ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S106/rust/rule.adoc
github-actions[bot] 06ad3ace6f
Create rule S106: Standard outputs should not be used directly to log anything (#4735) 
* Add rust to rule S106

* Update RSPEC

* Fix RSPEC

---------

Co-authored-by: yassin-kammoun-sonarsource <yassin-kammoun-sonarsource@users.noreply.github.com>
Co-authored-by: yassin-kammoun-sonarsource <yassin.kammoun@sonarsource.com>
2025-03-19 14:40:00 +00:00

40 lines
1.0 KiB
Plaintext
Raw Blame History

:language_std_outputs: print!, println!
== Why is this an issue?
include::../description.adoc[]
=== Code examples
==== Noncompliant code example
[source,rust,diff-id=1,diff-type=noncompliant]
----
fn do_something() {
println!("my message"); // Noncompliant, output directly to stdout without a logger
}
----
==== Compliant solution
[source,rust,diff-id=1,diff-type=compliant]
----
use log::{info, LevelFilter};
use simple_logger::SimpleLogger;
fn do_something() {
SimpleLogger::new().with_level(LevelFilter::Info).init().unwrap();
// ...
info!("my message"); // Compliant, output via logger
// ...
}
----
== Resources
=== Documentation
* Clippy Lints - https://rust-lang.github.io/rust-clippy/master/index.html#print_stdout
* OWASP - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[Top 10 2021 Category A9 - Security Logging and Monitoring Failures]
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
Reference in New Issue View Git Blame Copy Permalink