Rust 1.0 Fixer List

Rust 1.0 Fixers

The following are the planned fixers for the initial release of Rust 1.0. At this time the list is not final and we would like to hear from you, potential clients of iCR for Rust, if these fixers are of value to you, which ones are most important and if anything is missing. To provide your feedback, please use this form to tell us what you think.

Arithmetic Issues (2):

  • Fix Zero Division –

    Removes zero division opportunities in code. Fixes CWE 369.

  • Replace Arithmetic Operations –

    Replace arithmetic operations with a safe function call that detects an overflow (or underflow) and explicitly handles them. Fixes CWE 190, CWE 191.

Broken Authentication (3):

  • Fix Hard-coded Key –

    Cryptographic keys or other credentials should not be kept hard-coded in the source code. An attacker can extract the strings or byte arrays from an application's source code or binary. Fixes CWE 798, OWASP A7-Identification and Authentication Failures.

  • Fix Hard-coded Password –

    User passwords should not be kept hard-coded in the source code. An attacker can extract the strings or byte arrays from an application's source code or binary. Fixes CWE 259, OWASP A7-Identification and Authentication Failures.

  • Prevent Session Fixation –

    Creating cookie for session id from untrusted data may allow an attacker to launch a session fixation attack. Fixes CWE 384, OWASP A7-Identification and Authentication Failures.

Concurrency Issues (6):

  • Add Trait Bounds –

    An implementation of Send or Sync trait should be bounding the generic type with proper Send of Sync bound. If not, there may be a data race. Fixes CWE 366.

  • Detect Blocked Channels –

    The send and receive operations on a channel should match such that the channel is not blocked.

  • Drop Synchronization Primitive Explicitly –

    A lock should not be held for an extended period. Release a lock early through inline expressions or explicit drop calls if the lock is no longer needed. By releasing locks early, concurrent code can run more quickly and efficiently.

  • Fix Data Race –

    Concurrent accesses of the same memory location can cause data race conditions if at least one of the accesses is a write access and exclusive locks are not used properly. Fixes CWE 366.

  • Fix Double Free of Locks –

    A lock should not be freed twice which leads to memory corruption or undefined behavior.

  • Fix Lock Ordering –

    Locks should not be acquired in an inconsistent order across threads which may lead to deadlocks. Fixes CWE 667.

Error Handling (1):

  • Prevent Unexpected Panic –

    Programmers may mark some program execution points as unreachable by calling panic!(), unimplemented!(), or unreachable!(). These code segments should be unreachable in the code. Fixes CWE 617.

Improper Access Control (3):

  • Fix Hard-coded IP Address –

    IP Addresses should not be kept hard-coded in the source code. Fixes OWASP A1-Broken Access Control. Fixes CWE 1051.

  • Prevent Untrusted File Extraction –

    Attempting to extract an archive file from an untrusted source may lead to a Denial of Service (DoS) attack. The archived file may be very small in size but the uncompressed file is huge. Identifies potential denial of service opportunities through a zip bomb. Fixes CWE 409, OWASP A1-Broken Access Control, OWASP A5-Security Misconfiguration.

  • Prevent URL Redirection –

    Using untrusted user-provided data to perform an HTTP redirect leads to an Open Redirection attack. This allows an attacker to redirect a user to a malicious website and steal the user's credentials by phishing. Identifies potential Open Redirection opportunities. Fixes CWE 601, OWASP A1-Broken Access Control.

Improper Method Call (1):

  • Unchecked Method Return Value –

    The return value of a method may contain error codes sent by the method. The return values should be checked against error codes before being used. Fixes CWE 252.

Inappropriate Logic (2):

  • Avoid Circular Module Dependencies –

    Detect and forbid mutually recursive module dependencies within a crate. This ensures a cleaner and more organized crate structure by preventing circular module dependencies, which can lead to complex and hard-to-maintain code. For example, if Module A uses Module B, Module B must not use Module A (and vice versa). Fixes CWE 1047.

  • Remove Redundant Trait Bounds –

    Optimize cases where one of the trait bounds can be omitted because it is already implied by another trait bound. For example, trait bounds like T: Ord + Eq can be collapsed to T: Ord, avoiding unnecessary redundancy in trait constraints.

Injection (12):

  • Prevent Cross-site Scripting –

    When endpoints reflect back tainted, user-provided data such as POST content, URL parameters, etc., it may allow attackers to inject code that will eventually be executed on the user's browser. Identifies potential Cross-Site Scripting (XSS) opportunities. Fixes CWE 79, CWE 80, CWE 81, CWE 82, CWE 83, CWE 84, CWE 85, CWE 86, CWE 87, OWASP A3-Injection.

  • Prevent HTTP Response Splitting –

    Constructing HTTP response headers with user-provided, untrusted data may allow an attacker to tamper with the header data. Check that malformed HTTP responses are not created. Fixes CWE 113, OWASP A3-Injection.

  • Prevent Insecure Deserialization –

    Deserializing untrusted user-provided data may allow an attacker to insert malicious objects which may lead to remote code execution, denial of service and so on. Check that the deserialization is done on trusted data only. Fixes CWE 502, OWASP A8-Software and Data Integrity Failures.

  • Prevent LDAP Injection –

    Constructing LDAP names or search filters using untrusted user-provided data enables attackers to inject values that change the way the name or the filter is supposed to interpreted under normal circumstances. Identify potential LDAP injection opportunities. Fixes CWE 90, OWASP A3-Injection.

  • Prevent Log Injection –

    User-provided, untrusted data should not be injected into logs directly. This allows an attacker to corrupt the log file structure. Fixes CWE 117, OWASP A3-Injection, OWASP A9-Security Logging and Monitoring Failures.

  • Prevent OS Command Injection –

    Applications that execute operating system calls should not use untrusted user-provided data to create the command or command parameters. Identifies potential OS command injection opportunities. Fixes CWE 77, CWE 78, CWE 88, OWASP A3-Injection.

  • Prevent Path Manipulation –

    Constructing file system paths from untrusted user-provided data such as POST content, URL parameters, etc., enables attackers to inject specific path browsing symbols, such as '..', to manipulate the file path and to access files that they are not allowed to access otherwise. Identifies potential path manipulation opportunities. Fixes CWE 22, CWE 23, CWE 36, CWE 99, CWE 641, OWASP A3-Injection, OWASP A1-Broken Access Control.

  • Prevent Regular Expression Denial of Service –

    Using external strings as regular expressions leads to potential denial of service attack since evaluating the regular expressions is CPU intensive. Identify potential regular expression injection opportunities. Fixes CWE 400, OWASP A3-Injection.

  • Prevent Server-side Request Forgery –

    User-provided, untrusted data should not be used to fetch remote resources. This allows an attacker to send a crafted request to an unexpected destination. Fixes CWE 20, CWE 641, CWE 918, OWASP A10-Server-Side Request Forgery (SSRF).

  • Prevent SQL Injection –

    Constructing SQL queries with untrusted user-provided data, e.g., URL parameters, enables attackers to inject code in place of data that changes the meaning of the SQL query. Identifies potential SQL injection opportunities. Fixes CWE 20, CWE 89, CWE 943, OWASP A3-Injection.

  • Prevent XPath Injection –

    Constructing XPath expressions using untrusted user-provided data such as POST content, URL parameters, etc., enables attackers to inject specially crafted values that change the way the expression is supposed to be interpreted under normal circumstances. Identifies potential XPath injection opportunities. Fixes CWE 643, OWASP A3-Injection.

  • Prevent XSLT Injection –

    Transforming XML documents using untrusted user-provided XSLT stylesheets may allow an attacker to execute malicious code or read sensitive files. Identifies potential XSLT injection opportunities. Fixes CWE 74, OWASP A3-Injection.

Memory Corruption Issues (8):

  • Add Memory Management At Declaration –

    Memory management intent should be made explicit during allocation. If the management is done late and a panic happens before that code is reached, a double free error may happen. Fixes CWE 415.

  • Convert Clone to Borrow –

    If a function's actual parameter accepts a clone of a type but the function performs immutable operations on the type, the function's signature could be modified to accept a reference. This improves performance if the clone operation is expensive.

  • Fix Double Free –

    A memory segment should not be deallocated twice, potentially leading to undefined behavior such as memory corruption or program crashes. Fixes CWE 415.

  • Fix Lifetime Duration Mismatch –

    The lifetime duration between two arguments of a function or between an argument and the return type should be matched such that a use after free error does not happen. Fixes CWE 416.

  • Fix Lifetime Mutability Mismatch –

    The lifetime mutability between two arguments of a function or between an argument and the return type should be matched such that multiple mutable borrows cannot overlap.

  • Fix Null Dereference –

    A pointer which has not been initialized is used as if it pointed to a valid memory area in the heap. A null pointer issue happens because the developer mistakenly did not allocate an object or has mistakenly assumed that that the object is allocated when in fact it is null. Fixes CWE 476.

  • Fix Use After Free –

    A program should not access memory after it has been deallocated, potentially leading to undefined behavior. Fixes CWE 416.

  • Prevent Buffer Overflow From Pointer Arithmetic –

    Prevent buffer overflow attacks that originate from unsafe pointer arithmetic. Fixes CWE 787.

Sensitive Data Exposure (2):

  • Never Expose Stack Trace to End Users –

    Sending an exception stack trace through a servlet response can expose sensitive data about the internals of the application to an attacker. Fixes CWE 209, OWASP A4-Insecure Design.

  • Prevent Sensitive Data Leakage –

    Data leakage happens when sensitive information is shared with an outside user, whether inside or outside of an organization. Any sensitive data in the sinks can be a threat. Fixes CWE 200, CWE 201, CWE 319, OWASP A1-Broken Access Control, OWASP A2-Cryptographic Failures.

Weak Cryptography Issues (3):

  • Use Secure Socket Protocol –

    SSL context objects should use a secure socket protocol such as TLS v1.2 or TLS 1.3. Fixes CWE-326, CWE-327, OWASP A2-Cryptographic Failures, OWASP A5-Security Misconfiguration Issue.

  • Use Strong Cipher Algorithms –

    Data transfer protocols should use strong cipher algorithms. If a weak algorithm is used, the data is vulnerable to brute-force cryptanalysis attacks. Fixes CWE-327, OWASP A2-Cryptographic Failures.

  • Use Strong Hash Function –

    Hashing should be done using strong hashing algorithms such as SHA-256 or SHA-3. Fixes CWE 327, CWE 328, OWASP A2-Cryptographic Failures, OWASP A5-Security Misconfiguration Issue.

PreviousiCR for Rust Supported Fixers

Last updated