Breadcrumbs

Rust

Mend SAST-supported Rust file types

File Type

.rs

.tom

Mend SAST-supported Rust frameworks

Framework

Actix

Axum

Poem

Rocket

Salvo

Tide

Warp

Rust high-severity vulnerability types

CWE

Vulnerability Type

Low Probability Impact

CWE-22

Path Traversal

  • Additional Taint Sources:
    Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

CWE-78

Command Injection

  • Additional Taint Sources:
    Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

CWE-79

Cross-Site Scripting

  • Additional Taint Sources:
    Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

CWE-89

SQL Injection

  • Additional Taint Sources:
    Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

CWE-94

Code Injection

  • UNAFFECTED

CWE-502

Deserialization of Untrusted Data

  • UNAFFECTED

CWE-643

XPath Injection

  • Additional Taint Sources:
    Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

CWE-918

Server Side Request Forgery (SSRF)

  • Additional Taint Sources:
    Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

CWE-943

NoSQL Injection

  • Additional Taint Sources:
    Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

Rust medium-severity vulnerability types

CWE

Vulnerability Type

Low Probability Impact

CWE-90

LDAP Injection

  • Additional Taint Sources: Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

CWE-295

Insecure TLS Configuration

  • UNAFFECTED

CWE-327

Insecure Cryptographic Algorithm

  • UNAFFECTED

CWE-330

Insufficiently Random Values

  • UNAFFECTED

CWE-347

Improper Verification of JWT Signature

  • UNAFFECTED

CWE-606

Loop Denial of Service

  • UNAFFECTED

CWE-676

Use of Potentially Dangerous Function

  • UNAFFECTED

CWE-798

Hardcoded Password/Credentials

  • Additional Taint Sinks:
    Assignments of hard-coded strings to variables/attributes with special names like password

Rust low-severity vulnerability types

CWE

Vulnerability Type

Low Probability Impact

CWE-328

Weak Hash Strength

  • UNAFFECTED

CWE-369

Divide By Zero

  • UNAFFECTED

CWE-601

Unvalidated/Open Redirect

  • Additional Taint Sources: Content from files and streams, databases, environment (command line calls, main method arguments, environment variables, configurations, url access)

CWE-614

Sensitive Cookie Without 'Secure' Attribute

  • UNAFFECTED

CWE-789

Uncontrolled Memory Allocation

  • UNAFFECTED

CWE-942

Origin Validation Error

  • UNAFFECTED

CWE-1004

Cookie Without ‘HttpOnly’ Flag

  • UNAFFECTED