hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Add tests for heuristics.

Browse Source
This commit is contained in:
Geoffrey White
2025-11-28 17:48:44 +00:00
parent c43b03ba34
commit 8e099480ab
1 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
rust/ql/test/query-tests/security/CWE-798/test_heuristic.rs Normal file
View File

@@ -0,0 +1,62 @@
// --- tests ---
fn encrypt_with(plaintext: &str, key: &[u8;16], iv: &[u8;16]) {
// ...
}
fn encrypt2(plaintext: &str, crypto_key: &[u8;16], iv_bytes: &[u8;16]) {
// ...
}
fn database_op(text: &str, primary_key: &str, pivot: &str) {
// note: this one has nothing to do with encryption, but has
// `key` and `iv` contained within the parameter names.
}
struct MyCryptor {
}
impl MyCryptor {
fn new(password: &str) -> MyCryptor {
MyCryptor { }
}
fn set_nonce(&self, nonce: &[u8;16]) {
// ...
}
fn encrypt(&self, plaintext: &str, salt: &[u8;16]) {
// ...
}
}
fn test(var_string: &str, var_data: &[u8;16]) {
encrypt_with("plaintext", var_data, var_data); // $ MISSING: Sink
let const_key: &[u8;16] = &[0u8;16]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
encrypt_with("plaintext", const_key, var_data); // $ MISSING: Sink
let const_iv: &[u8;16] = &[0u8;16]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
encrypt_with("plaintext", var_data, const_iv); // $ MISSING: Sink
encrypt2("plaintext", var_data, var_data); // $ MISSING: Sink
let const_key2: &[u8;16] = &[1u8;16]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
encrypt2("plaintext", const_key2, var_data); // $ MISSING: Sink
let const_iv: &[u8;16] = &[1u8;16]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
encrypt2("plaintext", var_data, const_iv); // $ MISSING: Sink
let const_key_str = "primary_key";
let const_pivot_str = "pivot";
database_op("text", const_key_str, const_pivot_str);
let mc1 = MyCryptor::new(var_string);
mc1.set_nonce(var_data);
mc1.encrypt("plaintext", var_data);
let mc2 = MyCryptor::new("secret"); // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
mc2.set_nonce(&[0u8;16]); // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
mc2.encrypt("plaintext", &[0u8;16]); // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
}