Rust
Rust¶
Clippy¶
Install Rust:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
Install Clippy:
rustup component add clippy
Check for vuln libriries:
cargo-audit
Check Rust Code:
cargo clippy --all --all-targets --all-features -- -Dwarnings -Drust-2018-idioms
#TOFINISH
cargo-outdated
cargo-fuzz
cargo-fmt
cargo test
cargo clippy
cargo audit
rg unsafe
Getting Rust to use SSH¶
Update Cargo Config:
>>> cat ~/.cargo/config
[net]
git-fetch-with-cli = true
Update Git Config:
>>> cat ~/.gitconfig
...
[url "[email protected]:"]
insteadOf = https://github.com/
String Issues¶
UTF-8 String Handling¶
The String type is a growable, mutable, owned, and UTF-8 encoded string. For this section, we'll focus on String and &str.
Caution with Slicing:
//Avoid direct slicing of multi-byte characters
let hello = "Здравствуйте";
let s = &hello[0..1]; // Panics at runtime!
Safe methods:
fn main() {
let hello = "Здравствуйте";
// Safe byte-based indexing
if hello.is_char_boundary(2) {
let s = &hello[2..];
println!("{}", s);
}
// Using chars()
for c in hello.chars() {
println!("{}", c);
}
}
SQL Injection¶
Avoid vulnerable code:
format!("select * from users where username = {}", username)
Use parameterized queries with the sql crate:
use sql::Connection;
let query = "SELECT * FROM users WHERE username = $1";
let rows = connection.query(query, &[&username]).unwrap();