Create rule S106: Standard outputs should not be used directly to log anything (#4735)

* Add rust to rule S106 * Update RSPEC * Fix RSPEC --------- Co-authored-by: yassin-kammoun-sonarsource <yassin-kammoun-sonarsource@users.noreply.github.com> Co-authored-by: yassin-kammoun-sonarsource <yassin.kammoun@sonarsource.com>
2025-03-19 14:40:00 +00:00 · 2025-03-19 14:40:00 +00:00 · 06ad3ace6f
commit 06ad3ace6f
parent bd332080f2
2 changed files with 45 additions and 0 deletions
--- a/rules/S106/rust/metadata.json
+++ b/rules/S106/rust/metadata.json
@ -0,0 +1,6 @@
+{
+  "tags": [
+    "bad-practice",
+    "clippy"
+  ]
+}
--- a/rules/S106/rust/rule.adoc
+++ b/rules/S106/rust/rule.adoc
@ -0,0 +1,39 @@
+:language_std_outputs: print!, println!
+
+== Why is this an issue?
+
+include::../description.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,rust,diff-id=1,diff-type=noncompliant]
+----
+fn do_something() {
+    println!("my message");  // Noncompliant, output directly to stdout without a logger
+}
+----
+
+==== Compliant solution
+
+[source,rust,diff-id=1,diff-type=compliant]
+----
+use log::{info, LevelFilter};
+use simple_logger::SimpleLogger;
+
+fn do_something() {
+    SimpleLogger::new().with_level(LevelFilter::Info).init().unwrap();
+    // ...
+    info!("my message");  // Compliant, output via logger
+    // ...
+}
+----
+
+== Resources
+
+=== Documentation
+
+* Clippy Lints - https://rust-lang.github.io/rust-clippy/master/index.html#print_stdout
+* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures]
+* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]