mirror of
https://github.com/github/codeql.git
synced 2026-04-27 17:55:19 +02:00
Rust: Add test cases for requests through hyper + http.
This commit is contained in:
Geoffrey White
@@ -19,3 +19,4 @@
|
||||
| test.rs:72:26:72:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
|
||||
| test.rs:75:26:75:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
|
||||
| test.rs:78:24:78:35 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
|
||||
| test.rs:193:16:193:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
qltest_cargo_check: true
|
||||
qltest_dependencies:
|
||||
- reqwest = { version = "0.12.9", features = ["blocking"] }
|
||||
- hyper = { version = "1.5.2", features = ["full"] }
|
||||
- hyper-util = { version = "0.1.10", features = ["full"] }
|
||||
- http-body-util = { version = "0.1.2" }
|
||||
- http = { version = "1.2.0" }
|
||||
- tokio = { version = "1.43.0", features = ["full"] }
|
||||
- futures = { version = "0.3" }
|
||||
|
||||
@@ -82,3 +82,122 @@ async fn test_reqwest() -> Result<(), reqwest::Error> {
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
use std::io::Write;
|
||||
use http_body_util::BodyExt;
|
||||
|
||||
async fn test_hyper_http(case: i64) -> Result<(), Box<dyn std::error::Error>> {
|
||||
// using http + hyper libs to fetch a web page
|
||||
let address = "example.com:80";
|
||||
let url = "http://example.com/";
|
||||
|
||||
// create the connection
|
||||
println!("connecting to {}...", address);
|
||||
let stream = tokio::net::TcpStream::connect(address).await?;
|
||||
let io = hyper_util::rt::TokioIo::new(stream);
|
||||
let (mut sender, conn) = hyper::client::conn::http1::handshake(io).await?;
|
||||
|
||||
// drive the HTTP connection
|
||||
tokio::task::spawn(async move {
|
||||
conn.await.expect("connection failed");
|
||||
});
|
||||
|
||||
// make the request
|
||||
println!("sending request...");
|
||||
let request = http::Request::builder().uri(url).body(String::from(""))?;
|
||||
let mut response = sender.send_request(request).await?; // $ MISSING: Alert[rust/summary/taint-sources]
|
||||
sink(&response); // $ MISSING: hasTaintFlow
|
||||
|
||||
if !response.status().is_success() {
|
||||
return Err("request failed".into())
|
||||
}
|
||||
|
||||
match case {
|
||||
1 => {
|
||||
sink(response.body()); // $ MISSING: hasTaintFlow
|
||||
sink(response.body_mut()); // $ MISSING: hasTaintFlow
|
||||
|
||||
let body = response.into_body();
|
||||
sink(&body); // $ MISSING: hasTaintFlow
|
||||
|
||||
println!("awaiting response...");
|
||||
let data = body.collect().await?;
|
||||
sink(&data); // $ MISSING: hasTaintFlow
|
||||
|
||||
let bytes = data.to_bytes();
|
||||
println!("bytes = {:?}", &bytes);
|
||||
sink(bytes); // $ MISSING: hasTaintFlow
|
||||
}
|
||||
2 => {
|
||||
println!("streaming response...");
|
||||
while let Some(frame) = response.frame().await {
|
||||
if let Some(data) = frame?.data_ref() {
|
||||
std::io::stdout().write_all(data);
|
||||
|
||||
sink(data); // $ MISSING: hasTaintFlow
|
||||
sink(data[0]); // $ MISSING: hasTaintFlow
|
||||
for byte in data {
|
||||
sink(byte); // $ MISSING: hasTaintFlow
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
3 => {
|
||||
let headers = response.headers();
|
||||
|
||||
if headers.contains_key(http::header::CONTENT_TYPE) {
|
||||
println!("CONTENT_TYPE = {}", response.headers()[http::header::CONTENT_TYPE].to_str().unwrap());
|
||||
sink(&headers[http::header::CONTENT_TYPE]); // $ MISSING: hasTaintFlow
|
||||
sink(headers[http::header::CONTENT_TYPE].to_str().unwrap()); // $ MISSING: hasTaintFlow
|
||||
sink(headers[http::header::CONTENT_TYPE].as_bytes()); // $ MISSING: hasTaintFlow
|
||||
sink(headers.get(http::header::CONTENT_TYPE).unwrap()); // $ MISSING: hasTaintFlow
|
||||
}
|
||||
|
||||
if headers.contains_key("Content-type") {
|
||||
println!("Content-type = {}", response.headers().get("Content-type").unwrap().to_str().unwrap());
|
||||
sink(headers.get("Content-type").unwrap()); // $ MISSING: hasTaintFlow
|
||||
sink(headers.get("Content-type").unwrap().to_str().unwrap()); // $ MISSING: hasTaintFlow
|
||||
sink(headers.get("Content-type").unwrap().as_bytes()); // $ MISSING: hasTaintFlow
|
||||
sink(&headers["Content-type"]); // $ MISSING: hasTaintFlow
|
||||
}
|
||||
|
||||
if headers.contains_key(http::header::COOKIE) {
|
||||
sink(response.headers().get(http::header::COOKIE)); // $ MISSING: hasTaintFlow
|
||||
for cookie in headers.get_all(http::header::COOKIE) {
|
||||
println!("cookie = {}", cookie.to_str().unwrap());
|
||||
sink(cookie); // $ MISSING: hasTaintFlow
|
||||
sink(cookie.to_str().unwrap()); // $ MISSING: hasTaintFlow
|
||||
}
|
||||
}
|
||||
|
||||
let (parts, body) = response.into_parts();
|
||||
|
||||
if parts.headers.contains_key(http::header::CONTENT_TYPE) {
|
||||
println!("CONTENT_TYPE = {}", parts.headers[http::header::CONTENT_TYPE].to_str().unwrap());
|
||||
sink(&parts.headers[http::header::CONTENT_TYPE]); // $ MISSING: hasTaintFlow
|
||||
sink(parts.headers[http::header::CONTENT_TYPE].to_str().unwrap()); // $ MISSING: hasTaintFlow
|
||||
sink(parts.headers[http::header::CONTENT_TYPE].as_bytes()); // $ MISSING: hasTaintFlow
|
||||
sink(parts.headers.get(http::header::CONTENT_TYPE).unwrap()); // $ MISSING: hasTaintFlow
|
||||
}
|
||||
|
||||
sink(body); // $ MISSING: hasTaintFlow
|
||||
}
|
||||
_ => {}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||
let case = std::env::args().nth(1).unwrap_or(String::from("1")).parse::<i64>().unwrap(); // $ Alert[rust/summary/taint-sources]
|
||||
|
||||
println!("test_hyper_http...");
|
||||
match futures::executor::block_on(test_hyper_http(case)) {
|
||||
Ok(_) => println!("complete"),
|
||||
Err(e) => println!("error: {}", e),
|
||||
}
|
||||
println!("");
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user