diff --git a/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/CryptographicOperations.qlref b/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/CryptographicOperations.qlref index f4c34a95e0d..a7941a724f7 100644 --- a/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/CryptographicOperations.qlref +++ b/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/CryptographicOperations.qlref @@ -1 +1,3 @@ query: queries/summary/CryptographicOperations.ql +postprocess: + - utils/test/InlineExpectationsTestQuery.ql diff --git a/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/test.rs b/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/test.rs index a7e17404df1..c57fc54baf2 100644 --- a/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/test.rs +++ b/rust/ql/test/query-tests/security/CWE-327/WeakSensitiveDataHashing/test.rs @@ -16,10 +16,10 @@ fn test_hash_algorithms( _ = md5::Md5::digest(encrypted_password); // MD5 (alternative / older library) - _ = md5_alt::compute(harmless); - _ = md5_alt::compute(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing] - _ = md5_alt::compute(password); // $ Alert[rust/weak-sensitive-data-hashing] - _ = md5_alt::compute(encrypted_password); + _ = md5_alt::compute(harmless); // $ Alert[rust/summary/cryptographic-operations] + _ = md5_alt::compute(credit_card_no); // $ Alert[rust/summary/cryptographic-operations] Alert[rust/weak-sensitive-data-hashing] + _ = md5_alt::compute(password); // $ Alert[rust/summary/cryptographic-operations] Alert[rust/weak-sensitive-data-hashing] + _ = md5_alt::compute(encrypted_password); // $ Alert[rust/summary/cryptographic-operations] // SHA-1 _ = sha1::Sha1::digest(harmless); @@ -64,14 +64,14 @@ fn test_hash_code_patterns( _ = md5::Md5::digest(password_vec); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] // hash through a hasher object - let mut md5_hasher = md5::Md5::new(); + let mut md5_hasher = md5::Md5::new(); // $ Alert[rust/summary/cryptographic-operations] md5_hasher.update(b"abc"); md5_hasher.update(harmless); md5_hasher.update(password); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5_hasher.finalize(); - _ = md5::Md5::new().chain_update(harmless).chain_update(harmless).chain_update(harmless).finalize(); - _ = md5::Md5::new().chain_update(harmless).chain_update(password).chain_update(harmless).finalize(); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::new().chain_update(harmless).chain_update(harmless).chain_update(harmless).finalize(); // $ Alert[rust/summary/cryptographic-operations] + _ = md5::Md5::new().chain_update(harmless).chain_update(password).chain_update(harmless).finalize(); // $ Alert[rust/summary/cryptographic-operations] MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5::Md5::new_with_prefix(harmless).finalize(); _ = md5::Md5::new_with_prefix(password).finalize(); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] @@ -130,7 +130,7 @@ fn test_hash_structs() { let str3c = serde_urlencoded::to_string(&s3).unwrap(); // hash with MD5 - let mut md5_hasher = md5::Md5::new(); + let mut md5_hasher = md5::Md5::new(); // $ Alert[rust/summary/cryptographic-operations] md5_hasher.update(s1.data); md5_hasher.update(s2.credit_card_no); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] md5_hasher.update(s3.password); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] @@ -153,7 +153,7 @@ fn test_hash_file( let mut harmless_file = std::fs::File::open(harmless_filename).unwrap(); let mut password_file = std::fs::File::open(password_filename).unwrap(); - let mut md5_hasher = md5::Md5::new(); + let mut md5_hasher = md5::Md5::new(); // $ Alert[rust/summary/cryptographic-operations] _ = std::io::copy(&mut harmless_file, &mut md5_hasher); _ = std::io::copy(&mut password_file, &mut md5_hasher); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5_hasher.finalize();