hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Add test cases for hardcoded cryptographic constants in cookies.

Browse Source
This commit is contained in:
Geoffrey White
2025-09-10 15:27:34 +01:00
parent ffeece1179
commit 2bb9e2f7be
2 changed files with 60 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rust/ql/test/query-tests/security/CWE-798/options.yml
View File

@@ -8,3 +8,5 @@ qltest_dependencies:
- base64 = { version = "0.22.1" }
- getrandom = { version = "0.3.1" }
- getrandom2 = { package = "getrandom", version = "0.2.15" }
- cookie = { version = "0.18.1", features = ["signed", "private"] }
- biscotti = { version = "0.4.3" }

58
rust/ql/test/query-tests/security/CWE-798/test_cookie.rs Normal file
View File

@@ -0,0 +1,58 @@
use cookie::{CookieJar, SignedJar, PrivateJar, Key};
// --- tests ---
fn test_cookie_jar(array_var: &[u8]) {
let mut jar = CookieJar::new();
let key_generate = Key::generate(); // good
_ = jar.signed_mut(&key_generate);
_ = jar.private_mut(&key_generate);
let key_var = Key::from(array_var); // good
_ = jar.signed_mut(&key_var);
_ = jar.private_mut(&key_var);
let array1: [u8; 64] = [0; 64]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
let key1 = Key::from(&array1);
_ = jar.signed_mut(&key1); // $ MISSING: Sink
let array2: [u8; 64] = [0; 64]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
let key2 = Key::from(&array2);
_ = jar.private_mut(&key2); // $ MISSING: Sink
}
fn test_biscotti_crypto(array_var: &[u8]) {
let mut config1 = biscotti::ProcessorConfig::default();
let crypto_rules1 = biscotti::config::CryptoRule {
cookie_names: vec!["name".to_string()],
algorithm: biscotti::config::CryptoAlgorithm::Signing,
key: biscotti::Key::generate(), // good
fallbacks: vec![],
};
config1.crypto_rules.push(crypto_rules1);
let processor1: biscotti::Processor = config1.into();
let mut config2 = biscotti::ProcessorConfig::default();
let array2 = Vec::from([0u8; 64]); // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
let crypto_rules2 = biscotti::config::CryptoRule {
cookie_names: vec!["name".to_string()],
algorithm: biscotti::config::CryptoAlgorithm::Signing,
key: biscotti::Key::from(array2), // $ MISSING: Sink
fallbacks: vec![],
};
config2.crypto_rules.push(crypto_rules2);
let processor2: biscotti::Processor = config2.into();
let mut config3 = biscotti::ProcessorConfig::default();
let array3 = vec![0u8; 64]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
let crypto_rules3 = biscotti::config::CryptoRule {
cookie_names: vec!["name".to_string()],
algorithm: biscotti::config::CryptoAlgorithm::Signing,
key: biscotti::Key::from(array3), // $ MISSING: Sink
fallbacks: vec![],
};
config3.crypto_rules.push(crypto_rules3);
let processor3: biscotti::Processor = config3.into();
}