Rust

Rust¶

Paid Scanners¶

https://www.sonarqube.org/

Clippy¶

Install Rust:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Install Clippy:

rustup component add clippy

Check for vuln libriries:

cargo-audit 

Check Rust Code:

cargo clippy --all --all-targets --all-features -- -Dwarnings -Drust-2018-idioms

#TOFINISH
cargo-outdated 

cargo-fuzz

cargo-fmt


cargo test

cargo clippy

cargo audit

rg unsafe

Getting Rust to use SSH¶

Update Cargo Config:

>>> cat ~/.cargo/config
[net]
git-fetch-with-cli = true

Update Git Config:

>>> cat ~/.gitconfig
...
[url "[email protected]:"]
  insteadOf = https://github.com/

String Issues¶

UTF-8 String Handling¶

The String type, which is provided by Rust's standard library rather than coded into the core language, is a growable, mutable, owned, UTF-8 encoded string type.

For purposes of this section only, we will refer to strings as those from the String and the string slice &str types, although other types of strings are available.

Be careful when slicing UTF-8 strings:

let hello = "Здравствуйте";

let s = &hello[0..1];

Since each character in the string hello is represented by two (2) bytes, the string slice s will fail with a panic.

To ensure proper slicing of these types of strings, the following methods should be used:

convert string in bytes with .as_bytes() before slicing with [] or .get()
check string content with .starts_with()
verify the string with .is_ascii() or .is_char_boundary()

SQL Injection¶

format!("select * from users where username = {}", username)