Expand description
Input validation rules.
Rules detecting input validation issues:
- Environment variable handling (RUSTCOLA065, RUSTCOLA047)
- Untrimmed stdin input (RUSTCOLA053)
- Invisible Unicode detection (RUSTCOLA048)
- Infinite iterators (RUSTCOLA054)
- Unsafe deserialization (RUSTCOLA089, RUSTCOLA091)
- Unbounded reads (RUSTCOLA090)
- Division by untrusted input (RUSTCOLA077)
- Unchecked timestamp multiplication (RUSTCOLA106)
Structs§
- Cleartext
EnvVar Rule - Detects sensitive data (passwords, secrets, keys) stored via env::set_var. Environment variables can be read by child processes and are often logged.
- Division
ByUntrusted Rule - Detects division operations using untrusted input as denominator without validation.
- EnvVar
Literal Rule - Detects string literals passed to env::var() - potential config leakage.
- Infinite
Iterator Rule - Detects infinite iterators (repeat, cycle, repeat_with) without termination.
- Insecure
Json Toml Deserialization Rule - Detects untrusted input passed to JSON/TOML deserialization functions.
- Insecure
Yaml Deserialization Rule - Detects untrusted input passed to YAML deserialization functions.
- Invisible
Unicode Rule - Detects invisible Unicode characters in source code.
- Serde
Length Mismatch Rule - Detects when the declared length argument to serialize_struct/serialize_tuple/etc doesn’t match the actual number of serialize_field/serialize_element calls.
- Unbounded
Read Rule - Detects read_to_end/read_to_string on untrusted sources without size limits.
- Unchecked
Timestamp Multiplication Rule - Detects unchecked multiplication when converting time units (seconds to nanos, etc.).
- Untrimmed
Stdin Rule - Detects stdin input used without trimming trailing newlines.
Functions§
- register_
input_ rules - Register all input validation rules with the rule engine.