Rust 1.0 Fixers

Avoid Joining Constant Paths –
A chain of join calls on constant paths should be consolidated into a single expression.
Use Relative Path –
Using absolute paths when using Path::join may lead to unexpected behavior because the absolute path may silently replace the previously constructed base path.

Prevent Integer Overflow or Underflow –
An integer value used in an arithmetic operation may be controlled by an external user to create an arithmetic overflow or underflow. Fixes CWE 190, CWE 191.

Avoid Double Locking of Mutex –
Attempting to acquire a Mutex that has been held already may cause a deadlock. Fixes CWE 764.

Avoid Silly Equality Checks –
In some cases, a comparison with an equals (==) or a not equals (!=) operator always returns either true or false. Such logical short circuits in code lead to unintended behavior.
Avoid Type Shadowing –
A generic type parameter should not be defined with the same name as an existing type declaration.
Use Runtime Path Value –
Path values should be collected at runtime as environment variables instead of at compile time. This fixes portability issues where the value is compiled using an environment that does not match the runtime environment.

Fix Null Dereference Across Language Boundary –
A null pointer passed to a C function may lead to a null dereference on the C side. Fixes CWE 476.
Fix Null Dereference From Return Value Of A C Function –
A Rust function using the return value from a C function should check for null return values. Fixes CWE 476.
Fix Null Dereference In FFI Functions –
A Rust object exposed via FFI should check for null content before referencing. Fixes CWE 476.

Ensure Lifetime Duration –
If a function parameter is borrowed to update another mutable parameter, the borrowed value should live enough into the lifetime of the borrower. Otherwise, it may cause memory bugs such as Use After Free or Non Exclusive Mutability in several places in the code.
Fix Double Free –
A raw pointer owned by a container may be freed twice causing memory corruption. Fixes CWE 415.
Fix Memory Leak –
A memory leak happens when a heap-allocated memory region is no longer accessible due to lost ownership or unreachable references, leading to unbounded memory growth and resource exhaustion. Fixes CWE 401.
Fix Lifetime Mismatch –
The lifetime of a function parameter should match the lifetime of the return value. Otherwise, it may cause memory bugs such as Use After Free or Non Exclusive Mutability in several places in the code.
Fix Use After Free –
A raw pointer is used but the location it is pointing to is already dropped.
Prevent Memory Allocation With Excessive Size Value –
An integer value used as a capacity parameter in a library function to create a memory region may be controlled by an external user to create a large memory chunk which may lead to a resource exhaustion attack. Fixes CWE 789.

Last updated 6 days ago

Avoid Joining Constant Paths –
A chain of join calls on constant paths should be consolidated into a single expression.
Use Relative Path –
Using absolute paths when using Path::join may lead to unexpected behavior because the absolute path may silently replace the previously constructed base path.

Prevent Integer Overflow or Underflow –
An integer value used in an arithmetic operation may be controlled by an external user to create an arithmetic overflow or underflow. Fixes CWE 190, CWE 191.

Avoid Double Locking of Mutex –
Attempting to acquire a Mutex that has been held already may cause a deadlock. Fixes CWE 764.

Avoid Silly Equality Checks –
In some cases, a comparison with an equals (==) or a not equals (!=) operator always returns either true or false. Such logical short circuits in code lead to unintended behavior.
Avoid Type Shadowing –
A generic type parameter should not be defined with the same name as an existing type declaration.
Use Runtime Path Value –
Path values should be collected at runtime as environment variables instead of at compile time. This fixes portability issues where the value is compiled using an environment that does not match the runtime environment.

Fix Null Dereference Across Language Boundary –
A null pointer passed to a C function may lead to a null dereference on the C side. Fixes CWE 476.
Fix Null Dereference From Return Value Of A C Function –
A Rust function using the return value from a C function should check for null return values. Fixes CWE 476.
Fix Null Dereference In FFI Functions –
A Rust object exposed via FFI should check for null content before referencing. Fixes CWE 476.

Ensure Lifetime Duration –
If a function parameter is borrowed to update another mutable parameter, the borrowed value should live enough into the lifetime of the borrower. Otherwise, it may cause memory bugs such as Use After Free or Non Exclusive Mutability in several places in the code.
Fix Double Free –
A raw pointer owned by a container may be freed twice causing memory corruption. Fixes CWE 415.
Fix Memory Leak –
A memory leak happens when a heap-allocated memory region is no longer accessible due to lost ownership or unreachable references, leading to unbounded memory growth and resource exhaustion. Fixes CWE 401.
Fix Lifetime Mismatch –
The lifetime of a function parameter should match the lifetime of the return value. Otherwise, it may cause memory bugs such as Use After Free or Non Exclusive Mutability in several places in the code.
Fix Use After Free –
A raw pointer is used but the location it is pointing to is already dropped.
Prevent Memory Allocation With Excessive Size Value –
An integer value used as a capacity parameter in a library function to create a memory region may be controlled by an external user to create a large memory chunk which may lead to a resource exhaustion attack. Fixes CWE 789.

Last updated 6 days ago