How to completely disable rust-analyzer for a project or directory?

[kornelski]

I'm writing a code review tool (cargo-crev). It's meant for reviewing untrusted 3rd party code. There's a risk that malicious code could use build-time code execution (build.rs or proc-macros) to launch an attack on the reviewer's machine and/or use it to hide the malicious code.

I've noticed that IDEs that integrate with rust-analyzer automatically build any Rust project they open (target dir appears), so just looking at a Rust crate executes untrusted code! I'm not entirely sure whether that's caused by rust-analyzer itself, or just cargo check that usually goes with it.

Is there a way to disable rust-analyzer for such project folder? Or tell it not to trust any code nor any of its dependencies?

There's a request for a single file #3660, but I'm looking for a crate-wide solution. I'd rather not modify source code, but I can inject/change config files.

[lnicola]

You can disable proc macro and build script support (off by default for now) and running cargo check (on by default).

There's no editor-agnostic configuration yet, but for Code you can add a project-specific configuration file.

[kornelski]

It'd be great if there was editor-agnostic way for it, something like .rust-analyzer.toml that I could drop into a directory.

[matklad]

Setting cargo target dir to /dev/null in .cargo/config might do the trick

[lnicola]

That's #6113. Let's close this in favour of that to keep things tidy.

cargo target dir

Or even the cargo target.