Static analysis

Static Analysis #

Analyze source code without executing it.

Clippy #

Clippy is the basic linter. Just use it.

cargo clippy

Being pedantic won’t hurt.

cargo clippy -- -W clippy::pedantic

A nice list of lints can be found at rust-lang.github.io.

Dylint #

Clippy is nice, but creating custom lints is a bit of a pain.

To write your own lints and to take adventage of not-standarized lints of others people use dylint - dynamic linter.

Quick start #

Add the following to Cargo.toml:

[workspace.metadata.dylint]
libraries = [
  { git = "https://github.com/trailofbits/dylint", pattern = "examples/general/*" },
  { git = "https://github.com/trailofbits/dylint", pattern = "examples/supplementary/*" },
]

And run:

cargo install cargo-dylint dylint-link
cargo dylint --all --workspace

Writing your own lints #

TODO!

cargo dylint --new <path>

Now implement the LateLintPass trait and accommodate the symbols asking to be filled in.

Semgrep #

Semgrep has a beta support for Rust language. Check the semgrep page for more information.

Edit Edit this page | Trail of Bits | Trail of Bits Blog | Contact us
This content is licensed under a Creative Commons Attribution 4.0 International license.