From 06ad3ace6f2a822c4ccea3392fe12b772759df03 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 19 Mar 2025 14:40:00 +0000
Subject: [PATCH] Create rule S106: Standard outputs should not be used
 directly to log anything (#4735)

* Add rust to rule S106

* Update RSPEC

* Fix RSPEC

---------

Co-authored-by: yassin-kammoun-sonarsource <yassin-kammoun-sonarsource@users.noreply.github.com>
Co-authored-by: yassin-kammoun-sonarsource <yassin.kammoun@sonarsource.com>
---
 rules/S106/rust/metadata.json |  6 ++++++
 rules/S106/rust/rule.adoc     | 39 +++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 rules/S106/rust/metadata.json
 create mode 100644 rules/S106/rust/rule.adoc

diff --git a/rules/S106/rust/metadata.json b/rules/S106/rust/metadata.json
new file mode 100644
index 0000000000..f3b0c9eba4
--- /dev/null
+++ b/rules/S106/rust/metadata.json
@@ -0,0 +1,6 @@
+{
+  "tags": [
+    "bad-practice",
+    "clippy"
+  ]
+}
diff --git a/rules/S106/rust/rule.adoc b/rules/S106/rust/rule.adoc
new file mode 100644
index 0000000000..0e648cd0d4
--- /dev/null
+++ b/rules/S106/rust/rule.adoc
@@ -0,0 +1,39 @@
+:language_std_outputs: print!, println!
+
+== Why is this an issue?
+
+include::../description.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,rust,diff-id=1,diff-type=noncompliant]
+----
+fn do_something() {
+    println!("my message");  // Noncompliant, output directly to stdout without a logger
+}
+----
+
+==== Compliant solution
+
+[source,rust,diff-id=1,diff-type=compliant]
+----
+use log::{info, LevelFilter};
+use simple_logger::SimpleLogger;
+
+fn do_something() {
+    SimpleLogger::new().with_level(LevelFilter::Info).init().unwrap();
+    // ...
+    info!("my message");  // Compliant, output via logger
+    // ...
+}
+----
+
+== Resources
+
+=== Documentation
+
+* Clippy Lints - https://rust-lang.github.io/rust-clippy/master/index.html#print_stdout
+* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures]
+* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]