hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Add test cases for log injection with map.

Browse Source
This commit is contained in:
Geoffrey White
2026-01-23 17:53:47 +00:00
parent ccc318106e
commit 1213369d75
4 changed files with 213 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
rust/ql/test/query-tests/security/CWE-117/Cargo.lock generated
View File

@@ -34,6 +34,58 @@ version = "1.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
[[package]]
name = "axum"
version = "0.8.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8"
dependencies = [
"axum-core",
"bytes",
"form_urlencoded",
"futures-util",
"http",
"http-body",
"http-body-util",
"hyper",
"hyper-util",
"itoa",
"matchit",
"memchr",
"mime",
"percent-encoding",
"pin-project-lite",
"serde_core",
"serde_json",
"serde_path_to_error",
"serde_urlencoded",
"sync_wrapper",
"tokio",
"tower",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "axum-core"
version = "0.5.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "08c78f31d7b1291f7ee735c1c6780ccde7785daae9a9206026862dab7d8792d1"
dependencies = [
"bytes",
"futures-core",
"http",
"http-body",
"http-body-util",
"mime",
"pin-project-lite",
"sync_wrapper",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "backtrace"
version = "0.3.75"
@@ -339,6 +391,12 @@ version = "1.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87"
[[package]]
name = "httpdate"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
[[package]]
name = "humantime"
version = "2.2.0"
@@ -358,6 +416,7 @@ dependencies = [
"http",
"http-body",
"httparse",
"httpdate",
"itoa",
"pin-project-lite",
"smallvec",
@@ -592,6 +651,12 @@ version = "0.4.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
[[package]]
name = "matchit"
version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3"
[[package]]
name = "memchr"
version = "2.7.5"
@@ -951,18 +1016,27 @@ dependencies = [
[[package]]
name = "serde"
version = "1.0.219"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
dependencies = [
"serde_core",
]
[[package]]
name = "serde_core"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.219"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
dependencies = [
"proc-macro2",
"quote",
@@ -981,6 +1055,17 @@ dependencies = [
"serde",
]
[[package]]
name = "serde_path_to_error"
version = "0.1.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457"
dependencies = [
"itoa",
"serde",
"serde_core",
]
[[package]]
name = "serde_urlencoded"
version = "0.7.1"
@@ -1111,6 +1196,7 @@ dependencies = [
name = "test"
version = "0.0.1"
dependencies = [
"axum",
"env_logger",
"log",
"reqwest",
@@ -1138,9 +1224,21 @@ dependencies = [
"mio",
"pin-project-lite",
"socket2",
"tokio-macros",
"windows-sys 0.52.0",
]
[[package]]
name = "tokio-macros"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "tokio-native-tls"
version = "0.3.1"
@@ -1174,6 +1272,28 @@ dependencies = [
"tokio",
]
[[package]]
name = "tower"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4"
dependencies = [
"futures-core",
"futures-util",
"pin-project-lite",
"sync_wrapper",
"tokio",
"tower-layer",
"tower-service",
"tracing",
]
[[package]]
name = "tower-layer"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e"
[[package]]
name = "tower-service"
version = "0.3.3"
@@ -1186,6 +1306,7 @@ version = "0.1.41"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
dependencies = [
"log",
"pin-project-lite",
"tracing-core",
]

124
rust/ql/test/query-tests/security/CWE-117/LogInjection.expected
View File

@@ -17,10 +17,11 @@
| main.rs:119:9:119:13 | ...::log | main.rs:109:25:109:38 | ...::args | main.rs:119:9:119:13 | ...::log | Log entry depends on a $@. | main.rs:109:25:109:38 | ...::args | user-provided value |
| main.rs:126:9:126:16 | ...::_print | main.rs:123:25:123:37 | ...::var | main.rs:126:9:126:16 | ...::_print | Log entry depends on a $@. | main.rs:123:25:123:37 | ...::var | user-provided value |
| main.rs:127:9:127:17 | ...::_eprint | main.rs:123:25:123:37 | ...::var | main.rs:127:9:127:17 | ...::_eprint | Log entry depends on a $@. | main.rs:123:25:123:37 | ...::var | user-provided value |
| main.rs:137:29:137:31 | map | main.rs:146:28:146:30 | get | main.rs:137:29:137:31 | map | Log entry depends on a $@. | main.rs:146:28:146:30 | get | user-provided value |
edges
| main.rs:8:9:8:12 | args [element] | main.rs:9:20:9:23 | args [element] | provenance | |
| main.rs:8:29:8:37 | ...::args | main.rs:8:29:8:39 | ...::args(...) [element] | provenance | Src:MaD:5 |
| main.rs:8:29:8:39 | ...::args(...) [element] | main.rs:8:29:8:49 | ... .collect() [element] | provenance | MaD:9 |
| main.rs:8:29:8:37 | ...::args | main.rs:8:29:8:39 | ...::args(...) [element] | provenance | Src:MaD:7 |
| main.rs:8:29:8:39 | ...::args(...) [element] | main.rs:8:29:8:49 | ... .collect() [element] | provenance | MaD:11 |
| main.rs:8:29:8:49 | ... .collect() [element] | main.rs:8:9:8:12 | args [element] | provenance | |
| main.rs:9:9:9:16 | username | main.rs:15:11:15:36 | MacroExpr | provenance | |
| main.rs:9:9:9:16 | username | main.rs:18:12:18:37 | MacroExpr | provenance | |
@@ -28,47 +29,47 @@ edges
| main.rs:9:9:9:16 | username | main.rs:26:55:26:62 | username | provenance | |
| main.rs:9:9:9:16 | username | main.rs:30:11:30:66 | MacroExpr | provenance | |
| main.rs:9:9:9:16 | username | main.rs:52:29:52:36 | username | provenance | |
| main.rs:9:20:9:23 | args [element] | main.rs:9:20:9:30 | args.get(...) [Some, &ref] | provenance | MaD:12 |
| main.rs:9:20:9:30 | args.get(...) [Some, &ref] | main.rs:9:20:9:64 | ... .unwrap_or(...) [&ref] | provenance | MaD:13 |
| main.rs:9:20:9:64 | ... .unwrap_or(...) [&ref] | main.rs:9:20:9:72 | ... .clone() | provenance | MaD:8 |
| main.rs:9:20:9:23 | args [element] | main.rs:9:20:9:30 | args.get(...) [Some, &ref] | provenance | MaD:14 |
| main.rs:9:20:9:30 | args.get(...) [Some, &ref] | main.rs:9:20:9:64 | ... .unwrap_or(...) [&ref] | provenance | MaD:15 |
| main.rs:9:20:9:64 | ... .unwrap_or(...) [&ref] | main.rs:9:20:9:72 | ... .clone() | provenance | MaD:10 |
| main.rs:9:20:9:72 | ... .clone() | main.rs:9:9:9:16 | username | provenance | |
| main.rs:10:9:10:18 | user_input | main.rs:16:11:16:44 | MacroExpr | provenance | |
| main.rs:10:9:10:18 | user_input | main.rs:19:12:19:39 | MacroExpr | provenance | |
| main.rs:10:22:10:34 | ...::var | main.rs:10:22:10:48 | ...::var(...) [Ok] | provenance | Src:MaD:6 |
| main.rs:10:22:10:48 | ...::var(...) [Ok] | main.rs:10:22:10:81 | ... .unwrap_or(...) | provenance | MaD:16 |
| main.rs:10:22:10:34 | ...::var | main.rs:10:22:10:48 | ...::var(...) [Ok] | provenance | Src:MaD:8 |
| main.rs:10:22:10:48 | ...::var(...) [Ok] | main.rs:10:22:10:81 | ... .unwrap_or(...) | provenance | MaD:18 |
| main.rs:10:22:10:81 | ... .unwrap_or(...) | main.rs:10:9:10:18 | user_input | provenance | |
| main.rs:11:9:11:19 | remote_data | main.rs:17:12:17:46 | MacroExpr | provenance | |
| main.rs:11:9:11:19 | remote_data | main.rs:30:11:30:66 | MacroExpr | provenance | |
| main.rs:11:23:11:44 | ...::get | main.rs:11:23:11:71 | ...::get(...) [Ok] | provenance | Src:MaD:4 |
| main.rs:11:23:11:71 | ...::get(...) [Ok] | main.rs:11:23:12:17 | ... .unwrap() | provenance | MaD:15 |
| main.rs:11:23:12:17 | ... .unwrap() | main.rs:11:23:12:24 | ... .text() [Ok] | provenance | MaD:18 |
| main.rs:11:23:12:24 | ... .text() [Ok] | main.rs:11:23:12:61 | ... .unwrap_or(...) | provenance | MaD:16 |
| main.rs:11:23:11:44 | ...::get | main.rs:11:23:11:71 | ...::get(...) [Ok] | provenance | Src:MaD:6 |
| main.rs:11:23:11:71 | ...::get(...) [Ok] | main.rs:11:23:12:17 | ... .unwrap() | provenance | MaD:17 |
| main.rs:11:23:12:17 | ... .unwrap() | main.rs:11:23:12:24 | ... .text() [Ok] | provenance | MaD:20 |
| main.rs:11:23:12:24 | ... .text() [Ok] | main.rs:11:23:12:61 | ... .unwrap_or(...) | provenance | MaD:18 |
| main.rs:11:23:12:61 | ... .unwrap_or(...) | main.rs:11:9:11:19 | remote_data | provenance | |
| main.rs:15:11:15:36 | MacroExpr | main.rs:15:5:15:9 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:16:11:16:44 | MacroExpr | main.rs:16:5:16:9 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:17:12:17:46 | MacroExpr | main.rs:17:5:17:10 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:18:12:18:37 | MacroExpr | main.rs:18:5:18:10 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:19:12:19:39 | MacroExpr | main.rs:19:5:19:10 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:15:11:15:36 | MacroExpr | main.rs:15:5:15:9 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:16:11:16:44 | MacroExpr | main.rs:16:5:16:9 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:17:12:17:46 | MacroExpr | main.rs:17:5:17:10 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:18:12:18:37 | MacroExpr | main.rs:18:5:18:10 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:19:12:19:39 | MacroExpr | main.rs:19:5:19:10 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:22:9:22:21 | formatted_msg | main.rs:23:11:23:29 | MacroExpr | provenance | |
| main.rs:22:33:22:63 | ...::format(...) | main.rs:22:33:22:63 | { ... } | provenance | |
| main.rs:22:33:22:63 | ...::must_use(...) | main.rs:22:9:22:21 | formatted_msg | provenance | |
| main.rs:22:33:22:63 | MacroExpr | main.rs:22:33:22:63 | ...::format(...) | provenance | MaD:19 |
| main.rs:22:33:22:63 | { ... } | main.rs:22:33:22:63 | ...::must_use(...) | provenance | MaD:20 |
| main.rs:23:11:23:29 | MacroExpr | main.rs:23:5:23:9 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:22:33:22:63 | MacroExpr | main.rs:22:33:22:63 | ...::format(...) | provenance | MaD:21 |
| main.rs:22:33:22:63 | { ... } | main.rs:22:33:22:63 | ...::must_use(...) | provenance | MaD:22 |
| main.rs:23:11:23:29 | MacroExpr | main.rs:23:5:23:9 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:26:9:26:18 | concat_msg | main.rs:27:11:27:26 | MacroExpr | provenance | |
| main.rs:26:22:26:62 | ... + ... | main.rs:26:9:26:18 | concat_msg | provenance | |
| main.rs:26:54:26:62 | &username [&ref] | main.rs:26:22:26:62 | ... + ... | provenance | MaD:11 |
| main.rs:26:54:26:62 | &username [&ref] | main.rs:26:22:26:62 | ... + ... | provenance | MaD:13 |
| main.rs:26:55:26:62 | username | main.rs:26:54:26:62 | &username [&ref] | provenance | |
| main.rs:27:11:27:26 | MacroExpr | main.rs:27:5:27:9 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:30:11:30:66 | MacroExpr | main.rs:30:5:30:9 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:27:11:27:26 | MacroExpr | main.rs:27:5:27:9 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:30:11:30:66 | MacroExpr | main.rs:30:5:30:9 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:52:28:52:36 | &username [&ref] | main.rs:56:27:56:40 | ...: ... [&ref] | provenance | |
| main.rs:52:29:52:36 | username | main.rs:52:28:52:36 | &username [&ref] | provenance | |
| main.rs:56:27:56:40 | ...: ... [&ref] | main.rs:65:38:65:45 | username [&ref] | provenance | |
| main.rs:65:9:65:17 | user_info [UserInfo] | main.rs:66:28:66:36 | user_info [UserInfo] | provenance | |
| main.rs:65:21:65:59 | UserInfo {...} [UserInfo] | main.rs:65:9:65:17 | user_info [UserInfo] | provenance | |
| main.rs:65:38:65:45 | username [&ref] | main.rs:65:38:65:57 | username.to_string() | provenance | MaD:7 |
| main.rs:65:38:65:45 | username [&ref] | main.rs:65:38:65:57 | username.to_string() | provenance | MaD:9 |
| main.rs:65:38:65:57 | username.to_string() | main.rs:65:21:65:59 | UserInfo {...} [UserInfo] | provenance | |
| main.rs:66:11:66:41 | MacroExpr | main.rs:66:5:66:9 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:66:11:66:41 | MacroExpr | main.rs:66:5:66:9 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:66:28:66:36 | user_info [UserInfo] | main.rs:66:28:66:41 | user_info.name | provenance | |
| main.rs:66:28:66:41 | user_info.name | main.rs:66:11:66:41 | MacroExpr | provenance | |
| main.rs:109:13:109:21 | user_data | main.rs:112:15:112:35 | MacroExpr | provenance | |
@@ -77,44 +78,49 @@ edges
| main.rs:109:13:109:21 | user_data | main.rs:115:16:115:37 | MacroExpr | provenance | |
| main.rs:109:13:109:21 | user_data | main.rs:116:16:116:37 | MacroExpr | provenance | |
| main.rs:109:13:109:21 | user_data | main.rs:119:15:119:75 | MacroExpr | provenance | |
| main.rs:109:25:109:38 | ...::args | main.rs:109:25:109:40 | ...::args(...) [element] | provenance | Src:MaD:5 |
| main.rs:109:25:109:40 | ...::args(...) [element] | main.rs:109:25:109:47 | ... .nth(...) [Some] | provenance | MaD:10 |
| main.rs:109:25:109:47 | ... .nth(...) [Some] | main.rs:109:25:109:67 | ... .unwrap_or_default() | provenance | MaD:14 |
| main.rs:109:25:109:38 | ...::args | main.rs:109:25:109:40 | ...::args(...) [element] | provenance | Src:MaD:7 |
| main.rs:109:25:109:40 | ...::args(...) [element] | main.rs:109:25:109:47 | ... .nth(...) [Some] | provenance | MaD:12 |
| main.rs:109:25:109:47 | ... .nth(...) [Some] | main.rs:109:25:109:67 | ... .unwrap_or_default() | provenance | MaD:16 |
| main.rs:109:25:109:67 | ... .unwrap_or_default() | main.rs:109:13:109:21 | user_data | provenance | |
| main.rs:112:15:112:35 | MacroExpr | main.rs:112:9:112:13 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:113:15:113:38 | MacroExpr | main.rs:113:9:113:13 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:114:16:114:37 | MacroExpr | main.rs:114:9:114:14 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:115:16:115:37 | MacroExpr | main.rs:115:9:115:14 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:116:16:116:37 | MacroExpr | main.rs:116:9:116:14 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:119:15:119:75 | MacroExpr | main.rs:119:9:119:13 | ...::log | provenance | MaD:1 Sink:MaD:1 |
| main.rs:112:15:112:35 | MacroExpr | main.rs:112:9:112:13 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:113:15:113:38 | MacroExpr | main.rs:113:9:113:13 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:114:16:114:37 | MacroExpr | main.rs:114:9:114:14 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:115:16:115:37 | MacroExpr | main.rs:115:9:115:14 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:116:16:116:37 | MacroExpr | main.rs:116:9:116:14 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:119:15:119:75 | MacroExpr | main.rs:119:9:119:13 | ...::log | provenance | MaD:2 Sink:MaD:2 |
| main.rs:123:13:123:21 | user_data | main.rs:126:18:126:38 | MacroExpr | provenance | |
| main.rs:123:13:123:21 | user_data | main.rs:127:19:127:49 | MacroExpr | provenance | |
| main.rs:123:25:123:37 | ...::var | main.rs:123:25:123:45 | ...::var(...) [Ok] | provenance | Src:MaD:6 |
| main.rs:123:25:123:45 | ...::var(...) [Ok] | main.rs:123:25:123:65 | ... .unwrap_or_default() | provenance | MaD:17 |
| main.rs:123:25:123:37 | ...::var | main.rs:123:25:123:45 | ...::var(...) [Ok] | provenance | Src:MaD:8 |
| main.rs:123:25:123:45 | ...::var(...) [Ok] | main.rs:123:25:123:65 | ... .unwrap_or_default() | provenance | MaD:19 |
| main.rs:123:25:123:65 | ... .unwrap_or_default() | main.rs:123:13:123:21 | user_data | provenance | |
| main.rs:126:18:126:38 | MacroExpr | main.rs:126:9:126:16 | ...::_print | provenance | MaD:3 Sink:MaD:3 |
| main.rs:127:19:127:49 | MacroExpr | main.rs:127:9:127:17 | ...::_eprint | provenance | MaD:2 Sink:MaD:2 |
| main.rs:126:18:126:38 | MacroExpr | main.rs:126:9:126:16 | ...::_print | provenance | MaD:4 Sink:MaD:4 |
| main.rs:127:19:127:49 | MacroExpr | main.rs:127:9:127:17 | ...::_eprint | provenance | MaD:3 Sink:MaD:3 |
| main.rs:136:32:136:59 | ...: Option::<...> | main.rs:137:22:137:27 | o_path | provenance | |
| main.rs:137:22:137:27 | o_path | main.rs:137:29:137:31 | map | provenance | MaD:1 Sink:MaD:1 |
| main.rs:146:28:146:30 | get | main.rs:136:32:136:59 | ...: Option::<...> | provenance | Src:MaD:5 |
models
| 1 | Sink: log::__private_api::log; Argument[0]; log-injection |
| 2 | Sink: std::io::stdio::_eprint; Argument[0]; log-injection |
| 3 | Sink: std::io::stdio::_print; Argument[0]; log-injection |
| 4 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
| 5 | Source: std::env::args; ReturnValue.Element; commandargs |
| 6 | Source: std::env::var; ReturnValue.Field[core::result::Result::Ok(0)]; environment |
| 7 | Summary: <_ as alloc::string::ToString>::to_string; Argument[self].Reference; ReturnValue; taint |
| 8 | Summary: <_ as core::clone::Clone>::clone; Argument[self].Reference; ReturnValue; value |
| 9 | Summary: <_ as core::iter::traits::iterator::Iterator>::collect; Argument[self].Element; ReturnValue.Element; value |
| 10 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Reference.Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
| 11 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
| 12 | Summary: <alloc::vec::Vec as core::ops::deref::Deref>::deref; Argument[self].Reference.Element; ReturnValue.Reference.Element; value |
| 13 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 14 | Summary: <core::option::Option>::unwrap_or_default; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 15 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 16 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 17 | Summary: <core::result::Result>::unwrap_or_default; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 18 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 19 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
| 20 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
| 1 | Sink: <core::option::Option>::map; Argument[self]; log-injection |
| 2 | Sink: log::__private_api::log; Argument[0]; log-injection |
| 3 | Sink: std::io::stdio::_eprint; Argument[0]; log-injection |
| 4 | Sink: std::io::stdio::_print; Argument[0]; log-injection |
| 5 | Source: axum::routing::method_routing::get; Argument[0].Parameter[0..7]; remote |
| 6 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
| 7 | Source: std::env::args; ReturnValue.Element; commandargs |
| 8 | Source: std::env::var; ReturnValue.Field[core::result::Result::Ok(0)]; environment |
| 9 | Summary: <_ as alloc::string::ToString>::to_string; Argument[self].Reference; ReturnValue; taint |
| 10 | Summary: <_ as core::clone::Clone>::clone; Argument[self].Reference; ReturnValue; value |
| 11 | Summary: <_ as core::iter::traits::iterator::Iterator>::collect; Argument[self].Element; ReturnValue.Element; value |
| 12 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Reference.Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
| 13 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
| 14 | Summary: <alloc::vec::Vec as core::ops::deref::Deref>::deref; Argument[self].Reference.Element; ReturnValue.Reference.Element; value |
| 15 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 16 | Summary: <core::option::Option>::unwrap_or_default; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 17 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 18 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 19 | Summary: <core::result::Result>::unwrap_or_default; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 20 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 21 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
| 22 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
nodes
| main.rs:8:9:8:12 | args [element] | semmle.label | args [element] |
| main.rs:8:29:8:37 | ...::args | semmle.label | ...::args |
@@ -196,4 +202,8 @@ nodes
| main.rs:126:18:126:38 | MacroExpr | semmle.label | MacroExpr |
| main.rs:127:9:127:17 | ...::_eprint | semmle.label | ...::_eprint |
| main.rs:127:19:127:49 | MacroExpr | semmle.label | MacroExpr |
| main.rs:136:32:136:59 | ...: Option::<...> | semmle.label | ...: Option::<...> |
| main.rs:137:22:137:27 | o_path | semmle.label | o_path |
| main.rs:137:29:137:31 | map | semmle.label | map |
| main.rs:146:28:146:30 | get | semmle.label | get |
subpaths

19
rust/ql/test/query-tests/security/CWE-117/main.rs
View File

@@ -127,3 +127,22 @@ mod additional_tests {
eprintln!("Error for user: {}", user_data); // $ Alert[rust/log-injection]=environment
}
}
mod axum_tests {
use axum::extract::{Json, Path, Query, Request};
use axum::routing::{get, post, put, MethodFilter};
use axum::Router;
async fn my_axum_handler_1(o_path: Option<Path<String>>) -> &'static str {
let m_path = o_path.map(|x| x); // $ SPURIOUS: Alert[rust/log-injection]=post_handler
println!("{:?}", m_path.unwrap()); // $ MISSING: Alert[rust/log-injection]=post_handler
""
}
async fn test_axum() {
let app = Router::<()>::new()
.route("/{a}", get(my_axum_handler_1)); // $ Source=post_handler
}
}

3
rust/ql/test/query-tests/security/CWE-117/options.yml
View File

@@ -2,4 +2,5 @@ qltest_cargo_check: true
qltest_dependencies:
- log = "0.4"
- env_logger = "0.10"
- reqwest = { version = "0.12.9", features = ["blocking"] }
- reqwest = { version = "0.12.9", features = ["blocking"] }
- axum = { version = "0.8.7" }