rust.lang.security.unsafe-usage.unsafe-usage

semgrep

Author

unknown

Download Count*

LGPL Commons Clause

License

Detected 'unsafe' usage, please audit for secure usage

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: unsafe-usage
    message: Detected 'unsafe' usage, please audit for secure usage
    pattern: unsafe { ... }
    metadata:
      references:
        - https://doc.rust-lang.org/std/keyword.unsafe.html
      technology:
        - rust
      category: security
      cwe: "CWE-242: Use of Inherently Dangerous Function"
      confidence: HIGH
      likelihood: LOW
      impact: LOW
      subcategory: audit
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Dangerous Method or Function
    languages:
      - rust
    severity: INFO

Examples

unsafe-usage.rs

// ruleid: unsafe-usage
let pid = unsafe { libc::getpid() as u32 };

// ok: unsafe-usage
let pid = libc::getpid() as u32;

Short Link: https://sg.run/lqgo