hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/rust-qltest-proc-macro

Browse Source
This commit is contained in:
Paolo Tranquilli
2025-06-18 09:01:28 +02:00
parent 214bbf46e8 bef07a7f67
commit 03599b43cb
33 changed files with 477 additions and 680 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rust/extractor/src/qltest.rs
View File

@@ -4,7 +4,6 @@ use glob::glob;
use itertools::Itertools;
use std::ffi::OsStr;
use std::fs;
use std::path::Path;
use std::process::Command;
use tracing::info;
@@ -75,18 +74,9 @@ fn set_sources(config: &mut Config) -> anyhow::Result<()> {
Ok(())
}
fn remove_file_if_exists(path: &Path) -> anyhow::Result<()> {
match fs::remove_file(path) {
Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(()),
x => x,
}
.context(format!("removing file {}", path.display()))
}
pub(crate) fn prepare(config: &mut Config) -> anyhow::Result<()> {
dump_lib()?;
set_sources(config)?;
remove_file_if_exists(Path::new("Cargo.lock"))?;
dump_cargo_manifest(&config.qltest_dependencies)?;
if config.qltest_cargo_check {
let status = Command::new("cargo")

27
rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll
View File

@@ -2,7 +2,6 @@
private import rust
private import internal.FlowSummaryImpl as Impl
private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
// import all instances below
private module Summaries {
@@ -10,34 +9,10 @@ private module Summaries {
private import codeql.rust.dataflow.internal.ModelsAsData
}
/** Provides the `Range` class used to define the extent of `LibraryCallable`. */
module LibraryCallable {
/** A callable defined in library code, identified by a unique string. */
abstract class Range extends string {
bindingset[this]
Range() { any() }
/** Gets a call to this library callable. */
CallExprBase getACall() {
exists(Resolvable r, string crate |
r = CallExprBaseImpl::getCallResolvable(result) and
this = crate + r.getResolvedPath()
|
crate = r.getResolvedCrateOrigin() + "::_::"
or
not r.hasResolvedCrateOrigin() and
crate = ""
)
}
}
}
final class LibraryCallable = LibraryCallable::Range;
/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
module SummarizedCallable {
/** A callable with a flow summary, identified by a unique string. */
abstract class Range extends LibraryCallable::Range, Impl::Public::SummarizedCallable {
abstract class Range extends Impl::Public::SummarizedCallable {
bindingset[this]
Range() { any() }

25
rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
View File

@@ -45,10 +45,12 @@ final class DataFlowCallable extends TDataFlowCallable {
/**
* Gets the underlying library callable, if any.
*/
LibraryCallable asLibraryCallable() { this = TLibraryCallable(result) }
SummarizedCallable asSummarizedCallable() { this = TSummarizedCallable(result) }
/** Gets a textual representation of this callable. */
string toString() { result = [this.asCfgScope().toString(), this.asLibraryCallable().toString()] }
string toString() {
result = [this.asCfgScope().toString(), this.asSummarizedCallable().toString()]
}
/** Gets the location of this callable. */
Location getLocation() { result = this.asCfgScope().getLocation() }
@@ -65,12 +67,9 @@ final class DataFlowCall extends TDataFlowCall {
}
DataFlowCallable getEnclosingCallable() {
result = TCfgScope(this.asCallCfgNode().getExpr().getEnclosingCfgScope())
result.asCfgScope() = this.asCallCfgNode().getExpr().getEnclosingCfgScope()
or
exists(FlowSummaryImpl::Public::SummarizedCallable c |
this.isSummaryCall(c, _) and
result = TLibraryCallable(c)
)
this.isSummaryCall(result.asSummarizedCallable(), _)
}
string toString() {
@@ -401,9 +400,11 @@ module RustDataFlow implements InputSig<Location> {
/** Gets a viable implementation of the target of the given `Call`. */
DataFlowCallable viableCallable(DataFlowCall call) {
result.asCfgScope() = call.asCallCfgNode().getCall().getStaticTarget()
or
result.asLibraryCallable().getACall() = call.asCallCfgNode().getCall()
exists(Callable target | target = call.asCallCfgNode().getCall().getStaticTarget() |
target = result.asCfgScope()
or
target = result.asSummarizedCallable()
)
}
/**
@@ -757,7 +758,7 @@ module RustDataFlow implements InputSig<Location> {
predicate allowParameterReturnInSelf(ParameterNode p) {
exists(DataFlowCallable c, ParameterPosition pos |
p.isParameterOf(c, pos) and
FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(c.asLibraryCallable(), pos)
FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(c.asSummarizedCallable(), pos)
)
or
VariableCapture::Flow::heuristicAllowInstanceParameterReturnInSelf(p.(ClosureParameterNode)
@@ -968,7 +969,7 @@ private module Cached {
cached
newtype TDataFlowCallable =
TCfgScope(CfgScope scope) or
TLibraryCallable(LibraryCallable c)
TSummarizedCallable(SummarizedCallable c)
/** This is the local flow predicate that is exposed. */
cached

4
rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -13,7 +13,7 @@ module Input implements InputSig<Location, RustDataFlow> {
private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
private import codeql.rust.frameworks.stdlib.Stdlib
class SummarizedCallableBase = string;
class SummarizedCallableBase = Function;
abstract private class SourceSinkBase extends AstNode {
/** Gets the associated call. */
@@ -138,7 +138,7 @@ private import Make<Location, RustDataFlow, Input> as Impl
private module StepsInput implements Impl::Private::StepsInputSig {
DataFlowCall getACall(Public::SummarizedCallable sc) {
result.asCallCfgNode().getCall() = sc.(LibraryCallable).getACall()
result.asCallCfgNode().getCall().getStaticTarget() = sc
}
RustDataFlow::Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) {

8
rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
View File

@@ -47,6 +47,7 @@ private import rust
private import codeql.rust.dataflow.FlowSummary
private import codeql.rust.dataflow.FlowSource
private import codeql.rust.dataflow.FlowSink
private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
/**
* Holds if in a call to the function with canonical path `path`, defined in the
@@ -120,7 +121,12 @@ private class SummarizedCallableFromModel extends SummarizedCallable::Range {
SummarizedCallableFromModel() {
summaryModel(crate, path, _, _, _, _, _) and
this = crate + "::_::" + path
exists(CallExprBase call, Resolvable r |
call.getStaticTarget() = this and
r = CallExprBaseImpl::getCallResolvable(call) and
r.getResolvedPath() = path and
r.getResolvedCrateOrigin() = crate
)
}
override predicate propagatesFlow(

8
rust/ql/lib/codeql/rust/dataflow/internal/Node.qll
View File

@@ -44,7 +44,7 @@ abstract class NodePublic extends TNode {
abstract class Node extends NodePublic {
/** Gets the enclosing callable. */
DataFlowCallable getEnclosingCallable() { result = TCfgScope(this.getCfgScope()) }
DataFlowCallable getEnclosingCallable() { result.asCfgScope() = this.getCfgScope() }
/** Do not call: use `getEnclosingCallable()` instead. */
abstract CfgScope getCfgScope();
@@ -102,9 +102,9 @@ class FlowSummaryNode extends Node, TFlowSummaryNode {
}
override DataFlowCallable getEnclosingCallable() {
result.asLibraryCallable() = this.getSummarizedCallable()
or
result.asCfgScope() = this.getCfgScope()
or
result.asSummarizedCallable() = this.getSummarizedCallable()
}
override Location getLocation() {
@@ -195,7 +195,7 @@ final class SummaryParameterNode extends ParameterNode, FlowSummaryNode {
}
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
this.getSummarizedCallable() = c.asLibraryCallable() and pos = pos_
this.getSummarizedCallable() = c.asSummarizedCallable() and pos = pos_
}
}

10
rust/ql/lib/codeql/rust/frameworks/stdlib/Clone.qll
View File

@@ -6,13 +6,9 @@ private import codeql.rust.dataflow.FlowSummary
/** A `clone` method. */
final class CloneCallable extends SummarizedCallable::Range {
CloneCallable() {
// NOTE: The function target may not exist in the database, so we base this
// on method calls.
exists(MethodCallExpr c |
c.getIdentifier().getText() = "clone" and
c.getArgList().getNumberOfArgs() = 0 and
this = c.getResolvedCrateOrigin() + "::_::" + c.getResolvedPath()
)
this.getParamList().hasSelfParam() and
this.getParamList().getNumberOfParams() = 0 and
this.getName().getText() = "clone"
}
final override predicate propagatesFlow(

4
rust/ql/lib/codeql/rust/internal/PathResolution.qll
View File

@@ -1522,8 +1522,8 @@ private module Debug {
private Locatable getRelevantLocatable() {
exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
filepath.matches("%/test.rs") and
startline = 74
filepath.matches("%/main.rs") and
startline = 52
)
}

5
rust/ql/lib/codeql/rust/internal/TypeInference.qll
View File

@@ -1170,6 +1170,7 @@ final class MethodCall extends Call {
* Holds if a method for `type` with the name `name` and the arity `arity`
* exists in `impl`.
*/
pragma[nomagic]
private predicate methodCandidate(Type type, string name, int arity, Impl impl) {
type = impl.getSelfTy().(TypeMention).resolveType() and
exists(Function f |
@@ -1579,8 +1580,8 @@ private module Debug {
private Locatable getRelevantLocatable() {
exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
filepath.matches("%/main.rs") and
startline = 1718
filepath.matches("%/sqlx.rs") and
startline = [56 .. 60]
)
}

4
rust/ql/test/library-tests/dataflow/global/viableCallable.expected
View File

@@ -75,10 +75,10 @@
| main.rs:279:17:279:25 | source(...) | main.rs:1:1:3:1 | fn source |
| main.rs:280:9:280:15 | sink(...) | main.rs:5:1:7:1 | fn sink |
| main.rs:283:5:283:17 | sink(...) | main.rs:5:1:7:1 | fn sink |
| main.rs:287:13:287:55 | ...::block_on(...) | file://:0:0:0:0 | repo:https://github.com/rust-lang/futures-rs:futures-executor::_::crate::local_pool::block_on |
| main.rs:287:13:287:55 | ...::block_on(...) | file://:0:0:0:0 | fn block_on |
| main.rs:287:41:287:54 | async_source(...) | main.rs:268:1:272:1 | fn async_source |
| main.rs:288:5:288:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
| main.rs:290:5:290:62 | ...::block_on(...) | file://:0:0:0:0 | repo:https://github.com/rust-lang/futures-rs:futures-executor::_::crate::local_pool::block_on |
| main.rs:290:5:290:62 | ...::block_on(...) | file://:0:0:0:0 | fn block_on |
| main.rs:290:33:290:61 | test_async_await_async_part(...) | main.rs:274:1:284:1 | fn test_async_await_async_part |
| main.rs:294:5:294:22 | data_out_of_call(...) | main.rs:16:1:19:1 | fn data_out_of_call |
| main.rs:295:5:295:35 | data_out_of_call_side_effect1(...) | main.rs:35:1:40:1 | fn data_out_of_call_side_effect1 |

85
rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
View File

@@ -1,5 +1,4 @@
localStep
| file://:0:0:0:0 | [summary param] self in lang:std::_::<crate::path::Path>::canonicalize | file://:0:0:0:0 | [summary] read: Argument[self].OptionalBarrier[normalize-path] in lang:std::_::<crate::path::Path>::canonicalize |
| main.rs:3:11:3:11 | [SSA] i | main.rs:4:12:4:12 | i |
| main.rs:3:11:3:11 | i | main.rs:3:11:3:11 | [SSA] i |
| main.rs:3:11:3:11 | i | main.rs:3:11:3:11 | i |
@@ -323,46 +322,46 @@ localStep
| main.rs:263:9:263:10 | i1 | main.rs:263:9:263:10 | i1 |
| main.rs:263:14:263:16 | TryExpr | main.rs:263:9:263:10 | i1 |
| main.rs:266:5:266:11 | Some(...) | main.rs:260:41:267:1 | { ... } |
| main.rs:270:9:270:10 | [SSA] r1 | main.rs:271:29:271:30 | r1 |
| main.rs:270:9:270:10 | [SSA] r1 | main.rs:271:28:271:29 | r1 |
| main.rs:270:9:270:10 | r1 | main.rs:270:9:270:10 | [SSA] r1 |
| main.rs:270:9:270:10 | r1 | main.rs:270:9:270:10 | r1 |
| main.rs:270:33:270:46 | Ok(...) | main.rs:270:9:270:10 | r1 |
| main.rs:270:32:270:45 | Ok(...) | main.rs:270:9:270:10 | r1 |
| main.rs:271:9:271:11 | [SSA] o1a | main.rs:273:10:273:12 | o1a |
| main.rs:271:9:271:11 | o1a | main.rs:271:9:271:11 | [SSA] o1a |
| main.rs:271:9:271:11 | o1a | main.rs:271:9:271:11 | o1a |
| main.rs:271:29:271:30 | [post] r1 | main.rs:272:29:272:30 | r1 |
| main.rs:271:29:271:30 | [post] receiver for r1 | main.rs:271:29:271:30 | [post] r1 |
| main.rs:271:29:271:30 | r1 | main.rs:271:29:271:30 | receiver for r1 |
| main.rs:271:29:271:30 | r1 | main.rs:272:29:272:30 | r1 |
| main.rs:271:29:271:35 | r1.ok() | main.rs:271:9:271:11 | o1a |
| main.rs:271:28:271:29 | [post] r1 | main.rs:272:28:272:29 | r1 |
| main.rs:271:28:271:29 | [post] receiver for r1 | main.rs:271:28:271:29 | [post] r1 |
| main.rs:271:28:271:29 | r1 | main.rs:271:28:271:29 | receiver for r1 |
| main.rs:271:28:271:29 | r1 | main.rs:272:28:272:29 | r1 |
| main.rs:271:28:271:34 | r1.ok() | main.rs:271:9:271:11 | o1a |
| main.rs:272:9:272:11 | [SSA] o1b | main.rs:274:10:274:12 | o1b |
| main.rs:272:9:272:11 | o1b | main.rs:272:9:272:11 | [SSA] o1b |
| main.rs:272:9:272:11 | o1b | main.rs:272:9:272:11 | o1b |
| main.rs:272:29:272:30 | [post] receiver for r1 | main.rs:272:29:272:30 | [post] r1 |
| main.rs:272:29:272:30 | r1 | main.rs:272:29:272:30 | receiver for r1 |
| main.rs:272:29:272:36 | r1.err() | main.rs:272:9:272:11 | o1b |
| main.rs:272:28:272:29 | [post] receiver for r1 | main.rs:272:28:272:29 | [post] r1 |
| main.rs:272:28:272:29 | r1 | main.rs:272:28:272:29 | receiver for r1 |
| main.rs:272:28:272:35 | r1.err() | main.rs:272:9:272:11 | o1b |
| main.rs:273:10:273:12 | [post] receiver for o1a | main.rs:273:10:273:12 | [post] o1a |
| main.rs:273:10:273:12 | o1a | main.rs:273:10:273:12 | receiver for o1a |
| main.rs:274:10:274:12 | [post] receiver for o1b | main.rs:274:10:274:12 | [post] o1b |
| main.rs:274:10:274:12 | o1b | main.rs:274:10:274:12 | receiver for o1b |
| main.rs:276:9:276:10 | [SSA] r2 | main.rs:277:29:277:30 | r2 |
| main.rs:276:9:276:10 | [SSA] r2 | main.rs:277:28:277:29 | r2 |
| main.rs:276:9:276:10 | r2 | main.rs:276:9:276:10 | [SSA] r2 |
| main.rs:276:9:276:10 | r2 | main.rs:276:9:276:10 | r2 |
| main.rs:276:33:276:47 | Err(...) | main.rs:276:9:276:10 | r2 |
| main.rs:276:32:276:46 | Err(...) | main.rs:276:9:276:10 | r2 |
| main.rs:277:9:277:11 | [SSA] o2a | main.rs:279:10:279:12 | o2a |
| main.rs:277:9:277:11 | o2a | main.rs:277:9:277:11 | [SSA] o2a |
| main.rs:277:9:277:11 | o2a | main.rs:277:9:277:11 | o2a |
| main.rs:277:29:277:30 | [post] r2 | main.rs:278:29:278:30 | r2 |
| main.rs:277:29:277:30 | [post] receiver for r2 | main.rs:277:29:277:30 | [post] r2 |
| main.rs:277:29:277:30 | r2 | main.rs:277:29:277:30 | receiver for r2 |
| main.rs:277:29:277:30 | r2 | main.rs:278:29:278:30 | r2 |
| main.rs:277:29:277:35 | r2.ok() | main.rs:277:9:277:11 | o2a |
| main.rs:277:28:277:29 | [post] r2 | main.rs:278:28:278:29 | r2 |
| main.rs:277:28:277:29 | [post] receiver for r2 | main.rs:277:28:277:29 | [post] r2 |
| main.rs:277:28:277:29 | r2 | main.rs:277:28:277:29 | receiver for r2 |
| main.rs:277:28:277:29 | r2 | main.rs:278:28:278:29 | r2 |
| main.rs:277:28:277:34 | r2.ok() | main.rs:277:9:277:11 | o2a |
| main.rs:278:9:278:11 | [SSA] o2b | main.rs:280:10:280:12 | o2b |
| main.rs:278:9:278:11 | o2b | main.rs:278:9:278:11 | [SSA] o2b |
| main.rs:278:9:278:11 | o2b | main.rs:278:9:278:11 | o2b |
| main.rs:278:29:278:30 | [post] receiver for r2 | main.rs:278:29:278:30 | [post] r2 |
| main.rs:278:29:278:30 | r2 | main.rs:278:29:278:30 | receiver for r2 |
| main.rs:278:29:278:36 | r2.err() | main.rs:278:9:278:11 | o2b |
| main.rs:278:28:278:29 | [post] receiver for r2 | main.rs:278:28:278:29 | [post] r2 |
| main.rs:278:28:278:29 | r2 | main.rs:278:28:278:29 | receiver for r2 |
| main.rs:278:28:278:35 | r2.err() | main.rs:278:9:278:11 | o2b |
| main.rs:279:10:279:12 | [post] receiver for o2a | main.rs:279:10:279:12 | [post] o2a |
| main.rs:279:10:279:12 | o2a | main.rs:279:10:279:12 | receiver for o2a |
| main.rs:280:10:280:12 | [post] receiver for o2b | main.rs:280:10:280:12 | [post] o2b |
@@ -702,23 +701,23 @@ localStep
| main.rs:469:9:469:9 | [SSA] c | main.rs:474:10:474:10 | c |
| main.rs:469:9:469:9 | c | main.rs:469:9:469:9 | [SSA] c |
| main.rs:469:9:469:9 | c | main.rs:469:9:469:9 | c |
| main.rs:469:13:469:13 | [post] b | main.rs:470:19:470:19 | b |
| main.rs:469:13:469:13 | [post] b | main.rs:470:18:470:18 | b |
| main.rs:469:13:469:13 | [post] receiver for b | main.rs:469:13:469:13 | [post] b |
| main.rs:469:13:469:13 | b | main.rs:469:13:469:13 | receiver for b |
| main.rs:469:13:469:13 | b | main.rs:470:19:470:19 | b |
| main.rs:469:13:469:13 | b | main.rs:470:18:470:18 | b |
| main.rs:469:13:469:28 | [post] receiver for b.parse() | main.rs:469:13:469:28 | [post] b.parse() |
| main.rs:469:13:469:28 | b.parse() | main.rs:469:13:469:28 | receiver for b.parse() |
| main.rs:469:13:469:37 | ... .unwrap() | main.rs:469:9:469:9 | c |
| main.rs:470:9:470:9 | [SSA] d | main.rs:475:10:475:10 | d |
| main.rs:470:9:470:9 | d | main.rs:470:9:470:9 | [SSA] d |
| main.rs:470:9:470:9 | d | main.rs:470:9:470:9 | d |
| main.rs:470:19:470:19 | [post] b | main.rs:473:17:473:17 | b |
| main.rs:470:19:470:19 | [post] receiver for b | main.rs:470:19:470:19 | [post] b |
| main.rs:470:19:470:19 | b | main.rs:470:19:470:19 | receiver for b |
| main.rs:470:19:470:19 | b | main.rs:473:17:473:17 | b |
| main.rs:470:19:470:27 | [post] receiver for b.parse() | main.rs:470:19:470:27 | [post] b.parse() |
| main.rs:470:19:470:27 | b.parse() | main.rs:470:19:470:27 | receiver for b.parse() |
| main.rs:470:19:470:36 | ... .unwrap() | main.rs:470:9:470:9 | d |
| main.rs:470:18:470:18 | [post] b | main.rs:473:17:473:17 | b |
| main.rs:470:18:470:18 | [post] receiver for b | main.rs:470:18:470:18 | [post] b |
| main.rs:470:18:470:18 | b | main.rs:470:18:470:18 | receiver for b |
| main.rs:470:18:470:18 | b | main.rs:473:17:473:17 | b |
| main.rs:470:18:470:26 | [post] receiver for b.parse() | main.rs:470:18:470:26 | [post] b.parse() |
| main.rs:470:18:470:26 | b.parse() | main.rs:470:18:470:26 | receiver for b.parse() |
| main.rs:470:18:470:35 | ... .unwrap() | main.rs:470:9:470:9 | d |
| main.rs:479:9:479:10 | [SSA] vs | main.rs:481:10:481:11 | vs |
| main.rs:479:9:479:10 | vs | main.rs:479:9:479:10 | [SSA] vs |
| main.rs:479:9:479:10 | vs | main.rs:479:9:479:10 | vs |
@@ -749,19 +748,19 @@ localStep
| main.rs:488:10:488:10 | v | main.rs:488:10:488:10 | [SSA] v |
| main.rs:488:10:488:10 | v | main.rs:488:10:488:10 | v |
| main.rs:488:15:488:16 | [post] receiver for vs | main.rs:488:15:488:16 | [post] vs |
| main.rs:488:15:488:16 | [post] vs | main.rs:492:27:492:28 | vs |
| main.rs:488:15:488:16 | [post] vs | main.rs:492:26:492:27 | vs |
| main.rs:488:15:488:16 | vs | main.rs:488:15:488:16 | receiver for vs |
| main.rs:488:15:488:16 | vs | main.rs:492:27:492:28 | vs |
| main.rs:488:15:488:16 | vs | main.rs:492:26:492:27 | vs |
| main.rs:492:9:492:11 | [SSA] vs2 | main.rs:493:15:493:17 | vs2 |
| main.rs:492:9:492:11 | vs2 | main.rs:492:9:492:11 | [SSA] vs2 |
| main.rs:492:9:492:11 | vs2 | main.rs:492:9:492:11 | vs2 |
| main.rs:492:27:492:28 | [post] receiver for vs | main.rs:492:27:492:28 | [post] vs |
| main.rs:492:27:492:28 | [post] vs | main.rs:497:5:497:6 | vs |
| main.rs:492:27:492:28 | vs | main.rs:492:27:492:28 | receiver for vs |
| main.rs:492:27:492:28 | vs | main.rs:497:5:497:6 | vs |
| main.rs:492:27:492:35 | [post] receiver for vs.iter() | main.rs:492:27:492:35 | [post] vs.iter() |
| main.rs:492:27:492:35 | vs.iter() | main.rs:492:27:492:35 | receiver for vs.iter() |
| main.rs:492:27:492:45 | ... .collect() | main.rs:492:9:492:11 | vs2 |
| main.rs:492:26:492:27 | [post] receiver for vs | main.rs:492:26:492:27 | [post] vs |
| main.rs:492:26:492:27 | [post] vs | main.rs:497:5:497:6 | vs |
| main.rs:492:26:492:27 | vs | main.rs:492:26:492:27 | receiver for vs |
| main.rs:492:26:492:27 | vs | main.rs:497:5:497:6 | vs |
| main.rs:492:26:492:34 | [post] receiver for vs.iter() | main.rs:492:26:492:34 | [post] vs.iter() |
| main.rs:492:26:492:34 | vs.iter() | main.rs:492:26:492:34 | receiver for vs.iter() |
| main.rs:492:26:492:44 | ... .collect() | main.rs:492:9:492:11 | vs2 |
| main.rs:493:10:493:10 | [SSA] v | main.rs:494:14:494:14 | v |
| main.rs:493:10:493:10 | v | main.rs:493:10:493:10 | [SSA] v |
| main.rs:493:10:493:10 | v | main.rs:493:10:493:10 | v |
@@ -963,7 +962,7 @@ readStep
| main.rs:444:41:444:67 | [post] \|...\| ... | main.rs:441:9:441:20 | captured default_name | main.rs:444:41:444:67 | [post] default_name |
| main.rs:444:44:444:55 | this | main.rs:441:9:441:20 | captured default_name | main.rs:444:44:444:55 | default_name |
| main.rs:469:13:469:13 | [post] receiver for b | file://:0:0:0:0 | &ref | main.rs:469:13:469:13 | [post] b |
| main.rs:470:19:470:19 | [post] receiver for b | file://:0:0:0:0 | &ref | main.rs:470:19:470:19 | [post] b |
| main.rs:470:18:470:18 | [post] receiver for b | file://:0:0:0:0 | &ref | main.rs:470:18:470:18 | [post] b |
| main.rs:481:10:481:11 | vs | file://:0:0:0:0 | element | main.rs:481:10:481:14 | vs[0] |
| main.rs:482:11:482:35 | ... .unwrap() | file://:0:0:0:0 | &ref | main.rs:482:10:482:35 | * ... |
| main.rs:483:11:483:35 | ... .unwrap() | file://:0:0:0:0 | &ref | main.rs:483:10:483:35 | * ... |
@@ -1023,8 +1022,8 @@ storeStep
| main.rs:261:19:261:28 | source(...) | {EXTERNAL LOCATION} | Some | main.rs:261:14:261:29 | Some(...) |
| main.rs:262:19:262:19 | 2 | {EXTERNAL LOCATION} | Some | main.rs:262:14:262:20 | Some(...) |
| main.rs:266:10:266:10 | 0 | {EXTERNAL LOCATION} | Some | main.rs:266:5:266:11 | Some(...) |
| main.rs:270:36:270:45 | source(...) | {EXTERNAL LOCATION} | Ok | main.rs:270:33:270:46 | Ok(...) |
| main.rs:276:37:276:46 | source(...) | {EXTERNAL LOCATION} | Err | main.rs:276:33:276:47 | Err(...) |
| main.rs:270:35:270:44 | source(...) | {EXTERNAL LOCATION} | Ok | main.rs:270:32:270:45 | Ok(...) |
| main.rs:276:36:276:45 | source(...) | {EXTERNAL LOCATION} | Err | main.rs:276:32:276:46 | Err(...) |
| main.rs:284:35:284:44 | source(...) | {EXTERNAL LOCATION} | Ok | main.rs:284:32:284:45 | Ok(...) |
| main.rs:285:35:285:35 | 2 | {EXTERNAL LOCATION} | Ok | main.rs:285:32:285:36 | Ok(...) |
| main.rs:286:36:286:45 | source(...) | {EXTERNAL LOCATION} | Err | main.rs:286:32:286:46 | Err(...) |
@@ -1061,7 +1060,7 @@ storeStep
| main.rs:432:18:432:27 | source(...) | file://:0:0:0:0 | element | main.rs:432:5:432:11 | [post] mut_arr |
| main.rs:444:41:444:67 | default_name | main.rs:441:9:441:20 | captured default_name | main.rs:444:41:444:67 | \|...\| ... |
| main.rs:469:13:469:13 | b | file://:0:0:0:0 | &ref | main.rs:469:13:469:13 | receiver for b |
| main.rs:470:19:470:19 | b | file://:0:0:0:0 | &ref | main.rs:470:19:470:19 | receiver for b |
| main.rs:470:18:470:18 | b | file://:0:0:0:0 | &ref | main.rs:470:18:470:18 | receiver for b |
| main.rs:479:15:479:24 | source(...) | file://:0:0:0:0 | element | main.rs:479:14:479:34 | [...] |
| main.rs:479:27:479:27 | 2 | file://:0:0:0:0 | element | main.rs:479:14:479:34 | [...] |
| main.rs:479:30:479:30 | 3 | file://:0:0:0:0 | element | main.rs:479:14:479:34 | [...] |

32
rust/ql/test/library-tests/dataflow/local/inline-flow.expected
View File

@@ -117,16 +117,16 @@ edges
| main.rs:263:9:263:10 | i1 | main.rs:264:10:264:11 | i1 | provenance | |
| main.rs:263:14:263:15 | s1 [Some] | main.rs:263:14:263:16 | TryExpr | provenance | |
| main.rs:263:14:263:16 | TryExpr | main.rs:263:9:263:10 | i1 | provenance | |
| main.rs:270:9:270:10 | r1 [Ok] | main.rs:271:29:271:35 | r1.ok() [Some] | provenance | MaD:11 |
| main.rs:270:33:270:46 | Ok(...) [Ok] | main.rs:270:9:270:10 | r1 [Ok] | provenance | |
| main.rs:270:36:270:45 | source(...) | main.rs:270:33:270:46 | Ok(...) [Ok] | provenance | |
| main.rs:270:9:270:10 | r1 [Ok] | main.rs:271:28:271:34 | r1.ok() [Some] | provenance | MaD:11 |
| main.rs:270:32:270:45 | Ok(...) [Ok] | main.rs:270:9:270:10 | r1 [Ok] | provenance | |
| main.rs:270:35:270:44 | source(...) | main.rs:270:32:270:45 | Ok(...) [Ok] | provenance | |
| main.rs:271:9:271:11 | o1a [Some] | main.rs:273:10:273:21 | o1a.unwrap() | provenance | MaD:3 |
| main.rs:271:29:271:35 | r1.ok() [Some] | main.rs:271:9:271:11 | o1a [Some] | provenance | |
| main.rs:276:9:276:10 | r2 [Err] | main.rs:278:29:278:36 | r2.err() [Some] | provenance | MaD:8 |
| main.rs:276:33:276:47 | Err(...) [Err] | main.rs:276:9:276:10 | r2 [Err] | provenance | |
| main.rs:276:37:276:46 | source(...) | main.rs:276:33:276:47 | Err(...) [Err] | provenance | |
| main.rs:271:28:271:34 | r1.ok() [Some] | main.rs:271:9:271:11 | o1a [Some] | provenance | |
| main.rs:276:9:276:10 | r2 [Err] | main.rs:278:28:278:35 | r2.err() [Some] | provenance | MaD:8 |
| main.rs:276:32:276:46 | Err(...) [Err] | main.rs:276:9:276:10 | r2 [Err] | provenance | |
| main.rs:276:36:276:45 | source(...) | main.rs:276:32:276:46 | Err(...) [Err] | provenance | |
| main.rs:278:9:278:11 | o2b [Some] | main.rs:280:10:280:21 | o2b.unwrap() | provenance | MaD:3 |
| main.rs:278:29:278:36 | r2.err() [Some] | main.rs:278:9:278:11 | o2b [Some] | provenance | |
| main.rs:278:28:278:35 | r2.err() [Some] | main.rs:278:9:278:11 | o2b [Some] | provenance | |
| main.rs:284:9:284:10 | s1 [Ok] | main.rs:287:14:287:15 | s1 [Ok] | provenance | |
| main.rs:284:32:284:45 | Ok(...) [Ok] | main.rs:284:9:284:10 | s1 [Ok] | provenance | |
| main.rs:284:35:284:44 | source(...) | main.rs:284:32:284:45 | Ok(...) [Ok] | provenance | |
@@ -373,16 +373,16 @@ nodes
| main.rs:263:14:263:16 | TryExpr | semmle.label | TryExpr |
| main.rs:264:10:264:11 | i1 | semmle.label | i1 |
| main.rs:270:9:270:10 | r1 [Ok] | semmle.label | r1 [Ok] |
| main.rs:270:33:270:46 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] |
| main.rs:270:36:270:45 | source(...) | semmle.label | source(...) |
| main.rs:270:32:270:45 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] |
| main.rs:270:35:270:44 | source(...) | semmle.label | source(...) |
| main.rs:271:9:271:11 | o1a [Some] | semmle.label | o1a [Some] |
| main.rs:271:29:271:35 | r1.ok() [Some] | semmle.label | r1.ok() [Some] |
| main.rs:271:28:271:34 | r1.ok() [Some] | semmle.label | r1.ok() [Some] |
| main.rs:273:10:273:21 | o1a.unwrap() | semmle.label | o1a.unwrap() |
| main.rs:276:9:276:10 | r2 [Err] | semmle.label | r2 [Err] |
| main.rs:276:33:276:47 | Err(...) [Err] | semmle.label | Err(...) [Err] |
| main.rs:276:37:276:46 | source(...) | semmle.label | source(...) |
| main.rs:276:32:276:46 | Err(...) [Err] | semmle.label | Err(...) [Err] |
| main.rs:276:36:276:45 | source(...) | semmle.label | source(...) |
| main.rs:278:9:278:11 | o2b [Some] | semmle.label | o2b [Some] |
| main.rs:278:29:278:36 | r2.err() [Some] | semmle.label | r2.err() [Some] |
| main.rs:278:28:278:35 | r2.err() [Some] | semmle.label | r2.err() [Some] |
| main.rs:280:10:280:21 | o2b.unwrap() | semmle.label | o2b.unwrap() |
| main.rs:284:9:284:10 | s1 [Ok] | semmle.label | s1 [Ok] |
| main.rs:284:32:284:45 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] |
@@ -545,8 +545,8 @@ testFailures
| main.rs:254:10:254:32 | s1.unwrap_or_else(...) | main.rs:253:19:253:28 | source(...) | main.rs:254:10:254:32 | s1.unwrap_or_else(...) | $@ | main.rs:253:19:253:28 | source(...) | source(...) |
| main.rs:257:10:257:41 | s2.unwrap_or_else(...) | main.rs:257:31:257:40 | source(...) | main.rs:257:10:257:41 | s2.unwrap_or_else(...) | $@ | main.rs:257:31:257:40 | source(...) | source(...) |
| main.rs:264:10:264:11 | i1 | main.rs:261:19:261:28 | source(...) | main.rs:264:10:264:11 | i1 | $@ | main.rs:261:19:261:28 | source(...) | source(...) |
| main.rs:273:10:273:21 | o1a.unwrap() | main.rs:270:36:270:45 | source(...) | main.rs:273:10:273:21 | o1a.unwrap() | $@ | main.rs:270:36:270:45 | source(...) | source(...) |
| main.rs:280:10:280:21 | o2b.unwrap() | main.rs:276:37:276:46 | source(...) | main.rs:280:10:280:21 | o2b.unwrap() | $@ | main.rs:276:37:276:46 | source(...) | source(...) |
| main.rs:273:10:273:21 | o1a.unwrap() | main.rs:270:35:270:44 | source(...) | main.rs:273:10:273:21 | o1a.unwrap() | $@ | main.rs:270:35:270:44 | source(...) | source(...) |
| main.rs:280:10:280:21 | o2b.unwrap() | main.rs:276:36:276:45 | source(...) | main.rs:280:10:280:21 | o2b.unwrap() | $@ | main.rs:276:36:276:45 | source(...) | source(...) |
| main.rs:289:10:289:11 | i1 | main.rs:284:35:284:44 | source(...) | main.rs:289:10:289:11 | i1 | $@ | main.rs:284:35:284:44 | source(...) | source(...) |
| main.rs:298:10:298:22 | s1.expect(...) | main.rs:297:35:297:44 | source(...) | main.rs:298:10:298:22 | s1.expect(...) | $@ | main.rs:297:35:297:44 | source(...) | source(...) |
| main.rs:303:10:303:26 | s2.expect_err(...) | main.rs:301:36:301:45 | source(...) | main.rs:303:10:303:26 | s2.expect_err(...) | $@ | main.rs:301:36:301:45 | source(...) | source(...) |

22
rust/ql/test/library-tests/dataflow/local/main.rs
View File

@@ -267,15 +267,15 @@ fn option_questionmark() -> Option<i64> {
}
fn option_ok() {
let r1 : Result<i64, i64> = Ok(source(21));
let o1a : Option<i64> = r1.ok();
let o1b : Option<i64> = r1.err();
let r1: Result<i64, i64> = Ok(source(21));
let o1a: Option<i64> = r1.ok();
let o1b: Option<i64> = r1.err();
sink(o1a.unwrap()); // $ hasValueFlow=21
sink(o1b.unwrap());
let r2 : Result<i64, i64> = Err(source(22));
let o2a : Option<i64> = r2.ok();
let o2b : Option<i64> = r2.err();
let r2: Result<i64, i64> = Err(source(22));
let o2a: Option<i64> = r2.ok();
let o2b: Option<i64> = r2.err();
sink(o2a.unwrap());
sink(o2b.unwrap()); // $ hasValueFlow=22
}
@@ -467,12 +467,12 @@ fn parse() {
let a = source(90);
let b = a.to_string();
let c = b.parse::<i64>().unwrap();
let d : i64 = b.parse().unwrap();
let d: i64 = b.parse().unwrap();
sink(a); // $ hasValueFlow=90
sink_string(b); // $ hasTaintFlow=90
sink(c); // $ hasTaintFlow=90
sink(d); // $ hasTaintFlow=90
sink_string(b); // $ MISSING: we are not currently able to resolve the `to_string` call above, which comes from `impl<T: fmt::Display + ?Sized> ToString for T`
sink(c); // $ MISSING: hasTaintFlow=90 - we are not currently able to resolve the `parse` call above
sink(d); // $ MISSING: hasTaintFlow=90 - we are not currently able to resolve the `parse` call above
}
fn iterators() {
@@ -489,7 +489,7 @@ fn iterators() {
sink(v); // $ MISSING: hasValueFlow=91
}
let vs2 : Vec<&i64> = vs.iter().collect();
let vs2: Vec<&i64> = vs.iter().collect();
for &v in vs2 {
sink(v); // $ MISSING: hasValueFlow=91
}

2
rust/ql/test/library-tests/dataflow/models/models.ql
View File

@@ -20,7 +20,7 @@ query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c)
// not defined in `models.ext.yml`, in order to test that we can also define
// models directly in QL
private class SummarizedCallableIdentity extends SummarizedCallable::Range {
SummarizedCallableIdentity() { this = "repo::test::_::crate::identity" }
SummarizedCallableIdentity() { this.getName().getText() = "identity" }
override predicate propagatesFlow(
string input, string output, boolean preservesValue, string provenance

30
rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected
View File

@@ -4,19 +4,19 @@ multipleMethodCallTargets
| test_futures_io.rs:35:26:35:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:35:26:35:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:35:26:35:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:61:22:61:50 | pinned.poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:61:22:61:50 | pinned.poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:68:23:68:67 | ... .poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:68:23:68:67 | ... .poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:92:26:92:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:92:26:92:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:92:26:92:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:115:22:115:50 | pinned.poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:115:22:115:50 | pinned.poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| web_frameworks.rs:88:14:88:23 | a.as_str() | file://:0:0:0:0 | fn as_str |
| web_frameworks.rs:88:14:88:23 | a.as_str() | file://:0:0:0:0 | fn as_str |
| web_frameworks.rs:89:14:89:25 | a.as_bytes() | file://:0:0:0:0 | fn as_bytes |
| web_frameworks.rs:89:14:89:25 | a.as_bytes() | file://:0:0:0:0 | fn as_bytes |
| test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:69:23:69:67 | ... .poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:69:23:69:67 | ... .poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:93:26:93:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:93:26:93:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:93:26:93:63 | pinned.poll_read(...) | file://:0:0:0:0 | fn poll_read |
| test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) | file://:0:0:0:0 | fn poll_fill_buf |
| web_frameworks.rs:101:14:101:23 | a.as_str() | file://:0:0:0:0 | fn as_str |
| web_frameworks.rs:101:14:101:23 | a.as_str() | file://:0:0:0:0 | fn as_str |
| web_frameworks.rs:102:14:102:25 | a.as_bytes() | file://:0:0:0:0 | fn as_bytes |
| web_frameworks.rs:102:14:102:25 | a.as_bytes() | file://:0:0:0:0 | fn as_bytes |
multiplePathResolutions
| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
@@ -84,8 +84,8 @@ multiplePathResolutions
| test_futures_io.rs:25:23:25:61 | ...::try_from | file://:0:0:0:0 | fn try_from |
| test_futures_io.rs:25:23:25:61 | ...::try_from | file://:0:0:0:0 | fn try_from |
| test_futures_io.rs:25:23:25:61 | ...::try_from | file://:0:0:0:0 | fn try_from |
| test_futures_io.rs:144:26:144:43 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |
| test_futures_io.rs:144:26:144:43 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |
| test_futures_io.rs:145:26:145:43 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |
| test_futures_io.rs:145:26:145:43 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |
multipleCanonicalPaths
| file://:0:0:0:0 | fn to_ordering | file://:0:0:0:0 | Crate(typenum@1.18.0) | <typenum::Equal as core::cmp::Ord>::to_ordering |
| file://:0:0:0:0 | fn to_ordering | file://:0:0:0:0 | Crate(typenum@1.18.0) | <typenum::Equal as typenum::marker_traits::Ord>::to_ordering |

20
rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
View File

@@ -82,13 +82,13 @@
| test.rs:806:16:806:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
| test.rs:806:16:806:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
| test_futures_io.rs:19:15:19:32 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:12:31:12:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:12:31:12:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:21:31:21:35 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:21:31:21:36 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:43:31:43:44 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:43:31:43:45 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:51:31:51:32 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:51:31:51:32 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:60:15:60:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:60:15:60:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:22:14:22:18 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:22:14:22:19 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:48:14:48:28 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:48:14:48:30 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| web_frameworks.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |

66
rust/ql/test/library-tests/dataflow/sources/test.rs
View File

@@ -308,28 +308,28 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = [0u8; 100];
let _bytes = stdin.read(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = Vec::<u8>::new();
let _bytes = stdin.read_to_end(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_to_end` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = String::new();
let _bytes = stdin.read_to_string(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_to_string` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = [0; 100];
stdin.read_exact(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_exact` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
@@ -338,17 +338,17 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
let v2 = stdin.read_i16().await?;
let v3 = stdin.read_f32().await?;
let v4 = stdin.read_i64_le().await?;
sink(v1); // $ hasTaintFlow
sink(v2); // $ hasTaintFlow
sink(v3); // $ hasTaintFlow
sink(v4); // $ hasTaintFlow
sink(v1); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_u8` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v2); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_i16` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v3); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_f32` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v4); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_i64_le` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = bytes::BytesMut::new();
stdin.read_buf(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_buf` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
// --- async reading from stdin (BufReader) ---
@@ -356,7 +356,7 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
{
let mut reader = tokio::io::BufReader::new(tokio::io::stdin()); // $ Alert[rust/summary/taint-sources]
let data = reader.fill_buf().await?;
sink(&data); // $ hasTaintFlow
sink(&data); // $ MISSING: hasTaintFlow -- we cannot resolve the `fill_buf` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
}
{
@@ -369,20 +369,20 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
let mut buffer = String::new();
let mut reader = tokio::io::BufReader::new(tokio::io::stdin()); // $ Alert[rust/summary/taint-sources]
reader.read_line(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_line` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
}
{
let mut buffer = Vec::<u8>::new();
let mut reader = tokio::io::BufReader::new(tokio::io::stdin()); // $ Alert[rust/summary/taint-sources]
reader.read_until(b',', &mut buffer).await?;
sink(&buffer); // $ hasTaintFlow
sink(buffer[0]); // $ hasTaintFlow
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_until` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(buffer[0]); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_until` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
}
{
let mut reader_split = tokio::io::BufReader::new(tokio::io::stdin()).split(b','); // $ Alert[rust/summary/taint-sources]
sink(reader_split.next_segment().await?.unwrap()); // $ hasTaintFlow
sink(reader_split.next_segment().await?.unwrap()); // $ MISSING: hasTaintFlow -- we cannot resolve the `split` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
while let Some(chunk) = reader_split.next_segment().await? {
sink(chunk); // $ MISSING: hasTaintFlow
}
@@ -391,7 +391,7 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
{
let reader = tokio::io::BufReader::new(tokio::io::stdin()); // $ Alert[rust/summary/taint-sources]
let mut lines = reader.lines();
sink(lines.next_line().await?.unwrap()); // $ hasTaintFlow
sink(lines.next_line().await?.unwrap()); // $ MISSING: hasTaintFlow -- we cannot resolve the `lines` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
while let Some(line) = lines.next_line().await? {
sink(line); // $ MISSING: hasTaintFlow
}
@@ -529,25 +529,25 @@ async fn test_tokio_file() -> std::io::Result<()> {
{
let mut buffer = [0u8; 100];
let _bytes = file.read(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow="file.txt"
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
let mut buffer = Vec::<u8>::new();
let _bytes = file.read_to_end(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow="file.txt"
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_to_end` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
let mut buffer = String::new();
let _bytes = file.read_to_string(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow="file.txt"
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_to_string` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
let mut buffer = [0; 100];
file.read_exact(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow="file.txt"
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_exact` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
@@ -555,16 +555,16 @@ async fn test_tokio_file() -> std::io::Result<()> {
let v2 = file.read_i16().await?;
let v3 = file.read_f32().await?;
let v4 = file.read_i64_le().await?;
sink(v1); // $ hasTaintFlow="file.txt"
sink(v2); // $ hasTaintFlow="file.txt"
sink(v3); // $ hasTaintFlow="file.txt"
sink(v4); // $ hasTaintFlow="file.txt"
sink(v1); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_u8` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v2); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_i16` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v3); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_f32` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v4); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_i64_le` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
let mut buffer = bytes::BytesMut::new();
file.read_buf(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow="file.txt"
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_buf` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
// --- misc operations ---
@@ -575,7 +575,7 @@ async fn test_tokio_file() -> std::io::Result<()> {
let file2 = tokio::fs::File::open("another_file.txt").await?; // $ Alert[rust/summary/taint-sources]
let mut reader = file1.chain(file2);
reader.read_to_string(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow="file.txt" hasTaintFlow="another_file.txt"
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" hasTaintFlow="another_file.txt" -- we cannot resolve the `chain` and `read_to_string` calls above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
{
@@ -583,7 +583,7 @@ async fn test_tokio_file() -> std::io::Result<()> {
let file1 = tokio::fs::File::open("file.txt").await?; // $ Alert[rust/summary/taint-sources]
let mut reader = file1.take(100);
reader.read_to_string(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow="file.txt"
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `take` and `read_to_string` calls above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
}
Ok(())
@@ -687,8 +687,8 @@ async fn test_tokio_tcpstream(case: i64) -> std::io::Result<()> {
sink(buffer1[0]); // $ hasTaintFlow=address
println!("buffer2 = {:?}", buffer2);
sink(&buffer2); // $ hasTaintFlow=address
sink(buffer2[0]); // $ hasTaintFlow=address
sink(&buffer2); // $ MISSING: hasTaintFlow=address -- we cannot resolve the `read` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(buffer2[0]); // $ MISSING: hasTaintFlow=address -- we cannot resolve the `read` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
let buffer_string = String::from_utf8_lossy(&buffer2[..n2]);
println!("string = {}", buffer_string);
@@ -777,25 +777,25 @@ fn test_rustls() -> std::io::Result<()> {
let server_name = rustls::pki_types::ServerName::try_from("www.example.com").unwrap();
let config_arc = std::sync::Arc::new(config);
let mut client = rustls::ClientConnection::new(config_arc, server_name).unwrap(); // $ Alert[rust/summary/taint-sources]
let mut reader = client.reader();
sink(&reader); // $ hasTaintFlow=config_arc
let mut reader = client.reader(); // We cannot resolve the `reader` call because it comes from `Deref`: https://docs.rs/rustls/latest/rustls/client/struct.ClientConnection.html#deref-methods-ConnectionCommon%3CClientConnectionData%3E
sink(&reader); // $ MISSING: hasTaintFlow=config_arc
{
let mut buffer = [0u8; 100];
let _bytes = reader.read(&mut buffer)?;
sink(&buffer); // $ hasTaintFlow=config_arc
sink(&buffer); // $ MISSING: hasTaintFlow=config_arc
}
{
let mut buffer = Vec::<u8>::new();
let _bytes = reader.read_to_end(&mut buffer)?;
sink(&buffer); // $ hasTaintFlow=config_arc
sink(&buffer); // $ MISSING: hasTaintFlow=config_arc
}
{
let mut buffer = String::new();
let _bytes = reader.read_to_string(&mut buffer)?;
sink(&buffer); // $ hasTaintFlow=config_arc
sink(&buffer); // $ MISSING: hasTaintFlow=config_arc
}
Ok(())

57
rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
View File

@@ -1,18 +1,18 @@
fn sink<T>(_: T) { }
fn sink<T>(_: T) {}
// --- tests ---
use std::pin::Pin;
use std::task::{Context, Poll};
use std::io;
use futures::io::AsyncRead;
use futures::io::AsyncReadExt;
use async_std::net::TcpStream;
use async_std::sync::Arc;
use futures::io::AsyncBufRead;
use futures::io::AsyncBufReadExt;
use futures::io::AsyncRead;
use futures::io::AsyncReadExt;
use futures::StreamExt;
use futures_rustls::{TlsConnector};
use async_std::sync::Arc;
use async_std::net::TcpStream;
use futures_rustls::TlsConnector;
use std::io;
use std::pin::Pin;
use std::task::{Context, Poll};
async fn test_futures_rustls_futures_io() -> io::Result<()> {
let url = "www.example.com:443";
@@ -32,10 +32,10 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
let mut pinned = Pin::new(&mut reader);
sink(&pinned); // $ hasTaintFlow=url
let mut cx = Context::from_waker(futures::task::noop_waker_ref());
let bytes_read = pinned.poll_read(&mut cx, &mut buffer);
let bytes_read = pinned.poll_read(&mut cx, &mut buffer); // we cannot correctly resolve this call, since it relies on `Deref`
if let Poll::Ready(Ok(n)) = bytes_read {
sink(&buffer); // $ hasTaintFlow=url
sink(&buffer[..n]); // $ hasTaintFlow=url
sink(&buffer); // $ MISSING: hasTaintFlow=url
sink(&buffer[..n]); // $ MISSING: hasTaintFlow=url
}
}
@@ -46,8 +46,9 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
sink(&buffer1[..bytes_read1]); // $ hasTaintFlow=url
let mut buffer2 = [0u8; 64];
let bytes_read2 = reader.read(&mut buffer2).await?;
sink(&buffer2[..bytes_read2]); // $ hasTaintFlow=url
let bytes_read2 = reader.read(&mut buffer2).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer2[..bytes_read2]); // $ MISSING: hasTaintFlow=url
}
let mut reader2 = futures::io::BufReader::new(reader);
@@ -79,8 +80,8 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
{
// using the `AsyncBufReadExt::fill_buf` extension method (higher-level)
let buffer = reader2.fill_buf().await?;
sink(buffer); // $ hasTaintFlow=url
let buffer = reader2.fill_buf().await?; // we cannot resolve the `fill_buf` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(buffer); // $ MISSING: hasTaintFlow=url
}
{
@@ -103,8 +104,8 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
sink(&buffer1[..bytes_read1]); // $ hasTaintFlow=url
let mut buffer2 = [0u8; 64];
let bytes_read2 = reader2.read(&mut buffer2).await?;
sink(&buffer2[..bytes_read2]); // $ hasTaintFlow=url
let bytes_read2 = reader2.read(&mut buffer2).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer2[..bytes_read2]); // $ MISSING: hasTaintFlow=url
}
{
@@ -121,35 +122,35 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
{
// using the `AsyncBufReadExt::fill_buf` extension method (higher-level)
let buffer = reader2.fill_buf().await?;
sink(buffer); // $ hasTaintFlow=url
let buffer = reader2.fill_buf().await?; // we cannot resolve the `fill_buf` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(buffer); // $ MISSING: hasTaintFlow=url
}
{
// using the `AsyncBufReadExt::read_until` extension method
let mut line = Vec::new();
let _bytes_read = reader2.read_until(b'\n', &mut line).await?;
sink(&line); // $ hasTaintFlow=url
let _bytes_read = reader2.read_until(b'\n', &mut line).await?; // we cannot resolve the `read_until` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(&line); // $ MISSING: hasTaintFlow=url
}
{
// using the `AsyncBufReadExt::read_line` extension method
let mut line = String::new();
let _bytes_read = reader2.read_line(&mut line).await?;
sink(&line); // $ hasTaintFlow=url
let _bytes_read = reader2.read_line(&mut line).await?; // we cannot resolve the `read_line` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(&line); // $ MISSING: hasTaintFlow=url
}
{
// using the `AsyncBufReadExt::read_to_end` extension method
let mut buffer = Vec::with_capacity(1024);
let _bytes_read = reader2.read_to_end(&mut buffer).await?;
sink(&buffer); // $ hasTaintFlow=url
let _bytes_read = reader2.read_to_end(&mut buffer).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ MISSING: hasTaintFlow=url
}
{
// using the `AsyncBufReadExt::lines` extension method
let mut lines_stream = reader2.lines();
sink(lines_stream.next().await.unwrap()); // $ hasTaintFlow=url
let mut lines_stream = reader2.lines(); // we cannot resolve the `lines` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(lines_stream.next().await.unwrap()); // $ MISSING: hasTaintFlow=url
while let Some(line) = lines_stream.next().await {
sink(line.unwrap()); // $ MISSING: hasTaintFlow
}

89
rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs
View File

@@ -1,24 +1,26 @@
fn sink<T>(_: T) { }
fn sink<T>(_: T) {}
// --- tests ---
mod poem_test {
use poem::{get, handler, web::Path, web::Query, Route, Server, listener::TcpListener};
use serde::Deserialize;
use super::sink;
use poem::{get, handler, listener::TcpListener, web::Path, web::Query, Route, Server};
use serde::Deserialize;
#[handler]
fn my_poem_handler_1(Path(a): Path<String>) -> String { // $ Alert[rust/summary/taint-sources]
sink(a.as_str()); // $ hasTaintFlow
sink(a.as_bytes()); // $ hasTaintFlow
fn my_poem_handler_1(Path(a): Path<String>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(a.as_str()); // $ MISSING: hasTaintFlow -- no type inference for patterns
sink(a.as_bytes()); // $ MISSING: hasTaintFlow -- no type inference for patterns
sink(a); // $ hasTaintFlow
"".to_string()
}
#[handler]
fn my_poem_handler_2(Path((a, b)): Path<(String, String)>) -> String { // $ Alert[rust/summary/taint-sources]
fn my_poem_handler_2(
Path((a, b)): Path<(String, String)>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(a); // $ MISSING: hasTaintFlow
sink(b); // $ MISSING: hasTaintFlow
@@ -26,7 +28,9 @@ mod poem_test {
}
#[handler]
fn my_poem_handler_3(path: Path<(String, String)>) -> String { // $ MISSING: Alert[rust/summary/taint-sources]
fn my_poem_handler_3(
path: Path<(String, String)>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> String {
sink(&path.0); // $ MISSING: hasTaintFlow
sink(&path.1); // $ MISSING: hasTaintFlow
@@ -40,7 +44,9 @@ mod poem_test {
}
#[handler]
fn my_poem_handler_4(Path(MyStruct {a, b}): Path<MyStruct>) -> String { // $ Alert[rust/summary/taint-sources]
fn my_poem_handler_4(
Path(MyStruct { a, b }): Path<MyStruct>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(a); // $ MISSING: hasTaintFlow
sink(b); // $ MISSING: hasTaintFlow
@@ -48,7 +54,9 @@ mod poem_test {
}
#[handler]
fn my_poem_handler_5(Path(ms): Path<MyStruct>) -> String { // $ Alert[rust/summary/taint-sources]
fn my_poem_handler_5(
Path(ms): Path<MyStruct>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(ms.a); // $ MISSING: hasTaintFlow
sink(ms.b); // $ MISSING: hasTaintFlow
@@ -73,17 +81,22 @@ mod poem_test {
.at("/5/:a/:b", get(my_poem_handler_5))
.at("/6/:a/", get(my_poem_handler_6));
Server::new(TcpListener::bind("0.0.0.0:3000")).run(app).await.unwrap();
Server::new(TcpListener::bind("0.0.0.0:3000"))
.run(app)
.await
.unwrap();
// ...
}
}
mod actix_test {
use actix_web::{get, web, App};
use super::sink;
use actix_web::{get, web, App};
async fn my_actix_handler_1(path: web::Path<String>) -> String { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_actix_handler_1(
path: web::Path<String>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> String {
let a = path.into_inner();
sink(a.as_str()); // $ MISSING: hasTaintFlow
sink(a.as_bytes()); // $ MISSING: hasTaintFlow
@@ -92,7 +105,9 @@ mod actix_test {
"".to_string()
}
async fn my_actix_handler_2(path: web::Path<(String, String)>) -> String { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_actix_handler_2(
path: web::Path<(String, String)>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> String {
let (a, b) = path.into_inner();
sink(a); // $ MISSING: hasTaintFlow
@@ -101,14 +116,18 @@ mod actix_test {
"".to_string()
}
async fn my_actix_handler_3(web::Query(a): web::Query<String>) -> String { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_actix_handler_3(
web::Query(a): web::Query<String>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> String {
sink(a); // $ MISSING: hasTaintFlow
"".to_string()
}
#[get("/4/{a}")]
async fn my_actix_handler_4(path: web::Path<String>) -> String { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_actix_handler_4(
path: web::Path<String>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> String {
let a = path.into_inner();
sink(a); // $ MISSING: hasTaintFlow
@@ -127,13 +146,15 @@ mod actix_test {
}
mod axum_test {
use axum::Router;
use axum::routing::get;
use axum::extract::{Path, Query, Request, Json};
use std::collections::HashMap;
use super::sink;
use axum::extract::{Json, Path, Query, Request};
use axum::routing::get;
use axum::Router;
use std::collections::HashMap;
async fn my_axum_handler_1(Path(a): Path<String>) -> &'static str { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_axum_handler_1(
Path(a): Path<String>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(a.as_str()); // $ MISSING: hasTaintFlow
sink(a.as_bytes()); // $ MISSING: hasTaintFlow
sink(a); // $ MISSING: hasTaintFlow
@@ -141,14 +162,18 @@ mod axum_test {
""
}
async fn my_axum_handler_2(Path((a, b)): Path<(String, String)>) -> &'static str { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_axum_handler_2(
Path((a, b)): Path<(String, String)>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(a); // $ MISSING: hasTaintFlow
sink(b); // $ MISSING: hasTaintFlow
""
}
async fn my_axum_handler_3(Query(params): Query<HashMap<String, String>>) -> &'static str { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_axum_handler_3(
Query(params): Query<HashMap<String, String>>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
for (key, value) in params {
sink(key); // $ MISSING: hasTaintFlow
sink(value); // $ MISSING: hasTaintFlow
@@ -157,7 +182,9 @@ mod axum_test {
""
}
async fn my_axum_handler_4(request: Request) -> &'static str { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_axum_handler_4(
request: Request, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(request.body()); // $ MISSING: hasTaintFlow
request.headers().get("header").unwrap(); // $ MISSING: hasTaintFlow
sink(request.into_body()); // $ MISSING: hasTaintFlow
@@ -165,20 +192,26 @@ mod axum_test {
""
}
async fn my_axum_handler_5(Json(payload): Json<serde_json::Value>) -> &'static str { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_axum_handler_5(
Json(payload): Json<serde_json::Value>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(payload.as_str()); // $ MISSING: hasTaintFlow
sink(payload); // $ MISSING: hasTaintFlow
""
}
async fn my_axum_handler_6(body: String) -> &'static str { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_axum_handler_6(
body: String, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(body); // $ MISSING: hasTaintFlow
""
}
async fn my_axum_handler_7(body: String) -> &'static str { // $ MISSING: Alert[rust/summary/taint-sources]
async fn my_axum_handler_7(
body: String, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(body); // $ MISSING: hasTaintFlow
""

12
rust/ql/test/library-tests/dataflow/strings/CONSISTENCY/PathResolutionConsistency.expected
View File

@@ -2,9 +2,9 @@ multipleMethodCallTargets
| main.rs:64:16:64:25 | s.as_str() | file://:0:0:0:0 | fn as_str |
| main.rs:64:16:64:25 | s.as_str() | file://:0:0:0:0 | fn as_str |
multiplePathResolutions
| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:14:52:25 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:14:52:25 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:14:52:25 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:14:52:25 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:14:52:25 | ...::from | file://:0:0:0:0 | fn from |
| main.rs:52:14:52:25 | ...::from | file://:0:0:0:0 | fn from |

61
rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
View File

@@ -1,9 +1,8 @@
models
| 1 | Summary: lang:alloc; <_ as crate::string::ToString>::to_string; Argument[self]; ReturnValue; taint |
| 2 | Summary: lang:alloc; <crate::string::String as crate::convert::From>::from; Argument[0]; ReturnValue; value |
| 3 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; value |
| 4 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
| 5 | Summary: lang:core; crate::hint::must_use; Argument[0]; ReturnValue; value |
| 1 | Summary: lang:alloc; <crate::string::String as crate::convert::From>::from; Argument[0]; ReturnValue; value |
| 2 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; value |
| 3 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
| 4 | Summary: lang:core; crate::hint::must_use; Argument[0]; ReturnValue; value |
edges
| main.rs:26:9:26:9 | s | main.rs:27:19:27:25 | s[...] | provenance | |
| main.rs:26:13:26:22 | source(...) | main.rs:26:9:26:9 | s | provenance | |
@@ -13,46 +12,42 @@ edges
| main.rs:32:9:32:10 | s1 | main.rs:35:9:35:10 | s4 | provenance | |
| main.rs:32:14:32:23 | source(...) | main.rs:32:9:32:10 | s1 | provenance | |
| main.rs:35:9:35:10 | s4 | main.rs:38:10:38:11 | s4 | provenance | |
| main.rs:51:6:51:7 | s1 | main.rs:52:24:52:25 | s1 | provenance | |
| main.rs:51:11:51:26 | source_slice(...) | main.rs:51:6:51:7 | s1 | provenance | |
| main.rs:52:6:52:7 | s2 | main.rs:53:7:53:8 | s2 | provenance | |
| main.rs:52:11:52:26 | ...::from(...) | main.rs:52:6:52:7 | s2 | provenance | |
| main.rs:52:24:52:25 | s1 | main.rs:52:11:52:26 | ...::from(...) | provenance | MaD:2 |
| main.rs:57:6:57:7 | s1 | main.rs:58:11:58:24 | s1.to_string() | provenance | MaD:1 |
| main.rs:57:11:57:26 | source_slice(...) | main.rs:57:6:57:7 | s1 | provenance | |
| main.rs:58:6:58:7 | s2 | main.rs:59:7:59:8 | s2 | provenance | |
| main.rs:58:11:58:24 | s1.to_string() | main.rs:58:6:58:7 | s2 | provenance | |
| main.rs:51:9:51:10 | s1 | main.rs:52:27:52:28 | s1 | provenance | |
| main.rs:51:14:51:29 | source_slice(...) | main.rs:51:9:51:10 | s1 | provenance | |
| main.rs:52:9:52:10 | s2 | main.rs:53:10:53:11 | s2 | provenance | |
| main.rs:52:14:52:29 | ...::from(...) | main.rs:52:9:52:10 | s2 | provenance | |
| main.rs:52:27:52:28 | s1 | main.rs:52:14:52:29 | ...::from(...) | provenance | MaD:1 |
| main.rs:63:9:63:9 | s | main.rs:64:16:64:16 | s | provenance | |
| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:3 |
| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:2 |
| main.rs:63:13:63:22 | source(...) | main.rs:63:9:63:9 | s | provenance | |
| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:3 |
| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:2 |
| main.rs:68:9:68:9 | s | main.rs:70:34:70:61 | MacroExpr | provenance | |
| main.rs:68:9:68:9 | s | main.rs:73:34:73:59 | MacroExpr | provenance | |
| main.rs:68:13:68:22 | source(...) | main.rs:68:9:68:9 | s | provenance | |
| main.rs:70:9:70:18 | formatted1 | main.rs:71:10:71:19 | formatted1 | provenance | |
| main.rs:70:22:70:62 | ...::format(...) | main.rs:70:9:70:18 | formatted1 | provenance | |
| main.rs:70:34:70:61 | MacroExpr | main.rs:70:22:70:62 | ...::format(...) | provenance | MaD:4 |
| main.rs:70:34:70:61 | MacroExpr | main.rs:70:22:70:62 | ...::format(...) | provenance | MaD:3 |
| main.rs:73:9:73:18 | formatted2 | main.rs:74:10:74:19 | formatted2 | provenance | |
| main.rs:73:22:73:60 | ...::format(...) | main.rs:73:9:73:18 | formatted2 | provenance | |
| main.rs:73:34:73:59 | MacroExpr | main.rs:73:22:73:60 | ...::format(...) | provenance | MaD:4 |
| main.rs:73:34:73:59 | MacroExpr | main.rs:73:22:73:60 | ...::format(...) | provenance | MaD:3 |
| main.rs:76:9:76:13 | width | main.rs:77:34:77:74 | MacroExpr | provenance | |
| main.rs:76:17:76:32 | source_usize(...) | main.rs:76:9:76:13 | width | provenance | |
| main.rs:77:9:77:18 | formatted3 | main.rs:78:10:78:19 | formatted3 | provenance | |
| main.rs:77:22:77:75 | ...::format(...) | main.rs:77:9:77:18 | formatted3 | provenance | |
| main.rs:77:34:77:74 | MacroExpr | main.rs:77:22:77:75 | ...::format(...) | provenance | MaD:4 |
| main.rs:77:34:77:74 | MacroExpr | main.rs:77:22:77:75 | ...::format(...) | provenance | MaD:3 |
| main.rs:82:9:82:10 | s1 | main.rs:86:18:86:25 | MacroExpr | provenance | |
| main.rs:82:9:82:10 | s1 | main.rs:87:18:87:32 | MacroExpr | provenance | |
| main.rs:82:14:82:23 | source(...) | main.rs:82:9:82:10 | s1 | provenance | |
| main.rs:86:10:86:26 | res | main.rs:86:18:86:25 | { ... } | provenance | |
| main.rs:86:18:86:25 | ...::format(...) | main.rs:86:10:86:26 | res | provenance | |
| main.rs:86:18:86:25 | ...::must_use(...) | main.rs:86:10:86:26 | MacroExpr | provenance | |
| main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:4 |
| main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:5 |
| main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:3 |
| main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:4 |
| main.rs:87:10:87:33 | res | main.rs:87:18:87:32 | { ... } | provenance | |
| main.rs:87:18:87:32 | ...::format(...) | main.rs:87:10:87:33 | res | provenance | |
| main.rs:87:18:87:32 | ...::must_use(...) | main.rs:87:10:87:33 | MacroExpr | provenance | |
| main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:4 |
| main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:5 |
| main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:3 |
| main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:4 |
nodes
| main.rs:26:9:26:9 | s | semmle.label | s |
| main.rs:26:13:26:22 | source(...) | semmle.label | source(...) |
@@ -64,17 +59,12 @@ nodes
| main.rs:32:14:32:23 | source(...) | semmle.label | source(...) |
| main.rs:35:9:35:10 | s4 | semmle.label | s4 |
| main.rs:38:10:38:11 | s4 | semmle.label | s4 |
| main.rs:51:6:51:7 | s1 | semmle.label | s1 |
| main.rs:51:11:51:26 | source_slice(...) | semmle.label | source_slice(...) |
| main.rs:52:6:52:7 | s2 | semmle.label | s2 |
| main.rs:52:11:52:26 | ...::from(...) | semmle.label | ...::from(...) |
| main.rs:52:24:52:25 | s1 | semmle.label | s1 |
| main.rs:53:7:53:8 | s2 | semmle.label | s2 |
| main.rs:57:6:57:7 | s1 | semmle.label | s1 |
| main.rs:57:11:57:26 | source_slice(...) | semmle.label | source_slice(...) |
| main.rs:58:6:58:7 | s2 | semmle.label | s2 |
| main.rs:58:11:58:24 | s1.to_string() | semmle.label | s1.to_string() |
| main.rs:59:7:59:8 | s2 | semmle.label | s2 |
| main.rs:51:9:51:10 | s1 | semmle.label | s1 |
| main.rs:51:14:51:29 | source_slice(...) | semmle.label | source_slice(...) |
| main.rs:52:9:52:10 | s2 | semmle.label | s2 |
| main.rs:52:14:52:29 | ...::from(...) | semmle.label | ...::from(...) |
| main.rs:52:27:52:28 | s1 | semmle.label | s1 |
| main.rs:53:10:53:11 | s2 | semmle.label | s2 |
| main.rs:63:9:63:9 | s | semmle.label | s |
| main.rs:63:13:63:22 | source(...) | semmle.label | source(...) |
| main.rs:64:16:64:16 | s | semmle.label | s |
@@ -114,8 +104,7 @@ testFailures
#select
| main.rs:28:16:28:21 | sliced | main.rs:26:13:26:22 | source(...) | main.rs:28:16:28:21 | sliced | $@ | main.rs:26:13:26:22 | source(...) | source(...) |
| main.rs:38:10:38:11 | s4 | main.rs:32:14:32:23 | source(...) | main.rs:38:10:38:11 | s4 | $@ | main.rs:32:14:32:23 | source(...) | source(...) |
| main.rs:53:7:53:8 | s2 | main.rs:51:11:51:26 | source_slice(...) | main.rs:53:7:53:8 | s2 | $@ | main.rs:51:11:51:26 | source_slice(...) | source_slice(...) |
| main.rs:59:7:59:8 | s2 | main.rs:57:11:57:26 | source_slice(...) | main.rs:59:7:59:8 | s2 | $@ | main.rs:57:11:57:26 | source_slice(...) | source_slice(...) |
| main.rs:53:10:53:11 | s2 | main.rs:51:14:51:29 | source_slice(...) | main.rs:53:10:53:11 | s2 | $@ | main.rs:51:14:51:29 | source_slice(...) | source_slice(...) |
| main.rs:64:16:64:25 | s.as_str() | main.rs:63:13:63:22 | source(...) | main.rs:64:16:64:25 | s.as_str() | $@ | main.rs:63:13:63:22 | source(...) | source(...) |
| main.rs:71:10:71:19 | formatted1 | main.rs:68:13:68:22 | source(...) | main.rs:71:10:71:19 | formatted1 | $@ | main.rs:68:13:68:22 | source(...) | source(...) |
| main.rs:74:10:74:19 | formatted2 | main.rs:68:13:68:22 | source(...) | main.rs:74:10:74:19 | formatted2 | $@ | main.rs:68:13:68:22 | source(...) | source(...) |

12
rust/ql/test/library-tests/dataflow/strings/main.rs
View File

@@ -48,15 +48,15 @@ fn string_add_reference() {
}
fn string_from() {
let s1 = source_slice(36);
let s2 = String::from(s1);
sink(s2); // $ hasValueFlow=36
let s1 = source_slice(36);
let s2 = String::from(s1);
sink(s2); // $ hasValueFlow=36
}
fn string_to_string() {
let s1 = source_slice(22);
let s2 = s1.to_string();
sink(s2); // $ hasTaintFlow=22
let s1 = source_slice(22);
let s2 = s1.to_string();
sink(s2); // $ MISSING: hasTaintFlow=22 - we are not currently able to resolve the `to_string` call above, which comes from `impl<T: fmt::Display + ?Sized> ToString for T`
}
fn as_str() {

2
rust/ql/test/library-tests/sensitivedata/test.rs
View File

@@ -279,7 +279,7 @@ fn test_private_info(
sink(&info.medical_notes); // $ sensitive=private
sink(info.medical_notes[0].as_str()); // $ sensitive=private
for n in info.medical_notes.iter() {
sink(n.as_str()); // $ sensitive=private
sink(n.as_str()); // $ MISSING: sensitive=private
}
sink(info.confidentialMessage.as_str()); // $ MISSING: sensitive=private
sink(info.confidentialMessage.to_lowercase()); // $ MISSING: sensitive=private

44
rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected
View File

@@ -1,36 +1,15 @@
#select
| src/main.rs:10:5:10:22 | ...::read_to_string | src/main.rs:6:11:6:19 | file_name | src/main.rs:10:5:10:22 | ...::read_to_string | This path depends on a $@. | src/main.rs:6:11:6:19 | file_name | user-provided value |
| src/main.rs:45:5:45:22 | ...::read_to_string | src/main.rs:37:11:37:19 | file_path | src/main.rs:45:5:45:22 | ...::read_to_string | This path depends on a $@. | src/main.rs:37:11:37:19 | file_path | user-provided value |
| src/main.rs:59:5:59:22 | ...::read_to_string | src/main.rs:50:11:50:19 | file_path | src/main.rs:59:5:59:22 | ...::read_to_string | This path depends on a $@. | src/main.rs:50:11:50:19 | file_path | user-provided value |
edges
| src/main.rs:6:11:6:19 | file_name | src/main.rs:8:35:8:43 | file_name | provenance | |
| src/main.rs:8:9:8:17 | file_path | src/main.rs:10:24:10:32 | file_path | provenance | |
| src/main.rs:8:21:8:44 | ...::from(...) | src/main.rs:8:9:8:17 | file_path | provenance | |
| src/main.rs:8:35:8:43 | file_name | src/main.rs:8:21:8:44 | ...::from(...) | provenance | MaD:4 |
| src/main.rs:8:35:8:43 | file_name | src/main.rs:8:21:8:44 | ...::from(...) | provenance | MaD:4 |
| src/main.rs:8:35:8:43 | file_name | src/main.rs:8:21:8:44 | ...::from(...) | provenance | MaD:2 |
| src/main.rs:8:35:8:43 | file_name | src/main.rs:8:21:8:44 | ...::from(...) | provenance | MaD:2 |
| src/main.rs:10:24:10:32 | file_path | src/main.rs:10:5:10:22 | ...::read_to_string | provenance | MaD:1 Sink:MaD:1 |
| src/main.rs:37:11:37:19 | file_path | src/main.rs:40:52:40:60 | file_path | provenance | |
| src/main.rs:40:9:40:17 | file_path | src/main.rs:45:24:45:32 | file_path | provenance | |
| src/main.rs:40:21:40:62 | public_path.join(...) | src/main.rs:40:9:40:17 | file_path | provenance | |
| src/main.rs:40:38:40:61 | ...::from(...) | src/main.rs:40:21:40:62 | public_path.join(...) | provenance | MaD:3 |
| src/main.rs:40:52:40:60 | file_path | src/main.rs:40:38:40:61 | ...::from(...) | provenance | MaD:4 |
| src/main.rs:40:52:40:60 | file_path | src/main.rs:40:38:40:61 | ...::from(...) | provenance | MaD:4 |
| src/main.rs:45:24:45:32 | file_path | src/main.rs:45:5:45:22 | ...::read_to_string | provenance | MaD:1 Sink:MaD:1 |
| src/main.rs:50:11:50:19 | file_path | src/main.rs:53:52:53:60 | file_path | provenance | |
| src/main.rs:53:9:53:17 | file_path | src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | provenance | Config |
| src/main.rs:53:21:53:62 | public_path.join(...) | src/main.rs:53:9:53:17 | file_path | provenance | |
| src/main.rs:53:38:53:61 | ...::from(...) | src/main.rs:53:21:53:62 | public_path.join(...) | provenance | MaD:3 |
| src/main.rs:53:52:53:60 | file_path | src/main.rs:53:38:53:61 | ...::from(...) | provenance | MaD:4 |
| src/main.rs:53:52:53:60 | file_path | src/main.rs:53:38:53:61 | ...::from(...) | provenance | MaD:4 |
| src/main.rs:54:9:54:17 | file_path | src/main.rs:59:24:59:32 | file_path | provenance | |
| src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | src/main.rs:54:21:54:53 | ... .unwrap() | provenance | MaD:2 |
| src/main.rs:54:21:54:53 | ... .unwrap() | src/main.rs:54:9:54:17 | file_path | provenance | |
| src/main.rs:59:24:59:32 | file_path | src/main.rs:59:5:59:22 | ...::read_to_string | provenance | MaD:1 Sink:MaD:1 |
models
| 1 | Sink: lang:std; crate::fs::read_to_string; path-injection; Argument[0] |
| 2 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 3 | Summary: lang:std; <crate::path::Path>::join; Argument[0]; ReturnValue; taint |
| 4 | Summary: lang:std; <crate::path::PathBuf as crate::convert::From>::from; Argument[0]; ReturnValue; taint |
| 2 | Summary: lang:std; <crate::path::PathBuf as crate::convert::From>::from; Argument[0]; ReturnValue; taint |
nodes
| src/main.rs:6:11:6:19 | file_name | semmle.label | file_name |
| src/main.rs:8:9:8:17 | file_path | semmle.label | file_path |
@@ -38,21 +17,4 @@ nodes
| src/main.rs:8:35:8:43 | file_name | semmle.label | file_name |
| src/main.rs:10:5:10:22 | ...::read_to_string | semmle.label | ...::read_to_string |
| src/main.rs:10:24:10:32 | file_path | semmle.label | file_path |
| src/main.rs:37:11:37:19 | file_path | semmle.label | file_path |
| src/main.rs:40:9:40:17 | file_path | semmle.label | file_path |
| src/main.rs:40:21:40:62 | public_path.join(...) | semmle.label | public_path.join(...) |
| src/main.rs:40:38:40:61 | ...::from(...) | semmle.label | ...::from(...) |
| src/main.rs:40:52:40:60 | file_path | semmle.label | file_path |
| src/main.rs:45:5:45:22 | ...::read_to_string | semmle.label | ...::read_to_string |
| src/main.rs:45:24:45:32 | file_path | semmle.label | file_path |
| src/main.rs:50:11:50:19 | file_path | semmle.label | file_path |
| src/main.rs:53:9:53:17 | file_path | semmle.label | file_path |
| src/main.rs:53:21:53:62 | public_path.join(...) | semmle.label | public_path.join(...) |
| src/main.rs:53:38:53:61 | ...::from(...) | semmle.label | ...::from(...) |
| src/main.rs:53:52:53:60 | file_path | semmle.label | file_path |
| src/main.rs:54:9:54:17 | file_path | semmle.label | file_path |
| src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | semmle.label | file_path.canonicalize() [Ok] |
| src/main.rs:54:21:54:53 | ... .unwrap() | semmle.label | ... .unwrap() |
| src/main.rs:59:5:59:22 | ...::read_to_string | semmle.label | ...::read_to_string |
| src/main.rs:59:24:59:32 | file_path | semmle.label | file_path |
subpaths

8
rust/ql/test/query-tests/security/CWE-022/src/main.rs
View File

@@ -34,7 +34,7 @@ fn tainted_path_handler_folder_good(Query(file_path): Query<String>) -> Result<S
//#[handler]
fn tainted_path_handler_folder_almost_good1(
Query(file_path): Query<String>, // $ Source=remote4
Query(file_path): Query<String>, // $ MISSING: Source=remote4
) -> Result<String> {
let public_path = PathBuf::from("/var/www/public_html");
let file_path = public_path.join(PathBuf::from(file_path));
@@ -42,12 +42,12 @@ fn tainted_path_handler_folder_almost_good1(
if !file_path.starts_with(public_path) {
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink Alert[rust/path-injection]=remote4
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: Alert[rust/path-injection]=remote4 -- we cannot resolve the `join` call above, because it needs a `PathBuf -> Path` `Deref`
}
//#[handler]
fn tainted_path_handler_folder_almost_good2(
Query(file_path): Query<String>, // $ Source=remote5
Query(file_path): Query<String>, // $ MISSING: Source=remote5
) -> Result<String> {
let public_path = PathBuf::from("/var/www/public_html");
let file_path = public_path.join(PathBuf::from(file_path));
@@ -56,7 +56,7 @@ fn tainted_path_handler_folder_almost_good2(
if file_path.starts_with(public_path) {
return Err(Error::from_status(StatusCode::BAD_REQUEST));
}
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink Alert[rust/path-injection]=remote5
fs::read_to_string(file_path).map_err(InternalServerError) // $ path-injection-sink MISSING: Alert[rust/path-injection]=remote5 -- we cannot resolve the `join` call above, because it needs a `PathBuf -> Path` `Deref`
}
fn sinks(path1: &Path, path2: &Path) {

8
rust/ql/test/query-tests/security/CWE-089/Cargo.lock generated
View File

@@ -1500,9 +1500,9 @@ dependencies = [
[[package]]
name = "r-efi"
version = "5.2.0"
version = "5.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"
checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
[[package]]
name = "rand"
@@ -1654,9 +1654,9 @@ dependencies = [
[[package]]
name = "rustls"
version = "0.23.27"
version = "0.23.28"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "730944ca083c1c233a75c09f199e973ca499344a2b7ba9e755c457e86fb4a321"
checksum = "7160e3e10bf4535308537f3c4e1641468cd0e485175d6163087c0393c7d46643"
dependencies = [
"once_cell",
"rustls-pki-types",

65
rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
View File

@@ -1,36 +1,20 @@
#select
| sqlx.rs:66:26:66:46 | safe_query_3.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:66:26:66:46 | safe_query_3.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
| sqlx.rs:67:26:67:48 | unsafe_query_1.as_str() | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:67:26:67:48 | unsafe_query_1.as_str() | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value |
| sqlx.rs:69:30:69:52 | unsafe_query_2.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:69:30:69:52 | unsafe_query_2.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
| sqlx.rs:71:30:71:52 | unsafe_query_4.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:71:30:71:52 | unsafe_query_4.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value |
| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
edges
| sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance | |
| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:1 |
| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:10 |
| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:5 |
| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:7 |
| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:4 |
| sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance | |
| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:8 |
| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | |
| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance | |
| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:2 |
| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:6 |
| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:11 |
| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:7 |
| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:5 |
| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:8 |
| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:6 |
| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance | |
| sqlx.rs:49:9:49:21 | remote_number | sqlx.rs:52:32:52:87 | MacroExpr | provenance | |
| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:7 |
| sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | sqlx.rs:49:9:49:21 | remote_number | provenance | |
| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:66:26:66:46 | safe_query_3.as_str() | provenance | MaD:3 |
| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:3 |
| sqlx.rs:52:24:52:88 | res | sqlx.rs:52:32:52:87 | { ... } | provenance | |
| sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:24:52:88 | res | provenance | |
| sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance | |
| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:4 |
| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:9 |
| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:67:26:67:48 | unsafe_query_1.as_str() | provenance | MaD:3 |
| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | provenance | MaD:3 |
| sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance | |
@@ -39,25 +23,15 @@ edges
| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | provenance | MaD:3 |
| sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | |
| sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | |
| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:71:30:71:52 | unsafe_query_4.as_str() | provenance | MaD:3 |
| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:3 |
| sqlx.rs:59:9:59:73 | res | sqlx.rs:59:17:59:72 | { ... } | provenance | |
| sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:9:59:73 | res | provenance | |
| sqlx.rs:59:17:59:72 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance | |
| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:4 |
| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:9 |
models
| 1 | Source: lang:std; crate::env::args; commandargs; ReturnValue.Element |
| 2 | Source: repo:https://github.com/seanmonstar/reqwest:reqwest; crate::blocking::get; remote; ReturnValue.Field[core::result::Result::Ok(0)] |
| 3 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; value |
| 4 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
| 5 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 6 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 7 | Summary: lang:core; <crate::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 8 | Summary: lang:core; <str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 9 | Summary: lang:core; crate::hint::must_use; Argument[0]; ReturnValue; value |
| 10 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
| 11 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 4 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 5 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 6 | Summary: lang:core; <crate::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 7 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
| 8 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
nodes
| sqlx.rs:47:9:47:18 | arg_string | semmle.label | arg_string |
| sqlx.rs:47:22:47:35 | ...::args | semmle.label | ...::args |
@@ -70,33 +44,14 @@ nodes
| sqlx.rs:48:25:48:78 | ... .unwrap() | semmle.label | ... .unwrap() |
| sqlx.rs:48:25:48:85 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
| sqlx.rs:49:9:49:21 | remote_number | semmle.label | remote_number |
| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | semmle.label | remote_string.parse() [Ok] |
| sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
| sqlx.rs:52:9:52:20 | safe_query_3 | semmle.label | safe_query_3 |
| sqlx.rs:52:24:52:88 | res | semmle.label | res |
| sqlx.rs:52:32:52:87 | ...::format(...) | semmle.label | ...::format(...) |
| sqlx.rs:52:32:52:87 | ...::must_use(...) | semmle.label | ...::must_use(...) |
| sqlx.rs:52:32:52:87 | MacroExpr | semmle.label | MacroExpr |
| sqlx.rs:52:32:52:87 | { ... } | semmle.label | { ... } |
| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | semmle.label | unsafe_query_1 [&ref] |
| sqlx.rs:53:26:53:36 | &arg_string [&ref] | semmle.label | &arg_string [&ref] |
| sqlx.rs:53:27:53:36 | arg_string | semmle.label | arg_string |
| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] |
| sqlx.rs:54:26:54:39 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
| sqlx.rs:54:27:54:39 | remote_string | semmle.label | remote_string |
| sqlx.rs:56:9:56:22 | unsafe_query_4 | semmle.label | unsafe_query_4 |
| sqlx.rs:59:9:59:73 | res | semmle.label | res |
| sqlx.rs:59:17:59:72 | ...::format(...) | semmle.label | ...::format(...) |
| sqlx.rs:59:17:59:72 | ...::must_use(...) | semmle.label | ...::must_use(...) |
| sqlx.rs:59:17:59:72 | MacroExpr | semmle.label | MacroExpr |
| sqlx.rs:59:17:59:72 | { ... } | semmle.label | { ... } |
| sqlx.rs:66:26:66:46 | safe_query_3.as_str() | semmle.label | safe_query_3.as_str() |
| sqlx.rs:67:26:67:48 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() |
| sqlx.rs:69:30:69:52 | unsafe_query_2.as_str() | semmle.label | unsafe_query_2.as_str() |
| sqlx.rs:71:30:71:52 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() |
| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | semmle.label | safe_query_3.as_str() |
| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() |
| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | semmle.label | unsafe_query_2.as_str() |
| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() |
subpaths

8
rust/ql/test/query-tests/security/CWE-089/sqlx.rs
View File

@@ -63,23 +63,23 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
// direct execution
let _ = conn.execute(safe_query_1.as_str()).await?; // $ sql-sink
let _ = conn.execute(safe_query_2.as_str()).await?; // $ sql-sink
let _ = conn.execute(safe_query_3.as_str()).await?; // $ sql-sink SPURIOUS: Alert[rust/sql-injection]=remote1
let _ = conn.execute(safe_query_3.as_str()).await?; // $ sql-sink
let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=args1
if enable_remote {
let _ = conn.execute(unsafe_query_2.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
let _ = conn.execute(unsafe_query_3.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
let _ = conn.execute(unsafe_query_4.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
let _ = conn.execute(unsafe_query_4.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
}
// prepared queries
let _ = sqlx::query(safe_query_1.as_str()).execute(&pool).await?; // $ sql-sink
let _ = sqlx::query(safe_query_2.as_str()).execute(&pool).await?; // $ sql-sink
let _ = sqlx::query(safe_query_3.as_str()).execute(&pool).await?; // $ sql-sink SPURIOUS: Alert[rust/sql-injection]=remote1
let _ = sqlx::query(safe_query_3.as_str()).execute(&pool).await?; // $ sql-sink
let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=args1
if enable_remote {
let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
}
let _ = sqlx::query(prepared_query_1.as_str()).bind(const_string).execute(&pool).await?; // $ sql-sink
let _ = sqlx::query(prepared_query_1.as_str()).bind(arg_string).execute(&pool).await?; // $ sql-sink

261
rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected
View File

@@ -48,242 +48,194 @@
| test_logging.rs:220:13:220:58 | ...::panic_fmt | test_logging.rs:220:50:220:57 | password | test_logging.rs:220:13:220:58 | ...::panic_fmt | This operation writes $@ to a log file. | test_logging.rs:220:50:220:57 | password | password |
| test_logging.rs:223:13:223:60 | ...::assert_failed | test_logging.rs:223:52:223:59 | password | test_logging.rs:223:13:223:60 | ...::assert_failed | This operation writes $@ to a log file. | test_logging.rs:223:52:223:59 | password | password |
| test_logging.rs:226:13:226:60 | ...::assert_failed | test_logging.rs:226:52:226:59 | password | test_logging.rs:226:13:226:60 | ...::assert_failed | This operation writes $@ to a log file. | test_logging.rs:226:52:226:59 | password | password |
| test_logging.rs:229:23:229:28 | expect | test_logging.rs:229:54:229:61 | password | test_logging.rs:229:23:229:28 | expect | This operation writes $@ to a log file. | test_logging.rs:229:54:229:61 | password | password |
| test_logging.rs:229:23:229:28 | expect | test_logging.rs:229:54:229:61 | password | test_logging.rs:229:23:229:28 | expect | This operation writes $@ to a log file. | test_logging.rs:229:54:229:61 | password | password |
| test_logging.rs:242:10:242:14 | write | test_logging.rs:242:42:242:49 | password | test_logging.rs:242:10:242:14 | write | This operation writes $@ to a log file. | test_logging.rs:242:42:242:49 | password | password |
| test_logging.rs:245:10:245:18 | write_all | test_logging.rs:245:46:245:53 | password | test_logging.rs:245:10:245:18 | write_all | This operation writes $@ to a log file. | test_logging.rs:245:46:245:53 | password | password |
| test_logging.rs:248:9:248:13 | write | test_logging.rs:248:41:248:48 | password | test_logging.rs:248:9:248:13 | write | This operation writes $@ to a log file. | test_logging.rs:248:41:248:48 | password | password |
| test_logging.rs:251:9:251:13 | write | test_logging.rs:251:41:251:48 | password | test_logging.rs:251:9:251:13 | write | This operation writes $@ to a log file. | test_logging.rs:251:41:251:48 | password | password |
edges
| test_logging.rs:42:12:42:35 | MacroExpr | test_logging.rs:42:5:42:36 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:42:12:42:35 | MacroExpr | test_logging.rs:42:5:42:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:42:28:42:35 | password | test_logging.rs:42:12:42:35 | MacroExpr | provenance | |
| test_logging.rs:43:12:43:35 | MacroExpr | test_logging.rs:43:5:43:36 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:43:12:43:35 | MacroExpr | test_logging.rs:43:5:43:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:43:28:43:35 | password | test_logging.rs:43:12:43:35 | MacroExpr | provenance | |
| test_logging.rs:44:11:44:34 | MacroExpr | test_logging.rs:44:5:44:35 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:44:11:44:34 | MacroExpr | test_logging.rs:44:5:44:35 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:44:27:44:34 | password | test_logging.rs:44:11:44:34 | MacroExpr | provenance | |
| test_logging.rs:45:12:45:35 | MacroExpr | test_logging.rs:45:5:45:36 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:45:12:45:35 | MacroExpr | test_logging.rs:45:5:45:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:45:28:45:35 | password | test_logging.rs:45:12:45:35 | MacroExpr | provenance | |
| test_logging.rs:46:11:46:34 | MacroExpr | test_logging.rs:46:5:46:35 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:46:11:46:34 | MacroExpr | test_logging.rs:46:5:46:35 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:46:27:46:34 | password | test_logging.rs:46:11:46:34 | MacroExpr | provenance | |
| test_logging.rs:47:24:47:47 | MacroExpr | test_logging.rs:47:5:47:48 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:47:24:47:47 | MacroExpr | test_logging.rs:47:5:47:48 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:47:40:47:47 | password | test_logging.rs:47:24:47:47 | MacroExpr | provenance | |
| test_logging.rs:52:12:52:35 | MacroExpr | test_logging.rs:52:5:52:36 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:52:12:52:35 | MacroExpr | test_logging.rs:52:5:52:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:52:28:52:35 | password | test_logging.rs:52:12:52:35 | MacroExpr | provenance | |
| test_logging.rs:54:12:54:48 | MacroExpr | test_logging.rs:54:5:54:49 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:54:12:54:48 | MacroExpr | test_logging.rs:54:5:54:49 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:54:41:54:48 | password | test_logging.rs:54:12:54:48 | MacroExpr | provenance | |
| test_logging.rs:56:12:56:46 | MacroExpr | test_logging.rs:56:5:56:47 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:56:12:56:46 | MacroExpr | test_logging.rs:56:5:56:47 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:56:39:56:46 | password | test_logging.rs:56:12:56:46 | MacroExpr | provenance | |
| test_logging.rs:57:12:57:33 | MacroExpr | test_logging.rs:57:5:57:34 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:57:12:57:33 | MacroExpr | test_logging.rs:57:5:57:34 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:57:24:57:31 | password | test_logging.rs:57:12:57:33 | MacroExpr | provenance | |
| test_logging.rs:58:12:58:35 | MacroExpr | test_logging.rs:58:5:58:36 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:58:12:58:35 | MacroExpr | test_logging.rs:58:5:58:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:58:24:58:31 | password | test_logging.rs:58:12:58:35 | MacroExpr | provenance | |
| test_logging.rs:60:30:60:53 | MacroExpr | test_logging.rs:60:5:60:54 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:60:30:60:53 | MacroExpr | test_logging.rs:60:5:60:54 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:60:46:60:53 | password | test_logging.rs:60:30:60:53 | MacroExpr | provenance | |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:61:20:61:28 | &password | test_logging.rs:61:20:61:28 | TupleExpr [tuple.0] | provenance | |
| test_logging.rs:61:20:61:28 | &password [&ref] | test_logging.rs:61:20:61:28 | TupleExpr [tuple.0, &ref] | provenance | |
| test_logging.rs:61:20:61:28 | TupleExpr [tuple.0, &ref] | test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | provenance | |
| test_logging.rs:61:20:61:28 | TupleExpr [tuple.0] | test_logging.rs:61:20:61:28 | &... [&ref, tuple.0] | provenance | |
| test_logging.rs:61:21:61:28 | password | test_logging.rs:61:20:61:28 | &password | provenance | Config |
| test_logging.rs:61:21:61:28 | password | test_logging.rs:61:20:61:28 | &password [&ref] | provenance | |
| test_logging.rs:65:24:65:47 | MacroExpr | test_logging.rs:65:5:65:48 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:65:24:65:47 | MacroExpr | test_logging.rs:65:5:65:48 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:65:40:65:47 | password | test_logging.rs:65:24:65:47 | MacroExpr | provenance | |
| test_logging.rs:67:42:67:65 | MacroExpr | test_logging.rs:67:5:67:66 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:67:42:67:65 | MacroExpr | test_logging.rs:67:5:67:66 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:67:58:67:65 | password | test_logging.rs:67:42:67:65 | MacroExpr | provenance | |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:68:18:68:26 | &password | test_logging.rs:68:18:68:26 | TupleExpr [tuple.0] | provenance | |
| test_logging.rs:68:18:68:26 | &password [&ref] | test_logging.rs:68:18:68:26 | TupleExpr [tuple.0, &ref] | provenance | |
| test_logging.rs:68:18:68:26 | TupleExpr [tuple.0, &ref] | test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | provenance | |
| test_logging.rs:68:18:68:26 | TupleExpr [tuple.0] | test_logging.rs:68:18:68:26 | &... [&ref, tuple.0] | provenance | |
| test_logging.rs:68:19:68:26 | password | test_logging.rs:68:18:68:26 | &password | provenance | Config |
| test_logging.rs:68:19:68:26 | password | test_logging.rs:68:18:68:26 | &password [&ref] | provenance | |
| test_logging.rs:72:23:72:46 | MacroExpr | test_logging.rs:72:5:72:47 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:72:23:72:46 | MacroExpr | test_logging.rs:72:5:72:47 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:72:39:72:46 | password | test_logging.rs:72:23:72:46 | MacroExpr | provenance | |
| test_logging.rs:74:41:74:64 | MacroExpr | test_logging.rs:74:5:74:65 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:74:41:74:64 | MacroExpr | test_logging.rs:74:5:74:65 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:74:57:74:64 | password | test_logging.rs:74:41:74:64 | MacroExpr | provenance | |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:75:20:75:28 | &password | test_logging.rs:75:20:75:28 | TupleExpr [tuple.0] | provenance | |
| test_logging.rs:75:20:75:28 | &password [&ref] | test_logging.rs:75:20:75:28 | TupleExpr [tuple.0, &ref] | provenance | |
| test_logging.rs:75:20:75:28 | TupleExpr [tuple.0, &ref] | test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | provenance | |
| test_logging.rs:75:20:75:28 | TupleExpr [tuple.0] | test_logging.rs:75:20:75:28 | &... [&ref, tuple.0] | provenance | |
| test_logging.rs:75:21:75:28 | password | test_logging.rs:75:20:75:28 | &password | provenance | Config |
| test_logging.rs:75:21:75:28 | password | test_logging.rs:75:20:75:28 | &password [&ref] | provenance | |
| test_logging.rs:76:23:76:46 | MacroExpr | test_logging.rs:76:5:76:47 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:76:23:76:46 | MacroExpr | test_logging.rs:76:5:76:47 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:76:39:76:46 | password | test_logging.rs:76:23:76:46 | MacroExpr | provenance | |
| test_logging.rs:82:20:82:43 | MacroExpr | test_logging.rs:82:5:82:44 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:82:20:82:43 | MacroExpr | test_logging.rs:82:5:82:44 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:82:36:82:43 | password | test_logging.rs:82:20:82:43 | MacroExpr | provenance | |
| test_logging.rs:84:38:84:61 | MacroExpr | test_logging.rs:84:5:84:62 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:84:38:84:61 | MacroExpr | test_logging.rs:84:5:84:62 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:84:54:84:61 | password | test_logging.rs:84:38:84:61 | MacroExpr | provenance | |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:15 Sink:MaD:15 Sink:MaD:15 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:85:20:85:28 | &password | test_logging.rs:85:20:85:28 | TupleExpr [tuple.0] | provenance | |
| test_logging.rs:85:20:85:28 | &password [&ref] | test_logging.rs:85:20:85:28 | TupleExpr [tuple.0, &ref] | provenance | |
| test_logging.rs:85:20:85:28 | TupleExpr [tuple.0, &ref] | test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | provenance | |
| test_logging.rs:85:20:85:28 | TupleExpr [tuple.0] | test_logging.rs:85:20:85:28 | &... [&ref, tuple.0] | provenance | |
| test_logging.rs:85:21:85:28 | password | test_logging.rs:85:20:85:28 | &password | provenance | Config |
| test_logging.rs:85:21:85:28 | password | test_logging.rs:85:20:85:28 | &password [&ref] | provenance | |
| test_logging.rs:86:20:86:43 | MacroExpr | test_logging.rs:86:5:86:44 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:86:20:86:43 | MacroExpr | test_logging.rs:86:5:86:44 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:86:36:86:43 | password | test_logging.rs:86:20:86:43 | MacroExpr | provenance | |
| test_logging.rs:93:9:93:10 | m1 | test_logging.rs:94:11:94:28 | MacroExpr | provenance | |
| test_logging.rs:93:14:93:22 | &password | test_logging.rs:93:9:93:10 | m1 | provenance | |
| test_logging.rs:93:15:93:22 | password | test_logging.rs:93:14:93:22 | &password | provenance | Config |
| test_logging.rs:94:11:94:28 | MacroExpr | test_logging.rs:94:5:94:29 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:94:11:94:28 | MacroExpr | test_logging.rs:94:5:94:29 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:96:9:96:10 | m2 | test_logging.rs:97:11:97:18 | MacroExpr | provenance | |
| test_logging.rs:96:41:96:49 | &password | test_logging.rs:96:9:96:10 | m2 | provenance | |
| test_logging.rs:96:42:96:49 | password | test_logging.rs:96:41:96:49 | &password | provenance | Config |
| test_logging.rs:97:11:97:18 | MacroExpr | test_logging.rs:97:5:97:19 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:97:11:97:18 | MacroExpr | test_logging.rs:97:5:97:19 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:99:9:99:10 | m3 | test_logging.rs:100:11:100:18 | MacroExpr | provenance | |
| test_logging.rs:99:14:99:46 | res | test_logging.rs:99:22:99:45 | { ... } | provenance | |
| test_logging.rs:99:22:99:45 | ...::format(...) | test_logging.rs:99:14:99:46 | res | provenance | |
| test_logging.rs:99:22:99:45 | ...::must_use(...) | test_logging.rs:99:9:99:10 | m3 | provenance | |
| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:18 |
| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:19 |
| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:12 |
| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:13 |
| test_logging.rs:99:38:99:45 | password | test_logging.rs:99:22:99:45 | MacroExpr | provenance | |
| test_logging.rs:100:11:100:18 | MacroExpr | test_logging.rs:100:5:100:19 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:118:12:118:41 | MacroExpr | test_logging.rs:118:5:118:42 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:100:11:100:18 | MacroExpr | test_logging.rs:100:5:100:19 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:118:12:118:41 | MacroExpr | test_logging.rs:118:5:118:42 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:118:28:118:41 | get_password(...) | test_logging.rs:118:12:118:41 | MacroExpr | provenance | |
| test_logging.rs:129:9:129:10 | t1 [tuple.1] | test_logging.rs:131:28:131:29 | t1 [tuple.1] | provenance | |
| test_logging.rs:129:14:129:33 | TupleExpr [tuple.1] | test_logging.rs:129:9:129:10 | t1 [tuple.1] | provenance | |
| test_logging.rs:129:25:129:32 | password | test_logging.rs:129:14:129:33 | TupleExpr [tuple.1] | provenance | |
| test_logging.rs:131:12:131:31 | MacroExpr | test_logging.rs:131:5:131:32 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:131:12:131:31 | MacroExpr | test_logging.rs:131:5:131:32 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:131:28:131:29 | t1 [tuple.1] | test_logging.rs:131:28:131:31 | t1.1 | provenance | |
| test_logging.rs:131:28:131:31 | t1.1 | test_logging.rs:131:12:131:31 | MacroExpr | provenance | |
| test_logging.rs:141:11:141:37 | MacroExpr | test_logging.rs:141:5:141:38 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:141:11:141:37 | MacroExpr | test_logging.rs:141:5:141:38 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:141:27:141:37 | s1.password | test_logging.rs:141:11:141:37 | MacroExpr | provenance | |
| test_logging.rs:151:11:151:37 | MacroExpr | test_logging.rs:151:5:151:38 | ...::log | provenance | MaD:14 Sink:MaD:14 |
| test_logging.rs:151:11:151:37 | MacroExpr | test_logging.rs:151:5:151:38 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:151:27:151:37 | s2.password | test_logging.rs:151:11:151:37 | MacroExpr | provenance | |
| test_logging.rs:176:33:176:79 | &... | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:176:33:176:79 | &... [&ref] | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:176:33:176:79 | &... | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:6 Sink:MaD:6 |
| test_logging.rs:176:33:176:79 | &... [&ref] | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:6 Sink:MaD:6 |
| test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... | provenance | Config |
| test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... [&ref] | provenance | |
| test_logging.rs:176:34:176:79 | res | test_logging.rs:176:42:176:78 | { ... } | provenance | |
| test_logging.rs:176:42:176:78 | ...::format(...) | test_logging.rs:176:34:176:79 | res | provenance | |
| test_logging.rs:176:42:176:78 | ...::must_use(...) | test_logging.rs:176:34:176:79 | MacroExpr | provenance | |
| test_logging.rs:176:42:176:78 | MacroExpr | test_logging.rs:176:42:176:78 | ...::format(...) | provenance | MaD:18 |
| test_logging.rs:176:42:176:78 | { ... } | test_logging.rs:176:42:176:78 | ...::must_use(...) | provenance | MaD:19 |
| test_logging.rs:176:42:176:78 | MacroExpr | test_logging.rs:176:42:176:78 | ...::format(...) | provenance | MaD:12 |
| test_logging.rs:176:42:176:78 | { ... } | test_logging.rs:176:42:176:78 | ...::must_use(...) | provenance | MaD:13 |
| test_logging.rs:176:70:176:78 | password2 | test_logging.rs:176:42:176:78 | MacroExpr | provenance | |
| test_logging.rs:180:35:180:81 | &... | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:11 Sink:MaD:11 |
| test_logging.rs:180:35:180:81 | &... [&ref] | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:11 Sink:MaD:11 |
| test_logging.rs:180:35:180:81 | &... | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:180:35:180:81 | &... [&ref] | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... | provenance | Config |
| test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... [&ref] | provenance | |
| test_logging.rs:180:36:180:81 | res | test_logging.rs:180:44:180:80 | { ... } | provenance | |
| test_logging.rs:180:44:180:80 | ...::format(...) | test_logging.rs:180:36:180:81 | res | provenance | |
| test_logging.rs:180:44:180:80 | ...::must_use(...) | test_logging.rs:180:36:180:81 | MacroExpr | provenance | |
| test_logging.rs:180:44:180:80 | MacroExpr | test_logging.rs:180:44:180:80 | ...::format(...) | provenance | MaD:18 |
| test_logging.rs:180:44:180:80 | { ... } | test_logging.rs:180:44:180:80 | ...::must_use(...) | provenance | MaD:19 |
| test_logging.rs:180:44:180:80 | MacroExpr | test_logging.rs:180:44:180:80 | ...::format(...) | provenance | MaD:12 |
| test_logging.rs:180:44:180:80 | { ... } | test_logging.rs:180:44:180:80 | ...::must_use(...) | provenance | MaD:13 |
| test_logging.rs:180:72:180:80 | password2 | test_logging.rs:180:44:180:80 | MacroExpr | provenance | |
| test_logging.rs:183:9:183:19 | err_result2 [Err] | test_logging.rs:184:13:184:23 | err_result2 [Err] | provenance | |
| test_logging.rs:183:47:183:68 | Err(...) [Err] | test_logging.rs:183:9:183:19 | err_result2 [Err] | provenance | |
| test_logging.rs:183:51:183:59 | password2 | test_logging.rs:183:51:183:67 | password2.clone() | provenance | generated |
| test_logging.rs:183:51:183:67 | password2.clone() | test_logging.rs:183:47:183:68 | Err(...) [Err] | provenance | |
| test_logging.rs:184:13:184:23 | err_result2 [Err] | test_logging.rs:184:25:184:34 | log_expect | provenance | MaD:12 Sink:MaD:12 |
| test_logging.rs:184:13:184:23 | err_result2 [Err] | test_logging.rs:184:25:184:34 | log_expect | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:187:9:187:19 | err_result3 [Err] | test_logging.rs:188:13:188:23 | err_result3 [Err] | provenance | |
| test_logging.rs:187:47:187:60 | Err(...) [Err] | test_logging.rs:187:9:187:19 | err_result3 [Err] | provenance | |
| test_logging.rs:187:51:187:59 | password2 | test_logging.rs:187:47:187:60 | Err(...) [Err] | provenance | |
| test_logging.rs:188:13:188:23 | err_result3 [Err] | test_logging.rs:188:25:188:34 | log_unwrap | provenance | MaD:13 Sink:MaD:13 |
| test_logging.rs:192:12:192:37 | MacroExpr | test_logging.rs:192:5:192:38 | ...::_print | provenance | MaD:9 Sink:MaD:9 |
| test_logging.rs:188:13:188:23 | err_result3 [Err] | test_logging.rs:188:25:188:34 | log_unwrap | provenance | MaD:9 Sink:MaD:9 |
| test_logging.rs:192:12:192:37 | MacroExpr | test_logging.rs:192:5:192:38 | ...::_print | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:192:30:192:37 | password | test_logging.rs:192:12:192:37 | MacroExpr | provenance | |
| test_logging.rs:193:14:193:37 | MacroExpr | test_logging.rs:193:5:193:38 | ...::_print | provenance | MaD:9 Sink:MaD:9 |
| test_logging.rs:193:14:193:37 | MacroExpr | test_logging.rs:193:5:193:38 | ...::_print | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:193:30:193:37 | password | test_logging.rs:193:14:193:37 | MacroExpr | provenance | |
| test_logging.rs:194:13:194:38 | MacroExpr | test_logging.rs:194:5:194:39 | ...::_eprint | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:194:13:194:38 | MacroExpr | test_logging.rs:194:5:194:39 | ...::_eprint | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:194:31:194:38 | password | test_logging.rs:194:13:194:38 | MacroExpr | provenance | |
| test_logging.rs:195:15:195:38 | MacroExpr | test_logging.rs:195:5:195:39 | ...::_eprint | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:195:15:195:38 | MacroExpr | test_logging.rs:195:5:195:39 | ...::_eprint | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:195:31:195:38 | password | test_logging.rs:195:15:195:38 | MacroExpr | provenance | |
| test_logging.rs:199:20:199:43 | MacroExpr | test_logging.rs:199:13:199:44 | ...::panic_fmt | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:199:20:199:43 | MacroExpr | test_logging.rs:199:13:199:44 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:199:36:199:43 | password | test_logging.rs:199:20:199:43 | MacroExpr | provenance | |
| test_logging.rs:202:19:202:42 | MacroExpr | test_logging.rs:202:13:202:43 | ...::panic_fmt | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:202:19:202:42 | MacroExpr | test_logging.rs:202:13:202:43 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:202:35:202:42 | password | test_logging.rs:202:19:202:42 | MacroExpr | provenance | |
| test_logging.rs:205:28:205:51 | MacroExpr | test_logging.rs:205:13:205:52 | ...::panic_fmt | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:205:28:205:51 | MacroExpr | test_logging.rs:205:13:205:52 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:205:44:205:51 | password | test_logging.rs:205:28:205:51 | MacroExpr | provenance | |
| test_logging.rs:208:26:208:49 | MacroExpr | test_logging.rs:208:13:208:50 | ...::panic_fmt | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:208:26:208:49 | MacroExpr | test_logging.rs:208:13:208:50 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:208:42:208:49 | password | test_logging.rs:208:26:208:49 | MacroExpr | provenance | |
| test_logging.rs:211:28:211:51 | MacroExpr | test_logging.rs:211:13:211:52 | ...::panic_fmt | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:211:28:211:51 | MacroExpr | test_logging.rs:211:13:211:52 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:211:44:211:51 | password | test_logging.rs:211:28:211:51 | MacroExpr | provenance | |
| test_logging.rs:214:13:214:54 | ...::assert_failed [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed | provenance | Sink:MaD:3 |
| test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed [Some] | provenance | MaD:2 |
| test_logging.rs:214:13:214:54 | ...::assert_failed [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed | provenance | Sink:MaD:2 |
| test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed [Some] | provenance | MaD:1 |
| test_logging.rs:214:30:214:53 | MacroExpr | test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | provenance | |
| test_logging.rs:214:46:214:53 | password | test_logging.rs:214:30:214:53 | MacroExpr | provenance | |
| test_logging.rs:217:13:217:54 | ...::assert_failed [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed | provenance | Sink:MaD:3 |
| test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed [Some] | provenance | MaD:2 |
| test_logging.rs:217:13:217:54 | ...::assert_failed [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed | provenance | Sink:MaD:2 |
| test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed [Some] | provenance | MaD:1 |
| test_logging.rs:217:30:217:53 | MacroExpr | test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | provenance | |
| test_logging.rs:217:46:217:53 | password | test_logging.rs:217:30:217:53 | MacroExpr | provenance | |
| test_logging.rs:220:34:220:57 | MacroExpr | test_logging.rs:220:13:220:58 | ...::panic_fmt | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:220:34:220:57 | MacroExpr | test_logging.rs:220:13:220:58 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:220:50:220:57 | password | test_logging.rs:220:34:220:57 | MacroExpr | provenance | |
| test_logging.rs:223:13:223:60 | ...::assert_failed [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed | provenance | Sink:MaD:3 |
| test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed [Some] | provenance | MaD:2 |
| test_logging.rs:223:13:223:60 | ...::assert_failed [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed | provenance | Sink:MaD:2 |
| test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed [Some] | provenance | MaD:1 |
| test_logging.rs:223:36:223:59 | MacroExpr | test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | provenance | |
| test_logging.rs:223:52:223:59 | password | test_logging.rs:223:36:223:59 | MacroExpr | provenance | |
| test_logging.rs:226:13:226:60 | ...::assert_failed [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed | provenance | Sink:MaD:3 |
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed [Some] | provenance | MaD:2 |
| test_logging.rs:226:13:226:60 | ...::assert_failed [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed | provenance | Sink:MaD:2 |
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed [Some] | provenance | MaD:1 |
| test_logging.rs:226:36:226:59 | MacroExpr | test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | provenance | |
| test_logging.rs:226:52:226:59 | password | test_logging.rs:226:36:226:59 | MacroExpr | provenance | |
| test_logging.rs:229:30:229:62 | res | test_logging.rs:229:38:229:61 | { ... } | provenance | |
| test_logging.rs:229:30:229:71 | ... .as_str() | test_logging.rs:229:23:229:28 | expect | provenance | MaD:1 Sink:MaD:1 |
| test_logging.rs:229:30:229:71 | ... .as_str() | test_logging.rs:229:23:229:28 | expect | provenance | MaD:1 Sink:MaD:1 |
| test_logging.rs:229:38:229:61 | ...::format(...) | test_logging.rs:229:30:229:62 | res | provenance | |
| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:17 |
| test_logging.rs:229:38:229:61 | MacroExpr | test_logging.rs:229:38:229:61 | ...::format(...) | provenance | MaD:18 |
| test_logging.rs:229:38:229:61 | { ... } | test_logging.rs:229:38:229:61 | ...::must_use(...) | provenance | MaD:19 |
| test_logging.rs:229:54:229:61 | password | test_logging.rs:229:38:229:61 | MacroExpr | provenance | |
| test_logging.rs:242:16:242:50 | res | test_logging.rs:242:24:242:49 | { ... } | provenance | |
| test_logging.rs:242:16:242:61 | ... .as_bytes() | test_logging.rs:242:10:242:14 | write | provenance | MaD:6 Sink:MaD:6 |
| test_logging.rs:242:24:242:49 | ...::format(...) | test_logging.rs:242:16:242:50 | res | provenance | |
| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:16 |
| test_logging.rs:242:24:242:49 | MacroExpr | test_logging.rs:242:24:242:49 | ...::format(...) | provenance | MaD:18 |
| test_logging.rs:242:24:242:49 | { ... } | test_logging.rs:242:24:242:49 | ...::must_use(...) | provenance | MaD:19 |
| test_logging.rs:242:42:242:49 | password | test_logging.rs:242:24:242:49 | MacroExpr | provenance | |
| test_logging.rs:245:20:245:54 | res | test_logging.rs:245:28:245:53 | { ... } | provenance | |
| test_logging.rs:245:20:245:65 | ... .as_bytes() | test_logging.rs:245:10:245:18 | write_all | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:245:28:245:53 | ...::format(...) | test_logging.rs:245:20:245:54 | res | provenance | |
| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:16 |
| test_logging.rs:245:28:245:53 | MacroExpr | test_logging.rs:245:28:245:53 | ...::format(...) | provenance | MaD:18 |
| test_logging.rs:245:28:245:53 | { ... } | test_logging.rs:245:28:245:53 | ...::must_use(...) | provenance | MaD:19 |
| test_logging.rs:245:46:245:53 | password | test_logging.rs:245:28:245:53 | MacroExpr | provenance | |
| test_logging.rs:248:15:248:49 | res | test_logging.rs:248:23:248:48 | { ... } | provenance | |
| test_logging.rs:248:15:248:60 | ... .as_bytes() | test_logging.rs:248:9:248:13 | write | provenance | MaD:6 Sink:MaD:6 |
| test_logging.rs:248:23:248:48 | ...::format(...) | test_logging.rs:248:15:248:49 | res | provenance | |
| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:16 |
| test_logging.rs:248:23:248:48 | MacroExpr | test_logging.rs:248:23:248:48 | ...::format(...) | provenance | MaD:18 |
| test_logging.rs:248:23:248:48 | { ... } | test_logging.rs:248:23:248:48 | ...::must_use(...) | provenance | MaD:19 |
| test_logging.rs:248:41:248:48 | password | test_logging.rs:248:23:248:48 | MacroExpr | provenance | |
| test_logging.rs:251:15:251:49 | res | test_logging.rs:251:23:251:48 | { ... } | provenance | |
| test_logging.rs:251:15:251:60 | ... .as_bytes() | test_logging.rs:251:9:251:13 | write | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:251:23:251:48 | ...::format(...) | test_logging.rs:251:15:251:49 | res | provenance | |
| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:16 |
| test_logging.rs:251:23:251:48 | MacroExpr | test_logging.rs:251:23:251:48 | ...::format(...) | provenance | MaD:18 |
| test_logging.rs:251:23:251:48 | { ... } | test_logging.rs:251:23:251:48 | ...::must_use(...) | provenance | MaD:19 |
| test_logging.rs:251:41:251:48 | password | test_logging.rs:251:23:251:48 | MacroExpr | provenance | |
models
| 1 | Sink: lang:core; <crate::option::Option>::expect; log-injection; Argument[0] |
| 2 | Sink: lang:core; crate::panicking::assert_failed; log-injection; Argument[3] |
| 3 | Sink: lang:core; crate::panicking::assert_failed; log-injection; Argument[3].Field[core::option::Option::Some(0)] |
| 4 | Sink: lang:core; crate::panicking::panic_fmt; log-injection; Argument[0] |
| 5 | Sink: lang:std; <crate::io::stdio::StderrLock as crate::io::Write>::write; log-injection; Argument[0] |
| 6 | Sink: lang:std; <crate::io::stdio::StdoutLock as crate::io::Write>::write; log-injection; Argument[0] |
| 7 | Sink: lang:std; <crate::io::stdio::StdoutLock as crate::io::Write>::write_all; log-injection; Argument[0] |
| 8 | Sink: lang:std; crate::io::stdio::_eprint; log-injection; Argument[0] |
| 9 | Sink: lang:std; crate::io::stdio::_print; log-injection; Argument[0] |
| 10 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::option::Option as crate::LogErrOption>::log_expect; log-injection; Argument[0] |
| 11 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_expect; log-injection; Argument[0] |
| 12 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_expect; log-injection; Argument[self].Field[core::result::Result::Err(0)] |
| 13 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_unwrap; log-injection; Argument[self].Field[core::result::Result::Err(0)] |
| 14 | Sink: repo:https://github.com/rust-lang/log:log; crate::__private_api::log; log-injection; Argument[1] |
| 15 | Sink: repo:https://github.com/rust-lang/log:log; crate::__private_api::log; log-injection; Argument[3] |
| 16 | Summary: lang:alloc; <crate::string::String>::as_bytes; Argument[self]; ReturnValue; value |
| 17 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; value |
| 18 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
| 19 | Summary: lang:core; crate::hint::must_use; Argument[0]; ReturnValue; value |
| 1 | Sink: lang:core; crate::panicking::assert_failed; log-injection; Argument[3] |
| 2 | Sink: lang:core; crate::panicking::assert_failed; log-injection; Argument[3].Field[core::option::Option::Some(0)] |
| 3 | Sink: lang:core; crate::panicking::panic_fmt; log-injection; Argument[0] |
| 4 | Sink: lang:std; crate::io::stdio::_eprint; log-injection; Argument[0] |
| 5 | Sink: lang:std; crate::io::stdio::_print; log-injection; Argument[0] |
| 6 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::option::Option as crate::LogErrOption>::log_expect; log-injection; Argument[0] |
| 7 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_expect; log-injection; Argument[0] |
| 8 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_expect; log-injection; Argument[self].Field[core::result::Result::Err(0)] |
| 9 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_unwrap; log-injection; Argument[self].Field[core::result::Result::Err(0)] |
| 10 | Sink: repo:https://github.com/rust-lang/log:log; crate::__private_api::log; log-injection; Argument[1] |
| 11 | Sink: repo:https://github.com/rust-lang/log:log; crate::__private_api::log; log-injection; Argument[3] |
| 12 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
| 13 | Summary: lang:core; crate::hint::must_use; Argument[0]; ReturnValue; value |
nodes
| test_logging.rs:42:5:42:36 | ...::log | semmle.label | ...::log |
| test_logging.rs:42:12:42:35 | MacroExpr | semmle.label | MacroExpr |
@@ -493,45 +445,4 @@ nodes
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | semmle.label | ...::Some(...) [Some] |
| test_logging.rs:226:36:226:59 | MacroExpr | semmle.label | MacroExpr |
| test_logging.rs:226:52:226:59 | password | semmle.label | password |
| test_logging.rs:229:23:229:28 | expect | semmle.label | expect |
| test_logging.rs:229:23:229:28 | expect | semmle.label | expect |
| test_logging.rs:229:30:229:62 | res | semmle.label | res |
| test_logging.rs:229:30:229:71 | ... .as_str() | semmle.label | ... .as_str() |
| test_logging.rs:229:38:229:61 | ...::format(...) | semmle.label | ...::format(...) |
| test_logging.rs:229:38:229:61 | ...::must_use(...) | semmle.label | ...::must_use(...) |
| test_logging.rs:229:38:229:61 | MacroExpr | semmle.label | MacroExpr |
| test_logging.rs:229:38:229:61 | { ... } | semmle.label | { ... } |
| test_logging.rs:229:54:229:61 | password | semmle.label | password |
| test_logging.rs:242:10:242:14 | write | semmle.label | write |
| test_logging.rs:242:16:242:50 | res | semmle.label | res |
| test_logging.rs:242:16:242:61 | ... .as_bytes() | semmle.label | ... .as_bytes() |
| test_logging.rs:242:24:242:49 | ...::format(...) | semmle.label | ...::format(...) |
| test_logging.rs:242:24:242:49 | ...::must_use(...) | semmle.label | ...::must_use(...) |
| test_logging.rs:242:24:242:49 | MacroExpr | semmle.label | MacroExpr |
| test_logging.rs:242:24:242:49 | { ... } | semmle.label | { ... } |
| test_logging.rs:242:42:242:49 | password | semmle.label | password |
| test_logging.rs:245:10:245:18 | write_all | semmle.label | write_all |
| test_logging.rs:245:20:245:54 | res | semmle.label | res |
| test_logging.rs:245:20:245:65 | ... .as_bytes() | semmle.label | ... .as_bytes() |
| test_logging.rs:245:28:245:53 | ...::format(...) | semmle.label | ...::format(...) |
| test_logging.rs:245:28:245:53 | ...::must_use(...) | semmle.label | ...::must_use(...) |
| test_logging.rs:245:28:245:53 | MacroExpr | semmle.label | MacroExpr |
| test_logging.rs:245:28:245:53 | { ... } | semmle.label | { ... } |
| test_logging.rs:245:46:245:53 | password | semmle.label | password |
| test_logging.rs:248:9:248:13 | write | semmle.label | write |
| test_logging.rs:248:15:248:49 | res | semmle.label | res |
| test_logging.rs:248:15:248:60 | ... .as_bytes() | semmle.label | ... .as_bytes() |
| test_logging.rs:248:23:248:48 | ...::format(...) | semmle.label | ...::format(...) |
| test_logging.rs:248:23:248:48 | ...::must_use(...) | semmle.label | ...::must_use(...) |
| test_logging.rs:248:23:248:48 | MacroExpr | semmle.label | MacroExpr |
| test_logging.rs:248:23:248:48 | { ... } | semmle.label | { ... } |
| test_logging.rs:248:41:248:48 | password | semmle.label | password |
| test_logging.rs:251:9:251:13 | write | semmle.label | write |
| test_logging.rs:251:15:251:49 | res | semmle.label | res |
| test_logging.rs:251:15:251:60 | ... .as_bytes() | semmle.label | ... .as_bytes() |
| test_logging.rs:251:23:251:48 | ...::format(...) | semmle.label | ...::format(...) |
| test_logging.rs:251:23:251:48 | ...::must_use(...) | semmle.label | ...::must_use(...) |
| test_logging.rs:251:23:251:48 | MacroExpr | semmle.label | MacroExpr |
| test_logging.rs:251:23:251:48 | { ... } | semmle.label | { ... } |
| test_logging.rs:251:41:251:48 | password | semmle.label | password |
subpaths

10
rust/ql/test/query-tests/security/CWE-312/test_logging.rs
View File

@@ -226,7 +226,7 @@ fn test_std(password: String, i: i32, opt_i: Option<i32>) {
debug_assert_ne!(1, 1, "message = {}", password); // $ Alert[rust/cleartext-logging]
}
11 => {
_ = opt_i.expect(format!("message = {}", password).as_str()); // $ Alert[rust/cleartext-logging]
_ = opt_i.expect(format!("message = {}", password).as_str()); // $ MISSING: Alert[rust/cleartext-logging] (https://github.com/github/codeql/pull/19658)
}
_ => {}
}
@@ -239,16 +239,16 @@ fn test_std(password: String, i: i32, opt_i: Option<i32>) {
.write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
std::io::stdout()
.lock()
.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
.write(format!("message = {}\n", password).as_bytes()); // $ MISSING: Alert[rust/cleartext-logging] (https://github.com/github/codeql/pull/19658)
std::io::stdout()
.lock()
.write_all(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
.write_all(format!("message = {}\n", password).as_bytes()); // $ MISSING: Alert[rust/cleartext-logging] (https://github.com/github/codeql/pull/19658)
let mut out = std::io::stdout().lock();
out.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
out.write(format!("message = {}\n", password).as_bytes()); // $ MISSING: Alert[rust/cleartext-logging] (https://github.com/github/codeql/pull/19658)
let mut err = std::io::stderr().lock();
err.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
err.write(format!("message = {}\n", password).as_bytes()); // $ MISSING: Alert[rust/cleartext-logging] (https://github.com/github/codeql/pull/19658)
}
fn main() {

148
rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
View File

@@ -14,9 +14,7 @@
| main.rs:54:13:54:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
| main.rs:59:13:59:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
| main.rs:61:13:61:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
| main.rs:63:13:63:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
| main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
| main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
| main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
| main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
@@ -65,40 +63,40 @@ edges
| main.rs:18:41:18:41 | v | main.rs:32:60:32:89 | ... * ... | provenance | |
| main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance | |
| main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | |
| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:38 |
| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:36 |
| main.rs:20:14:20:63 | ... .unwrap() | main.rs:20:9:20:10 | l2 | provenance | |
| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:28 |
| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:26 |
| main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:22 |
| main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:22 |
| main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | |
| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:38 |
| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:36 |
| main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:38 |
| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:31 |
| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:36 |
| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:29 |
| main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:4 Sink:MaD:4 |
| main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | |
| main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | |
| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:30 |
| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:28 |
| main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance | |
| main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance | |
| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:30 |
| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:28 |
| main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance | |
| main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance | |
| main.rs:36:9:36:10 | l6 [Layout.size] | main.rs:37:31:37:32 | l6 [Layout.size] | provenance | |
| main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | |
| main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | main.rs:36:9:36:10 | l6 [Layout.size] | provenance | |
| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:30 |
| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | provenance | MaD:29 |
| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:28 |
| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) [Layout.size] | provenance | MaD:27 |
| main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:35 |
| main.rs:37:31:37:32 | l6 [Layout.size] | main.rs:39:60:39:68 | l6.size() | provenance | MaD:34 |
| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:33 |
| main.rs:37:31:37:32 | l6 [Layout.size] | main.rs:39:60:39:68 | l6.size() | provenance | MaD:32 |
| main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance | |
| main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance | |
| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:30 |
| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:28 |
| main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | |
| main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance | |
@@ -106,56 +104,47 @@ edges
| main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance | |
| main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | |
| main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | |
| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:38 |
| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:36 |
| main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | |
| main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:32 |
| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:38 |
| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:30 |
| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:36 |
| main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | |
| main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:32 |
| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:38 |
| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:30 |
| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:36 |
| main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:33 |
| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:38 |
| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:31 |
| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:36 |
| main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:33 |
| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:31 |
| main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | |
| main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | |
| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:37 |
| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:35 |
| main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance | |
| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:32 |
| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:30 |
| main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance | |
| main.rs:59:31:59:32 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:25 |
| main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance | |
| main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:27 |
| main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | |
| main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | |
| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:38 |
| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:36 |
| main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | |
| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:24 |
| main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | |
| main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | |
| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | provenance | MaD:38 |
| main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | |
| main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:38 |
| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:36 |
| main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:26 |
| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap() | provenance | MaD:38 |
| main.rs:65:31:65:59 | ... .unwrap() | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:25 |
| main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | |
| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:38 |
| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:36 |
| main.rs:67:14:67:56 | ... .unwrap() | main.rs:67:9:67:10 | l4 | provenance | |
| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:23 |
| main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | |
| main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | |
| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:38 |
| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:36 |
| main.rs:87:18:87:67 | ... .unwrap() | main.rs:87:9:87:14 | layout | provenance | |
| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:28 |
| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:26 |
| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | |
| main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | |
@@ -166,14 +155,14 @@ edges
| main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | |
| main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | |
| main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | |
| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:38 |
| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:36 |
| main.rs:92:14:92:57 | ... .unwrap() | main.rs:92:9:92:10 | l1 | provenance | |
| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:23 |
| main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | |
| main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | |
| main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | |
| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:38 |
| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:36 |
| main.rs:101:18:101:61 | ... .unwrap() | main.rs:101:13:101:14 | l3 | provenance | |
| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:23 |
| main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
@@ -186,28 +175,28 @@ edges
| main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | |
| main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | |
| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:38 |
| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:36 |
| main.rs:145:18:145:61 | ... .unwrap() | main.rs:145:13:145:14 | l9 | provenance | |
| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:23 |
| main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | |
| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | |
| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:38 |
| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:36 |
| main.rs:151:15:151:78 | ... .unwrap() | main.rs:151:9:151:11 | l10 | provenance | |
| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:23 |
| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:41 |
| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:39 |
| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | |
| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:38 |
| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:36 |
| main.rs:154:15:154:78 | ... .unwrap() | main.rs:154:9:154:11 | l11 | provenance | |
| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:23 |
| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:40 |
| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:38 |
| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | |
| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:38 |
| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:36 |
| main.rs:161:19:161:68 | ... .unwrap() | main.rs:161:13:161:15 | l13 | provenance | |
| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:28 |
| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:26 |
| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | |
| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
@@ -215,7 +204,7 @@ edges
| main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | |
| main.rs:183:29:183:36 | ...: usize | main.rs:202:48:202:48 | v | provenance | |
| main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | |
| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:38 |
| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:36 |
| main.rs:192:14:192:56 | ... .unwrap() | main.rs:192:9:192:10 | l2 | provenance | |
| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:23 |
| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:11 Sink:MaD:11 |
@@ -256,18 +245,18 @@ edges
| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:18 Sink:MaD:18 |
| main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | |
| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:20 Sink:MaD:20 |
| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:39 |
| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:37 |
| main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | |
| main.rs:280:21:280:47 | user_input.parse() [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | |
| main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance | |
| main.rs:282:9:282:14 | layout | main.rs:284:40:284:45 | layout | provenance | |
| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:38 |
| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:36 |
| main.rs:282:18:282:75 | ... .unwrap() | main.rs:282:9:282:14 | layout | provenance | |
| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:28 |
| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:26 |
| main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:21 |
| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:42 |
| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:36 |
| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:40 |
| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:34 |
| main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | |
| main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | |
| main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance | |
@@ -275,10 +264,10 @@ edges
| main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | |
| main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | |
| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:21 |
| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:42 |
| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:36 |
| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:39 |
| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:38 |
| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:40 |
| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:34 |
| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:37 |
| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:36 |
| main.rs:317:13:317:91 | ... .unwrap() | main.rs:317:9:317:9 | v | provenance | |
| main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | |
| main.rs:321:42:321:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | |
@@ -310,24 +299,22 @@ models
| 22 | Summary: lang:core; <crate::alloc::layout::Layout>::align_to; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 23 | Summary: lang:core; <crate::alloc::layout::Layout>::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 24 | Summary: lang:core; <crate::alloc::layout::Layout>::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
| 25 | Summary: lang:core; <crate::alloc::layout::Layout>::extend; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
| 26 | Summary: lang:core; <crate::alloc::layout::Layout>::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 27 | Summary: lang:core; <crate::alloc::layout::Layout>::extend_packed; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 28 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 29 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue.Field[core::alloc::layout::Layout::size]; value |
| 30 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue; taint |
| 31 | Summary: lang:core; <crate::alloc::layout::Layout>::pad_to_align; Argument[self]; ReturnValue; taint |
| 32 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
| 33 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 34 | Summary: lang:core; <crate::alloc::layout::Layout>::size; Argument[self].Field[core::alloc::layout::Layout::size]; ReturnValue; value |
| 35 | Summary: lang:core; <crate::alloc::layout::Layout>::size; Argument[self]; ReturnValue; taint |
| 36 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 37 | Summary: lang:core; <crate::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 38 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 39 | Summary: lang:core; <str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 40 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value |
| 41 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value |
| 42 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
| 25 | Summary: lang:core; <crate::alloc::layout::Layout>::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 26 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 27 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue.Field[core::alloc::layout::Layout::size]; value |
| 28 | Summary: lang:core; <crate::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue; taint |
| 29 | Summary: lang:core; <crate::alloc::layout::Layout>::pad_to_align; Argument[self]; ReturnValue; taint |
| 30 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint |
| 31 | Summary: lang:core; <crate::alloc::layout::Layout>::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 32 | Summary: lang:core; <crate::alloc::layout::Layout>::size; Argument[self].Field[core::alloc::layout::Layout::size]; ReturnValue; value |
| 33 | Summary: lang:core; <crate::alloc::layout::Layout>::size; Argument[self]; ReturnValue; taint |
| 34 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 35 | Summary: lang:core; <crate::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 36 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 37 | Summary: lang:core; <str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 38 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value |
| 39 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value |
| 40 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
nodes
| main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize |
| main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc |
@@ -404,19 +391,10 @@ nodes
| main.rs:60:34:60:35 | k1 | semmle.label | k1 |
| main.rs:61:13:61:29 | ...::alloc | semmle.label | ...::alloc |
| main.rs:61:31:61:32 | k2 | semmle.label | k2 |
| main.rs:62:9:62:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] |
| main.rs:62:10:62:11 | k3 | semmle.label | k3 |
| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | semmle.label | k1.extend(...) [Ok, tuple.0] |
| main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] |
| main.rs:63:13:63:29 | ...::alloc | semmle.label | ...::alloc |
| main.rs:63:31:63:32 | k3 | semmle.label | k3 |
| main.rs:64:13:64:29 | ...::alloc | semmle.label | ...::alloc |
| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | semmle.label | l3.extend_packed(...) [Ok] |
| main.rs:64:31:64:59 | ... .unwrap() | semmle.label | ... .unwrap() |
| main.rs:64:48:64:49 | k1 | semmle.label | k1 |
| main.rs:65:13:65:29 | ...::alloc | semmle.label | ...::alloc |
| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | semmle.label | k1.extend_packed(...) [Ok] |
| main.rs:65:31:65:59 | ... .unwrap() | semmle.label | ... .unwrap() |
| main.rs:67:9:67:10 | l4 | semmle.label | l4 |
| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
| main.rs:67:14:67:56 | ... .unwrap() | semmle.label | ... .unwrap() |

4
rust/ql/test/query-tests/security/CWE-770/main.rs
View File

@@ -60,9 +60,9 @@ unsafe fn test_std_alloc_new_repeat_extend(v: usize) {
let (k2, _offs2) = l3.extend(k1).unwrap();
let _ = std::alloc::alloc(k2); // $ Alert[rust/uncontrolled-allocation-size]=arg1
let (k3, _offs3) = k1.extend(l3).unwrap();
let _ = std::alloc::alloc(k3); // $ Alert[rust/uncontrolled-allocation-size]=arg1
let _ = std::alloc::alloc(k3); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 (https://github.com/github/codeql/pull/19658)
let _ = std::alloc::alloc(l3.extend_packed(k1).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1
let _ = std::alloc::alloc(k1.extend_packed(l3).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1
let _ = std::alloc::alloc(k1.extend_packed(l3).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 (https://github.com/github/codeql/pull/19658)
let l4 = std::alloc::Layout::array::<u8>(v).unwrap();
let _ = std::alloc::alloc(l4); // $ Alert[rust/uncontrolled-allocation-size]=arg1

6
rust/ql/test/utils-tests/modelgenerator/option.rs
View File

@@ -414,7 +414,7 @@ impl<T> MyOption<&T> {
}
}
// summary=repo::test;<crate::option::MyOption>::cloned;Argument[self].Field[test::option::MyOption::MySome(0)].Reference;ReturnValue.Field[test::option::MyOption::MySome(0)];value;dfc-generated
// MISSING: summary=repo::test;<crate::option::MyOption>::cloned;Argument[self].Field[test::option::MyOption::MySome(0)].Reference;ReturnValue.Field[test::option::MyOption::MySome(0)];value;dfc-generated
pub fn cloned(self) -> MyOption<T>
where
T: Clone,
@@ -438,7 +438,7 @@ impl<T> MyOption<&mut T> {
}
}
// summary=repo::test;<crate::option::MyOption>::cloned;Argument[self].Field[test::option::MyOption::MySome(0)].Reference;ReturnValue.Field[test::option::MyOption::MySome(0)];value;dfc-generated
// MISSING: summary=repo::test;<crate::option::MyOption>::cloned;Argument[self].Field[test::option::MyOption::MySome(0)].Reference;ReturnValue.Field[test::option::MyOption::MySome(0)];value;dfc-generated
pub fn cloned(self) -> MyOption<T>
where
T: Clone,
@@ -466,7 +466,7 @@ impl<T> Clone for MyOption<T>
where
T: Clone,
{
// summary=repo::test;<crate::option::MyOption as crate::clone::Clone>::clone;Argument[self].Field[test::option::MyOption::MySome(0)].Reference;ReturnValue.Field[test::option::MyOption::MySome(0)];value;dfc-generated
// MISSING: summary=repo::test;<crate::option::MyOption as crate::clone::Clone>::clone;Argument[self].Field[test::option::MyOption::MySome(0)].Reference;ReturnValue.Field[test::option::MyOption::MySome(0)];value;dfc-generated
fn clone(&self) -> Self {
match self {
MySome(x) => MySome(x.clone()),