Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
Go
HTML
Java
JavaScript
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

Rust static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your RUST code

Tags

Impact

Clean code attribute

Match expression conditions should not have boolean type
Code Smell
Non-empty statements should change control flow or have at least one side-effect
Bug
Infinite iterators should be finished off with a terminating operation
Bug
`saturating_sub` should be used to avoid subtraction underflow
Bug
`mem::uninitialized` and `mem::zeroed()` should not be used to replace values
Bug
Conflicting `Borrow` and `Hash` implementations should be avoided
Bug
Serde `visit_str` method should be implemented when `visit_string` is implemented
Bug
`set_len` should not be called on uninitialized vectors
Bug
Inherent shadowing definitions of to_string should be avoided
Bug
Calls to `step_by` that always panic should not be made
Bug
`skip(0)` should not be used on iterators
Bug
The return value of `next` should not be looped over
Bug
Numeric literal suffixes should not be mistyped
Bug
Functions should not return mutable references from immutable parameters
Bug
Remainder operations with `1` or `-1` should be avoided
Bug
Synchronization locks should not be dropped immediately after acquisition
Bug
The `#[inline]` attribute should not be used on trait methods without implementation
Bug
Unix file permissions should be set with octal values
Bug
File open options should be consistent
Bug
Functions expecting raw pointer arguments should be marked as unsafe
Bug
`env!` should be preferred over `option_env!`
Bug
`checked_add` and `overflowing_add` should be used to prevent overflows
Bug
Calls to `std::mem::transmute` should not be evaluated eagerly
Bug
`unwrap()` should only be used when there is a value to unwrap
Bug
Lines read from the standard input should be trimmed
Bug
Formatting trait implementations should not be recursive
Bug
Comparisons with overlapping ranges that are always false should not be made
Bug
Incompatible bit masks should not be used in comparisons
Bug
Variables should be swapped using `std::mem::swap`
Bug
Redundant comparisons should be removed
Bug
Raw pointers should not be casted to slices with differently sized elements
Bug
Reversed ranges and slices should not be empty
Bug
`size_of::<T>` should not be used to count elements of type `T`
Bug
`splitn` should not be used with a limit of 0 or 1
Bug
Null function pointers should not be created through `transmute`
Bug
Case mismatches in pattern arms of match expressions should be avoided
Bug
Null pointers should not be transmuted
Bug
C-like enums should not have unportable variants
Bug
`MaybeUninit::uninit().assume_init()` should not be used
Bug
Avoid manual PartialEq implementation with a derived Hash
Bug
Unit values should not be compared
Bug
Unit values should not be hashed
Bug
Closures of `type Fn(...) -> Ord` should not return the unit type
Bug
Collections should not be transmuted to different types
Bug
I/O buffers should be processed entirely
Bug
Lint attributes should not be used on crate imports
Bug
Manual PartialOrd implementation should be avoided when Ord is derived
Bug
Immutable variables should not be used in while loop conditions
Bug
Avoid transmutes that can never be correct
Bug
Await should be used for awaitable returns in async blocks and functions
Bug
Pointer arithmetic should not be performed on zero-sized types
Code Smell
Shared code in all branches should be extracted
Code Smell
Avoid resizing a vector to zero using `vec.resize(0, value)`
Bug
Inline vector literals should be preferred to chains of insertions
Code Smell
Clamping values with `cmp::min` and `cmp::max` should use correct ranges
Bug
Accessing an array element should not trigger a panic
Bug
Mathematical constants should not be hardcoded
Code Smell
Regular expressions should be syntactically valid
Bug
"std::ptr::null" should be used to denote the null pointer
Code Smell
Redundant casts should be avoided
Code Smell
Getters should access the expected fields
Bug
Null pointers should not be passed to functions expecting non-null arguments
Bug
Cognitive Complexity of functions should not be too high
Code Smell
Array elements should be separated by commas
Code Smell
Field init shorthand should be used
Code Smell
Boolean expressions should not be gratuitous
Code Smell
Invisible Unicode characters should not be used
Code Smell
Unnecessary bit operations should not be performed
Code Smell
Rust source files should not have syntax errors
Code Smell
Wildcard imports should not be used
Code Smell
Unnecessary mathematical comparisons should not be made
Code Smell
"while" loop counters should not have floating type
Bug
Erasing mathematical operations should not be performed
Code Smell
Underscores should be used to make large numbers readable
Code Smell
Related "if/else if" statements should not have the same condition
Bug
"to_string()" should never be called on a String value
Code Smell
Identical expressions should not be used on both sides of a binary operator
Bug
Loops with at most one iteration should be refactored
Bug
Variables should not be self-assigned
Bug
Closures should be replaced with function pointers
Code Smell
Local variables should not be declared and then immediately returned
Code Smell
"if ... else if" constructs should end with "else" clauses
Code Smell
Empty statements should be removed
Code Smell
Functions should not have too many parameters
Code Smell
Standard outputs should not be used directly to log anything
Code Smell

Functions expecting raw pointer arguments should be marked as unsafe

intentionality - logical

reliability

Bug

clippy

Why is this an issue?

More Info

For any raw pointer passed as an argument, it is not possible to guarantee its validity. Dereferencing an invalid pointer can lead to undefined behavior, causing potential segmentation faults or other critical issues. By marking such functions as unsafe, it notifies the caller that they need to ensure the pointer’s validity and surround the function call with an unsafe block to acknowledge the potential risks involved.

Code examples

Noncompliant code example

pub fn foo(x: *const u8) {
    println!("{}", unsafe { *x });
}

// This call "looks" safe but will segfault or worse!
// foo(invalid_ptr);

Compliant solution

pub unsafe fn foo(x: *const u8) {
    println!("{}", unsafe { *x });
}

// This would cause a compiler error for calling without `unsafe`
// foo(invalid_ptr);

// Sound call if the caller knows the pointer is valid
unsafe { foo(valid_ptr); }

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

© 2008-2025 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Sonar helps developers write Clean Code.
Privacy Policy | Cookie Policy | Terms of Use

In-IDE

SaaS

Self-Hosted