Update RSPEC

Add rust to rule S3807
2025-03-27 11:46:06 +01:00 · 2025-03-27 10:26:01 +00:00
4 changed files with 87 additions and 40 deletions
--- a/rules/S3807/cfamily/metadata.json
+++ b/rules/S3807/cfamily/metadata.json
@ -1,42 +1,2 @@
 {
-  "title": "Parameter values should be appropriate",
-  "type": "BUG",
-  "code": {
-    "impacts": {
-      "RELIABILITY": "HIGH"
-    },
-    "attribute": "LOGICAL"
-  },
-  "status": "ready",
-  "remediation": {
-    "func": "Constant\/Issue",
-    "constantCost": "5min"
-  },
-  "tags": [
-    "symbolic-execution"
-  ],
-  "extra": {
-    "replacementRules": [
-
-    ],
-    "legacyKeys": [
-
-    ]
-  },
-  "defaultSeverity": "Critical",
-  "ruleSpecification": "RSPEC-3807",
-  "sqKey": "S3807",
-  "scope": "All",
-  "securityStandards": {
-    "CWE": [
-      476
-    ],
-    "CERT": [
-      "EXP01-J."
-    ]
-  },
-  "defaultQualityProfiles": [
-    "Sonar way"
-  ],
-  "quickfix": "infeasible"
 }
--- a/rules/S3807/metadata.json
+++ b/rules/S3807/metadata.json
@ -1,2 +1,42 @@
 {
+  "title": "Parameter values should be appropriate",
+  "type": "BUG",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "HIGH"
+    },
+    "attribute": "LOGICAL"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+    "symbolic-execution"
+  ],
+  "extra": {
+    "replacementRules": [
+
+    ],
+    "legacyKeys": [
+
+    ]
+  },
+  "defaultSeverity": "Critical",
+  "ruleSpecification": "RSPEC-3807",
+  "sqKey": "S3807",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      476
+    ],
+    "CERT": [
+      "EXP01-J."
+    ]
+  },
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
+  "quickfix": "infeasible"
 }
--- a/rules/S3807/rust/metadata.json
+++ b/rules/S3807/rust/metadata.json
@ -0,0 +1,6 @@
+{
+  "title": "Null pointers should not be passed to functions expecting non-null arguments",
+  "tags": [
+    "clippy"
+  ]
+}
--- a/rules/S3807/rust/rule.adoc
+++ b/rules/S3807/rust/rule.adoc
@ -0,0 +1,41 @@
+== Why is this an issue?
+
+The standard Rust library includes a variety of functions for pointer manipulations. Many of these functions require non-null ponter parameters, including:
+
+* ``++sym::ptr_read++``
+* ``++sym::ptr_read_unaligned++``
+* ``++sym::ptr_read_volatile++``
+* ``++sym::ptr_replace++``
+* ``++sym::ptr_write++``
+* ``++sym::ptr_write_bytes++``
+* ``++sym::ptr_write_unaligned++``
+* ``++sym::ptr_write_volatile++``
+* ``++sym::slice_from_raw_parts++``
+* ``++sym::slice_from_raw_parts_mut++``
+* ``++sym::ptr_copy++``
+* ``++sym::ptr_copy_nonoverlapping++``
+* ``++sym::ptr_swap++``
+* ``++sym::ptr_swap_nonoverlapping++``
+
+Using ``++ptr::null++`` in unsafe code can result in undefined behavior, compromising the stability and safety of the program. Undefined behavior occurs when the program does something the Rust language specifications do not define, often leading to crashes or security vulnerabilities.
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,rust,diff-id=1,diff-type=noncompliant]
+----
+unsafe { std::slice::from_raw_parts(ptr::null(), 0); } // Noncompliant: Usage of `ptr::null()`.
+----
+
+==== Compliant solution
+
+[source,rust,diff-id=1,diff-type=compliant]
+----
+unsafe { std::slice::from_raw_parts(NonNull::dangling().as_ptr(), 0); } // Compliant: Uses `NonNull::dangling().as_ptr()` to avoid undefined behavior.
+----
+
+== Resources
+=== Documentation
+
+* Clippy Lints - https://rust-lang.github.io/rust-clippy/master/index.html#invalid_null_ptr_usage
Author	SHA1	Message	Date
yassin-kammoun-sonarsource	bc3b7b59a4	Update RSPEC	2025-03-27 11:46:06 +01:00
yassin-kammoun-sonarsource	905f7c9ed4	Add rust to rule S3807	2025-03-27 10:26:01 +00:00