hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Add test case involving taint.

Browse Source
This commit is contained in:
Geoffrey White
2025-11-20 19:15:33 +00:00
parent e43000f7cf
commit 2da0814f65
2 changed files with 58 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
rust/ql/test/query-tests/security/CWE-295/DisabledCertificateCheck.expected
View File

@@ -11,14 +11,17 @@
| main.rs:56:36:56:39 | true | main.rs:56:36:56:39 | true | main.rs:56:36:56:39 | true | Disabling TLS certificate validation can expose the application to man-in-the-middle attacks. |
| main.rs:83:32:83:37 | always | main.rs:74:15:74:18 | true | main.rs:83:32:83:37 | always | Disabling TLS certificate validation can expose the application to man-in-the-middle attacks. |
| main.rs:88:32:88:40 | sometimes | main.rs:75:22:75:25 | true | main.rs:88:32:88:40 | sometimes | Disabling TLS certificate validation can expose the application to man-in-the-middle attacks. |
| main.rs:93:32:93:47 | sometimes_global | main.rs:106:17:106:20 | true | main.rs:93:32:93:47 | sometimes_global | Disabling TLS certificate validation can expose the application to man-in-the-middle attacks. |
| main.rs:93:32:93:47 | sometimes_global | main.rs:154:17:154:20 | true | main.rs:93:32:93:47 | sometimes_global | Disabling TLS certificate validation can expose the application to man-in-the-middle attacks. |
| main.rs:146:36:146:37 | b6 | main.rs:144:39:144:42 | true | main.rs:146:36:146:37 | b6 | Disabling TLS certificate validation can expose the application to man-in-the-middle attacks. |
edges
| main.rs:73:19:73:40 | ...: bool | main.rs:93:32:93:47 | sometimes_global | provenance | |
| main.rs:74:6:74:11 | always | main.rs:83:32:83:37 | always | provenance | |
| main.rs:74:15:74:18 | true | main.rs:74:6:74:11 | always | provenance | |
| main.rs:75:6:75:18 | mut sometimes | main.rs:88:32:88:40 | sometimes | provenance | |
| main.rs:75:22:75:25 | true | main.rs:75:6:75:18 | mut sometimes | provenance | |
| main.rs:106:17:106:20 | true | main.rs:73:19:73:40 | ...: bool | provenance | |
| main.rs:144:6:144:7 | b6 | main.rs:146:36:146:37 | b6 | provenance | |
| main.rs:144:39:144:42 | true | main.rs:144:6:144:7 | b6 | provenance | |
| main.rs:154:17:154:20 | true | main.rs:73:19:73:40 | ...: bool | provenance | |
nodes
| main.rs:4:32:4:35 | true | semmle.label | true |
| main.rs:9:36:9:39 | true | semmle.label | true |
@@ -38,5 +41,8 @@ nodes
| main.rs:83:32:83:37 | always | semmle.label | always |
| main.rs:88:32:88:40 | sometimes | semmle.label | sometimes |
| main.rs:93:32:93:47 | sometimes_global | semmle.label | sometimes_global |
| main.rs:106:17:106:20 | true | semmle.label | true |
| main.rs:144:6:144:7 | b6 | semmle.label | b6 |
| main.rs:144:39:144:42 | true | semmle.label | true |
| main.rs:146:36:146:37 | b6 | semmle.label | b6 |
| main.rs:154:17:154:20 | true | semmle.label | true |
subpaths

49
rust/ql/test/query-tests/security/CWE-295/main.rs
View File

@@ -100,9 +100,58 @@ fn test_data_flow(sometimes_global: bool) {
.unwrap();
}
fn test_threat_model_source() {
// hostname setting from `fs` functions returning `bool` directly
// (these are highly unnatural but serve to create simple tests)
let b1: bool = std::fs::exists("main.rs").unwrap();
let _client = native_tls::TlsConnector::builder()
.danger_accept_invalid_hostnames(b1) // $ MISSING: Alert[rust/disabled-certificate-check]=fs
.build()
.unwrap();
let b2 = std::path::Path::new("main.rs").metadata().unwrap().is_file();
let _client = native_tls::TlsConnector::builder()
.danger_accept_invalid_hostnames(b2) // $ MISSING: Alert[rust/disabled-certificate-check]=fs
.build()
.unwrap();
let b3 = std::fs::metadata("main.rs").unwrap().is_dir();
let _client = native_tls::TlsConnector::builder()
.danger_accept_invalid_hostnames(b3) // $ MISSING: Alert[rust/disabled-certificate-check]=fs
.build()
.unwrap();
// hostname setting from `stdin`, parsed to `bool`
// (these are a little closer to something real)
let mut input_line = String::new();
let input = std::io::stdin();
input.read_line(&mut input_line).unwrap();
let b4: bool = input_line.parse::<bool>().unwrap_or(false);
let _client = native_tls::TlsConnector::builder()
.danger_accept_invalid_hostnames(b4) // $ MISSING: Alert[rust/disabled-certificate-check]=stdin
.build()
.unwrap();
let b5 = std::str::FromStr::from_str(&input_line).unwrap_or(false);
let _client = native_tls::TlsConnector::builder()
.danger_accept_invalid_hostnames(b5) // $ MISSING: Alert[rust/disabled-certificate-check]=stdin
.build()
.unwrap();
let b6 = if (input_line == "true") { true } else { false }; // $ Source=true
let _client = native_tls::TlsConnector::builder()
.danger_accept_invalid_hostnames(b6) // $ Alert[rust/disabled-certificate-check]=true
.build()
.unwrap();
}
fn main() {
test_native_tls();
test_reqwest();
test_data_flow(true); // $ Source=arg
test_data_flow(false);
test_threat_model_source();
}