{} -> {} failed: {err}",
self.collection_id,
transfer_key.shard_id,
transfer_key.to,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Starting shard {shard_id} transfer to peer {remote_peer_id} using diff transfer");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Ending shard {shard_id} transfer to peer {remote_peer_id} using diff transfer");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to stop flush worker as it is already stopped.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to store clock maps to disk: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Error while loading existing applied_seq at {path:?} {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Could not delete malformed applied_seq file {path:?} {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Error while creating new applied_seq at {path:?} {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to flush: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to store clock maps to disk: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to acknowledge WAL version: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Flush worker failed: {error}",);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Cleaned an optimization handle after timeout, explicitly triggering optimizers",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to ensure there are appendable segments with capacity: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Skipping further optimizations due to previous failure");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Optimizer '{}' running on segments: {uuids}",
optimizer.name(),
uuids = segment_infos.iter().map(|s| s.uuid.to_string()).join(", "),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Optimization cancelled - {description}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Optimization error: {error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Optimization task panicked, collection may be in unstable state\
{separator}{message}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Creating new appendable segment, all existing segments are over capacity");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Can't notify optimizers, assume process is dead. Restart is required")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Can't report operation {op_num} result. Assume already not required");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't read operation {op_num} from WAL - {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't read operation {op_num} from WAL - {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't update last applied_seq {err}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to await for deferred points: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Can't notify optimizers, assume process is dead. Restart is required"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Can't notify sender, assume nobody is waiting anymore");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
.unwrap_or_else(|_| log::debug!("Optimizer already stopped"));
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("waiting for optimization to allow updates");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): lib/common/common
rust first-partyexpand_more 44 low-confidence finding(s)
if std::env::var_os(LIMIT_MEMORY_ENV).is_some() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let low_mem = std::env::var_os(LIMIT_MEMORY_ENV_INTERNAL).is_some();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if std::env::var_os(LIMIT_MEMORY_ENV_INTERNAL).is_none() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if std::env::var_os(LIMIT_MEMORY_ENV).is_some() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if std::env::var_os(LIMIT_MEMORY_ENV_INTERNAL).is_none() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let low_mem = std::env::var_os(LIMIT_MEMORY_ENV_INTERNAL).is_some();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match std::env::var("QDRANT_NUM_CPUS") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!(
target: LOAD_TIMING_LOG_TARGET,
"{} - {component} loaded in {:.2}s",
path.display(),
elapsed.as_secs_f64(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Feature flags already initialized!");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Feature flags not initialized!");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("File size is not equal to MAGIC_FILE_SIZE: {file_size} != {MAGIC_FILE_SIZE}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
match File::open(file_path.to_path_buf()) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(path.as_ref().to_path_buf())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(source_dir.join("source_file.txt"), "source content").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(dest_dir.join("existing_file.txt"), "existing content").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(segment.join("file"), b"test")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match nix::unistd::syncfs(File::open(dir)?) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Err(e) => log::warn!("syncfs failed for {}: {e}", dir.display()),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
File::open(entry.path())?.sync_all()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(dir)?.sync_all()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Low memory mode already initialized!");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Madvice {advice:?} is ignored on non-unix platforms");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Err(err) => log::warn!(
"Failed to populate with MADV_POPULATE_READ: {err}. \
Falling back to naive approach."
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to call madvise(MADV_PAGEOUT): {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
std::sync::LazyLock::new(|| get_page_size().inspect_err(|err| log::warn!("{err}")).ok());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Mmap length {} is not equal to size of type {}",
mmap.len(),
size_t,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Mmap length {} is not equal to size of type {}",
mmap.len(),
size_t,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Not using multi-mmap due to limited support, you may see reduced performance",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"MULTI_MMAP_SUPPORT_CHECK_RESULT should be initialized before accessing MULTI_MMAP_IS_SUPPORTED"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if supported && std::env::var_os("QDRANT_NO_MULTI_MMAP").is_some_and(|val| !val.is_empty()) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"Not using multi-mmap because QDRANT_NO_MULTI_MMAP is set, you may see reduced performance"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Error reading key for entry {i}: {error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Error reading entry for key {i}: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Failed to read process CPU time from procfs: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = BufReader::new(File::open(&path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = match File::open(&version_file) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"Disk cache: waiting for a free block for over 10s ({} blocks in pool)",
pool.len(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
fs::write(path, bytes).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Err(err) => log::debug!("{err}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
fs::write(&input, b"").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(&outside, b"").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(&remote_path, &data).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (rust): lib/common/dataset
rust first-partyexpand_more 2 low-confidence finding(s)
&mut File::create(&tmp_fname)?,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let result = Command::new(var_os("CARGO").context("$CARGO not set")?)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (rust): lib/edge
rust first-partyexpand_more 2 low-confidence finding(s)
log::warn!(
"Skipping non-directory segment entry {}",
segment_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Skipping hidden segment directory {}",
segment_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): lib/gpu
rust first-partyexpand_more 13 low-confidence finding(s)
log::error!("Failed to wait for GPU context to finish");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Error while clear GPU context: {e:?}"));
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("{message_type_str} {message:?}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("{message_type_str} {message:?}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("{message_type_str} {message:?}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("{message_type_str} {message:?}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
_ => log::info!("{message_type_str} {message:?}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Half precision is not supported, falling back to full precision floats");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Create GPU device {}", vk_physical_device.name);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("GPU subgroup size: {subgroup_size}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to free GPU memory: {e:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("GPU allocator is not available");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Found GPU device: {device_name}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): lib/gridstore
rust first-partyexpand_more 14 low-confidence finding(s)
let csv_file = BufReader::new(File::open(csv_path).expect("file should open"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("op:{i} CLEAR");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("op:{i} ITER limit:{limit}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("op:{i} PUT offset:{point_offset}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("op:{i} DELETE offset:{point_offset}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("op:{i} GET offset:{point_offset}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("op:{i} Skip flushing because a Flusher has already been created");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("op:{i} Scheduling flush in {delay:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("op:{i} STARTING FLUSH after waiting {delay:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Ok(_) => log::debug!("op:{i} FLUSH DONE"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Err(err) => log::error!("op:{i} FLUSH failed {err:?}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("All operations successfully applied - now checking consistency...");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let csv_file = BufReader::new(File::open(csv_path).expect("file should open"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let csv_file = BufReader::new(File::open(csv_path).expect("file should open"));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (rust): lib/quantization
rust first-partyexpand_more 7 low-confidence finding(s)
let target_arch = env::var("CARGO_CFG_TARGET_ARCH")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_feature = env::var("CARGO_CFG_TARGET_FEATURE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let contents = fs::read_to_string(meta_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let contents = fs::read_to_string(meta_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let contents = fs::read_to_string(meta_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let contents = fs::read_to_string(meta_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (rust): lib/segment
rust first-partyexpand_more 111 low-confidence finding(s)
log::info!("args={args:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let dataset_file = File::open(dataset_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::info!(
"Dataset length: {dataset_len}, the dataset will be traversed {:.2} times",
(max_points as f64) / ((dataset_len - args.init_vectors) as f64)
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Loading cached HNSW index from {path:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Exact search time = {:?}", start.elapsed());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let flamegraph_file = File::create(&flamegraph_path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(pprof_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_arch = env::var("CARGO_CFG_TARGET_ARCH")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_feature = env::var("CARGO_CFG_TARGET_FEATURE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!("Error reading bit at index {index}: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to clear bitslice cache: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to clear bitslice cache: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Both shard_number and shard_number_per_node are set. Using shard_number: {shard_number}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("dropped mapping for point {external_id} without version");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let reader = BufReader::new(File::open(mappings_path(segment_path))?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::create(mappings_path(path))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"Mutable ID tracker mappings file ends with incomplete entry, removing last {} bytes and assuming automatic recovery by WAL",
file_len - read_to,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"removing duplicated external id {external_id} in internal id {replaced_external_id}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Missing mappings file for ID tracker while versions file exists, storage may be corrupted!",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Missing versions file for ID tracker, assuming automatic point mappings and version recovery by WAL",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Mutable ID tracker mappings and versions count mismatch, could have been partially flushed, assuming automatic recovery by WAL ({} mappings, {} versions)",
mappings.total_point_count(),
internal_to_version.len(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Resizing versions is initializing larger range {} -> {}",
self.internal_to_version.len(),
internal_id + 1,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to truncate mutable ID tracker mappings file after failed flush, ignoring: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
fs::write(
&mappings_path,
b"\x01\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00",
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(
&mappings_path,
b"\x01\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01",
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(
&mappings_path,
b"\x01\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x02\x00",
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(
&mappings_path,
b"\x01\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00",
).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(&path, &data).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(&path, &data).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(versions_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"Mutable ID tracker versions file has partial trailing entry, ignoring last {} bytes (will be cleaned up on next flush)",
file_len % VERSION_ELEMENT_SIZE,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Mutable ID tracker versions file has partial trailing entry ({} extra bytes), truncating",
file_len - valid_len,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to clear mmap cache of ram mmap full text index: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to clear mmap cache of ram mmap geo index: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Geo index error: no points for hash {removed_geo_hash} were found");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Inconsistent payload schema: Int index configured but schema.range is false"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Inconsistent payload schema: IntMap index configured but schema.lookup is false",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to clear mmap cache of ram mmap map index: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Error while getting count for value {value:?}: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Error while getting iterator for value {value:?}: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to decode timestamp {timestamp}, fallback to UNIX_EPOCH");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to clear mmap cache of ram mmap numeric index: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Initialized GPU device: {:?}", &physical_device.name);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to create GPU device: {:?}, error: {:?}",
&physical_device.name,
err
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Gpu graph patches time: {:?}, count {:?}, avg {:?}",
&self.patches_timer,
self.patches_count,
self.patches_timer
.checked_div(self.patches_count as u32)
.unwrap_or_default(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Gpu graph update entries time: {:?}, count {:?}, avg {:?}",
&self.updates_timer,
self.updates_count,
self.updates_timer
.checked_div(self.updates_count as u32)
.unwrap_or_default(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Incorrect links on level {} were found. Amount of incorrect links: {}, zeroes: {}",
level,
bad_links.len(),
bad_links.iter().filter(|&&point_id| point_id == 0).count()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Testing SQ distance {distance:?}, element type {storage_type:?}, dim {dim} with precision {precision}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Testing BQ distance {distance:?}, element type {storage_type:?}, dim {dim} with precision {precision}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Testing PQ distance {distance:?}, element type {storage_type:?}, dim {dim} with precision {precision}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Testing distance {distance:?}, element type {storage_type:?}, dim {dim} with precision {precision}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Testing distance {distance:?}, element type {storage_type:?}, dim {dim} with precision {precision}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Testing distance {distance:?}, element type {storage_type:?}, dim {dim} with precision {precision}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Wrong links point_id={point_id} at level {level}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Shader compilation took: {:?}", timer.elapsed());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Compressed HNSW graph links in {:.1?}: {:.1}MB -> {:.1}MB ({:.1}%)",
start.elapsed(),
original_size as f64 / 1024.0 / 1024.0,
new_size as f64 / 1024.0 / 1024.0,
new_size as f64 / original_size as f64 * 100.0,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"HNSW index already exists at {:?}, skipping building",
open_args.path
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed to set low thread priority for HNSW building, ignoring: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to build HNSW on GPU: {gpu_error}. Falling back to CPU.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to create GPU vectors, use CPU instead. Error: {err}.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Reusing {} points from the old index, healing {} points",
self.valid_points,
self.missing_points,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to load {path:?}, rebuilding: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Sparse vector with id {id} is not found, external_id: {point_id:?}, version: {point_version:?}",
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Rebuilding payload index for field `{field}`...");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Segment flush cancelled: {description}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to clear cache of payload_storage: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to clear cache of payload_index: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to clear cache of vector index {name}: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to clear cache of vector storage {name}: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to clear cache of quantized vectors {name}: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Segment {:?} operation error: {error}",
self.segment_path.as_path(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Recovered from error: {}", error.error);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Segment {:?} operation error: {error}",
self.segment_path.as_path(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Cleaning up {} points with version but no mapping in segment {:?}",
ids_to_clean.len(),
self.data_path()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Some(existing_schema) => log::warn!(
"Segment has incorrect payload index for {key}, recreating it now (current: {:?}, configured: {:?})",
existing_schema.name(),
schema.name(),
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
None => log::warn!(
"Segment is missing a {} payload index for {key}, creating it now",
schema.name(),
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to create payload index for {key} in segment");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Internal id {internal_id} without external id");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("External id {external_id} without internal id");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Internal id {internal_id} without version");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Vector storage '{vector_name}' is missing point {point_id:?} point_offset: {internal_id} version: {point_version:?}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Extracting segment {} from {:?} snapshot",
segment_id,
SnapshotFormat::Streamable
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Extracting segment {} from {:?} snapshot",
segment_id,
SnapshotFormat::Regular
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Extracting segment {} from {:?} snapshot",
segment_id,
SnapshotFormat::Ancient
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"RocksDB is no longer supported, and {DEPRECATED_ROCKSDB_BACKUP_PATH} will be ignored"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"RocksDB is no longer supported, and {DEPRECATED_PAYLOAD_ROCKSDB_BACKUP_PATH} will be ignored"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Taking snapshot of segment {segment_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"failed to remove temporary directory {}: {err}",
temp_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to remove vector storage at {}: {e}",
storage_path.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to remove vector index at {}: {e}",
index_path.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Segment is missing vector '{name}', creating it now");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Mismatch of point and vector counts ({point_count} != {vector_count}, storage: {}), pre-filling deleted entries",
vector_storage_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Mismatch of point and vector counts ({point_count} != {vector_count}, storage: {}), pre-filling deleted entries",
vector_storage_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
&& std::env::var("QDRANT_APPEND_ONLY_MUTATIONS").ok() == Some("1".to_string()),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Deleting leftover segment: {}", path.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Deleting segment without version file: {}", path.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Segment name is not a valid UUID: {}. Renaming to {segment_uuid}",
path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let mut file = File::open(&path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(&path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!(
"Failed to query current process info \
while initializing CgroupsMem: {err}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let bytes = fs::read(status_file)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::error!("Failed to deserialize config file {:?}: {e}", &config_file);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("failed to open io_uring based vector storage: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("failed to open io_uring based vector storage: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("failed to open io_uring based vector storage: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to advise MADV_WILLNEED for deleted flags: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to populate vector storage: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let mut file = File::create(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut buffer = BufWriter::new(File::create(&self.path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Failed to populate quantized storage: {err}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to clear quantized storage RAM cache: {err}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): lib/shard
rust first-partyexpand_more 30 low-confidence finding(s)
log::warn!("TestDelay: negative duration {duration_secs}s, skipping");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("TestDelay: sleeping for {delay:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("TestDelay: finished sleeping");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Attempt to unwrap raw segment! Should not happen.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to remove cancelled optimized segment at {}: {err}",
orphan_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Reading raw segment, while proxy expected");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Reading raw segment, while proxy expected");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Reading raw segment, while proxy expected");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Could not estimate size of segment `{}`: {}",
locked_segment.data_path().display(),
err
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Could not estimate available storage space in `{}`: {}",
temp_path.display(),
err
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Available space: {}, needed for optimization: {}",
bytes_to_human(space_available as usize),
bytes_to_human(space_needed as usize),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Could not estimate available storage space in `{optimizer_name}`; will try optimizing anyway",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Segment has deferred points, but doesn't exceed indexing threshold. It will be optimized with HNSW index and quantization."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Collection config for vector {vector_name} has on_disk={config_on_disk:?} configured, but storage type for segment doesn't match it"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Double proxy segment creation");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Taking a snapshot of a proxy segment");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let tar = tar_ext::BuilderExt::new_seekable_owned(File::create(snapshot_file.path()).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut tar = tar::Archive::new(File::open(snapshot_file.path()).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut tar = tar::Archive::new(File::open(snapshot_file.path()).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"circular dependencies detected in flush topology for segments: {remaining:?}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to flush segments holder during drop: {flushing_err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to get segment size, ignoring: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Trying to read-lock a segment is taking a long time. This could be a deadlock and may block new updates.",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to replicate proxy segment field indexes, ignoring: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Unproxying segment {segment_id} that is not proxified, that is unexpected, skipping",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Propagating proxy segment {segment_id} changes to wrapped segment failed, ignoring: {err}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Propagating proxy segment {proxy_id} changes to wrapped segment failed, ignoring: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"segment path {} in extracted snapshot {} is not a directory",
segment_path.display(),
snapshot_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let manifest = File::open(&manifest_path).map_err(|err| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!(
"Ignoring hidden segment in local shard during snapshot recovery: {}",
entry.path().display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): lib/sparse
rust first-partyexpand_more 5 low-confidence finding(s)
let flamegraph_file = File::create(&flamegraph_path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(pprof_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("Posting list for dimension {dim_id} not found");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Posting list for dimension {dim_id} not found");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Ok(JsonReader(BufReader::new(File::open(path)?).lines()))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (rust): lib/storage
rust first-partyexpand_more 109 low-confidence finding(s)
log::error!("Failed to serialize audit log entry: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to write audit log entry: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Audit logging enabled, writing to {}", dir.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Clearing consensus WAL");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Truncating conflicting WAL entries from Raft index {} \
(WAL index {new_entry_wal_index})",
new_entry.index,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Appending operation, term: {}, index: {}, entry: {op:?}",
new_entry.term,
new_entry.index,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Appending entry: {new_entry:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Compacting WAL until Raft index {until_raft_index}/WAL index {compact_until_wal_index} \
(first WAL index {}, WAL size {})",
offset.wal_index,
self.wal.num_entries(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Loading raft state from {}", path_json.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Loading raft state from {}", path_legacy.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Initializing new raft state at {}", path_json.display());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Using peer ID: {peer_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("State: {state:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Some(prev_address) if prev_address != address => log::warn!(
"Replaced address of peer {peer_id} from {prev_address} to {address_display}"
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Some(_) => log::debug!(
"Re-added peer with id {peer_id} with the same address {address_display}"
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
None => log::debug!("Added peer with id {peer_id} and address {address_display}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"Replaced metadata of peer {peer_id} from {prev_metadata:?} to {metadata:?}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Added metadata for peer with id {peer_id}: {metadata:?}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let reader = BufReader::new(File::open(&path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let reader = BufReader::new(File::open(&path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"Consensus WAL was not cleared after applying consensus snapshot, clearing it now"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to send message to {peer_address} with error: {error}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Recovering first voter peer...");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Recovered first voter peer {peer_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to notify on consensus operation completion: channel receiver is dropped",
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Applying committed entry with index {entry_index}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Successfully applied consensus operation entry. Index: {}. Result: {result}",
entry.index,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to apply collection meta operation entry with user error: {err}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Successfully applied configuration change entry. Index: {}. Stop consensus: {}",
entry.index,
stop_consensus
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Applied conf state {conf_state:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Removing node {}", single_change.node_id);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Adding learner node {}", single_change.node_id);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to notify on consensus operation completion: channel receiver is dropped",
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Outdated peer addition entry found with index: {}",
entry.get_index()
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to notify on consensus operation completion: channel receiver is dropped",
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Proposing consensus peer metadata update for this peer");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Failed to propose consensus peer metadata update for this peer: {err}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Failed to recover first voter peer: WAL is truncated");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Encountered deprecated ConfChange message while recovering first voter peer"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to recover first voter peer: \
found multiple peers without ConfChange entry in WAL: \
{peers:?}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Requested entries from {low} to {high} are already compacted (first index: {first_index})"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Requesting entries from {low} to {high}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Failed to parse metadata header value: {header_value}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Snapshot download completed: path={tempdir:?}, duration={:.2}s",
download_duration.as_secs_f64(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Streaming tar download from {url} to {}",
target_dir.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Successfully unpacked tar from {url} to {}",
target_dir_for_log.display()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Deleting full storage snapshot {snapshot_dir:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Deleting collection snapshot {file_name:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Activating shard {} of collection {} with consensus",
shard_id,
&collection.name()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Activating shard {} of collection {} locally",
shard_id,
&collection.name()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Collection {collection_pass} does not exist, creating it");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Recovering shard {} from {}",
shard_id,
snapshot_shard_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Shard {shard_id} is not in snapshot");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let delay_secs: f64 = std::env::var("QDRANT__STAGING__SNAPSHOT_RECOVERY_DELAY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!(
"Staging: Delaying shard {shard_id} activation for {delay_secs}s (shard is in Partial state)"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Staging: Delay complete, proceeding with activation");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Running synchronization for shard {shard_id} of collection {collection_pass} from {replica_peer_id}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("TestSlowDown: sleeping for {duration_ms}ms on peer {this_peer_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("TestSlowDown: finished sleeping on peer {this_peer_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Recreating collection {id}, because collection UUID is different: \
existing collection UUID: {collection_uuid:?}, \
Raft snapshot collection UUID: {:?}",
state.config.uuid,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Recreating collection {id}, because collection config is incompatible: \
{err}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't report transfer progress to consensus: {error}"
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't apply state: single node mode");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Deleting collection {collection_name} \
because it is not part of the consensus snapshot",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to abort transfer of shard {} of collection {collection_name}. Error: {send_error}",
transfer.shard_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to complete transfer of shard {} of collection {collection_name}. Error: {send_error}",
transfer.shard_id,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Creating collection {}", operation.collection_name);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Updating collection {}", operation.collection_name);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Deleting collection {}", operation.0);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Changing aliases");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Resharding {operation:?} of {collection}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Transfer shard {operation:?} of {collection}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Set shard replica state {operation:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Create shard key {create_shard_key:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Drop shard key {drop_shard_key:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Create payload index {create_payload_index:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Drop payload index {drop_payload_index:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Create named vector {create_named_vector:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Delete named vector {delete_named_vector:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Failed to abort resharding {} when deleting collection {collection_name}: \
{err}",
state.key(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Collection `{collection_name}` is busy and cannot be removed in time."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Collection {collection_name} is not loaded, but its directory still exists. Deleting it."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't delete collection from disk: {error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't report resharding progress to consensus: {error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't report resharding progress to consensus: {error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't report transfer progress to consensus: {error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can't report transfer progress to consensus: {error}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Set shard replica state from {current_state:?} to {:?}",
ReplicaState::Partial,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Aborting shard transfer: {reason}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Collection `{collection_name}` is busy and cannot be removed in time."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to deactivate replica on peer {peer_id} of shard {shard_id} of collection {collection_name}. Error: {send_error}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Collection config is not found in the collection directory: {}, skipping",
collection_path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Loading collection: {collection_name}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Auto adjusting update rate limit to {limit} parallel update requests"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Suggesting distribution for {} shards for collection '{}' among {} peers {:?}",
shard_number,
op.collection_name,
known_peers.len(),
shard_distribution.distribution
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("Initiating receiving shard {collection_name}:{shard_id}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't cancel transfers related to this node, this is a single node deployment"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to deactivate replica on peer {peer_id} of shard {shard_id} of collection {collection_name}. Error: {send_error}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to deactivate replica. Error: this is a single node deployment",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to request shard transfer to peer {to_peer} of collection {collection_name}. Error: {send_error}"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to request shard transfer. Error: this is a single node deployment",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to abort \
{collection_name}:{shard_id} / {from} -> {to} shard transfer: \
{send_error}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"Can't send proposal to abort shard transfer: \
this is a single node deployment",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Removing invalid collection path {path} from storage",
path = path.display(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Collection UUID {uuid} explicitly specified, \
when proposing create collection {} operation, \
new random UUID will be generated instead",
op.collection_name,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Not all expected operations were completed: {err}")
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Err(err) => log::warn!("Awaiting for expected operations timed out: {err}"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"Failed to synchronize all nodes after collection operation in time, some nodes may not be ready: {err}",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Consensus is synchronized with term: {term}, commit: {commit}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (rust): lib/wal
rust first-partyexpand_more 5 low-confidence finding(s)
let dir = File::open(&path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!("Error clearing closed wal segment: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("CRC mismatch at offset {offset}: {entry_crc} != {stored_crc}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let dir = File::open(&path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let seed: usize = env::var("WAL_TEST_SEED")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
</> Dependencies
actix-cors
rust dependencyexpand_more 1 low-confidence finding(s)
log::info!("starting HTTP server at http://localhost:8080");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
actix-files
rust dependencyexpand_more 17 low-confidence finding(s)
log::info!("starting HTTP server at http://localhost:8080");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Specified path is not a directory: {:?}", orig_dir);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let data = web::Bytes::from(fs::read("tests/test.binary").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = web::Bytes::from(fs::read("tests/test space.binary").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(&file_with_newlines, "Look at my newlines").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = web::Bytes::from(fs::read(file_with_newlines).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = Bytes::from(fs::read("Cargo.toml").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = Bytes::from(fs::read("Cargo.toml").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::File::create(temp_dir.path().join(filename)).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = Bytes::from(fs::read("Cargo.toml").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = Bytes::from(fs::read("Cargo.toml").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = Bytes::from(fs::read("Cargo.toml").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let data = Bytes::from(fs::read("Cargo.toml").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(&path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&path)?
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(&path).await?
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("error handling {}: {}", req.path(), err);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
actix-multipart
rust dependencyexpand_more 2 low-confidence finding(s)
log::warn!("multipart field did not read all the data or it is malformed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("NotReady: field is in flight");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
actix-web
rust dependencyexpand_more 22 low-confidence finding(s)
log::info!("starting HTTP server at http://localhost:8080");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("staring server at http://{}:{}", &bind.0, &bind.1);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("staring server at http://{}:{}", &bind.0, &bind.1);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(
"setting CPU affinity for worker {}: pinning to core {}",
thread::current().name().unwrap(),
pin,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can not construct data instance: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can not construct default service: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
.map_init_err(|err| log::error!("Can not construct default service: {:?}", err));
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed to extract `Data<{}>` for `{}` handler. For the Data extractor to work \
correctly, wrap the data with `Data::new()` and pass it to `App::app_data()`. \
Ensure that types align in both the set and retrieve calls.",
type_name::<T>(),
req.match_name().unwrap_or_else(|| req.path())
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("Error for Option<T> extractor: {}", err.into());
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Missing peer address.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"experimental-introspection is intended for local/non-production use; \
avoid exposing introspection endpoints in production"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if let Ok(val) = env::var(name) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::warn!(
"`NormalizePath::default()` is deprecated. The default trailing slash behavior changed \
in v4 from `Always` to `Trim`. Update your call to `NormalizePath::new(...)`."
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!(
"redirect target location can not be converted to header value: {:?}",
self.to,
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed to construct App-level ReqData extractor. \
Request path: {:?} (type: {})",
req.path(),
type_name::<T>(),
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can not construct default service: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::error!("Can not construct default service: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("Cloning an `HttpRequest` might cause panics.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed to extract `ThinData<{}>` for `{}` handler. For the ThinData extractor to work \
correctly, wrap the data with `ThinData()` and pass it to `App::app_data()`. \
Ensure that types align in both the set and retrieve calls.",
type_name::<T>(),
req.match_name().unwrap_or(req.path())
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed to deserialize Json from payload. \
Request path: {}",
req.path()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed during Path extractor deserialization. \
Request path: {:?}",
req.path()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed during Query extractor deserialization. \
Request path: {:?}",
req.path()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
actix-web-validator
rust dependencyexpand_more 4 low-confidence finding(s)
log::debug!(
"Failed to deserialize Json from payload. \
Request path: {}",
req2.path()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed during Path extractor deserialization. \
Request path: {:?}",
req.path()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed during Query extractor validation. \
Request path: {:?}",
req.path()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(
"Failed during Query extractor validation. \
Request path: {:?}",
req.path()
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
ahash
rust dependencyexpand_more 1 low-confidence finding(s)
let arch = env::var("CARGO_CFG_TARGET_ARCH").expect("CARGO_CFG_TARGET_ARCH was not set");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
anyhow
rust dependencyexpand_more 7 low-confidence finding(s)
} else if let Some(rustc_bootstrap) = env::var_os("RUSTC_BOOTSTRAP") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if env::var_os("RUSTC_STAGE").is_some() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc_wrapper = env::var_os("RUSTC_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os("RUSTC_WORKSPACE_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Some(target) = env::var_os("TARGET") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(rustflags) = env::var("CARGO_ENCODED_RUSTFLAGS") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os(key).unwrap_or_else(|| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
arrayvec
rust dependencyexpand_more 2 low-confidence finding(s)
let rustc = env::var_os("RUSTC").unwrap_or_else(|| "rustc".into());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let out_dir = env::var_os("OUT_DIR").expect("environment variable OUT_DIR");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
ash
rust dependencyexpand_more 3 low-confidence finding(s)
let target_family = env::var("CARGO_CFG_TARGET_FAMILY").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_pointer_width = env::var("CARGO_CFG_TARGET_POINTER_WIDTH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(var) = env::var("VULKAN_SDK") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
atomicwrites
rust dependencyexpand_more 4 low-confidence finding(s)
let src_parent = fs::File::open(src_parent_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
dst_parent = fs::File::open(dst_parent_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let src_parent = fs::File::open(src_parent_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
dst_parent = fs::File::open(dst_parent_path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
bm25
rust dependencyexpand_more 2 low-confidence finding(s)
let file = File::open(file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(file_path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
chrono
rust dependencyexpand_more 19 low-confidence finding(s)
let mut file = File::open("/system/etc/zoneinfo/tzdata")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(env_value) = std::env::var(env_var) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(file) = File::open(format!("{}{}/tzdata", env_value, path)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open("./tests/ohos/tzdata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open("./tests/ohos/tzdata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open("./tests/android/tzdata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open("./tests/android/tzdata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open("./tests/ohos/tzdata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open("./tests/ohos/tzdata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open("./tests/android/tzdata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open("./tests/android/tzdata").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return Self::from_tz_data(&fs::read("/etc/localtime")?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return Ok(File::open(path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return Ok(File::open(path)?);
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(file) = File::open(PathBuf::from(folder).join(path)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(tz) = std::env::var("TZ") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let bytes = fs::read(format!("{TZDB_LOCATION}/{tz_name}")).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let env_tz = env::var("TZ").ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let env_tz = env::var("TZ").ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
colored
rust dependencyexpand_more 4 low-confidence finding(s)
let truecolor = env::var("COLORTERM");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
clicolor: Self::normalize_env(env::var("CLICOLOR")).unwrap_or(true)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var("NO_COLOR"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var("CLICOLOR_FORCE"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
config
rust dependencyexpand_more 2 low-confidence finding(s)
let run_mode = env::var("RUN_MODE").unwrap_or_else(|_| "development".into());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let buf = fs::read(filename)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
console-subscriber
rust dependencyexpand_more 28 low-confidence finding(s)
tracing::debug!("waiting...");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("waiting...");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("event channel closed; terminating");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
async_resource_ops = counts.async_resource_op,
metadatas = counts.metadata,
poll_ops = counts.poll_op,
resources = counts.resource,
spawns = counts.spawn,
total = counts.total(),
"event channel drain loop",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("new instrument subscription");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
retention = ?self.retention,
message_size,
max_message_size = MAX_MESSAGE_SIZE,
"Message too big, reduced retention",
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
None => tracing::error!(
min_retention = ?self.publish_interval,
"Message too big. Start with smaller retention.",
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(id = ?id, "new task details subscription");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
len = self.len(),
dropped = len0.saturating_sub(self.len()),
data.key = %type_name::<K>(),
data.val = %type_name::<V>(),
"dropped unused entries"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
len = self.len(),
dropped = len0.saturating_sub(self.len()),
data = %type_name::<T>(),
"dropped unused data"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(
self.since_shrink,
self.shrink_every,
self.min_bytes,
freed_bytes = diff,
capacity_bytes,
used_bytes,
data = %type_name::<T>(),
"should_shrink: shrinking!"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(?update.field, "field missing name, skipping...");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
None => tracing::warn!(
"numeric attribute update {:?} needs to have an op field",
update_name
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
None => tracing::warn!(
"numeric attribute update {:?} needs to have an op field",
update_name
),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(
"attribute {:?} cannot be updated by update {:?}",
val,
update
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
if let Ok(bind) = std::env::var("TOKIO_CONSOLE_BIND") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(path) = std::env::var("TOKIO_CONSOLE_RECORD_PATH") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let fmt_filter = std::env::var(&self.filter_env_var)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let var = std::env::var(var_name).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let var = std::env::var(var_name).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::debug!(
config.event_buffer_capacity,
config.client_buffer_capacity,
?config.publish_interval,
?config.retention,
?config.server_addr,
?config.recording_path,
?config.filter_env_var,
?config.poll_duration_max,
?config.scheduled_duration_max,
?base_time,
"configured console subscriber"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
Some(addr) => tracing::debug!(client.addr = %addr, "starting a new watch"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
None => tracing::debug!(client.addr = %"<unknown>", "starting a new watch"),
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("watch started");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(id = ?task_id, "requested task not found");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(id = ?task_id, "task details watch started");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = std::fs::File::create(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::debug!("event stream ended; flushing file");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
crc32c
rust dependencyexpand_more 2 low-confidence finding(s)
let file = std::fs::File::create(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let out_dir = std::env::var("OUT_DIR").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env_logger
rust dependencyexpand_more 3 low-confidence finding(s)
log::info!("a log from `MyLogger`");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
match std::env::var("RUST_LOG_STYLE") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var(&*self.name)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
flate2
rust dependencyexpand_more 9 low-confidence finding(s)
let mut input = BufReader::new(File::open(args().nth(1).unwrap()).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let output = File::create(args().nth(2).unwrap()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let input = BufReader::new(File::open(args().nth(1).unwrap()).unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut output = File::create(args().nth(2).unwrap()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let f = File::open("examples/hello_world.txt")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let f = File::create("examples/hello_world.txt.gz")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let f = File::open("examples/hello_world.txt")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let f = File::open("examples/hello_world.txt")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let f = File::open("examples/hello_world.txt")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs-err
rust dependencyexpand_more 2 low-confidence finding(s)
fs::File::open(path).map_err(|err| |path| Error::build(err, ErrorKind::OpenFile, path))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::File::create(path).map_err(|err| |path| Error::build(err, ErrorKind::CreateFile, path))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs_extra
rust dependencyexpand_more 4 low-confidence finding(s)
let mut file_from = File::open(from)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file_to = File::create(to)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = File::create(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
geo
rust dependencyexpand_more 3 low-confidence finding(s)
let mut points_file = File::create("points.svg")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut concave_hull_file = File::create("concavehull.svg")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut convex_hull_file = File::create("convexhull.svg")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
gpu-allocator
rust dependencyexpand_more 7 low-confidence finding(s)
info!("Using D3D12 feature level: {feature_level_name}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
error!("ID3D12Device interface not supported");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
info!("D3D12 feature level {feature_level_name} not supported: {e}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
info!("Allocation and deallocation of GpuOnly memory was successful.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
info!("Allocation and deallocation of CpuToGpu memory was successful.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
info!("Allocation and deallocation of CpuToGpu memory was successful.");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(
"{kind} memory block size must be a multiple of 4MB, clamping to {}MB",
new_size / MB
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
indexmap
rust dependencyexpand_more 1 low-confidence finding(s)
match std::env::var_os("CARGO_FEATURE_STD") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
memmap2
rust dependencyexpand_more 4 low-confidence finding(s)
let file = File::open(path).expect("failed to open the file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::create(&path).unwrap().write_all(b"abc123").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.map_raw_read_only(&File::open(&path).unwrap())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let status = &std::fs::read_to_string("/proc/self/status")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
num_cpus
rust dependencyexpand_more 2 low-confidence finding(s)
::std::env::var(name).ok().map(|val| val.parse().unwrap())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = match File::open("/proc/cpuinfo") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
object_store
rust dependencyexpand_more 38 low-confidence finding(s)
let token = std::fs::read_to_string(token_path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.spawn_blocking(move || std::fs::read_to_string(&path))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Err(_) => std::fs::read_to_string(token_file),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if env::var("TEST_INTEGRATION").is_err() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let endpoint = env::var("EC2_METADATA_ENDPOINT").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = File::create(token_file.path()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if std::env::var("TEST_S3_SSEC_ENCRYPTION").is_err() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(text) = std::env::var(MSI_ENDPOINT_ENV_KEY) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let url = match std::env::var(env_name) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(val) = std::env::var(MSI_SECRET_ENV_KEY) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let token_str = std::fs::read_to_string(&self.federated_token_file)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(tokenfile.path(), "federated-token").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let account = std::env::var("AZURE_ACCOUNT_NAME").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let container = std::env::var("AZURE_CONTAINER_NAME").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let client_id = std::env::var("AZURE_CLIENT_ID").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let client_secret = std::env::var("AZURE_CLIENT_SECRET").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let tenant_id = std::env::var("AZURE_TENANT_ID").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(service_account_path) = std::env::var("SERVICE_ACCOUNT") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let file = File::open(&service_account_path).map_err(|source| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let metadata_host = if let Ok(host) = env::var("GCE_METADATA_HOST") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if let Ok(host) = env::var("GCE_METADATA_ROOT") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let metadata_ip = if let Ok(ip) = env::var("GCE_METADATA_IP") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let metadata_host = if let Ok(host) = env::var("GCE_METADATA_HOST") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
} else if let Ok(host) = env::var("GCE_METADATA_ROOT") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let metadata_ip = if let Ok(ip) = env::var("GCE_METADATA_IP") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Some(home) = env::var_os(home_var) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
client
.post(DEFAULT_TOKEN_GCP_URI)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let response = client
.get("https://oauth2.googleapis.com/tokeninfo")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
tracing::warn!(
"StorageClass attribute not supported on HTTP client as header key is unknown"
);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let url = std::env::var("HTTP_URL").expect("HTTP_URL must be set");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(&path).map_err(|e| map_open_error(e, &path))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
File::open(path).map_err(|e| map_open_error(e, path))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(file, "test").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(emoji, "foo").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(file, "test").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(temp_dir.path().join(filename), "foo").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(root.path().join("bar#123"), "test").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok((store, path)) = parse_url_opts(to_resolve, std::env::vars()) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
proc-macro2
rust dependencyexpand_more 8 low-confidence finding(s)
} else if let Some(rustc_bootstrap) = env::var_os("RUSTC_BOOTSTRAP") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os("RUSTC_STAGE").is_none() && do_compile_probe(feature, rustc_bootstrap)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os("RUSTC_STAGE").is_some() || do_compile_probe(feature, true)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc_wrapper = env::var_os("RUSTC_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os("RUSTC_WORKSPACE_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Some(target) = env::var_os("TARGET") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(rustflags) = env::var("CARGO_ENCODED_RUSTFLAGS") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os(key).unwrap_or_else(|| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
prost-wkt-types
rust dependencyexpand_more 3 low-confidence finding(s)
let dir = PathBuf::from(env::var("OUT_DIR").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(&descriptor_file, file_descriptors.encode_to_vec()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let descriptor_bytes = std::fs::read(descriptor_file).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
quick_cache
rust dependencyexpand_more 14 low-confidence finding(s)
let check_determinism = std::env::var("CHECK_DETERMINISM").is_ok_and(|s| !s.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(seed) = std::env::var("SEED") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let seed = std::fs::read_to_string(&seed).unwrap_or(seed.clone());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let max_iterations: usize = std::env::var("MAX_ITERATIONS")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(seed) = std::env::var("SEED") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let seed = std::fs::read_to_string(&seed).unwrap_or(seed.clone());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let max_iterations: usize = std::env::var("MAX_ITERATIONS")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let check_determinism = std::env::var("CHECK_DETERMINISM").is_ok_and(|s| !s.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(seed) = std::env::var("SEED") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let seed = std::fs::read_to_string(&seed).unwrap_or(seed.clone());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let max_iterations: usize = std::env::var("MAX_ITERATIONS")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(seed) = std::env::var("SEED") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let seed = std::fs::read_to_string(&seed).unwrap_or(seed.clone());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let max_iterations: usize = std::env::var("MAX_ITERATIONS")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
quote
rust dependencyexpand_more 1 low-confidence finding(s)
let rustc = env::var_os("RUSTC")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
raft-proto
rust dependencyexpand_more 1 low-confidence finding(s)
let base = std::env::var("CARGO_MANIFEST_DIR").unwrap_or_else(|_| ".".to_string());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
reqwest
rust dependencyexpand_more 42 low-confidence finding(s)
log::debug!("rustls failed to parse DER certificate: {err:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = File::open(path).await?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client
.get("https://hyper.rs")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client
.get(some_url)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let builder = client
.post("http://httpbin.org/post")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let builder = client.get("http://httpbin.org/get");
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let builder = client
.get("http://httpbin.org/get")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client.get(some_url).build().expect("request build");
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
client.get("http://example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let file = File::open(path)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let r = client.get(some_url).build().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url).build().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.put(some_url).build().unwrap();
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut r = client.get(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let r = client.post(some_url);
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client
.get("https://hyper.rs")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client
.get(some_url)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let req = client.get(some_url).build().expect("request build");
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
log::debug!("proxy({proxy:?}) intercepts '{dst:?}'");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("starting new connection: {dst:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let raw = std::env::var("NO_PROXY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|_| std::env::var("no_proxy"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log::debug!("retryable but could not withdraw from budget");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let pem_bundle = std::fs::read("tests/support/crl.pem").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut req = client
.get("https://www.example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut req = client
.get("https://www.example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut req2 = client
.get("https://www.example.com/x")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut req = client
.get("https://www.example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
let mut req2 = client
.get("https://www.example.com")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
rustix
rust dependencyexpand_more 18 low-confidence finding(s)
let arch = var("CARGO_CFG_TARGET_ARCH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let env = var("CARGO_CFG_TARGET_ENV").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let abi = var("CARGO_CFG_TARGET_ABI");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let os = var("CARGO_CFG_TARGET_OS").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let pointer_width = var("CARGO_CFG_TARGET_POINTER_WIDTH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let endian = var("CARGO_CFG_TARGET_ENDIAN").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let feature_use_libc = var("CARGO_FEATURE_USE_LIBC").is_ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let cfg_use_libc = var("CARGO_CFG_RUSTIX_USE_LIBC").is_ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc_dep_of_std = var("CARGO_FEATURE_RUSTC_DEP_OF_STD").is_ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
var("CARGO_CFG_RUSTIX_USE_EXPERIMENTAL_FEATURES").is_ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustix_use_experimental_asm = var("CARGO_CFG_RUSTIX_USE_EXPERIMENTAL_ASM").is_ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let miri = var("CARGO_CFG_MIRI").is_ok();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc = var("RUSTC").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target = var("TARGET").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let wrapper = var("RUSTC_WRAPPER")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(rustflags) = var("CARGO_ENCODED_RUSTFLAGS") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let loopback_index = std::fs::read_to_string("/sys/class/net/lo/ifindex")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let loopback_index = std::fs::read_to_string("/sys/class/net/lo/ifindex")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
rustls
rust dependencyexpand_more 11 low-confidence finding(s)
let mut key_pair_file = File::create(role.key_file_path(alg))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut cert_file = File::create(role.cert_pem_file_path(alg))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut cert_file = File::create(role.cert_der_file_path(alg))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut revoked_crl_file = File::create(
alg.output_directory()
.join(format!("{}.revoked.crl.pem", role.label())),
)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut expired_crl_file = File::create(
alg.output_directory()
.join(format!("{}.expired.crl.pem", role.label())),
)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut chain_file = File::create(alg.output_directory().join(format!(
"{}.{}",
role.label(),
f.0
)))?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut raw_public_key_file = File::create(
alg.output_directory()
.join(format!("{}.spki.pem", role.label())),
)?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let output_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
&mut File::open("../rustls-provider-test/tests/rfc-9180-test-vectors.json")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let var = var_os("SSLKEYLOGFILE");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = fs::File::open(file.unwrap().path()).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
rustls-pki-types
rust dependencyexpand_more 1 low-confidence finding(s)
File::open(file_name).map_err(Error::Io)?,
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
schemars
rust dependencyexpand_more 1 low-confidence finding(s)
let target = env::var("TARGET").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
serde
rust dependencyexpand_more 4 low-confidence finding(s)
let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let patch_version = env::var("CARGO_PKG_VERSION_PATCH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(out_dir.join("private.rs"), module).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc = env::var_os("RUSTC")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
serde_cbor
rust dependencyexpand_more 2 low-confidence finding(s)
let ferris_file = File::create("examples/ferris.cbor")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let tux_file = File::open("examples/tux.cbor")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
serde_json
rust dependencyexpand_more 2 low-confidence finding(s)
let target_arch = env::var_os("CARGO_CFG_TARGET_ARCH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let target_pointer_width = env::var_os("CARGO_CFG_TARGET_POINTER_WIDTH").unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
serial_test
rust dependencyexpand_more 3 low-confidence finding(s)
let parallel_count = match File::open(Lock::gen_count_file(path)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(path, "").unwrap_or_else(|_| panic!("Lock file path was {:?}", path))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::create(&Lock::gen_count_file(&self.path)).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
slog
rust dependencyexpand_more 1 low-confidence finding(s)
if std::env::var_os("CARGO_FEATURE_STD").is_some()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
syn
rust dependencyexpand_more 3 low-confidence finding(s)
let content = fs::read_to_string(FILE).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = fs::read_to_string(path).unwrap();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc = env::var_os("RUSTC")?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
sysinfo
rust dependencyexpand_more 67 low-confidence finding(s)
if std::env::var("APPLE_CI").is_ok()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
|| std::env::var("FREEBSD_CI").is_ok()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
|| std::env::var("NETBSD_CI").is_ok()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = File::open(file).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut f = File::open(file).ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("name"), "test_name").expect("failed to write to name file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_input"), "1234")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("name"), "test_name").expect("failed to write to name file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("device/model"), "test_model")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_label"), "test_label1")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_input"), "1234")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_crit"), "100").expect("failed to write to temp1_min file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("name"), "test_name").expect("failed to write to name file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_label"), "test_label1")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_input"), "1234")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_crit"), "100").expect("failed to write to temp1_min file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp2_label"), "test_label2")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp2_input"), "5678")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp2_crit"), "200").expect("failed to write to temp2_min file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("name"), "test_name").expect("failed to write to name file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("device/model"), "test_model")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_label"), "test_label1")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_input"), "1234")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp1_crit"), "100").expect("failed to write to temp1_min file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp2_label"), "test_label2")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp2_input"), "5678")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(hwmon0_dir.join("temp2_crit"), "200").expect("failed to write to temp2_min file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(thermal_zone0_dir.join("type"), "test_name")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(thermal_zone0_dir.join("temp"), "1234").expect("failed to write to temp file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(thermal_zone1_dir.join("type"), "test_name2")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
fs::write(thermal_zone1_dir.join("temp"), "5678").expect("failed to write to temp file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let f = match File::open("/proc/stat") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if File::open(format!(
"/sys/devices/system/cpu/cpu{cpu_core_index}/cpufreq/scaling_cur_freq",
))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if File::open("/proc/cpuinfo")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Err(_e) = File::open("/proc/cpuinfo").and_then(|mut f| f.read_to_string(&mut s)) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if File::open("/proc/cpuinfo")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match fs::read_to_string(path) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
read_to_string("/sys/devices/virtual/dmi/id/board_asset_tag")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
read_to_string("/sys/devices/virtual/dmi/id/board_name")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
read_to_string("/proc/device-tree/board")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
read_to_string("/sys/devices/virtual/dmi/id/board_vendor")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
read_to_string("/sys/devices/virtual/dmi/id/board_version")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
read_to_string("/sys/devices/virtual/dmi/id/board_serial")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let bytes = read("/proc/device-tree/compatible").ok()?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(mut f) = File::open(parent.as_ref().join(path))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match fs::read_to_string(&limits_files) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(path.join("stat")).map_err(|_| ())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = match File::open(path) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match File::open(entry) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/devices/virtual/dmi/id/product_family")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/devices/virtual/dmi/id/product_name")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/firmware/devicetree/base/model")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/firmware/devicetree/base/banner-name").ok()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
.or_else(|| std::fs::read_to_string("/tmp/sysinfo/model").ok())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/devices/virtual/dmi/id/product_serial")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/firmware/devicetree/base/serial-number")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/devices/virtual/dmi/id/product_sku")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/devices/virtual/dmi/id/product_uuid")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/devices/virtual/dmi/id/product_version")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::read_to_string("/sys/devices/virtual/dmi/id/sys_vendor")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(buf) = File::open("/proc/stat").and_then(|mut f| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if File::open("/proc/loadavg")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(buf) = File::open(path).and_then(|mut f| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let buf = File::open(fallback_path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(
&tmp1,
r#"NAME="Ubuntu"
VERSION="20.10 (Groovy Gorilla)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.10"
VERSION_ID="20.10"
VERSION_CODENAME=groovy
UBUNTU_CODENAME=groovy
"#,
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
std::fs::write(
&tmp2,
r#"DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.10
DISTRIB_CODENAME=groovy
DISTRIB_DESCRIPTION="Ubuntu 20.10"
"#,
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let mut file = File::open(file_path.as_ref())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
thiserror
rust dependencyexpand_more 7 low-confidence finding(s)
} else if let Some(rustc_bootstrap) = env::var_os("RUSTC_BOOTSTRAP") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if env::var_os("RUSTC_STAGE").is_some() {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc_wrapper = env::var_os("RUSTC_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os("RUSTC_WORKSPACE_WRAPPER").filter(|wrapper| !wrapper.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Some(target) = env::var_os("TARGET") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if let Ok(rustflags) = env::var("CARGO_ENCODED_RUSTFLAGS") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env::var_os(key).unwrap_or_else(|| {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tokio
rust dependencyexpand_more 4 low-confidence finding(s)
asyncify(move || std::fs::read(path)).await
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
asyncify(move || std::fs::read_to_string(path)).await
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
asyncify(move || std::fs::write(path, contents)).await
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
match std::env::var(ENV_WORKER_THREADS) {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tonic
rust dependencyexpand_more 6 low-confidence finding(s)
tracing::debug!("connection task error: {:?}", e);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("reconnect::poll_ready: {:?}", error);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("error: {}", error);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("errors occurred when loading native certs: {errors:?}");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(error = %e, "tls accept error");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(error = %e, "accept loop error");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tower
rust dependencyexpand_more 3 low-confidence finding(s)
tracing::info!("using {}", c);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(service.ready = true, message = "processing request");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!({ %error }, "service failed");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing
rust dependencyexpand_more 1 low-confidence finding(s)
b.iter(|| tracing::info!("hello world!"))
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing-appender
rust dependencyexpand_more 14 low-confidence finding(s)
let file = fs::read_to_string(&path).expect("Failed to read file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("file 1");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("file 1");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("file 2");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("file 2");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = fs::read_to_string(&path).expect("Failed to read file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("file 1");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("file 1");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("file 2");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("file 2");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("file 3");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("file 3");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let file = fs::read_to_string(&path).expect("Failed to read file");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let content = fs::read_to_string(&symlink_path).expect("failed to read through symlink");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing-subscriber
rust dependencyexpand_more 113 low-confidence finding(s)
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "foo", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "foo", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "foo", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!(target: "foo", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::warn!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::debug!("hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
log::info!(target: "static_filter", "hi");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(n);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let var = env::var(self.env_var_name()).unwrap_or_default();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let var = env::var(self.env_var_name()).unwrap_or_default();
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let var = env::var(self.env_var_name())?;
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let ansi = cfg!(feature = "ansi") && env::var("NO_COLOR").map_or(true, |v| v.is_empty());
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!(?AlwaysError);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(?AlwaysError);
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(target: "writer2", "hello writer2!");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::warn!(target: "writer1", "hello writer1!");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let _saved_no_color = RestoreEnvVar(env::var(NO_COLOR));
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("some json test");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("an event outside the root span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("an event inside the root span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(parent: &span2, "hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(parent: &span2, "hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("hello");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
let targets = match env::var("RUST_LOG") {
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
tracing::info!("no span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!(parent: &parent, "explicit span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::info!("contextual span");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing-tracy
rust dependencyexpand_more 2 low-confidence finding(s)
tracing::error!(field1 = "first", field2 = "second", "message");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
tracing::error!(field1 = "first", field2 = "second", "message");
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
zerocopy
rust dependencyexpand_more 2 low-confidence finding(s)
let cargo_toml = fs::read_to_string("Cargo.toml").expect("failed to read Cargo.toml");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
let rustc_cmd_name = env::var_os("RUSTC").expect("could not get rustc command name");
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
Skipped dependencies
Production
- sys-info prod — no rust source in crate
- slog-stdlog prod — no rust source in crate
- prost-for-raft prod — no version pinned
- common prod — cdn 403
- cancel prod — cdn 403
- issues prod — cdn 403
- segment prod — cdn 403
- collection prod — cdn 403
- api prod — cdn 403
- wal prod — cdn 403
- fnv prod — no rust source in crate
- edge prod — cdn 403
- edge-py-codegen prod — cdn 403
- dataset prod — cdn 403
- rust-stemmers prod — cdn 403
- gridstore prod — cdn 403
- macros prod — cdn 403
- posting_list prod — cdn 403
- quantization prod — cdn 403
- qdrant-edge prod — no version pinned
- ureq prod — cdn 403