Skip to content

Rust rules: unsafe blocks, panic in lib, unwrap in prod #4

Open
Open
Rust rules: unsafe blocks, panic in lib, unwrap in prod#4
Labels
enhancementNew feature or requestnew-ruleNew detection rulev0.9.0Version 0.9.0 - Rust rules + Tree-sitter AST
@Krigsexe

Description

@Krigsexe
Krigsexe
opened on Mar 19, 2026

Context

ai-rsk has 0 Rust YAML rules. Rust projects rely on cargo-audit only (Layer 2). Need Layer 1 rules for Rust-specific patterns.

Scope

  • unsafe blocks without safety comments
  • panic!() / unwrap() / expect() in library code (not binary)
  • todo!() / unimplemented!() in non-test code
  • #[allow(dead_code)] or #[allow(unused)] (code smell)
  • hardcoded secrets in Rust code
  • std::process::Command without input sanitization

Acceptance criteria

  • Each rule scoped to *.rs
  • CWE references verified
  • Fixtures in tests/fixtures/

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestnew-ruleNew detection rulev0.9.0Version 0.9.0 - Rust rules + Tree-sitter AST

    Projects

    @Krigsexe's ROADMAP

    Status

    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions