diff --git a/rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll b/rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll index bab06ec17aa..4f148e5af33 100644 --- a/rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll @@ -74,6 +74,10 @@ module HardcodedCryptographicValue { // e.g. `const MY_CONST: u64 = ...` e = any(Const c).getBody() or + // e.g. `u64::MAX` + e instanceof ConstAccess and + not exists(e.(ConstAccess).getConst().getBody()) + or // e.g. `1 << 4` isConstant(e.(BinaryExpr).getLhs()) and isConstant(e.(BinaryExpr).getRhs()) diff --git a/rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected b/rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected index 5c82eaa5053..f3dfe9220a4 100644 --- a/rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected +++ b/rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected @@ -19,6 +19,8 @@ | test_heuristic.rs:70:31:70:38 | [0u8; 16] | test_heuristic.rs:70:31:70:38 | [0u8; 16] | test_heuristic.rs:70:30:70:38 | &... | This hard-coded value is used as $@. | test_heuristic.rs:70:30:70:38 | &... | a salt | | test_heuristic.rs:72:22:72:22 | 0 | test_heuristic.rs:72:22:72:22 | 0 | test_heuristic.rs:72:22:72:22 | 0 | This hard-coded value is used as $@. | test_heuristic.rs:72:22:72:22 | 0 | a salt | | test_heuristic.rs:76:22:76:27 | ... << ... | test_heuristic.rs:76:22:76:27 | ... << ... | test_heuristic.rs:76:22:76:27 | ... << ... | This hard-coded value is used as $@. | test_heuristic.rs:76:22:76:27 | ... << ... | a salt | +| test_heuristic.rs:78:22:78:29 | ...::MAX | test_heuristic.rs:78:22:78:29 | ...::MAX | test_heuristic.rs:78:22:78:29 | ...::MAX | This hard-coded value is used as $@. | test_heuristic.rs:78:22:78:29 | ...::MAX | a salt | +| test_heuristic.rs:79:22:79:33 | ... / ... | test_heuristic.rs:79:22:79:33 | ... / ... | test_heuristic.rs:79:22:79:33 | ... / ... | This hard-coded value is used as $@. | test_heuristic.rs:79:22:79:33 | ... / ... | a salt | | test_heuristic.rs:86:29:86:32 | 1u64 | test_heuristic.rs:86:29:86:32 | 1u64 | test_heuristic.rs:87:22:87:31 | MY_CONST_5 | This hard-coded value is used as $@. | test_heuristic.rs:87:22:87:31 | MY_CONST_5 | a salt | | test_heuristic.rs:88:29:88:33 | ... + ... | test_heuristic.rs:88:29:88:33 | ... + ... | test_heuristic.rs:89:22:89:31 | MY_CONST_6 | This hard-coded value is used as $@. | test_heuristic.rs:89:22:89:31 | MY_CONST_6 | a salt | edges @@ -181,6 +183,8 @@ nodes | test_heuristic.rs:70:31:70:38 | [0u8; 16] | semmle.label | [0u8; 16] | | test_heuristic.rs:72:22:72:22 | 0 | semmle.label | 0 | | test_heuristic.rs:76:22:76:27 | ... << ... | semmle.label | ... << ... | +| test_heuristic.rs:78:22:78:29 | ...::MAX | semmle.label | ...::MAX | +| test_heuristic.rs:79:22:79:33 | ... / ... | semmle.label | ... / ... | | test_heuristic.rs:81:22:81:31 | MY_CONST_1 | semmle.label | MY_CONST_1 | | test_heuristic.rs:82:22:82:31 | MY_CONST_2 | semmle.label | MY_CONST_2 | | test_heuristic.rs:83:22:83:32 | MY_STATIC_3 | semmle.label | MY_STATIC_3 | diff --git a/rust/ql/test/query-tests/security/CWE-798/test_heuristic.rs b/rust/ql/test/query-tests/security/CWE-798/test_heuristic.rs index 0f7d49e5178..dca4272a988 100644 --- a/rust/ql/test/query-tests/security/CWE-798/test_heuristic.rs +++ b/rust/ql/test/query-tests/security/CWE-798/test_heuristic.rs @@ -75,8 +75,8 @@ fn test(var_string: &str, var_data: &[u8;16], var_u64: u64) { mc2.set_salt_u64((var_u64 << 32) ^ (var_u64 & 0xFFFFFFFF)); mc2.set_salt_u64(1 << 4); // $ Alert[rust/hard-coded-cryptographic-value] - mc2.set_salt_u64(u64::MAX); // $ MISSING: Alert[rust/hard-coded-cryptographic-value] - mc2.set_salt_u64(u64::MAX / 4); // $ MISSING: Alert[rust/hard-coded-cryptographic-value] + mc2.set_salt_u64(u64::MAX); // $ Alert[rust/hard-coded-cryptographic-value] + mc2.set_salt_u64(u64::MAX / 4); // $ Alert[rust/hard-coded-cryptographic-value] mc2.set_salt_u64(MY_CONST_1); // $ Sink[rust/hard-coded-cryptographic-value] mc2.set_salt_u64(MY_CONST_2); // $ Sink[rust/hard-coded-cryptographic-value]