Summary
kanon lint . --summary against aletheia 0.17.0 (commit ce1a488) reports 3768 total violations, 254 at high severity.
High-Severity Breakdown
| Rule |
Count |
Description |
RUST/unreachable-in-match |
183 |
unreachable!() or panic!() in match arms. Should use proper error variants or _ => return Err(...) |
SECURITY/credential-logging |
19 |
Credential values potentially exposed in log output. Should use redaction or SecretString |
RUST/format-sql |
18 |
SQL queries built via format!() string concatenation. Should use parameterized queries |
RUST/lock-expect-panics |
15 |
.lock().expect("...") can panic if the mutex is poisoned. Should use .lock().map_err(...) or document why panic is acceptable |
SECURITY/insecure-transport |
11 |
HTTP URLs used for API endpoints. Should use HTTPS or document why HTTP is safe (localhost-only) |
TESTING/ignore-no-issue |
3 |
#[ignore] on tests without a tracking issue link |
RUST/missing-http-timeout |
2 |
HTTP clients constructed without explicit timeout |
WRITING/inclusive-language |
2 |
Non-inclusive terminology in docs |
REPO-SETUP/no-readme |
1 |
Missing root README.md |
Notable Medium-Severity Patterns
| Rule |
Count |
RUST/feature-gate-check |
379 |
RUST/pub-visibility |
351 |
RUST/as-cast |
124 |
RUST/missing-must-use |
80 |
RUST/expect |
67 |
TESTING/sleep-in-test |
60 |
TESTING/test-naming |
38 |
RUST/string-clone |
25 |
Recommended Triage
Address first (security):
SECURITY/credential-logging (19): Audit each log statement for credential exposureSECURITY/insecure-transport (11): Verify all HTTP URLs are localhost-only or add HTTPS
Address second (reliability):
RUST/lock-expect-panics (15): Replace .lock().expect() with proper error handlingRUST/missing-http-timeout (2): Add timeouts to HTTP clients
Codebase-wide standards (backlog):
RUST/unreachable-in-match (183): Mostly in vendored krites code; triage by crateRUST/format-sql (18): Audit for injection risk; most are in internal CLI commands
Environment
- kanon 0.1.0
- aletheia 0.17.0 (ce1a488)
- Run from: /home/ckickertz/summus/dev/ergon
Summary
kanon lint . --summaryagainst aletheia 0.17.0 (commit ce1a488) reports 3768 total violations, 254 at high severity.High-Severity Breakdown
RUST/unreachable-in-matchunreachable!()orpanic!()in match arms. Should use proper error variants or_ => return Err(...)SECURITY/credential-loggingRUST/format-sqlformat!()string concatenation. Should use parameterized queriesRUST/lock-expect-panics.lock().expect("...")can panic if the mutex is poisoned. Should use.lock().map_err(...)or document why panic is acceptableSECURITY/insecure-transportTESTING/ignore-no-issue#[ignore]on tests without a tracking issue linkRUST/missing-http-timeoutWRITING/inclusive-languageREPO-SETUP/no-readmeNotable Medium-Severity Patterns
RUST/feature-gate-checkRUST/pub-visibilityRUST/as-castRUST/missing-must-useRUST/expectTESTING/sleep-in-testTESTING/test-namingRUST/string-cloneRecommended Triage
Address first (security):
SECURITY/credential-logging(19): Audit each log statement for credential exposureSECURITY/insecure-transport(11): Verify all HTTP URLs are localhost-only or add HTTPSAddress second (reliability):
RUST/lock-expect-panics(15): Replace.lock().expect()with proper error handlingRUST/missing-http-timeout(2): Add timeouts to HTTP clientsCodebase-wide standards (backlog):
RUST/unreachable-in-match(183): Mostly in vendored krites code; triage by crateRUST/format-sql(18): Audit for injection risk; most are in internal CLI commandsEnvironment