We’ve added a new chapter to our Testing Handbook: a comprehensive guide to security testing Rust programs. This chapter covers the tools and techniques we use at Trail of Bits to validate the security of Rust programs and systems.
What’s in the chapter
The chapter starts with a security overview of what Rust’s guarantees do and don’t cover, including underappreciated issues like unwind safety, nondeterminism, and arithmetic errors. This leads into an overview of dynamic analysis, which covers a range of boosters for unit tests, how to use Miri to detect undefined behavior, property testing with proptest
, coverage measurement, and mutation testing. The static analysis section then covers Clippy in depth, including a list of our favorite lints.
Beyond tooling, the chapter also covers what we’ve learned from auditing Rust codebases directly. Our gotchas and footguns checklist is a great reference for manual code reviews, and will help you find subtle issues like a & b == c
having different operator precedence than in C. The memory zeroization section offers three solutions to the tricky problem of guaranteeing that secrets are erased from memory.
Finally, the specialized testing sections cover tools like Kani (a model checker), and the supply chain section covers the full toolchain for vetting dependencies.
Still oxidizing
We’ve also released rust-review, a Claude Code plugin for automated Rust security reviews. Co-built with Aptos Labs, it targets over a dozen bug classes, from memory safety and concurrency hazards to FFI pitfalls and async cancellation issues. It’s a fast way to catch security issues in a Rust codebase before they make it to audit.
Our goal is to keep the handbook current as the Rust ecosystem evolves. If your favorite tool or gotcha isn’t covered, submit a PR. And if you need help securing your Rust systems, contact us.
Facts Only
* A new chapter on security testing Rust programs was added to the Testing Handbook.
* The chapter covers tools and techniques used by Trail of Bits for validating Rust program security.
* The content includes a security overview of Rust's guarantees, covering topics like unwind safety, nondeterminism, and arithmetic errors.
* Dynamic analysis topics include unit test boosters, using Miri to detect undefined behavior, property testing with proptest, coverage measurement, and mutation testing.
* The static analysis section covers Clippy in depth, including a list of favored lints.
* The chapter details findings from auditing Rust codebases, such as issues related to operator precedence.
* A memory zeroization section provides three solutions for erasing secrets from memory.
* Specialized testing sections cover tools like Kani (a model checker).
* A supply chain section covers the toolchain for vetting dependencies.
* A separate tool, rust-review, is released as a Claude Code plugin for automated Rust security reviews targeting bug classes like memory safety and concurrency hazards.
Executive Summary
Full Take
Sentinel — Human
The text reads like an authentic technical announcement from an expert source detailing complex software development security practices.
