Actix-web vs Symfony - Easier to write unsafe code in Rust?

1

If I wanted to make a website for which security is the ultimate top priority, the initial thought might be that Rust would be the logical choice for this project. But I am wondering if this is really true?

Rust is more safe then PHP because it is memory-safe, uses a borrow-checker to avoid data-races, and forces the developer to write more memory-safe code because of the overall philosophy focusing on safety. Also PHP is known to sometimes contain vulnerabilities in the language itself which allows it to be exploited by advanced actors, this is rare but examples of this happening can still be found in recent times.

The general accepted idea is that it is harder in Rust to write "unsafe" code, but when people say this they mean "memory-unsafe" code. But how common are memory-exploits like a buffer-overflow attack in the context of the web? Very rare. Other type of attacks SSRF, SQLi, bad authentication or API architecture are the main exploit vectors.

And the question is: In the context of the web, is Rust really the best language to avoid these type of vulnerabilities? Is it really harder to write unsafe code in Rust?

Take a look at for example this question of my from a few years ago: File upload in Actix Web - #3 by ONiel where I ask how to upload a file in Actix-web, this code was used to upload images.

This little bit of code already contains ton of security issues:

  • I format the filepath-string without sanitizing the input, making it vulnerable to path traversal.
  • I don't even check the file type making it vulnerable to shell-uploads.

If I would have done this in Symfony, I would have automatically written code containing this:

 'constraints' => [
                    new File([
                        'maxSize' => '1024k',
                        'mimeTypes' => [
                            'application/pdf',
                            'application/x-pdf',
                        ],
                        'mimeTypesMessage' => 'Please upload a valid PDF document',
                    ])
                ],

Frameworks like Symfony have more abstractions for typical website actions like uploading a file or submitting a form, containing secure implementations in the background so the developer has to worry less about faulty implementations.

While Actix-web merely provides the routing but the developer still has to write his own implementation making it more prone to unsafe code.

So while Rust is more memory-safe, isn't it a lot easier to write actual unsafe code then in a framework like Symfony?

2

Of course a reply could be "A bad implementation can be written in any language", but realistically bad implementations in frameworks like Symfony are far less common due to the abstraction.

3

Meta note: I'd phrase this as writing secure code or insecure code,[1] versus overloading the "unsafe" terminology.

  1. or vulnerable or ... ↩ī¸Ž

3 Likes
4

If we agree that if two given languages allow you to write the exact same code, then when discussing if language X is safer than language Y, we should instead focus on what language X does not allow you to write than Y does.

And then, within that frame, I can tell you for sure that Rust is way, way safer than PHP.

Bringing web frameworks into the discussion is irrelevant.

2 Likes
5

Actix-web also provides constraints for request bodies.

4 Likes
6

You are confusing the language with its libraries.

3 Likes
7

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.