CWE coverage for Rust¶
An overview of CWE coverage for Rust in the latest release of CodeQL.
Overview¶
| CWE | Language | Query id | Query name |
|---|---|---|---|
| CWE-20 | Rust | rust/regex-injection | Regular expression injection |
| CWE-20 | Rust | rust/uncontrolled-allocation-size | Uncontrolled allocation size |
| CWE-22 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-23 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-36 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-73 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-74 | Rust | rust/regex-injection | Regular expression injection |
| CWE-74 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-74 | Rust | rust/xss | Cross-site scripting |
| CWE-74 | Rust | rust/sql-injection | Database query built from user-controlled sources |
| CWE-79 | Rust | rust/xss | Cross-site scripting |
| CWE-89 | Rust | rust/sql-injection | Database query built from user-controlled sources |
| CWE-99 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-116 | Rust | rust/xss | Cross-site scripting |
| CWE-116 | Rust | rust/log-injection | Log injection |
| CWE-117 | Rust | rust/log-injection | Log injection |
| CWE-118 | Rust | rust/access-after-lifetime-ended | Access of a pointer after its lifetime has ended |
| CWE-118 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-119 | Rust | rust/access-after-lifetime-ended | Access of a pointer after its lifetime has ended |
| CWE-119 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-200 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-259 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-284 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-287 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-295 | Rust | rust/disabled-certificate-check | Disabled TLS certificate check |
| CWE-311 | Rust | rust/cleartext-transmission | Cleartext transmission of sensitive information |
| CWE-311 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-311 | Rust | rust/cleartext-storage-database | Cleartext storage of sensitive information in a database |
| CWE-311 | Rust | rust/non-https-url | Failure to use HTTPS URLs |
| CWE-311 | Rust | rust/insecure-cookie | 'Secure' attribute is not set to true |
| CWE-312 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-312 | Rust | rust/cleartext-storage-database | Cleartext storage of sensitive information in a database |
| CWE-319 | Rust | rust/cleartext-transmission | Cleartext transmission of sensitive information |
| CWE-319 | Rust | rust/non-https-url | Failure to use HTTPS URLs |
| CWE-319 | Rust | rust/insecure-cookie | 'Secure' attribute is not set to true |
| CWE-321 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-326 | Rust | rust/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-327 | Rust | rust/weak-cryptographic-algorithm | Use of a broken or weak cryptographic algorithm |
| CWE-327 | Rust | rust/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-328 | Rust | rust/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-330 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-344 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-345 | Rust | rust/non-https-url | Failure to use HTTPS URLs |
| CWE-359 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-398 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-400 | Rust | rust/uncontrolled-allocation-size | Uncontrolled allocation size |
| CWE-441 | Rust | rust/request-forgery | Server-side request forgery |
| CWE-476 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-532 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-538 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-552 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-610 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-610 | Rust | rust/request-forgery | Server-side request forgery |
| CWE-614 | Rust | rust/insecure-cookie | 'Secure' attribute is not set to true |
| CWE-642 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-657 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-664 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-664 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-664 | Rust | rust/cleartext-storage-database | Cleartext storage of sensitive information in a database |
| CWE-664 | Rust | rust/ctor-initialization | Bad 'ctor' initialization |
| CWE-664 | Rust | rust/uncontrolled-allocation-size | Uncontrolled allocation size |
| CWE-664 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-664 | Rust | rust/access-after-lifetime-ended | Access of a pointer after its lifetime has ended |
| CWE-664 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-664 | Rust | rust/request-forgery | Server-side request forgery |
| CWE-665 | Rust | rust/ctor-initialization | Bad 'ctor' initialization |
| CWE-665 | Rust | rust/uncontrolled-allocation-size | Uncontrolled allocation size |
| CWE-666 | Rust | rust/access-after-lifetime-ended | Access of a pointer after its lifetime has ended |
| CWE-666 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-668 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-668 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-671 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-672 | Rust | rust/access-after-lifetime-ended | Access of a pointer after its lifetime has ended |
| CWE-672 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-691 | Rust | rust/ctor-initialization | Bad 'ctor' initialization |
| CWE-693 | Rust | rust/regex-injection | Regular expression injection |
| CWE-693 | Rust | rust/disabled-certificate-check | Disabled TLS certificate check |
| CWE-693 | Rust | rust/cleartext-transmission | Cleartext transmission of sensitive information |
| CWE-693 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-693 | Rust | rust/cleartext-storage-database | Cleartext storage of sensitive information in a database |
| CWE-693 | Rust | rust/non-https-url | Failure to use HTTPS URLs |
| CWE-693 | Rust | rust/weak-cryptographic-algorithm | Use of a broken or weak cryptographic algorithm |
| CWE-693 | Rust | rust/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-693 | Rust | rust/insecure-cookie | 'Secure' attribute is not set to true |
| CWE-693 | Rust | rust/uncontrolled-allocation-size | Uncontrolled allocation size |
| CWE-693 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-696 | Rust | rust/ctor-initialization | Bad 'ctor' initialization |
| CWE-706 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-707 | Rust | rust/regex-injection | Regular expression injection |
| CWE-707 | Rust | rust/path-injection | Uncontrolled data used in path expression |
| CWE-707 | Rust | rust/xss | Cross-site scripting |
| CWE-707 | Rust | rust/sql-injection | Database query built from user-controlled sources |
| CWE-707 | Rust | rust/log-injection | Log injection |
| CWE-710 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-710 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-770 | Rust | rust/uncontrolled-allocation-size | Uncontrolled allocation size |
| CWE-789 | Rust | rust/uncontrolled-allocation-size | Uncontrolled allocation size |
| CWE-798 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |
| CWE-825 | Rust | rust/access-after-lifetime-ended | Access of a pointer after its lifetime has ended |
| CWE-825 | Rust | rust/access-invalid-pointer | Access of invalid pointer |
| CWE-916 | Rust | rust/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-918 | Rust | rust/request-forgery | Server-side request forgery |
| CWE-922 | Rust | rust/cleartext-logging | Cleartext logging of sensitive information |
| CWE-922 | Rust | rust/cleartext-storage-database | Cleartext storage of sensitive information in a database |
| CWE-943 | Rust | rust/sql-injection | Database query built from user-controlled sources |
| CWE-1204 | Rust | rust/hard-coded-cryptographic-value | Hard-coded cryptographic value |