Create rule S7446: Functions expecting raw pointer arguments should be marked as unsafe (#4790)
* Create rule S7446 * Update RSPEC --------- Co-authored-by: yassin-kammoun-sonarsource <yassin-kammoun-sonarsource@users.noreply.github.com> Co-authored-by: yassin-kammoun-sonarsource <yassin.kammoun@sonarsource.com>
This commit is contained in:
github-actions[bot]
GitHub
parent
0b46bc20f9
commit
c008bdb1a8
2
rules/S7446/metadata.json
Normal file
2
rules/S7446/metadata.json
Normal file
@ -0,0 +1,2 @@
|
||||
{
|
||||
}
|
||||
24
rules/S7446/rust/metadata.json
Normal file
24
rules/S7446/rust/metadata.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"title": "Functions expecting raw pointer arguments should be marked as unsafe",
|
||||
"type": "BUG",
|
||||
"status": "ready",
|
||||
"remediation": {
|
||||
"func": "Constant\/Issue",
|
||||
"constantCost": "5min"
|
||||
},
|
||||
"tags": [
|
||||
"clippy"
|
||||
],
|
||||
"defaultSeverity": "Major",
|
||||
"ruleSpecification": "RSPEC-7446",
|
||||
"sqKey": "S7446",
|
||||
"scope": "All",
|
||||
"defaultQualityProfiles": ["Sonar way"],
|
||||
"quickfix": "unknown",
|
||||
"code": {
|
||||
"impacts": {
|
||||
"RELIABILITY": "MEDIUM"
|
||||
},
|
||||
"attribute": "LOGICAL"
|
||||
}
|
||||
}
|
||||
37
rules/S7446/rust/rule.adoc
Normal file
37
rules/S7446/rust/rule.adoc
Normal file
@ -0,0 +1,37 @@
|
||||
== Why is this an issue?
|
||||
|
||||
For any raw pointer passed as an argument, it is not possible to guarantee its validity. Dereferencing an invalid pointer can lead to undefined behavior, causing potential segmentation faults or other critical issues. By marking such functions as `unsafe`, it notifies the caller that they need to ensure the pointer's validity and surround the function call with an `unsafe` block to acknowledge the potential risks involved.
|
||||
|
||||
=== Code examples
|
||||
|
||||
==== Noncompliant code example
|
||||
|
||||
[source,rust,diff-id=1,diff-type=noncompliant]
|
||||
----
|
||||
pub fn foo(x: *const u8) {
|
||||
println!("{}", unsafe { *x });
|
||||
}
|
||||
|
||||
// This call "looks" safe but will segfault or worse!
|
||||
// foo(invalid_ptr);
|
||||
----
|
||||
|
||||
==== Compliant solution
|
||||
|
||||
[source,rust,diff-id=1,diff-type=compliant]
|
||||
----
|
||||
pub unsafe fn foo(x: *const u8) {
|
||||
println!("{}", unsafe { *x });
|
||||
}
|
||||
|
||||
// This would cause a compiler error for calling without `unsafe`
|
||||
// foo(invalid_ptr);
|
||||
|
||||
// Sound call if the caller knows the pointer is valid
|
||||
unsafe { foo(valid_ptr); }
|
||||
----
|
||||
|
||||
== Resources
|
||||
=== Documentation
|
||||
|
||||
* Clippy Lints - https://rust-lang.github.io/rust-clippy/master/index.html#not_unsafe_ptr_arg_deref
|
||||
Loading…
x
Reference in New Issue
Block a user