ANSSI-FR/rust-guide ANSSI-FR/rust-guide

  • Stars
    star
    579
  • Rank 74,749 (Top 2 %)
  • Language
    Shell
  • License
    Other
  • Created over 5 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ANSSI-FR/rust-guide
github

ANSSI-FR

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Recommendations for secure applications development with Rust

Guide to develop secure applications with Rust

Objectives

The objective of this document is to provide hints and recommendations for secure applications development using the Rust programming language.

It is not intended to be a course on how to write Rust programs, there are already plenty of good learning resources for this purpose (see the External references section below). The purpose is rather to guide the programmer and to inform them about certain pitfalls, especially in case they are involved in the development of applications with strong security requirements. These recommendations form a complement to the good level of trust the Rust language already provides. That said, recalls are sometimes necessary for clarity, and the experienced Rust programmer may rely solely on highlighted inserts (Rule, Recommendation, Warning, etc.).

It is currently an ongoing version and all contributions are welcome.

Reading the guide online

https://anssi-fr.github.io/rust-guide

Building the guide

Install mdbook and required preprocessor:

cargo install mdbook mdbook-checklist

Then build and open the book:

$ mdbook serve -o

Call for Contributions

At this time, this guide is intended to be a living document. It still lacks important points and details, and future versions of the language and compiler may render some recommendations obsolete. We are eager to discuss and to receive contributions from anyone who is aware of common or uncommon pitfalls to avoid, or good coding practices and tools that can help building more robust software with the Rust language.

Thus, feel free to create pull requests to suggest recommendations or modifications, or to submit an issue to start discussions. Specifically, please opt for a pull request for small changes like:

  • complementing a paragraph,
  • adding a small example in the form of code snippet,
  • updating some information
  • fixing typos and English mistakes,
  • etc.

and for an issue in case of more substantive changes:

  • suggesting a new recommendation,
  • discussing controversial points,
  • rewording a consistent part of the text,
  • etc.

Licence

This document is published under the Open Licence 2.0.

External references

One can also find an up-to-date list of various book resources about Rust and associated tools in the Rust documentation main page.

More Repositories

1

AD-control-paths

Active Directory Control Paths auditing and graphing tools
C
644
star
2

bmc-tools

RDP Bitmap Cache parser
Python
429
star
3

ADTimeline

Timeline of Active Directory changes with replication metadata
PowerShell
423
star
4

polichombr

Collaborative malware analysis framework
Python
371
star
5

MLA

Multi Layer Archive - A pure rust encrypted and compressed archive file format
Rust
308
star
6

SecuML

Machine Learning for Computer Security
Python
268
star
7

libecc

Library for elliptic curves cryptography
C
254
star
8

DFIR-O365RC

PowerShell module for Office 365 and Azure log collection
PowerShell
222
star
9

ORADAD

Outil de récupération automatique des données de l'Active Directory / Automated tool for dumping Active Directory data
C++
191
star
10

SmartPGP

SmartPGP is a JavaCard implementation of the OpenPGP card specifications
Java
178
star
11

ASCAD

Side Channels Analysis and Deep Learning
Python
167
star
12

cry-me

CRY.ME (CRYptographic MEssaging application)
Kotlin
163
star
13

ctf

Epreuves de sélection de la TeamFR pour l'ECSC 2019.
Python
154
star
14

ultrablue

User-friendly Lightweight TPM Remote Attestation over Bluetooth
Kotlin
154
star
15

AD-permissions

Active Directory permissions (ACL/ACE) auditing tools
PHP
146
star
16

DFIR4vSphere

Powershell module for VMWare vSphere forensics
PowerShell
129
star
17

tabi

BGP Hijack Detection
Python
108
star
18

bootcode_parser

A boot record parser that identifies known good signatures for MBR, VBR and IPL.
Python
97
star
19

SysvolExplorer

Active Directory Group Policy analyzer
C++
95
star
20

Binacle

Full-bin indexation of binary files
Rust
92
star
21

audit-radius

A RADIUS authentication server audit tool
Python
80
star
22

AnoMark

Algorithme d'apprentissage statistique permettant de créer un modèle sur les lignes de commandes des évènements "Création de Processus", afin de détecter des anomalies dans les évènements futurs
Python
73
star
23

bits_parser

Extract BITS jobs from QMGR queue and store them as CSV records
Python
73
star
24

route_leaks

BGP Route Leaks Detection
Python
70
star
25

transdep

Discover SPOF in DNS dependency graphs
Go
68
star
26

SecAESSTM32

Bibliothèque C et assembleur permettant le chiffrement/déchiffrement AES-128 de messages pour des composants grand public (famille STM32F3/STM32F4)
C
65
star
27

x509-parser

a RTE-free X.509 parser
C
57
star
28

guide-journalisation-microsoft

Guide journalisation Microsoft
PowerShell
54
star
29

mabo

MRT Parser
OCaml
46
star
30

chipsec-check

Tools to generate a Debian Linux distribution with chipsec to test hardware requirements
Shell
44
star
31

picon

Picon
C
38
star
32

nogaxeh

Tools for analyzing hexagon code
C++
38
star
33

OVALI

Generic graph exploration, manipulation and visualization tool (Outil de Visualisation et Analyse de Liens Inter-objets)
JavaScript
35
star
34

secAES-ATmega8515

Secure AES128 Encryption Implementation for ATmega8515
Assembly
32
star
35

Open-ISO7816-Stack

This project aims to provide an open-source implementation of the ISO7816-3 communication protocol from the reader side. This protocol is ruling the interactions between a smartcard and a card-reader when using its contacts to communicate
C
26
star
36

packetweaver

A Python framework for script filing and task sequencing
Python
25
star
37

lidi

Transfer a raw TCP or Unix stream or files through a unidirectional link with forward error correction
Rust
24
star
38

ADCP-DirectoryCrawler

AD-control-paths LDAP submodule
C
20
star
39

WAAD

Détection d'anomalie à partir des journaux d'authentification Windows
Python
16
star
40

sftp2misp

Automation script to download JSON MISP files from a SFTP server and import them via API to a MISP instance.
Python
15
star
41

cardstalker

CardStalker provides a UART-driven smartcard reader at the T=1 (see ISO7816-3) level (link and physical layer), where most of the smartcard reader devices on the market are only providing an APDU interface (application layer).
C
15
star
42

IPECC

A VHDL IP for ECC (Elliptic Curve Cryptography) hardware acceleration
VHDL
14
star
43

mdbook-checklist

mdbook preprocessor for generating checklists and indexes
Rust
13
star
44

shovel

Web interface to explore Suricata EVE outputs
Lua
11
star
45

xsvgen

XML Schema Validator Generator
OCaml
10
star
46

cornetto

Outil de gestion de version statique de site web
JavaScript
9
star
47

ORADAZ

Outil de récupération automatique des données AZure / Automated tool for dumping Azure configuration data
Rust
9
star
48

ProTIP

ProTIP permet de caractériser la connectivité réelle entre composants d'une architecture PCI Express
Prolog
9
star
49

coq-prelude

General-purpose monad typeclass hierarchy for Coq
Coq
8
star
50

pciemem

Linux kernel module for driving an USB3380 board, exposing a /dev/pciemem device node on the analysis machine representing the physical memory of the machine under test
C
8
star
51

scep

Security Contexts for Enhanced Protection Linux Security Module
C
7
star
52

Faults_analyzer

Logiciel d'analyse de campagnes de perturbations sur composants
Python
6
star
53

caradoc

A PDF parser and validator
6
star
54

WSUS_Audit

Auditing scripts for WSUS infrastructures
6
star
55

DroidWorks

Rust
5
star
56

pycrate

A Python library to ease the development of encoders and decoders for various protocols and file formats; contains ASN.1 and CSN.1 compilers.
5
star
57

ADCP-libdev

AD-control-paths libraries submodule
C
5
star
58

libapn

libapn is a header-based C++ library developed to study vectorial Boolean functions, including but not limited to APN functions.
C++
4
star
59

caml-crush

Caml Crush: an OCaml PKCS#11 filtering proxy
3
star
60

libdrbg

A portable library implementing NIST SP 800-90A DRBGs
C
3
star
61

Faults_experiments

Résultats bruts de campagnes de perturbation de composants réalisées par le laboratoire de sécurité des composants de l'ANSSI
Python
2
star
62

concerto

Toolset to analyse TLS datasets
1
star
63

opkcs11-tool

opkcs11-tool: managing and operating PKCS #11 security tokens in OCaml
1
star
64

eurydice

A user-friendly solution to transfer files through a physical diode using the Lidi utility, complete with data retention, file history, user accounts and admin management. Provides a scriptable API and a web interface.
1
star
65

DECODE

Anomaly detection tool for PE files on Microsoft Windows system
Python
1
star