What it does
Detect when a file is being deleted and then the same file path is used to create a new file. This is a classic source of Time Of Check, Time Of Use bugs.
Advantage
The recommended code deletes and recreates an empty file in a single syscall, meaning that the act of creation acts as the check, avoiding TOCTOU bugs.
Drawbacks
No response
Example
We should detect when an argument to std::fs::remove_file is used later to create a File:
let path = "foo";
fs::remove_file(path)?;
fs::File::create(path)?;We should detect when string literals are used too:
fs::remove_file("foo")?;
fs::File::create("foo")?;Could be written as:
let _ = fs::OpenOptions::new()
.write(true)
.create_new(true)
.open(path)?;Comparison with existing lints
No response
Additional Context
This is the cause for CVE 2026-35355 in uutils: https://corrode.dev/blog/bugs-rust-wont-catch/#case-study-cve-2026-35355
uutils/coreutils@b5bbabc#diff-bcf6f1535f9c0064879a5dc2d41d760d17217f2767b52f972c595e28ab5c2d72R825-R840
What it does
Detect when a file is being deleted and then the same file path is used to create a new file. This is a classic source of Time Of Check, Time Of Use bugs.
Advantage
The recommended code deletes and recreates an empty file in a single syscall, meaning that the act of creation acts as the check, avoiding TOCTOU bugs.
Drawbacks
No response
Example
We should detect when an argument to
std::fs::remove_fileis used later to create aFile:We should detect when string literals are used too:
Could be written as:
Comparison with existing lints
No response
Additional Context
This is the cause for CVE 2026-35355 in uutils: https://corrode.dev/blog/bugs-rust-wont-catch/#case-study-cve-2026-35355
uutils/coreutils@b5bbabc#diff-bcf6f1535f9c0064879a5dc2d41d760d17217f2767b52f972c595e28ab5c2d72R825-R840