Rust: Make the new test inline expectations.

2026-06-23 21:57:01 +02:00 · 2026-06-18 22:57:15 +01:00
parent e8923b7688
commit 3aaeb68553
2 changed files with 11 additions and 9 deletions
--- a/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/CryptographicOperations.qlref
+++ b/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/CryptographicOperations.qlref
@@ -1 +1,3 @@
 query: queries/summary/CryptographicOperations.ql
+postprocess:
+ - utils/test/InlineExpectationsTestQuery.ql
--- a/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/test.rs
+++ b/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/test.rs
@@ -16,10 +16,10 @@ fn test_hash_algorithms(
    _ = md5::Md5::digest(encrypted_password);

    // MD5 (alternative / older library)
-    _ = md5_alt::compute(harmless);
-    _ = md5_alt::compute(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing]
-    _ = md5_alt::compute(password); // $ Alert[rust/weak-sensitive-data-hashing]
-    _ = md5_alt::compute(encrypted_password);
+    _ = md5_alt::compute(harmless); // $ Alert[rust/summary/cryptographic-operations]
+    _ = md5_alt::compute(credit_card_no); // $ Alert[rust/summary/cryptographic-operations] Alert[rust/weak-sensitive-data-hashing]
+    _ = md5_alt::compute(password); // $ Alert[rust/summary/cryptographic-operations] Alert[rust/weak-sensitive-data-hashing]
+    _ = md5_alt::compute(encrypted_password); // $ Alert[rust/summary/cryptographic-operations]

    // SHA-1
    _ = sha1::Sha1::digest(harmless);
@@ -64,14 +64,14 @@ fn test_hash_code_patterns(
    _ = md5::Md5::digest(password_vec); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]

    // hash through a hasher object
-    let mut md5_hasher = md5::Md5::new();
+    let mut md5_hasher = md5::Md5::new(); // $ Alert[rust/summary/cryptographic-operations]
    md5_hasher.update(b"abc");
    md5_hasher.update(harmless);
    md5_hasher.update(password); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
    _ = md5_hasher.finalize();

-    _ = md5::Md5::new().chain_update(harmless).chain_update(harmless).chain_update(harmless).finalize();
-    _ = md5::Md5::new().chain_update(harmless).chain_update(password).chain_update(harmless).finalize(); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
+    _ = md5::Md5::new().chain_update(harmless).chain_update(harmless).chain_update(harmless).finalize(); // $ Alert[rust/summary/cryptographic-operations]
+    _ = md5::Md5::new().chain_update(harmless).chain_update(password).chain_update(harmless).finalize(); // $ Alert[rust/summary/cryptographic-operations] MISSING: Alert[rust/weak-sensitive-data-hashing]

    _ = md5::Md5::new_with_prefix(harmless).finalize();
    _ = md5::Md5::new_with_prefix(password).finalize(); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
@@ -130,7 +130,7 @@ fn test_hash_structs() {
    let str3c = serde_urlencoded::to_string(&s3).unwrap();

    // hash with MD5
-    let mut md5_hasher = md5::Md5::new();
+    let mut md5_hasher = md5::Md5::new(); // $ Alert[rust/summary/cryptographic-operations]
    md5_hasher.update(s1.data);
    md5_hasher.update(s2.credit_card_no); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
    md5_hasher.update(s3.password); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
@@ -153,7 +153,7 @@ fn test_hash_file(
    let mut harmless_file = std::fs::File::open(harmless_filename).unwrap();
    let mut password_file = std::fs::File::open(password_filename).unwrap();

-    let mut md5_hasher = md5::Md5::new();
+    let mut md5_hasher = md5::Md5::new(); // $ Alert[rust/summary/cryptographic-operations]
    _ = std::io::copy(&mut harmless_file, &mut md5_hasher);
    _ = std::io::copy(&mut password_file, &mut md5_hasher); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
    _ = md5_hasher.finalize();