hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-29 16:47:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Add test cases for heuristic sink matching.

Browse Source
This commit is contained in:
Geoffrey White
2026-06-25 16:24:40 +01:00
parent 8e1a7e1789
commit 37c61982b8
2 changed files with 112 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

184
rust/ql/test/query-tests/security/CWE-611/Xxe.expected
View File

@@ -1,15 +1,15 @@
#select
| main.rs:9:5:9:27 | ...::xmlReadMemory | main.rs:101:20:101:33 | ...::args | main.rs:9:5:9:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:101:20:101:33 | ...::args | user-provided value |
| main.rs:14:5:14:27 | ...::xmlReadMemory | main.rs:101:20:101:33 | ...::args | main.rs:14:5:14:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:101:20:101:33 | ...::args | user-provided value |
| main.rs:19:5:19:27 | ...::xmlReadMemory | main.rs:101:20:101:33 | ...::args | main.rs:19:5:19:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:101:20:101:33 | ...::args | user-provided value |
| main.rs:24:5:24:25 | ...::xmlReadFile | main.rs:102:25:102:38 | ...::args | main.rs:24:5:24:25 | ...::xmlReadFile | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:102:25:102:38 | ...::args | user-provided value |
| main.rs:29:5:29:24 | ...::xmlReadDoc | main.rs:101:20:101:33 | ...::args | main.rs:29:5:29:24 | ...::xmlReadDoc | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:101:20:101:33 | ...::args | user-provided value |
| main.rs:34:5:34:23 | ...::xmlReadFd | main.rs:103:21:103:39 | ...::open | main.rs:34:5:34:23 | ...::xmlReadFd | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:103:21:103:39 | ...::open | user-provided value |
| main.rs:39:5:39:29 | ...::xmlCtxtReadFile | main.rs:102:25:102:38 | ...::args | main.rs:39:5:39:29 | ...::xmlCtxtReadFile | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:102:25:102:38 | ...::args | user-provided value |
| main.rs:44:5:44:28 | ...::xmlCtxtReadDoc | main.rs:101:20:101:33 | ...::args | main.rs:44:5:44:28 | ...::xmlCtxtReadDoc | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:101:20:101:33 | ...::args | user-provided value |
| main.rs:49:5:49:31 | ...::xmlCtxtReadMemory | main.rs:101:20:101:33 | ...::args | main.rs:49:5:49:31 | ...::xmlCtxtReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:101:20:101:33 | ...::args | user-provided value |
| main.rs:61:5:61:27 | ...::xmlReadMemory | main.rs:101:20:101:33 | ...::args | main.rs:61:5:61:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:101:20:101:33 | ...::args | user-provided value |
| main.rs:64:5:64:27 | ...::xmlReadMemory | main.rs:101:20:101:33 | ...::args | main.rs:64:5:64:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:101:20:101:33 | ...::args | user-provided value |
| main.rs:9:5:9:27 | ...::xmlReadMemory | main.rs:120:20:120:33 | ...::args | main.rs:9:5:9:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:120:20:120:33 | ...::args | user-provided value |
| main.rs:14:5:14:27 | ...::xmlReadMemory | main.rs:120:20:120:33 | ...::args | main.rs:14:5:14:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:120:20:120:33 | ...::args | user-provided value |
| main.rs:19:5:19:27 | ...::xmlReadMemory | main.rs:120:20:120:33 | ...::args | main.rs:19:5:19:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:120:20:120:33 | ...::args | user-provided value |
| main.rs:24:5:24:25 | ...::xmlReadFile | main.rs:121:25:121:38 | ...::args | main.rs:24:5:24:25 | ...::xmlReadFile | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:121:25:121:38 | ...::args | user-provided value |
| main.rs:29:5:29:24 | ...::xmlReadDoc | main.rs:120:20:120:33 | ...::args | main.rs:29:5:29:24 | ...::xmlReadDoc | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:120:20:120:33 | ...::args | user-provided value |
| main.rs:34:5:34:23 | ...::xmlReadFd | main.rs:122:21:122:39 | ...::open | main.rs:34:5:34:23 | ...::xmlReadFd | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:122:21:122:39 | ...::open | user-provided value |
| main.rs:39:5:39:29 | ...::xmlCtxtReadFile | main.rs:121:25:121:38 | ...::args | main.rs:39:5:39:29 | ...::xmlCtxtReadFile | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:121:25:121:38 | ...::args | user-provided value |
| main.rs:44:5:44:28 | ...::xmlCtxtReadDoc | main.rs:120:20:120:33 | ...::args | main.rs:44:5:44:28 | ...::xmlCtxtReadDoc | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:120:20:120:33 | ...::args | user-provided value |
| main.rs:49:5:49:31 | ...::xmlCtxtReadMemory | main.rs:120:20:120:33 | ...::args | main.rs:49:5:49:31 | ...::xmlCtxtReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:120:20:120:33 | ...::args | user-provided value |
| main.rs:61:5:61:27 | ...::xmlReadMemory | main.rs:120:20:120:33 | ...::args | main.rs:61:5:61:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:120:20:120:33 | ...::args | user-provided value |
| main.rs:64:5:64:27 | ...::xmlReadMemory | main.rs:120:20:120:33 | ...::args | main.rs:64:5:64:27 | ...::xmlReadMemory | XML parsing depends on a $@ without guarding against external entity expansion. | main.rs:120:20:120:33 | ...::args | user-provided value |
edges
| main.rs:7:32:7:45 | ...: ... [&ref] | main.rs:9:29:9:36 | user_xml [&ref] | provenance | |
| main.rs:9:29:9:36 | user_xml [&ref] | main.rs:9:29:9:45 | user_xml.as_ptr() [&ref] | provenance | MaD:15 |
@@ -63,50 +63,50 @@ edges
| main.rs:64:29:64:45 | user_xml.as_ptr() [&ref] | main.rs:64:29:64:62 | ... as ... | provenance | |
| main.rs:64:29:64:45 | user_xml.as_ptr() [&ref] | main.rs:64:29:64:62 | ... as ... | provenance | Config |
| main.rs:64:29:64:62 | ... as ... | main.rs:64:5:64:27 | ...::xmlReadMemory | provenance | MaD:7 Sink:MaD:7 |
| main.rs:101:9:101:16 | user_xml | main.rs:107:31:107:38 | user_xml | provenance | |
| main.rs:101:9:101:16 | user_xml | main.rs:108:33:108:40 | user_xml | provenance | |
| main.rs:101:9:101:16 | user_xml | main.rs:109:34:109:41 | user_xml | provenance | |
| main.rs:101:9:101:16 | user_xml | main.rs:111:32:111:39 | user_xml | provenance | |
| main.rs:101:9:101:16 | user_xml | main.rs:114:37:114:44 | user_xml | provenance | |
| main.rs:101:9:101:16 | user_xml | main.rs:115:40:115:47 | user_xml | provenance | |
| main.rs:101:9:101:16 | user_xml | main.rs:116:32:116:39 | user_xml | provenance | |
| main.rs:101:20:101:33 | ...::args | main.rs:101:20:101:35 | ...::args(...) [element] | provenance | Src:MaD:9 |
| main.rs:101:20:101:35 | ...::args(...) [element] | main.rs:101:20:101:42 | ... .nth(...) [Some] | provenance | MaD:10 |
| main.rs:101:20:101:42 | ... .nth(...) [Some] | main.rs:101:20:101:62 | ... .unwrap_or_default() | provenance | MaD:13 |
| main.rs:101:20:101:62 | ... .unwrap_or_default() | main.rs:101:9:101:16 | user_xml | provenance | |
| main.rs:102:9:102:21 | user_filename | main.rs:110:33:110:45 | user_filename | provenance | |
| main.rs:102:9:102:21 | user_filename | main.rs:113:38:113:50 | user_filename | provenance | |
| main.rs:102:25:102:38 | ...::args | main.rs:102:25:102:40 | ...::args(...) [element] | provenance | Src:MaD:9 |
| main.rs:102:25:102:40 | ...::args(...) [element] | main.rs:102:25:102:47 | ... .nth(...) [Some] | provenance | MaD:10 |
| main.rs:102:25:102:47 | ... .nth(...) [Some] | main.rs:102:25:102:67 | ... .unwrap_or_default() | provenance | MaD:13 |
| main.rs:102:25:102:67 | ... .unwrap_or_default() | main.rs:102:9:102:21 | user_filename | provenance | |
| main.rs:103:9:103:17 | user_file [Some] | main.rs:104:19:104:27 | user_file [Some] | provenance | |
| main.rs:103:21:103:39 | ...::open | main.rs:103:21:103:55 | ...::open(...) [Ok] | provenance | Src:MaD:8 |
| main.rs:103:21:103:55 | ...::open(...) [Ok] | main.rs:103:21:103:60 | ... .ok() [Some] | provenance | MaD:14 |
| main.rs:103:21:103:60 | ... .ok() [Some] | main.rs:103:9:103:17 | user_file [Some] | provenance | |
| main.rs:104:9:104:15 | user_fd [&ref] | main.rs:112:30:112:36 | user_fd [&ref] | provenance | |
| main.rs:104:19:104:27 | user_file [Some] | main.rs:104:19:104:36 | user_file.as_ref() [Some, &ref] | provenance | MaD:11 |
| main.rs:104:19:104:36 | user_file.as_ref() [Some, &ref] | main.rs:104:19:104:72 | ... .map_or(...) [&ref] | provenance | MaD:12 |
| main.rs:104:19:104:72 | ... .map_or(...) [&ref] | main.rs:104:9:104:15 | user_fd [&ref] | provenance | |
| main.rs:107:30:107:38 | &user_xml [&ref] | main.rs:7:32:7:45 | ...: ... [&ref] | provenance | |
| main.rs:107:31:107:38 | user_xml | main.rs:107:30:107:38 | &user_xml [&ref] | provenance | |
| main.rs:108:32:108:40 | &user_xml [&ref] | main.rs:12:34:12:47 | ...: ... [&ref] | provenance | |
| main.rs:108:33:108:40 | user_xml | main.rs:108:32:108:40 | &user_xml [&ref] | provenance | |
| main.rs:109:33:109:41 | &user_xml [&ref] | main.rs:17:35:17:48 | ...: ... [&ref] | provenance | |
| main.rs:109:34:109:41 | user_xml | main.rs:109:33:109:41 | &user_xml [&ref] | provenance | |
| main.rs:110:32:110:45 | &user_filename [&ref] | main.rs:22:34:22:52 | ...: ... [&ref] | provenance | |
| main.rs:110:33:110:45 | user_filename | main.rs:110:32:110:45 | &user_filename [&ref] | provenance | |
| main.rs:111:31:111:39 | &user_xml [&ref] | main.rs:27:33:27:46 | ...: ... [&ref] | provenance | |
| main.rs:111:32:111:39 | user_xml | main.rs:111:31:111:39 | &user_xml [&ref] | provenance | |
| main.rs:112:30:112:36 | user_fd [&ref] | main.rs:32:32:32:43 | ...: i32 [&ref] | provenance | |
| main.rs:113:37:113:50 | &user_filename [&ref] | main.rs:37:39:37:57 | ...: ... [&ref] | provenance | |
| main.rs:113:38:113:50 | user_filename | main.rs:113:37:113:50 | &user_filename [&ref] | provenance | |
| main.rs:114:36:114:44 | &user_xml [&ref] | main.rs:42:38:42:51 | ...: ... [&ref] | provenance | |
| main.rs:114:37:114:44 | user_xml | main.rs:114:36:114:44 | &user_xml [&ref] | provenance | |
| main.rs:115:39:115:47 | &user_xml [&ref] | main.rs:47:41:47:54 | ...: ... [&ref] | provenance | |
| main.rs:115:40:115:47 | user_xml | main.rs:115:39:115:47 | &user_xml [&ref] | provenance | |
| main.rs:116:31:116:39 | &user_xml [&ref] | main.rs:59:33:59:46 | ...: ... [&ref] | provenance | |
| main.rs:116:32:116:39 | user_xml | main.rs:116:31:116:39 | &user_xml [&ref] | provenance | |
| main.rs:120:9:120:16 | user_xml | main.rs:126:31:126:38 | user_xml | provenance | |
| main.rs:120:9:120:16 | user_xml | main.rs:127:33:127:40 | user_xml | provenance | |
| main.rs:120:9:120:16 | user_xml | main.rs:128:34:128:41 | user_xml | provenance | |
| main.rs:120:9:120:16 | user_xml | main.rs:130:32:130:39 | user_xml | provenance | |
| main.rs:120:9:120:16 | user_xml | main.rs:133:37:133:44 | user_xml | provenance | |
| main.rs:120:9:120:16 | user_xml | main.rs:134:40:134:47 | user_xml | provenance | |
| main.rs:120:9:120:16 | user_xml | main.rs:135:32:135:39 | user_xml | provenance | |
| main.rs:120:20:120:33 | ...::args | main.rs:120:20:120:35 | ...::args(...) [element] | provenance | Src:MaD:9 |
| main.rs:120:20:120:35 | ...::args(...) [element] | main.rs:120:20:120:42 | ... .nth(...) [Some] | provenance | MaD:10 |
| main.rs:120:20:120:42 | ... .nth(...) [Some] | main.rs:120:20:120:62 | ... .unwrap_or_default() | provenance | MaD:13 |
| main.rs:120:20:120:62 | ... .unwrap_or_default() | main.rs:120:9:120:16 | user_xml | provenance | |
| main.rs:121:9:121:21 | user_filename | main.rs:129:33:129:45 | user_filename | provenance | |
| main.rs:121:9:121:21 | user_filename | main.rs:132:38:132:50 | user_filename | provenance | |
| main.rs:121:25:121:38 | ...::args | main.rs:121:25:121:40 | ...::args(...) [element] | provenance | Src:MaD:9 |
| main.rs:121:25:121:40 | ...::args(...) [element] | main.rs:121:25:121:47 | ... .nth(...) [Some] | provenance | MaD:10 |
| main.rs:121:25:121:47 | ... .nth(...) [Some] | main.rs:121:25:121:67 | ... .unwrap_or_default() | provenance | MaD:13 |
| main.rs:121:25:121:67 | ... .unwrap_or_default() | main.rs:121:9:121:21 | user_filename | provenance | |
| main.rs:122:9:122:17 | user_file [Some] | main.rs:123:19:123:27 | user_file [Some] | provenance | |
| main.rs:122:21:122:39 | ...::open | main.rs:122:21:122:55 | ...::open(...) [Ok] | provenance | Src:MaD:8 |
| main.rs:122:21:122:55 | ...::open(...) [Ok] | main.rs:122:21:122:60 | ... .ok() [Some] | provenance | MaD:14 |
| main.rs:122:21:122:60 | ... .ok() [Some] | main.rs:122:9:122:17 | user_file [Some] | provenance | |
| main.rs:123:9:123:15 | user_fd [&ref] | main.rs:131:30:131:36 | user_fd [&ref] | provenance | |
| main.rs:123:19:123:27 | user_file [Some] | main.rs:123:19:123:36 | user_file.as_ref() [Some, &ref] | provenance | MaD:11 |
| main.rs:123:19:123:36 | user_file.as_ref() [Some, &ref] | main.rs:123:19:123:72 | ... .map_or(...) [&ref] | provenance | MaD:12 |
| main.rs:123:19:123:72 | ... .map_or(...) [&ref] | main.rs:123:9:123:15 | user_fd [&ref] | provenance | |
| main.rs:126:30:126:38 | &user_xml [&ref] | main.rs:7:32:7:45 | ...: ... [&ref] | provenance | |
| main.rs:126:31:126:38 | user_xml | main.rs:126:30:126:38 | &user_xml [&ref] | provenance | |
| main.rs:127:32:127:40 | &user_xml [&ref] | main.rs:12:34:12:47 | ...: ... [&ref] | provenance | |
| main.rs:127:33:127:40 | user_xml | main.rs:127:32:127:40 | &user_xml [&ref] | provenance | |
| main.rs:128:33:128:41 | &user_xml [&ref] | main.rs:17:35:17:48 | ...: ... [&ref] | provenance | |
| main.rs:128:34:128:41 | user_xml | main.rs:128:33:128:41 | &user_xml [&ref] | provenance | |
| main.rs:129:32:129:45 | &user_filename [&ref] | main.rs:22:34:22:52 | ...: ... [&ref] | provenance | |
| main.rs:129:33:129:45 | user_filename | main.rs:129:32:129:45 | &user_filename [&ref] | provenance | |
| main.rs:130:31:130:39 | &user_xml [&ref] | main.rs:27:33:27:46 | ...: ... [&ref] | provenance | |
| main.rs:130:32:130:39 | user_xml | main.rs:130:31:130:39 | &user_xml [&ref] | provenance | |
| main.rs:131:30:131:36 | user_fd [&ref] | main.rs:32:32:32:43 | ...: i32 [&ref] | provenance | |
| main.rs:132:37:132:50 | &user_filename [&ref] | main.rs:37:39:37:57 | ...: ... [&ref] | provenance | |
| main.rs:132:38:132:50 | user_filename | main.rs:132:37:132:50 | &user_filename [&ref] | provenance | |
| main.rs:133:36:133:44 | &user_xml [&ref] | main.rs:42:38:42:51 | ...: ... [&ref] | provenance | |
| main.rs:133:37:133:44 | user_xml | main.rs:133:36:133:44 | &user_xml [&ref] | provenance | |
| main.rs:134:39:134:47 | &user_xml [&ref] | main.rs:47:41:47:54 | ...: ... [&ref] | provenance | |
| main.rs:134:40:134:47 | user_xml | main.rs:134:39:134:47 | &user_xml [&ref] | provenance | |
| main.rs:135:31:135:39 | &user_xml [&ref] | main.rs:59:33:59:46 | ...: ... [&ref] | provenance | |
| main.rs:135:32:135:39 | user_xml | main.rs:135:31:135:39 | &user_xml [&ref] | provenance | |
models
| 1 | Sink: libxml::bindings::xmlCtxtReadDoc; Argument[1].Reference; xxe |
| 2 | Sink: libxml::bindings::xmlCtxtReadFile; Argument[1].Reference; xxe |
@@ -176,41 +176,41 @@ nodes
| main.rs:64:29:64:36 | user_xml [&ref] | semmle.label | user_xml [&ref] |
| main.rs:64:29:64:45 | user_xml.as_ptr() [&ref] | semmle.label | user_xml.as_ptr() [&ref] |
| main.rs:64:29:64:62 | ... as ... | semmle.label | ... as ... |
| main.rs:101:9:101:16 | user_xml | semmle.label | user_xml |
| main.rs:101:20:101:33 | ...::args | semmle.label | ...::args |
| main.rs:101:20:101:35 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
| main.rs:101:20:101:42 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] |
| main.rs:101:20:101:62 | ... .unwrap_or_default() | semmle.label | ... .unwrap_or_default() |
| main.rs:102:9:102:21 | user_filename | semmle.label | user_filename |
| main.rs:102:25:102:38 | ...::args | semmle.label | ...::args |
| main.rs:102:25:102:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
| main.rs:102:25:102:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] |
| main.rs:102:25:102:67 | ... .unwrap_or_default() | semmle.label | ... .unwrap_or_default() |
| main.rs:103:9:103:17 | user_file [Some] | semmle.label | user_file [Some] |
| main.rs:103:21:103:39 | ...::open | semmle.label | ...::open |
| main.rs:103:21:103:55 | ...::open(...) [Ok] | semmle.label | ...::open(...) [Ok] |
| main.rs:103:21:103:60 | ... .ok() [Some] | semmle.label | ... .ok() [Some] |
| main.rs:104:9:104:15 | user_fd [&ref] | semmle.label | user_fd [&ref] |
| main.rs:104:19:104:27 | user_file [Some] | semmle.label | user_file [Some] |
| main.rs:104:19:104:36 | user_file.as_ref() [Some, &ref] | semmle.label | user_file.as_ref() [Some, &ref] |
| main.rs:104:19:104:72 | ... .map_or(...) [&ref] | semmle.label | ... .map_or(...) [&ref] |
| main.rs:107:30:107:38 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:107:31:107:38 | user_xml | semmle.label | user_xml |
| main.rs:108:32:108:40 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:108:33:108:40 | user_xml | semmle.label | user_xml |
| main.rs:109:33:109:41 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:109:34:109:41 | user_xml | semmle.label | user_xml |
| main.rs:110:32:110:45 | &user_filename [&ref] | semmle.label | &user_filename [&ref] |
| main.rs:110:33:110:45 | user_filename | semmle.label | user_filename |
| main.rs:111:31:111:39 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:111:32:111:39 | user_xml | semmle.label | user_xml |
| main.rs:112:30:112:36 | user_fd [&ref] | semmle.label | user_fd [&ref] |
| main.rs:113:37:113:50 | &user_filename [&ref] | semmle.label | &user_filename [&ref] |
| main.rs:113:38:113:50 | user_filename | semmle.label | user_filename |
| main.rs:114:36:114:44 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:114:37:114:44 | user_xml | semmle.label | user_xml |
| main.rs:115:39:115:47 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:115:40:115:47 | user_xml | semmle.label | user_xml |
| main.rs:116:31:116:39 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:116:32:116:39 | user_xml | semmle.label | user_xml |
| main.rs:120:9:120:16 | user_xml | semmle.label | user_xml |
| main.rs:120:20:120:33 | ...::args | semmle.label | ...::args |
| main.rs:120:20:120:35 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
| main.rs:120:20:120:42 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] |
| main.rs:120:20:120:62 | ... .unwrap_or_default() | semmle.label | ... .unwrap_or_default() |
| main.rs:121:9:121:21 | user_filename | semmle.label | user_filename |
| main.rs:121:25:121:38 | ...::args | semmle.label | ...::args |
| main.rs:121:25:121:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
| main.rs:121:25:121:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] |
| main.rs:121:25:121:67 | ... .unwrap_or_default() | semmle.label | ... .unwrap_or_default() |
| main.rs:122:9:122:17 | user_file [Some] | semmle.label | user_file [Some] |
| main.rs:122:21:122:39 | ...::open | semmle.label | ...::open |
| main.rs:122:21:122:55 | ...::open(...) [Ok] | semmle.label | ...::open(...) [Ok] |
| main.rs:122:21:122:60 | ... .ok() [Some] | semmle.label | ... .ok() [Some] |
| main.rs:123:9:123:15 | user_fd [&ref] | semmle.label | user_fd [&ref] |
| main.rs:123:19:123:27 | user_file [Some] | semmle.label | user_file [Some] |
| main.rs:123:19:123:36 | user_file.as_ref() [Some, &ref] | semmle.label | user_file.as_ref() [Some, &ref] |
| main.rs:123:19:123:72 | ... .map_or(...) [&ref] | semmle.label | ... .map_or(...) [&ref] |
| main.rs:126:30:126:38 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:126:31:126:38 | user_xml | semmle.label | user_xml |
| main.rs:127:32:127:40 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:127:33:127:40 | user_xml | semmle.label | user_xml |
| main.rs:128:33:128:41 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:128:34:128:41 | user_xml | semmle.label | user_xml |
| main.rs:129:32:129:45 | &user_filename [&ref] | semmle.label | &user_filename [&ref] |
| main.rs:129:33:129:45 | user_filename | semmle.label | user_filename |
| main.rs:130:31:130:39 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:130:32:130:39 | user_xml | semmle.label | user_xml |
| main.rs:131:30:131:36 | user_fd [&ref] | semmle.label | user_fd [&ref] |
| main.rs:132:37:132:50 | &user_filename [&ref] | semmle.label | &user_filename [&ref] |
| main.rs:132:38:132:50 | user_filename | semmle.label | user_filename |
| main.rs:133:36:133:44 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:133:37:133:44 | user_xml | semmle.label | user_xml |
| main.rs:134:39:134:47 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:134:40:134:47 | user_xml | semmle.label | user_xml |
| main.rs:135:31:135:39 | &user_xml [&ref] | semmle.label | &user_xml [&ref] |
| main.rs:135:32:135:39 | user_xml | semmle.label | user_xml |
subpaths

20
rust/ql/test/query-tests/security/CWE-611/main.rs
View File

@@ -97,6 +97,25 @@ unsafe fn test_xml_hardcoded_unsafe() {
bindings::xmlReadFile("trusted/input.xml".as_ptr() as *const c_char, std::ptr::null_mut(), bindings::xmlParserOption_XML_PARSE_NOENT as i32);
}
// --- custom parser (requires heuristic match) ---
const XML_PARSE_NOENT: i32 = 2;
const XML_PARSE_DTDLOAD: i32 = 4;
fn custom_xml_parser(xml: &str, options: i32) {
// ...
}
fn test_custom_parser(user_xml: &str) {
custom_xml_parser(user_xml, 0);
custom_xml_parser(user_xml, XML_PARSE_NOENT); // $ MISSING: Alert[rust/xxe]
custom_xml_parser(user_xml, XML_PARSE_DTDLOAD); // $ MISSING: Alert[rust/xxe]
custom_xml_parser(user_xml, XML_PARSE_NOENT | XML_PARSE_DTDLOAD); // $ MISSING: Alert[rust/xxe]
custom_xml_parser("<root/>", XML_PARSE_NOENT | XML_PARSE_DTDLOAD);
}
// ---
fn main() {
let user_xml = std::env::args().nth(1).unwrap_or_default(); // $ Source
let user_filename = std::env::args().nth(2).unwrap_or_default(); // $ Source
@@ -117,5 +136,6 @@ fn main() {
test_dataflow_bad(&user_xml);
test_xml_parse_safe_options(&user_xml);
test_xml_hardcoded_unsafe();
test_custom_parser(&user_xml);
}
}