It is unsafe to match untrusted input against regular expressions without ^
anchor. URLs with missing anchors can prove fatal as malicious inputs bypass
the system's security checks.
Arc::get_mut
RS-S1000In the standard library in Rust before 1.29.0, there is weak synchronization in the
Arc::get_mut
method. This synchronization issue can be lead to memory safety issues
through race conditions.
std::fs::remove_dir_all
RS-S1002In the standard library in Rust before 1.58.1, there is a race condition that enables symlink following. An attacker could take advantage of this security vulnerability to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete.
This issue is raised when a hardcoded temporary file or directory is detected. Creating and using insecure temporary files can leave the application vulnerable to attacks. Lack of uniqueness in temporary files allows attackers to predict the filename and inject dangerous data into the application through the temporary file.
Certain cryptographic algorithms are known to be cryptographically insecure and should be avoided.
The strength of public-key-based cryptographic algorithm (like RSA) is determined by the time that it takes to derive the private key by using brute-force methods. 1024-bit keys are to be avoided since they are easy to brute-force. However, 2048-bit keys are said to be sufficient until 2030. Preferably use 4096-bit keys.
The caret symbol (^
) in some languages is used to represent
exponentiation. However, in Rust, as in many C-like languages, it
represents the bitwise exclusive-or (XOR
) operation. It is
recommended to carefully vet if the caret is being used for XOR or
exponentiation.
Redirects to a destination that is provided by the user or through an external function may be invalid or unsafe. Consider verifying the destination before firing the redirect.
regex
crate RS-S1015The regex
Rust library prior to version 1.5.5
is vulnerable to
regular expression denial of service (ReDoS) attacks.
Ensure that you use version 1.5.5
or above in Cargo.toml
dependencies for regex
.
Calling set_readonly(false)
on a std::fs::Permissions
object results in
the file being world-writable, and is equivalent to running chmod a+w
on
the file. This provides global write access to all users and processes, and
introduces an insecure permissions vulnerability.
actix::NamedFile::open(..)
RS-S1014Use of actix::NamedFile::open(..)
with non-validated user input can lead to path traversal vulnerability,
i.e., a vulnerability that may expose private files on server.
Excessive permissions are granted to a file or directory. This issue is raised
when a permission mode greater than 0o755
is given.
HttpOnly
attribute RS-A1003Cookies set without the HttpOnly
flag can be read by a client-side script,
leading to cookie theft from Cross-Site Scripting
(XSS) attacks.
VecDeque::make_contiguous
RS-A1005In the standard library in Rust before 1.49.0, VecDeque::make_contiguous
has a
bug that pops the same element more than once under certain condition. This bug
could result in a use-after-free or double free.
Conversion between raw slices of differently sized types is undefined behaviour, because
the length of the pointer is not converted using as
.
*const
to *mut
RS-S1011Converting *const
to *mut
works in safe code. However, mutating such a pointer can result in
undefined behavior. Such situations can only occur in unsafe code, because dereferencing pointers is an
unsafe operation.
secure
attribute RS-A1002Cookies set without the secure
flag can cause the user agent to send those
cookies in plaintext over an HTTP session with the same server. This can lead
to man-in-the-middle
attacks.
Use of headers such as "Server", "X-Powered-By" and "X-AspNet-Version" can leak sensitive information of your application and server. Avoid using these headers if possible.
Vec::from_iter
RS-A1006In the standard library in Rust before 1.52.0, a double free can occur in the
Vec::from_iter
function if freeing the element panics.
ptr
RS-S1012Conversion from a raw slice to ptr
results in undefined behavior.
Consider using the following conversion methods:
std::ptr::slice_from_raw_parts
to convert a ptr
and len
pair into a raw slicestd::slice::as_ptr
to convert a raw slice to a ptr