Rust-proof your code with our ... Note

Rust-proof your code with our new Testing Handbook chapter

Trail of Bits has expanded its Testing Handbook with a new chapter dedicated to securing Rust programs. This comprehensive guide details the tools and techniques employed by Trail of Bits for validating Rust's security. It begins by outlining Rust's security guarantees and limitations, including often overlooked issues like unwind safety and arithmetic errors. The chapter then delves into dynamic analysis, covering unit test boosters, Miri for undefined behavior detection, property testing with proptest, code coverage, and mutation testing. Static analysis is also thoroughly addressed, with an in-depth look at Clippy and favorite lints. Beyond automated tools, the guide shares insights from direct Rust codebase audits. It includes a "gotchas and footguns" checklist for manual reviews, highlighting subtle issues like operator precedence differences. Three solutions for guaranteed memory zeroization of secrets are also presented. Specialized testing tools like the Kani model checker are discussed. A supply chain section covers vetting dependencies. Additionally, Trail of Bits introduced rust-review, a Claude Code plugin co-built with Aptos Labs for automated Rust security reviews. This tool targets numerous bug classes, from memory safety to FFI pitfalls, offering a quick way to identify issues. The handbook aims to remain current, inviting contributions and offering assistance for securing Rust systems.