Extending one String with another is possible through
.extend(s.chars()). However, this is better expressed using
It is unsafe to match untrusted input against regular expressions without
anchor. URLs with missing anchors can prove fatal as malicious inputs bypass
the system's security checks.
.filter(..).next() is equivalent to
.clone()in assignment RS-W1070
.clone_from() instead of assigning the result of
clone_from() may perform better in some cases because some structs may have custom implementations of
clone_from(), which improve performance by avoiding needless allocations.
std::mem module provides the
take() method to acquire the
current value and replace it with the default value of the same type.
Prefer using this over
Comparing a floating point with
!= is redundant.
cannot be compared to anything, not even itself. Use
Arc<RwLock<HashMap<K, V>>> has performance concerns, the
dashmap crate provides a much better alternative to concurrent hashmaps.
Arc<RwLock<HashMap<K, V>>> is better off replaced by
Arc<DashMap<K, V>> from the
Box::new(T::default()) is overly verbose, involving two function calls instead of one.
It can be better written as
In the standard library in Rust before 1.29.0, there is weak synchronization in the
Arc::get_mut method. This synchronization issue can be lead to memory safety issues
through race conditions.
In the standard library in Rust before 1.58.1, there is a race condition that enables symlink following. An attacker could take advantage of this security vulnerability to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete.
This issue is raised when a hardcoded temporary file or directory is detected. Creating and using insecure temporary files can leave the application vulnerable to attacks. Lack of uniqueness in temporary files allows attackers to predict the filename and inject dangerous data into the application through the temporary file.
Certain cryptographic algorithms are known to be cryptographically insecure and should be avoided.
The strength of public-key-based cryptographic algorithm (like RSA) is determined by the time that it takes to derive the private key by using brute-force methods. 1024-bit keys are to be avoided since they are easy to brute-force. However, 2048-bit keys are said to be sufficient until 2030. Preferably use 4096-bit keys.
The caret symbol (
^) in some languages is used to represent
exponentiation. However, in Rust, as in many C-like languages, it
represents the bitwise exclusive-or (
XOR) operation. It is
recommended to carefully vet if the caret is being used for XOR or
Redirects to a destination that is provided by the user or through an external function may be invalid or unsafe. Consider verifying the destination before firing the redirect.
regex Rust library prior to version
1.5.5 is vulnerable to
regular expression denial of service (ReDoS) attacks.
Ensure that you use version
1.5.5 or above in
Cargo.toml dependencies for
.clamp(min, max), instead of
Ord::max functions can be replaced with
Ord::clamp, which is also a more readable solution.
Checking if a value is
None via a direct comparison is usually inspired
from other programming languages (e.g.
foo is None in Python). In Rust,
Eq trait is used to perform the comparison, which is unneeded.
Option type provides the
is_some() methods which
return a boolean, allowing for more idoimatic comparison.
Seek trait provides the
Seek::stream_position(&mut self) method, which is functionally
Self::seek(&mut self, SeekFrom::Current(0)). Consider avoiding the reimplementation.
mem::replace(&mut _, mem::uninitialized()) or
mem::replace(&mut _, mem::zeroed()) may lead to
undefined behaviour even if the value is overwritten later,
as the uninitialized value may remain in case of panic recovery.