AWS CloudFormation Linter

Found `self` identifier where `Self` was expectedRS-E1001 Found invalid regexRS-E1002 Found empty range expressionRS-E1005 Found explicit self-assignmentRS-W1013 Called `unwrap` on `option_env!` macroRS-W1016 Found builtin-type shadowRS-W1028 Found possibly mistyped suffixRS-E1009 Found similar pattern and replacement in `str::replace`RS-W1094 Found potentially incorrect use of `map`RS-W1089 Unnecessary iteration to determine length of collectionRS-W1093 Possibly missing comma in array expressionRS-W1121 Found non UTF-8 literal in `str::from_utf8_unchecked`RS-W1122 Found use of deprecated functionRS-W1128 Found assertion on boolean constantRS-W1021 Unneeded wildcard patternRS-C1004 Usage of `print!` macro with newlineRS-C1005 Found unneeded field patternRS-C1010 This match statement can be collapsed into an if-let statementRS-W1006 This match statement can be collapsed into an if-else statementRS-W1007 Found if block with identical else blockRS-W1008 Found consecutive if expressions with the same conditionRS-W1009 Found useless if blockRS-W1010 Found `map` with identity functionRS-W1018 Found unnecessary `fold`RS-W1022 Usage of `fs::create_dir`RS-W1032 Extending string with another using `chars`RS-W1095 Found incorrect usage of `#[inline]` attributeRS-E1006 Found occurrence of `.bytes().count()`RS-P1001 Found occurrence of `.skip(..).next()`RS-W1036 Array-expression or type initialized with zero lengthRS-W1096 Found usage of `split` to check for presence of patternRS-W1097 Found redundant unsafe operation: `libc::strlen`RS-W1098 Found manual implementation of a `char::is_ascii_*` methodRS-W1099 Found obfuscated if-else expressionRS-W1120 Syntax ErrorRS-E1000 File or directory created with insecure permissionsRS-A1001 Audit required: Sensitive cookie without `HttpOnly` attributeRS-A1003 Audit required: Sensitive cookie without `secure` attributeRS-A1002 Found occurrence of `.step_by(0)`RS-E1003 Iterating over `Option` typeRS-E1004 Found erasing operationRS-E1007 Detected non-octal Unix permissionsRS-E1013 Found non-binding `let` on a synchronization lockRS-E1014 Attempting to hash a unit valueRS-E1017 Setting global write permission on fileRS-S1016 Attempting to `transmute` a `ptr` to a `ref`RS-E1018 Attempting to `transmute` a `ref` to a `ptr`RS-E1019 Attempting to `transmute` a `ptr` to a `ptr` when `ref` transmute is saferRS-E1020 Audit required: Found vulnerable content security policy header in HTTP responseRS-A1011 Found `.clone()` call on a double referenceRS-W1100 Manual implementation of `Error::type_id`RS-S1001 Found string literal in `env` functionsRS-W1015 Detected conversion between differently sized raw slicesRS-S1013 Insufficient RSA key sizeRS-S1005 Missing regex anchorRS-S1008 Hardcoded temporary file or directory detectedRS-S1003 Found usage of cryptographically insecure algorithmRS-S1004 Found comparison with `NaN`RS-E1012 Found potentially incorrect use of bitwise XORRS-S1007 Potentially unsafe usage of `std::fs::remove_dir_all`RS-S1002 Detected conversion of `*const` to `*mut`RS-S1011 Detected conversion of raw slice to `ptr`RS-S1012 Called `mem::forget` or `mem::drop` on a referenceRS-E1010 Called `mem::forget` or `mem::drop` on a Copy typeRS-E1011 Audit required: Use of `VecDeque::make_contiguous`RS-A1005 Audit required: Exposure of sensitive headersRS-A1004 Audit required: Use of `Vec::from_iter`RS-A1006 Detected invisible unicode characterRS-S1010 Comparing unit valuesRS-E1016 Found potentially incomplete ASCII rangeRS-W1086 Found manual approximation of known floating constantRS-W1207 Found binary operation with identical left and right hand sidesRS-E1008 Passing unit value as argument to functionRS-E1015 Found single-character string literal patternRS-P1100 Bind to all interfacesRS-S1006 Unused `.enumerate()` or `.zip(..)` itemsRS-W1039 Found usage of `crate` in macro definitionRS-W1084 Found inaccurate duration calculationRS-W1087 Needless iteration over collection that allows indexingRS-W1091 Using ordered iteration methods on arbitrarily ordered iteratorRS-W1081 Found redundant use of `mem::replace`RS-W1113 Redirect to destination from possibly tainted sourceRS-S1009 Usage of DoS vulnerable version of `regex` crateRS-S1015 Comparing function pointer to `null`RS-W1115 Found redundant use of `mem::replace`RS-W1112 Found redundant use of `mem::replace`RS-W1114 Called `mem::forget` or `mem::drop` on a non-Drop typeRS-E1021 Found I/O operation with unhandled return valueRS-E1023 Potential path traversal vulnerability due to `actix::NamedFile::open(..)`RS-S1014 Found isize/usize enumeration with overflowing valueRS-W1075 Insertion of pointer to non-owned reference counted value into vectorRS-W1106 Audit required: Found `X-XSS-Protection` header in HTTP responseRS-A1010 Cast from function pointer to non-pointer typeRS-W1124 Found transmute between a type `T` and `*T` or `&T`RS-E1024 Audit required: Function call in `default()` that returns `Self`RS-A1008 Found explicitly ignored future valueRS-E1035 Audit required: Calling `extend()` on `HashMap`RS-A1009 Audit required: Use of large `enum` variantRS-A1007 Found transmute between an integer and a `bool`RS-E1025 Found transmute between an integer and `NonZero` typeRS-E1026 Found transmute between integer literal and `fn` ptrRS-E1027 Found transmute between a literal and a `*T` ptrRS-E1028 Transmute from `float` or `char` to reference or pointerRS-E1029 Transmute from integer type to `char`RS-E1030 Found transmute between a numeric type and array or sliceRS-E1031 Found transmute between tuple and array or sliceRS-E1032 Found `print!` in implementation of `Display`RS-E1034 Using `std::mem::size_of_val()` on reference of type rather than type itselfRS-W1123 Function with cyclomatic complexity higher than thresholdRS-R1000 Found duplicate underscore argumentsRS-W1014 Found error-prone cast to `u8`RS-W1080 Comparing with `""` or `[]` when `.is_empty()` could be usedRS-W1102 Found redundant wildcard patternsRS-W1213 Found occurrence of `.filter(..).next()`RS-W1023 Unnecessary parenthesesRS-C1001 Unnecessary braces in `use` statementRS-C1002 Found redundant patternRS-W1000 Found unnecessary boolean comparisonRS-W1001 Potentially unsafe usage of `Arc::get_mut`RS-S1000 Use of `FIXME`/`XXX`/`TODO`RS-D1000 Unnecessary double parenthesesRS-C1000 Found enum variants with similar prefixes or suffixesRS-C1003 Empty format string in macro callRS-C1006 Found hexadecimal literal with mixed-case letter digitsRS-C1007 Found block expression in `if` conditionRS-C1008 Matching over booleanRS-C1011 Found zero-prefixed literalRS-C1012 Found `dbg!` macroRS-C1013 Found `#[must_use]` on a unit-returning functionRS-W1011 Found empty loop expressionRS-P1000 Found double unary negationRS-W1002 Found exclusive range where 1 is added to the upper boundRS-W1003 Found inclusive range where 1 is subtracted from the upper boundRS-W1004 Found trivial or undefined modulus operationRS-W1005 Zipping iterator with a range when `enumerate()` would doRS-W1012 Found no-op macro callRS-W1017 Found `filter_map` with identity functionRS-W1019 Found `flat_map` with identity functionRS-W1020 Found boolean assert comparisonRS-W1024 Dereference of an address is a no-opRS-W1025 Found redundant field name in initializerRS-W1026 Found trivial regexRS-W1027 Found redundant pattern matchingRS-W1029 Usage of `expect` followed by a function callRS-W1030 Usage of `unwrap_or` followed by a function callRS-W1031 Found iterator or string search followed by `is_some` or `is_none`RS-W1033 Found occurrence of `Arc<RwLock<HashMap<K, V>>>`RS-P1003 Found manual implementation of `Seek::rewind`RS-W1046 Found occurrence of `Rc::new("..")`RS-W1062 Found usage of `FileType::is_file`RS-A1000 Found manual implementation of `find_map`RS-W1210 Found `todo!` macroRS-W1065 Found unnecessary chain of `map` and `unwrap_or`RS-W1072 Found occurrence of `.bytes().nth(..)`RS-P1002 Adding single-character string literalRS-P1004 Found call to `.trim()` followed by `.split_whitespace()`RS-P1005 Unnecessary `collect()` on iterable to `Vec`RS-P1006 Found collapsible `.replace(..)` method callsRS-P1007 Found redundant static lifetimeRS-W1034 Found occurrence of `.inspect(..).for_each(..)`RS-W1035 Found wildcard in an or-patternRS-W1037 Found usage of `.is_digit(..)` with known radixRS-W1038 Found occurrence of `.skip_while(..).next()`RS-W1040 Found character comparison using `.chars().last()`RS-W1041 Found character comparison using `.chars().next()`RS-W1042 Found occurrence of `.to_digit(..).is_some()`RS-W1043 Found redundant conversion from `Result::Ok` to `Option`RS-W1044 Found manual implementation of `Instant::elapsed`RS-W1045 Found potentially ambiguous use of `.splitn(..)`RS-W1047 Found occurrence of `.chars().filter(..)`RS-W1049 Found occurrence of `&Box<T>` or `&mut Box<T>`RS-W1050 Found occurrence of `Default::default()`RS-W1051 Found use of `as` to convert literalsRS-W1052 Found occurrence of `.nth(0)`RS-W1053 Found suspicious loop over a fallibleRS-W1054 Found manual implementation of `Result::is_ok`RS-W1055 Found occurrence of `Arc<RefCell>` or `Arc<Cell<T>>`RS-W1056 Found occurrence of `Arc<Box<T>>`RS-W1057 Found occurrence of `Box::new("..")`RS-W1058 Found occurrence of `Box<&str>`RS-W1059 Found occurrence of `Box<String>`RS-W1060 Found occurrence of `Box<Vec<T>>`RS-W1061 Found occurrence of `Rc<&str>`RS-W1063 Found occurrence of `Rc<String>`RS-W1064 Found manual implementation of `.split_once(..)`RS-W1066 Found possibly misused `.splitn(..)`RS-W1067 Found redundant conversion from `Result::Err` to `Option`RS-W1071 Found `fold` over `Option`RS-W1085 Found manual implementation of `slice::last`RS-W1088 Found unnecessary `.ok()` in pattern matchRS-W1090 Manual implementation of `unwrap_or`RS-W1092 Found `unwrap_or_else(..)` where `unwrap_or_default()` would sufficeRS-W1104 Found occurrence of `vec.resize(0, ..)`RS-W1107 Construction of Iterator from single-element collectionRS-W1200 Invoking `.map_or()` with identity closureRS-W1201 Found unnecessary closureRS-W1202 Using `.join(..)` with empty stringRS-W1203 Redundant `map(..).filter_map(..)` chainRS-W1204 Manual implementation of `try_from_each`RS-W1205 Found explicit closure for cloning elementsRS-W1206 Found usage of `.repeat(1)`RS-W1208 Found redundant `if-else`RS-W1209 Redundant `and_then` over `map`RS-W1211 Found redundant call to `.count_ones()`RS-W1212 Found manual implementation of `cycle`RS-W1215 Found `bool::then` returning a literalRS-W1216 Found potentially buggy split of string into linesRS-W1217 Found redundant `take_while` with `map` callRS-W1214 Found manual implementation of `Seek::stream_position`RS-W1082 Found needless `Option::take`RS-W1083 Found use of `.clone()` in assignmentRS-W1070 Found usage of `Box::new(T::default())`RS-P1008 Consider using `.clamp(min, max)`, instead of `.max(min).min(max)` or `.min(max).max(min)`RS-W1069 Found comparison with `None`RS-W1108 Found manual implementation of `stream_position(..)`RS-W1109 Found implementation of `default()` outside `Default` traitRS-E1022 Found manual implementation of `std::ptr::null()`RS-W1078 Found useless lint attributeRS-W1074 Found pointer comparison with `ptr::null()`RS-C1014 Found nested `format!` macro in a formatting macroRS-W1068 Found const declaration of atomic typeRS-W1076 Found `while` with constant conditionRS-W1077 Empty call to `new()`RS-W1079 Found `ref` keyword with `&` referenceRS-W1105 Found call to `clone()` on type that implements CopyRS-W1110 Found trivial implementation of `default()`RS-W1111 Found redundant let-bindingRS-W1218 Found redundant `match` over `std::cmp::Ordering`RS-W1219 Found redundant `lock()` on `std::io::stdin()`RS-W1220 Found empty tuple struct or tuple variantRS-W1125 Found usage of `then_some(..).unwrap_or(..)`RS-C1015 Undocumented public item in source codeRS-D1001 Unnecessary `OnceCell` wrapper around `Mutex`RS-W1135 Found manual implementation of `retain()`RS-P1009 Found manual implementation of `T::BITS`RS-W1132 Found manual implementation of `vec.first()`RS-W1116 Found `print!` in implementation of `Debug`RS-W1133 Found redundant transmute between the type `T` and `T`RS-W1117 Found redundant type annotationRS-C1016 Found use of `std::ffi::c_void` ptr in `from_raw`RS-W1118 Found manual implementation of `std::ptr::eq` on referencesRS-W1119 Found transmute from floating point type to integer typeRS-W1126 Found transmute from integer type to floating point typeRS-W1127 Found explicitly ignored unit valueRS-W1129 Found unnecessary destructure in assignmentRS-W1130 Found cast of `abs()` to unsigned integer typeRS-W1131 Found manual implementation of `eq()` on `OsString`RS-W1134

RS-S1002

Potentially unsafe usage of `std::fs::remove_dir_all`RS-S1002

Major

Security

cwe-367

In the standard library in Rust before 1.58.1, there is a race condition that enables symlink following. An attacker could take advantage of this security vulnerability to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete.

std::fs::remove_dir_all includes checks to ensure that symlinks are not followed to avoid recursively deleting symlinks. However, the check was implemented incorrectly, resulting in a TOCTOU (Time-of-check Time-of-use) race condition:

attacker creates a directory
system checks if directory is a symlink
attacker replaces directory with a symlink
system proceeds to delete the directory

This bug has since been fixed, consider upgrading to a newer version of Rust to mitigate this issue. To let DeepSource know which version of Rust your project builds against, set the msrv field under analyzers.meta in your .deepsource.toml file.

Bad practice

// vulnerable to attacks on all versions of Rust before 1.58.1
std::fs::remove_dir_all("/some/path");

References