| RUST001 |
Rust |
[Rust] Unsafe code block |
High |
Unsafe code blocks can lead to undefined behavior if not used properly. |
Ensure that unsafe code is necessary and properly reviewed. Use safe abstractions when possible. |
Whenever using unsafe blocks in Rust code |
| RUST002 |
Rust |
[Rust] Unhandled error |
Medium |
Unwrapping a Result or Option without proper error handling can lead to panic. |
Use match or if let to handle the Result or Option properly, or use ? to propagate the error. |
When using unwrap() on Result or Option types |
| RUST003 |
Rust |
[Rust] Unchecked arithmetic |
Medium |
Arithmetic operations that can overflow or underflow without being checked. |
Use checked arithmetic methods like checked_add, checked_sub, checked_mul, and checked_div. |
When performing arithmetic operations that may overflow or underflow |
| RUST004 |
Rust |
[Rust] Insecure random number generator |
High |
Using an insecure random number generator for security-sensitive operations. |
Use a cryptographically secure random number generator like rand::ThreadRng or ring::rand::SystemRandom. |
When generating random numbers for security-sensitive purposes |
| RUST005 |
Rust |
[Rust] Uninitialized memory |
High |
Using uninitialized memory can lead to undefined behavior. |
Initialize memory properly or use mem::MaybeUninit for delayed initialization. |
When working with uninitialized memory |
| RUST006 |
Rust |
[Rust] Use of mem::transmute |
High |
Using mem::transmute can lead to undefined behavior and violate type safety. |
Avoid using mem::transmute and use safe type conversions or as keyword for primitive types. |
When using mem::transmute to reinterpret memory |
| RUST007 |
Rust |
[Rust] Use of std::process::Command |
Medium |
Using std::process::Command without properly sanitizing user input can lead to command injection vulnerabilities. |
Properly sanitize and validate user input before passing it to std::process::Command. Consider using safe wrappers or libraries. |
When executing external commands or processes |
| RUST008 |
Rust |
[Rust] Use of std::fs::File with unwrap() |
Medium |
Using unwrap() with std::fs::File can lead to panics if the file operation fails. |
Use ? operator to propagate the error or handle it explicitly with match or if let. |
When opening files using std::fs::File |
| RUST009 |
Rust |
[Rust] Deserialization of untrusted data |
High |
Deserializing untrusted data without proper validation can lead to security vulnerabilities. |
Implement custom deserialization logic with proper validation and sanitization of untrusted data. Consider using safe deserialization libraries. |
When deserializing data from untrusted sources using serde or other libraries |
| RUST010 |
Rust |
[Rust] Use of std::net::TcpListener with unwrap() |
Medium |
Using unwrap() with std::net::TcpListener can lead to panics if the binding operation fails. |
Use ? operator to propagate the error or handle it explicitly with match or if let. |
When binding to a network address using std::net::TcpListener'. From the beginning to end! |