Rust rules

Code analysis support for Rust is in Early Access and is available only with Enterprise plans. To enable the feature, see Snyk Preview.

Each rule includes the following information.

Rule Name: The Snyk name of the rule.
CWE(s): The CWE numbers that are covered by this rule.
Security Categories: The OWASP Top 10 (2021 edition) category to which the rule belongs to, if any, and if it is included in SANS 25.
Autofixable: Security rules that are autofixable by Snyk Agent Fix. This information is included only for the supported programming languages.

Rule Name

CWE(s)

Security Categories

Autofixable

Command Injection

CWE-78

Sans Top 25, OWASP:A03

Cross-site Scripting (XSS)

CWE-79

Sans Top 25, OWASP:A03

Hardcoded Secret

CWE-547

OWASP:A05

Inadequate Padding for Public Key Encryption

CWE-326

OWASP:A02

Insecure File Permissions

CWE-732

OWASP:A05

Observable Timing Discrepancy

CWE-208

OWASP:A02

Open Redirect

CWE-601

OWASP:A01

Origin Validation Error

CWE-346, CWE-942

OWASP:A05

Path Traversal

CWE-23

OWASP:A01

SQL Injection

CWE-89

Sans Top 25, OWASP:A03

Server-Side Request Forgery (SSRF)

CWE-918

Sans Top 25, OWASP:A10

Use of Hardcoded Passwords

CWE-259, CWE-798

Sans Top 25, OWASP:A07

Use of Insufficiently Random Values

CWE-330

OWASP:A02

Use of Password Hash With Insufficient Computational Effort

CWE-916

OWASP:A02

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

OWASP:A02

PreviousRuby rules NextScala rules

Last updated 22 days ago

Was this helpful?