Rust

Rust

Made by DeepSource
Missing regex anchor RS-S1008
Security
Major

It is unsafe to match untrusted input against regular expressions without ^ anchor. URLs with missing anchors can prove fatal as malicious inputs bypass the system's security checks.

Detected conversion between differently sized raw slices RS-S1013
Security
Major

Conversion between raw slices of differently sized types is undefined behaviour, because the length of the pointer is not converted using as.

Potentially unsafe usage of Arc::get_mut RS-S1000
Security
Minor

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.

Hardcoded temporary file or directory detected RS-S1003
Security
Major

This issue is raised when a hardcoded temporary file or directory is detected. Creating and using insecure temporary files can leave the application vulnerable to attacks. Lack of uniqueness in temporary files allows attackers to predict the filename and inject dangerous data into the application through the temporary file.

Found usage of cryptographically insecure algorithm RS-S1004
Security
Major

Certain cryptographic algorithms are known to be cryptographically insecure and should be avoided.

Insufficient RSA key size RS-S1005
Security
Major

The strength of public-key-based cryptographic algorithm (like RSA) is determined by the time that it takes to derive the private key by using brute-force methods. 1024-bit keys are to be avoided since they are easy to brute-force. However, 2048-bit keys are said to be sufficient until 2030. Preferably use 4096-bit keys.

Found potentially incorrect use of bitwise XOR RS-S1007
Security
Major
Autofix

The caret symbol (^) in some languages is used to represent exponentiation. However, in Rust, as in many C-like languages, it represents the bitwise exclusive-or (XOR) operation. It is recommended to carefully vet if the caret is being used for XOR or exponentiation.

Redirect to destination from possibly tainted source RS-S1009
Security
Major

Redirects to a destination that is provided by the user or through an external function may be invalid or unsafe. Consider verifying the destination before firing the redirect.

Usage of DoS vulnerable version of regex crate RS-S1015
Security
Major

The regex Rust library prior to version 1.5.5 is vulnerable to regular expression denial of service (ReDoS) attacks. Ensure that you use version 1.5.5 or above in Cargo.toml dependencies for regex.

Setting global write permission on file RS-S1016
Security
Critical

Calling set_readonly(false) on a std::fs::Permissions object results in the file being world-writable, and is equivalent to running chmod a+w on the file. This provides global write access to all users and processes, and introduces an insecure permissions vulnerability.

Audit required: Found X-XSS-Protection header in HTTP response RS-A1010
Security
Major

The X-XSS-Protection header in HTTP response can create XSS vulnerabilities in otherwise safe websites even though it can protect users of older web browsers that don't support CSP.

The X-XSS-Protection header in HTTP response instructs the browser to enable its Cross-Site Scripting (XSS) filter. This filter is intended to protect users from certain types of attacks, but it has been known to create XSS vulnerabilities in otherwise safe websites. The filter is not standardized across browsers, which can lead to inconsistent behavior. Additionally, modern web standards such as Content Security Policy (CSP) offer more effective protection against XSS attacks.

Audit required: Found vulnerable content security policy header in HTTP response RS-A1011
Security
Critical

The CONTENT_SECURITY_POLICY header is used to restrict the sources from which a web page can load certain types of content. Setting the header to accept any source by using default-src '*' or script-src '*' creates major vulnerabilities in the application, as it allows the execution of scripts from any source, including malicious ones. This issue can lead to cross-site scripting (XSS) attacks, which could result in sensitive user data being stolen or manipulated.

Potentially unsafe usage of std::fs::remove_dir_all RS-S1002
Security
Major

In the standard library in Rust before 1.58.1, there is a race condition that enables symlink following. An attacker could take advantage of this security vulnerability to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete.

Detected conversion of *const to *mut RS-S1011
Security
Major

Converting *const to *mut works in safe code. However, mutating such a pointer can result in undefined behavior. Such situations can only occur in unsafe code, because dereferencing pointers is an unsafe operation.

Detected conversion of raw slice to ptr RS-S1012
Security
Major

Conversion from a raw slice to ptr results in undefined behavior.

Consider using the following conversion methods:

  • std::ptr::slice_from_raw_parts to convert a ptr and len pair into a raw slice
  • std::slice::as_ptr to convert a raw slice to a ptr
Potential path traversal vulnerability due to actix::NamedFile::open(..) RS-S1014
Security
Major

Use of actix::NamedFile::open(..) with non-validated user input can lead to path traversal vulnerability, i.e., a vulnerability that may expose private files on server.

File or directory created with insecure permissions RS-A1001
Security
Critical

Excessive permissions are granted to a file or directory. This issue is raised when a permission mode greater than 0o755 is given.

Audit required: Use of VecDeque::make_contiguous RS-A1005
Security
Major

In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.