hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Taint flow tests for operations

Browse Source
This commit is contained in:
Tom Hvitved
2025-12-02 15:28:25 +01:00
parent 294c489fd8
commit 41916640c3
3 changed files with 77 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
View File

@@ -3,20 +3,20 @@
| main.rs:8:20:8:20 | s | main.rs:8:14:8:20 | FormatArgsExpr |
| main.rs:13:10:13:10 | a | main.rs:13:10:13:14 | ... + ... |
| main.rs:13:14:13:14 | 1 | main.rs:13:10:13:14 | ... + ... |
| main.rs:18:11:18:11 | a | main.rs:18:10:18:11 | - ... |
| main.rs:23:13:23:13 | a | main.rs:23:13:23:19 | a as u8 |
| main.rs:24:10:24:10 | b | main.rs:24:10:24:17 | b as i64 |
| main.rs:24:10:24:17 | [post] b as i64 | main.rs:24:10:24:10 | [post] b |
| main.rs:29:23:29:23 | i | main.rs:29:17:29:23 | FormatArgsExpr |
| main.rs:33:24:33:24 | s | main.rs:33:18:33:24 | FormatArgsExpr |
| main.rs:38:23:38:23 | [post] s [borrowed] | main.rs:38:23:38:23 | [post] s |
| main.rs:38:23:38:23 | s | main.rs:38:23:38:29 | s[...] |
| main.rs:38:23:38:29 | s[...] [pre-dereferenced] | main.rs:38:23:38:29 | s[...] |
| main.rs:49:24:49:24 | i | main.rs:49:18:49:24 | FormatArgsExpr |
| main.rs:54:14:54:16 | [post] arr [borrowed] | main.rs:54:14:54:16 | [post] arr |
| main.rs:54:14:54:19 | arr[1] [pre-dereferenced] | main.rs:54:14:54:19 | arr[1] |
| main.rs:64:24:64:24 | [post] s [borrowed] | main.rs:64:24:64:24 | [post] s |
| main.rs:64:24:64:27 | s[1] | main.rs:64:18:64:27 | FormatArgsExpr |
| main.rs:64:24:64:27 | s[1] [pre-dereferenced] | main.rs:64:24:64:27 | s[1] |
| main.rs:69:9:69:12 | [post] arr2 [borrowed] | main.rs:69:9:69:12 | [post] arr2 |
| main.rs:69:9:69:15 | arr2[1] [pre-dereferenced] | main.rs:69:9:69:15 | arr2[1] |
| main.rs:26:11:26:11 | a | main.rs:26:10:26:11 | - ... |
| main.rs:31:13:31:13 | a | main.rs:31:13:31:19 | a as u8 |
| main.rs:32:10:32:10 | b | main.rs:32:10:32:17 | b as i64 |
| main.rs:32:10:32:17 | [post] b as i64 | main.rs:32:10:32:10 | [post] b |
| main.rs:37:23:37:23 | i | main.rs:37:17:37:23 | FormatArgsExpr |
| main.rs:41:24:41:24 | s | main.rs:41:18:41:24 | FormatArgsExpr |
| main.rs:46:23:46:23 | [post] s [borrowed] | main.rs:46:23:46:23 | [post] s |
| main.rs:46:23:46:23 | s | main.rs:46:23:46:29 | s[...] |
| main.rs:46:23:46:29 | s[...] [pre-dereferenced] | main.rs:46:23:46:29 | s[...] |
| main.rs:57:24:57:24 | i | main.rs:57:18:57:24 | FormatArgsExpr |
| main.rs:62:14:62:16 | [post] arr [borrowed] | main.rs:62:14:62:16 | [post] arr |
| main.rs:62:14:62:19 | arr[1] [pre-dereferenced] | main.rs:62:14:62:19 | arr[1] |
| main.rs:72:24:72:24 | [post] s [borrowed] | main.rs:72:24:72:24 | [post] s |
| main.rs:72:24:72:27 | s[1] | main.rs:72:18:72:27 | FormatArgsExpr |
| main.rs:72:24:72:27 | s[1] [pre-dereferenced] | main.rs:72:24:72:27 | s[1] |
| main.rs:77:9:77:12 | [post] arr2 [borrowed] | main.rs:77:9:77:12 | [post] arr2 |
| main.rs:77:9:77:15 | arr2[1] [pre-dereferenced] | main.rs:77:9:77:15 | arr2[1] |

98
rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
View File

@@ -4,57 +4,63 @@ models
edges
| main.rs:12:9:12:9 | a | main.rs:13:10:13:14 | ... + ... | provenance | |
| main.rs:12:13:12:22 | source(...) | main.rs:12:9:12:9 | a | provenance | |
| main.rs:17:9:17:9 | a | main.rs:18:10:18:11 | - ... | provenance | |
| main.rs:17:9:17:9 | a | main.rs:18:11:18:11 | a | provenance | |
| main.rs:17:13:17:22 | source(...) | main.rs:17:9:17:9 | a | provenance | |
| main.rs:18:11:18:11 | a | main.rs:18:10:18:11 | - ... | provenance | MaD:2 |
| main.rs:22:9:22:9 | a | main.rs:23:9:23:9 | b | provenance | |
| main.rs:22:13:22:22 | source(...) | main.rs:22:9:22:9 | a | provenance | |
| main.rs:23:9:23:9 | b | main.rs:24:10:24:17 | b as i64 | provenance | |
| main.rs:37:13:37:13 | s | main.rs:38:23:38:23 | s | provenance | |
| main.rs:37:13:37:13 | s | main.rs:38:23:38:29 | s[...] | provenance | |
| main.rs:37:17:37:26 | source(...) | main.rs:37:13:37:13 | s | provenance | |
| main.rs:38:13:38:18 | sliced [&ref] | main.rs:39:14:39:19 | sliced | provenance | |
| main.rs:38:22:38:29 | &... [&ref] | main.rs:38:13:38:18 | sliced [&ref] | provenance | |
| main.rs:38:23:38:23 | s | main.rs:38:23:38:29 | s[...] | provenance | MaD:1 |
| main.rs:38:23:38:29 | s[...] | main.rs:38:22:38:29 | &... [&ref] | provenance | |
| main.rs:53:13:53:15 | arr | main.rs:54:14:54:16 | arr | provenance | |
| main.rs:53:19:53:28 | source(...) | main.rs:53:13:53:15 | arr | provenance | |
| main.rs:54:14:54:16 | arr | main.rs:54:14:54:19 | arr[1] | provenance | MaD:1 |
| main.rs:69:9:69:12 | [post] arr2 [element] | main.rs:70:14:70:17 | arr2 | provenance | |
| main.rs:69:19:69:28 | source(...) | main.rs:69:9:69:12 | [post] arr2 [element] | provenance | |
| main.rs:15:9:15:13 | mut b | main.rs:17:10:17:10 | b | provenance | |
| main.rs:15:17:15:26 | source(...) | main.rs:15:9:15:13 | mut b | provenance | |
| main.rs:25:9:25:9 | a | main.rs:26:10:26:11 | - ... | provenance | |
| main.rs:25:9:25:9 | a | main.rs:26:11:26:11 | a | provenance | |
| main.rs:25:13:25:22 | source(...) | main.rs:25:9:25:9 | a | provenance | |
| main.rs:26:11:26:11 | a | main.rs:26:10:26:11 | - ... | provenance | MaD:2 |
| main.rs:30:9:30:9 | a | main.rs:31:9:31:9 | b | provenance | |
| main.rs:30:13:30:22 | source(...) | main.rs:30:9:30:9 | a | provenance | |
| main.rs:31:9:31:9 | b | main.rs:32:10:32:17 | b as i64 | provenance | |
| main.rs:45:13:45:13 | s | main.rs:46:23:46:23 | s | provenance | |
| main.rs:45:13:45:13 | s | main.rs:46:23:46:29 | s[...] | provenance | |
| main.rs:45:17:45:26 | source(...) | main.rs:45:13:45:13 | s | provenance | |
| main.rs:46:13:46:18 | sliced [&ref] | main.rs:47:14:47:19 | sliced | provenance | |
| main.rs:46:22:46:29 | &... [&ref] | main.rs:46:13:46:18 | sliced [&ref] | provenance | |
| main.rs:46:23:46:23 | s | main.rs:46:23:46:29 | s[...] | provenance | MaD:1 |
| main.rs:46:23:46:29 | s[...] | main.rs:46:22:46:29 | &... [&ref] | provenance | |
| main.rs:61:13:61:15 | arr | main.rs:62:14:62:16 | arr | provenance | |
| main.rs:61:19:61:28 | source(...) | main.rs:61:13:61:15 | arr | provenance | |
| main.rs:62:14:62:16 | arr | main.rs:62:14:62:19 | arr[1] | provenance | MaD:1 |
| main.rs:77:9:77:12 | [post] arr2 [element] | main.rs:78:14:78:17 | arr2 | provenance | |
| main.rs:77:19:77:28 | source(...) | main.rs:77:9:77:12 | [post] arr2 [element] | provenance | |
nodes
| main.rs:12:9:12:9 | a | semmle.label | a |
| main.rs:12:13:12:22 | source(...) | semmle.label | source(...) |
| main.rs:13:10:13:14 | ... + ... | semmle.label | ... + ... |
| main.rs:17:9:17:9 | a | semmle.label | a |
| main.rs:17:13:17:22 | source(...) | semmle.label | source(...) |
| main.rs:18:10:18:11 | - ... | semmle.label | - ... |
| main.rs:18:11:18:11 | a | semmle.label | a |
| main.rs:22:9:22:9 | a | semmle.label | a |
| main.rs:22:13:22:22 | source(...) | semmle.label | source(...) |
| main.rs:23:9:23:9 | b | semmle.label | b |
| main.rs:24:10:24:17 | b as i64 | semmle.label | b as i64 |
| main.rs:37:13:37:13 | s | semmle.label | s |
| main.rs:37:17:37:26 | source(...) | semmle.label | source(...) |
| main.rs:38:13:38:18 | sliced [&ref] | semmle.label | sliced [&ref] |
| main.rs:38:22:38:29 | &... [&ref] | semmle.label | &... [&ref] |
| main.rs:38:23:38:23 | s | semmle.label | s |
| main.rs:38:23:38:29 | s[...] | semmle.label | s[...] |
| main.rs:39:14:39:19 | sliced | semmle.label | sliced |
| main.rs:53:13:53:15 | arr | semmle.label | arr |
| main.rs:53:19:53:28 | source(...) | semmle.label | source(...) |
| main.rs:54:14:54:16 | arr | semmle.label | arr |
| main.rs:54:14:54:19 | arr[1] | semmle.label | arr[1] |
| main.rs:69:9:69:12 | [post] arr2 [element] | semmle.label | [post] arr2 [element] |
| main.rs:69:19:69:28 | source(...) | semmle.label | source(...) |
| main.rs:70:14:70:17 | arr2 | semmle.label | arr2 |
| main.rs:15:9:15:13 | mut b | semmle.label | mut b |
| main.rs:15:17:15:26 | source(...) | semmle.label | source(...) |
| main.rs:17:10:17:10 | b | semmle.label | b |
| main.rs:25:9:25:9 | a | semmle.label | a |
| main.rs:25:13:25:22 | source(...) | semmle.label | source(...) |
| main.rs:26:10:26:11 | - ... | semmle.label | - ... |
| main.rs:26:11:26:11 | a | semmle.label | a |
| main.rs:30:9:30:9 | a | semmle.label | a |
| main.rs:30:13:30:22 | source(...) | semmle.label | source(...) |
| main.rs:31:9:31:9 | b | semmle.label | b |
| main.rs:32:10:32:17 | b as i64 | semmle.label | b as i64 |
| main.rs:45:13:45:13 | s | semmle.label | s |
| main.rs:45:17:45:26 | source(...) | semmle.label | source(...) |
| main.rs:46:13:46:18 | sliced [&ref] | semmle.label | sliced [&ref] |
| main.rs:46:22:46:29 | &... [&ref] | semmle.label | &... [&ref] |
| main.rs:46:23:46:23 | s | semmle.label | s |
| main.rs:46:23:46:29 | s[...] | semmle.label | s[...] |
| main.rs:47:14:47:19 | sliced | semmle.label | sliced |
| main.rs:61:13:61:15 | arr | semmle.label | arr |
| main.rs:61:19:61:28 | source(...) | semmle.label | source(...) |
| main.rs:62:14:62:16 | arr | semmle.label | arr |
| main.rs:62:14:62:19 | arr[1] | semmle.label | arr[1] |
| main.rs:77:9:77:12 | [post] arr2 [element] | semmle.label | [post] arr2 [element] |
| main.rs:77:19:77:28 | source(...) | semmle.label | source(...) |
| main.rs:78:14:78:17 | arr2 | semmle.label | arr2 |
subpaths
testFailures
#select
| main.rs:13:10:13:14 | ... + ... | main.rs:12:13:12:22 | source(...) | main.rs:13:10:13:14 | ... + ... | $@ | main.rs:12:13:12:22 | source(...) | source(...) |
| main.rs:18:10:18:11 | - ... | main.rs:17:13:17:22 | source(...) | main.rs:18:10:18:11 | - ... | $@ | main.rs:17:13:17:22 | source(...) | source(...) |
| main.rs:24:10:24:17 | b as i64 | main.rs:22:13:22:22 | source(...) | main.rs:24:10:24:17 | b as i64 | $@ | main.rs:22:13:22:22 | source(...) | source(...) |
| main.rs:39:14:39:19 | sliced | main.rs:37:17:37:26 | source(...) | main.rs:39:14:39:19 | sliced | $@ | main.rs:37:17:37:26 | source(...) | source(...) |
| main.rs:54:14:54:19 | arr[1] | main.rs:53:19:53:28 | source(...) | main.rs:54:14:54:19 | arr[1] | $@ | main.rs:53:19:53:28 | source(...) | source(...) |
| main.rs:70:14:70:17 | arr2 | main.rs:69:19:69:28 | source(...) | main.rs:70:14:70:17 | arr2 | $@ | main.rs:69:19:69:28 | source(...) | source(...) |
| main.rs:17:10:17:10 | b | main.rs:15:17:15:26 | source(...) | main.rs:17:10:17:10 | b | $@ | main.rs:15:17:15:26 | source(...) | source(...) |
| main.rs:26:10:26:11 | - ... | main.rs:25:13:25:22 | source(...) | main.rs:26:10:26:11 | - ... | $@ | main.rs:25:13:25:22 | source(...) | source(...) |
| main.rs:32:10:32:17 | b as i64 | main.rs:30:13:30:22 | source(...) | main.rs:32:10:32:17 | b as i64 | $@ | main.rs:30:13:30:22 | source(...) | source(...) |
| main.rs:47:14:47:19 | sliced | main.rs:45:17:45:26 | source(...) | main.rs:47:14:47:19 | sliced | $@ | main.rs:45:17:45:26 | source(...) | source(...) |
| main.rs:62:14:62:19 | arr[1] | main.rs:61:19:61:28 | source(...) | main.rs:62:14:62:19 | arr[1] | $@ | main.rs:61:19:61:28 | source(...) | source(...) |
| main.rs:78:14:78:17 | arr2 | main.rs:77:19:77:28 | source(...) | main.rs:78:14:78:17 | arr2 | $@ | main.rs:77:19:77:28 | source(...) | source(...) |

8
rust/ql/test/library-tests/dataflow/taint/main.rs
View File

@@ -11,6 +11,14 @@ fn sink(s: i64) {
fn addition() {
let a = source(42);
sink(a + 1); // $ hasTaintFlow=42
let mut b = source(58);
b += 2;
sink(b); // $ MISSING: hasTaintFlow=58 $ SPURIOUS: hasValueFlow=58
let mut c = 0;
c += source(99);
sink(c); // $ MISSING: hasTaintFlow=99
}
fn negation() {