modalité en MAJUSCULE (en)

hg-anssi · hg-anssi · commit 3d0eda9d9cc8 · 2025-12-03T09:30:15.000+01:00
diff --git a/src/en/central_traits.md b/src/en/central_traits.md
@@ -24,7 +24,7 @@ blocks as well as other security-critical operations.
 <div class="reco" id="LANG-DROP" type="Rule" title="Justify `Drop` implementation">
 
 In a Rust secure development, the implementation of the `std::ops::Drop` trait
-must be justified and documented.
+MUST be justified and documented.
 
 </div>
 
@@ -45,23 +45,23 @@ resources leading to availability issues.
 <div class="reco" id="LANG-DROP-NO-PANIC" type="Rule" title="Do not panic in `Drop` implementation">
 
 In a Rust secure development, the implementation of the `std::ops::Drop` trait
-must not panic.
+MUST not panic.
 
 </div>
 
 Beside panics, secure-critical drop should be protected.
 
 <div class="reco" id="LANG-DROP-NO-CYCLE" type="Rule" title="Do not allow cycles of reference-counted `Drop`">
 
-A value whose type implements `Drop` must not be embedded directly or indirectly
+A value whose type implements `Drop` MUST NOT be embedded directly or indirectly
 in a cycle of reference-counted references.
 
 </div>
 
 <div class="reco" id="LANG-DROP-SEC" type="Rule" title="Do not rely only on `Drop` to ensure security">
 
 Ensuring security operations at the end of some treatment (such as key erasure
-at the end of a cryptographic encryption) must not rely only on the `Drop`
+at the end of a cryptographic encryption) MUST NOT rely only on the `Drop`
 trait implementation.
 
 </div>
diff --git a/src/en/devenv.md b/src/en/devenv.md
@@ -92,7 +92,7 @@ $
 
 <div class="reco" id="DENV-STABLE" type="Rule" title="Use a stable compilation toolchain">
 
-Development of a secure application must be done using a fully stable
+Development of a secure application MUST be done using a fully stable
 toolchain, for limiting potential compiler, runtime or tool bugs.
 
 </div>
@@ -134,7 +134,7 @@ Tier 3 targets are simply not officially supported.
 The tier distinction helps developers choose a target that matches their risk tolerance: Tier 1 for production‑grade workloads, Tier 2 for experimental or niche architectures where full support isn’t yet met.
 
 <div class="reco" id="TIERS_TOOLCHAINS" type="Rule" title="Exclusive use of tier 1 of `rustc` for safety-critical software">
-Rustc tier 1 targets and certified toolchains must be used for safety-critical systems.
+Rustc tier 1 targets and certified toolchains MUST be used for safety-critical systems.
 </div>
 
 A comprehensive list of supported targets is available in [@rustc-book].
@@ -179,7 +179,7 @@ the file is overwritten with the latest available version of every crate.
 
 <div class="reco" id="DENV-CARGO-LOCK" type="Rule" title="Track Cargo.lock in version control system">
 
-`Cargo.lock` files must be tracked by version control system.
+`Cargo.lock` files MUST be tracked by version control system.
 
 </div>
 
@@ -212,7 +212,7 @@ using the debug profile that normally enables runtime checks (for example it doe
 
 <div class="reco" id="DENV-CARGO-OPTS" type="Rule" title="Keep default values for critical variables in cargo profiles">
 
-The variables `debug-assertions` and `overflow-checks` must not be overridden
+The variables `debug-assertions` and `overflow-checks` MUST NOT be overridden
 in development profiles' sections (`[profile.dev]` and `[profile.test]`).
 
 </div>
@@ -229,7 +229,7 @@ to use the Cargo build scripts feature.
 
 <div class="reco" id="DENV-CARGO-ENVVARS" type="Rule" title="Keep default values for compiler environment variables when running cargo">
 
-The environment variables `RUSTC`, `RUSTC_WRAPPER` and `RUSTFLAGS` must not
+The environment variables `RUSTC`, `RUSTC_WRAPPER` and `RUSTFLAGS` MUST NOT
 be overriden when using Cargo to build the project.
 
 </div>
@@ -257,7 +257,7 @@ at the [@rust-style].
 
 <div class="reco" id="DENV-FORMAT" type="Recommendation" title="Use Rust formatter (rustfmt)">
 
-The tool `rustfmt` should be used to ensure that the codebase respects style
+The tool `rustfmt` SHOULD be used to ensure that the codebase respects style
 guidelines (as described in `rustfmt.toml` file).
 
 </div>
@@ -317,15 +317,15 @@ category `clippy::nursery` since those hints are still under development.
 
 <div class="reco" id="DENV-LINTER" type="Rule" title="Use linter regularly">
 
-A linter, such as `clippy`, must be used regularly during the development of
+A linter, such as `clippy`, MUST be used regularly during the development of
 a secure application.
 
 </div>
 
 <div class="reco" id="DENV-AUTOFIX" type="Rule" title="Manually check automatic fixes">
 
 In a secure Rust development, any automatic fix (for instance, provided by
-`rustfix` or `clippy`) must be verified by the developer.
+`rustfix` or `clippy`) MUST be verified by the developer.
 
 </div>
 
diff --git a/src/en/errors.md b/src/en/errors.md
@@ -8,15 +8,15 @@ A `Result` object must be tested, and never ignored.
 <div class="reco" id="LANG-ERRWRAP" type="Recommendation" title="Implement custom `Error` type wrapping all possible errors">
 
 A crate may implement its own `Error` type, wrapping all possible errors.
-It must be careful to make this type exception-safe (RFC 1236), and implement
+It MUST be careful to make this type exception-safe (RFC 1236), and implement
 `Error + Send + Sync + 'static` as well as `Display`.
 
 </div>
 
 <div class="reco" id="LANG-ERRDO" type="Rule" title="Use the `?` operator and do not use the `try!` macro">
 
-The `?` operator must be used to improve readability of code.
-The `try!` macro must not be used.
+The `?` operator MUST be used to improve readability of code.
+The `try!` macro MUST NOT be used.
 
 </div>
 
@@ -66,14 +66,14 @@ In other cases where the development is not subject to this type of standard:
 
 <div class="reco" id="LANG-NOPANIC" type="Rule" title="Don't use functions that can cause `panic!`">
 
-Functions or instructions that can cause the code to panic at runtime must not
+Functions or instructions that can cause the code to panic at runtime MUST NOT
 be used.
 
 </div>
 
 <div class="reco" id="LANG-ARRINDEXING" type="Rule" title="Test properly array indexing or use the `get` method">
 
-Array indexing must be properly tested, or the `get` method should be used to
+Array indexing must be properly tested, or the `get` method SHOULD be used to
 return an `Option`.
 
 </div>
@@ -96,8 +96,10 @@ Stack unwinding from Rust code into foreign code results in undefined behavior.
 
 <div class="reco" id="LANG-FFIPANIC" type="Rule" title="Handle correctly `panic!` in FFI">
 
-Rust code called from FFI must either ensure the function cannot panic, or use
-`catch_unwind` or the `std::panic` module to ensure the rust code will not
+Rust code called from FFI MUST either:
+
+* ensure the function cannot panic,
+* use `catch_unwind` or the `std::panic` module to ensure the rust code will not
 abort or return in an unstable state.
 
 </div>
diff --git a/src/en/integer.md b/src/en/integer.md
@@ -24,6 +24,6 @@ or the `overflowing_<op>` and `wrapping_<op>` operations on integers
 
 When assuming that an arithmetic operation can produce an overflow, the
 specialized functions `overflowing_<op>`, `wrapping_<op>`, or the
-`Wrapping` type must be used.
+`Wrapping` type MUST be used.
 
 </div>
diff --git a/src/en/libraries.md b/src/en/libraries.md
@@ -47,15 +47,15 @@ Regardless of the method used to retrieve dependencies (*crate* or GIT commit),
 
 <div class="reco" id="LIBS-VETTING-DIRECT" type="Rule" title="Validation of Direct Third-Party Dependencies">
 
-Each direct third-party dependency must be properly validated, and each validation must be tracked.
+Each direct third-party dependency MUST be properly validated, and each validation MUST be tracked.
 
 </div>
 
 With regard to transitive dependencies, it is also recommended to validate them individually.
 
 <div class="reco" id="LIBS-VETTING-TRANSITIVE" type="Recommendation" title="Validation of Transitive Third-Party Dependencies">
 
-Each third-party dependency should be properly validated, and each validation should be tracked.
+Each third-party dependency SHOULD be properly validated, and each validation SHOULD be tracked.
 
 </div>
 
@@ -71,8 +71,8 @@ version.
 
 <div class="reco" id="LIBS-OUTDATED" type="Rule" title="Check for outdated dependencies versions (cargo-outdated)">
 
-The `cargo-outdated` tool must be used to check dependencies' status. Then,
-each outdated dependency should be updated or the choice of the version must be
+The `cargo-outdated` tool MUST be used to check dependencies' status. Then,
+each outdated dependency SHOULD be updated or the choice of the version MUST be
 justified.
 
 </div>
@@ -86,7 +86,7 @@ reported to the RustSec Advisory Database.
 
 <div class="reco" id="LIBS-AUDIT" type="Rule" title="Check for security vulnerabilities report on dependencies (cargo-audit)">
 
-The `cargo-audit` tool must be used to check for known vulnerabilities in
+The `cargo-audit` tool MUST be used to check for known vulnerabilities in
 dependencies.
 
 </div>
diff --git a/src/en/naming.md b/src/en/naming.md
@@ -35,7 +35,7 @@ some particular constructions:
 
 <div class="reco" id="LANG-NAMING" type="Rule" title="Respect naming conventions">
 
-Development of a secure application must follow the naming conventions
+Development of a secure application MUST follow the naming conventions
 outlined in the [@rust-guidelines].
 
 </div>
diff --git a/src/en/standard.md b/src/en/standard.md
@@ -58,7 +58,7 @@ struct SpecialType(u8, PhantomData<*const ()>);
 <div class="reco" id="LANG-SYNC-TRAITS" type="Rule" title="Justify `Send` and `Sync` implementation">
 
 In a Rust secure development, the manual implementation of the `Send` and
-`Sync` traits should be avoided and, if necessary, must be justified
+`Sync` traits SHOULD be avoided and, if necessary, MUST be justified
 and documented.
 
 </div>
@@ -160,14 +160,14 @@ of `unsafe` blocks.
 <div class="reco" id="LANG-CMP-INV" type="Rule" title="Respect the invariants of standard comparison traits">
 
 In a Rust secure development, the implementation of standard comparison traits
-must respect the invariants described in the documentation.
+MUST respect the invariants described in the documentation.
 
 </div>
 
 <div class="reco" id="LANG-CMP-DEFAULTS" type="Recommendation" title="Use the default method implementation of standard comparison traits">
 
 In a Rust secure development, the implementation of standard comparison traits
-should only define methods with no default implementation, so as to reduce
+SHOULD only define methods with no default implementation, so as to reduce
 the risk of violating the invariants associated with the traits.
 
 </div>
@@ -237,8 +237,8 @@ than manual ones and make the code shorter and easier to maintain.
 <div class="reco" id="LANG-CMP-DERIVE" type="Recommendation" title="Derive comparison traits when possible">
 
 In a secure Rust development, the implementation of standard comparison traits
-should be automatically derived with `#[derive(...)]` when structural equality
+SHOULD be automatically derived with `#[derive(...)]` when structural equality
 and lexicographical comparison is needed. Any manual implementation of
-standard comparison traits should be documented and justified.
+standard comparison traits SHOULD be documented and justified.
 
 </div>
diff --git a/src/en/unsafe/ffi.md b/src/en/unsafe/ffi.md
diff --git a/src/en/unsafe/generalities.md b/src/en/unsafe/generalities.md
diff --git a/src/en/unsafe/memory.md b/src/en/unsafe/memory.md
