Redirects to a destination that is provided by the user or through an external function may be invalid or unsafe. Consider verifying the destination before firing the redirect.
actix::NamedFile::open(..)
RS-S1014Use of actix::NamedFile::open(..)
with non-validated user input can lead to path traversal vulnerability,
i.e., a vulnerability that may expose private files on server.
regex
crate RS-S1015The regex
Rust library prior to version 1.5.5
is vulnerable to
regular expression denial of service (ReDoS) attacks.
Ensure that you use version 1.5.5
or above in Cargo.toml
dependencies for regex
.
Conversion between raw slices of differently sized types is undefined behaviour, because
the length of the pointer is not converted using as
.
*const
to *mut
RS-S1011Converting *const
to *mut
works in safe code. However, mutating such a pointer can result in
undefined behavior. Such situations can only occur in unsafe code, because dereferencing pointers is an
unsafe operation.