hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 06:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Implement the query.

Browse Source
This commit is contained in:
Geoffrey White
2024-11-21 22:37:41 +00:00
parent 9ead2dc03c
commit 88fc7be0a2
3 changed files with 43 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
rust/ql/src/queries/security/CWE-696/BadCtorInitialization.ql
View File

@@ -13,4 +13,26 @@
import rust
select 0
/**
* A `#[ctor]` or `#[dtor]` attribute.
*/
class CtorAttr extends Attr {
CtorAttr() { this.getMeta().getPath().getPart().getNameRef().getText() = ["ctor", "dtor"] }
}
/**
* A call into the Rust standard library.
*/
class StdCall extends Expr {
StdCall() {
this.(CallExpr).getExpr().(PathExpr).getPath().getResolvedCrateOrigin() = "lang:std" or
this.(MethodCallExpr).getResolvedCrateOrigin() = "lang:std"
}
}
from CtorAttr ctor, Function f, StdCall call
where
f.getAnAttr() = ctor and
call.getEnclosingCallable() = f
select f.getName(), "This function has the $@ attribute but calls $@ in the standard library.",
ctor, ctor.toString(), call, call.toString()

11
rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected
View File

@@ -1 +1,10 @@
| 0 |
| test.rs:30:4:30:9 | bad1_1 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:29:1:29:13 | Attr | Attr | test.rs:31:9:31:25 | ...::stdout(...) | ...::stdout(...) |
| test.rs:35:4:35:9 | bad1_2 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:34:1:34:13 | Attr | Attr | test.rs:36:9:36:25 | ...::stdout(...) | ...::stdout(...) |
| test.rs:42:4:42:9 | bad1_3 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:40:1:40:13 | Attr | Attr | test.rs:43:9:43:25 | ...::stdout(...) | ...::stdout(...) |
| test.rs:52:4:52:9 | bad2_1 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:51:1:51:7 | Attr | Attr | test.rs:53:9:53:16 | stdout(...) | stdout(...) |
| test.rs:57:4:57:9 | bad2_2 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:56:1:56:7 | Attr | Attr | test.rs:58:9:58:16 | stderr(...) | stderr(...) |
| test.rs:62:4:62:9 | bad2_3 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:61:1:61:7 | Attr | Attr | test.rs:63:14:63:28 | ...::_print(...) | ...::_print(...) |
| test.rs:67:4:67:9 | bad2_4 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:66:1:66:7 | Attr | Attr | test.rs:69:9:69:24 | ...::stdin(...) | ...::stdin(...) |
| test.rs:89:4:89:9 | bad2_7 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:88:1:88:7 | Attr | Attr | test.rs:90:5:90:35 | ...::sleep(...) | ...::sleep(...) |
| test.rs:96:4:96:9 | bad2_8 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:95:1:95:7 | Attr | Attr | test.rs:97:5:97:23 | ...::exit(...) | ...::exit(...) |
| test.rs:142:4:142:9 | bad4_1 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:141:1:141:7 | Attr | Attr | test.rs:143:5:143:15 | ...::stdout(...) | ...::stdout(...) |

20
rust/ql/test/query-tests/security/CWE-696/test.rs
View File

@@ -27,19 +27,19 @@ fn harmless1_5() {
}
#[ctor::ctor]
fn bad1_1() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad1_1() { // $ Alert[rust/ctor-initialization]
_ = std::io::stdout().write(b"Hello, world!");
}
#[ctor::dtor]
fn bad1_2() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad1_2() { // $ Alert[rust/ctor-initialization]
_ = std::io::stdout().write(b"Hello, world!");
}
#[rustfmt::skip]
#[ctor::dtor]
#[rustfmt::skip]
fn bad1_3() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad1_3() { // $ Alert[rust/ctor-initialization]
_ = std::io::stdout().write(b"Hello, world!");
}
@@ -49,22 +49,22 @@ use ctor::ctor;
use std::io::*;
#[ctor]
fn bad2_1() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad2_1() { // $ Alert[rust/ctor-initialization]
_ = stdout().write(b"Hello, world!");
}
#[ctor]
fn bad2_2() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad2_2() { // $ Alert[rust/ctor-initialization]
_ = stderr().write_all(b"Hello, world!");
}
#[ctor]
fn bad2_3() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad2_3() { // $ Alert[rust/ctor-initialization]
println!("Hello, world!");
}
#[ctor]
fn bad2_4() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad2_4() { // $ Alert[rust/ctor-initialization]
let mut buff = String::new();
_ = std::io::stdin().read_line(&mut buff);
}
@@ -86,14 +86,14 @@ use std::time::Duration;
const DURATION2_7: Duration = Duration::new(1, 0);
#[ctor]
fn bad2_7() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad2_7() { // $ Alert[rust/ctor-initialization]
std::thread::sleep(DURATION2_7);
}
use std::process;
#[ctor]
fn bad2_8() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad2_8() { // $ Alert[rust/ctor-initialization]
process::exit(1234);
}
@@ -139,6 +139,6 @@ macro_rules! macro4_1 {
}
#[ctor]
fn bad4_1() { // $ MISSING: Alert[rust/ctor-initialization]
fn bad4_1() { // $ Alert[rust/ctor-initialization]
macro4_1!();
}