hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Accept that sql-injection sinks are sinks for this query, and that the existing sinks created for this query are also new sql-injection sinks.

Browse Source
This commit is contained in:
Geoffrey White
2025-08-04 15:16:16 +01:00
parent 989b48d576
commit e368ee4b1b
4 changed files with 117 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
rust/ql/lib/codeql/rust/frameworks/sqlx.model.yml
View File

@@ -3,11 +3,11 @@ extensions:
pack: codeql/rust-all
extensible: sinkModel
data:
- ["sqlx_core::query::query", "Argument[0]", "database-store", "manual"]
- ["sqlx_core::query_as::query_as", "Argument[0]", "database-store", "manual"]
- ["sqlx_core::query_with::query_with", "Argument[0]", "database-store", "manual"]
- ["sqlx_core::query_as_with::query_as_with", "Argument[0]", "database-store", "manual"]
- ["sqlx_core::query_scalar::query_scalar", "Argument[0]", "database-store", "manual"]
- ["sqlx_core::query_scalar_with::query_scalar_with", "Argument[0]", "database-store", "manual"]
- ["sqlx_core::raw_sql::raw_sql", "Argument[0]", "database-store", "manual"]
- ["<_ as sqlx_core::executor::Executor>::execute", "Argument[0]", "database-store", "manual"]
- ["sqlx_core::query::query", "Argument[0]", "sql-injection", "manual"]
- ["sqlx_core::query_as::query_as", "Argument[0]", "sql-injection", "manual"]
- ["sqlx_core::query_with::query_with", "Argument[0]", "sql-injection", "manual"]
- ["sqlx_core::query_as_with::query_as_with", "Argument[0]", "sql-injection", "manual"]
- ["sqlx_core::query_scalar::query_scalar", "Argument[0]", "sql-injection", "manual"]
- ["sqlx_core::query_scalar_with::query_scalar_with", "Argument[0]", "sql-injection", "manual"]
- ["sqlx_core::raw_sql::raw_sql", "Argument[0]", "sql-injection", "manual"]
- ["<_ as sqlx_core::executor::Executor>::execute", "Argument[0]", "sql-injection", "manual"]

4
rust/ql/lib/codeql/rust/security/CleartextStorageDatabaseExtensions.qll
View File

@@ -39,8 +39,10 @@ module CleartextStorageDatabase {
/**
* A sink for cleartext storage vulnerabilities from model data.
* - SQL commands
* - other database storage operations
*/
private class ModelsAsDataSink extends Sink {
ModelsAsDataSink() { exists(string s | sinkNode(this, s) and s.matches("database-store")) }
ModelsAsDataSink() { sinkNode(this, ["sql-injection", "database-store"]) }
}
}

147
rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected
View File

@@ -4,64 +4,97 @@
| test_storage.rs:119:13:119:23 | ...::query | test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:119:13:119:23 | ...::query | This database operation may read or write unencrypted sensitive data from $@. | test_storage.rs:71:97:71:114 | get_phone_number(...) | get_phone_number(...) |
| test_storage.rs:125:13:125:23 | ...::query | test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:125:13:125:23 | ...::query | This database operation may read or write unencrypted sensitive data from $@. | test_storage.rs:71:97:71:114 | get_phone_number(...) | get_phone_number(...) |
| test_storage.rs:139:13:139:23 | ...::query | test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:139:13:139:23 | ...::query | This database operation may read or write unencrypted sensitive data from $@. | test_storage.rs:71:97:71:114 | get_phone_number(...) | get_phone_number(...) |
| test_storage.rs:194:16:194:22 | execute | test_storage.rs:189:100:189:117 | get_phone_number(...) | test_storage.rs:194:16:194:22 | execute | This database operation may read or write unencrypted sensitive data from $@. | test_storage.rs:189:100:189:117 | get_phone_number(...) | get_phone_number(...) |
| test_storage.rs:196:24:196:32 | query_row | test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:196:24:196:32 | query_row | This database operation may read or write unencrypted sensitive data from $@. | test_storage.rs:190:86:190:103 | get_phone_number(...) | get_phone_number(...) |
| test_storage.rs:204:31:204:37 | prepare | test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:204:31:204:37 | prepare | This database operation may read or write unencrypted sensitive data from $@. | test_storage.rs:190:86:190:103 | get_phone_number(...) | get_phone_number(...) |
edges
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:37 | insert_query2 | provenance | |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:4 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:7 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:39 | insert_query2 | provenance | |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:4 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:7 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:37 | insert_query2 | provenance | |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:4 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:7 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:37 | insert_query2 | provenance | |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:4 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:7 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:37 | insert_query2 | provenance | |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:4 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:5 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:7 |
| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:8 |
| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | |
| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:3 |
| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:6 |
| test_storage.rs:71:25:71:121 | ... + ... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | |
| test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | |
| test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:25:71:114 | ... + ... | provenance | |
| test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:71:96:71:114 | &... | provenance | Config |
| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:4 |
| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:100:25:100:46 | insert_query2.as_str() | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:4 |
| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:115:27:115:48 | insert_query2.as_str() | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:2 Sink:MaD:2 |
| test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:2 Sink:MaD:2 |
| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:4 |
| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:119:25:119:46 | insert_query2.as_str() | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:4 |
| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:125:25:125:46 | insert_query2.as_str() | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:4 |
| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:5 |
| test_storage.rs:139:25:139:46 | insert_query2.as_str() | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 |
| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:100:25:100:46 | insert_query2.as_str() | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
| test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:7 |
| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:115:27:115:48 | insert_query2.as_str() | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:5 Sink:MaD:5 |
| test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:5 Sink:MaD:5 |
| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 |
| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:119:25:119:46 | insert_query2.as_str() | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
| test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 |
| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:125:25:125:46 | insert_query2.as_str() | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
| test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 |
| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
| test_storage.rs:139:25:139:46 | insert_query2.as_str() | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
| test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
| test_storage.rs:189:9:189:24 | insert_query_bad | test_storage.rs:194:25:194:40 | insert_query_bad | provenance | |
| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | |
| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:28:189:124 | ... + ... | provenance | MaD:6 |
| test_storage.rs:189:28:189:124 | ... + ... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | |
| test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | |
| test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:28:189:117 | ... + ... | provenance | |
| test_storage.rs:189:100:189:117 | get_phone_number(...) | test_storage.rs:189:99:189:117 | &... | provenance | Config |
| test_storage.rs:190:9:190:24 | select_query_bad | test_storage.rs:196:35:196:50 | select_query_bad | provenance | |
| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | |
| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:28:190:109 | ... + ... | provenance | MaD:6 |
| test_storage.rs:190:28:190:109 | ... + ... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | |
| test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | |
| test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:28:190:103 | ... + ... | provenance | |
| test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:190:85:190:103 | &... | provenance | Config |
| test_storage.rs:194:24:194:40 | &insert_query_bad | test_storage.rs:194:16:194:22 | execute | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:194:24:194:40 | &insert_query_bad [&ref] | test_storage.rs:194:16:194:22 | execute | provenance | MaD:1 Sink:MaD:1 |
| test_storage.rs:194:25:194:40 | insert_query_bad | test_storage.rs:194:24:194:40 | &insert_query_bad | provenance | Config |
| test_storage.rs:194:25:194:40 | insert_query_bad | test_storage.rs:194:24:194:40 | &insert_query_bad [&ref] | provenance | |
| test_storage.rs:196:34:196:50 | &select_query_bad | test_storage.rs:196:24:196:32 | query_row | provenance | MaD:3 Sink:MaD:3 |
| test_storage.rs:196:34:196:50 | &select_query_bad [&ref] | test_storage.rs:196:24:196:32 | query_row | provenance | MaD:3 Sink:MaD:3 |
| test_storage.rs:196:35:196:50 | select_query_bad | test_storage.rs:196:34:196:50 | &select_query_bad | provenance | Config |
| test_storage.rs:196:35:196:50 | select_query_bad | test_storage.rs:196:34:196:50 | &select_query_bad [&ref] | provenance | |
| test_storage.rs:196:35:196:50 | select_query_bad | test_storage.rs:204:40:204:55 | select_query_bad | provenance | |
| test_storage.rs:204:39:204:55 | &select_query_bad | test_storage.rs:204:31:204:37 | prepare | provenance | MaD:2 Sink:MaD:2 |
| test_storage.rs:204:39:204:55 | &select_query_bad [&ref] | test_storage.rs:204:31:204:37 | prepare | provenance | MaD:2 Sink:MaD:2 |
| test_storage.rs:204:40:204:55 | select_query_bad | test_storage.rs:204:39:204:55 | &select_query_bad | provenance | Config |
| test_storage.rs:204:40:204:55 | select_query_bad | test_storage.rs:204:39:204:55 | &select_query_bad [&ref] | provenance | |
models
| 1 | Sink: sqlx_core::query::query; Argument[0]; database-store |
| 2 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; database-store |
| 3 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
| 4 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
| 5 | Summary: <core::str>::as_str; Argument[self]; ReturnValue; value |
| 1 | Sink: <rusqlite::Connection>::execute; Argument[0]; sql-injection |
| 2 | Sink: <rusqlite::Connection>::prepare; Argument[0]; sql-injection |
| 3 | Sink: <rusqlite::Connection>::query_row; Argument[0]; sql-injection |
| 4 | Sink: sqlx_core::query::query; Argument[0]; sql-injection |
| 5 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection |
| 6 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
| 7 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
| 8 | Summary: <core::str>::as_str; Argument[self]; ReturnValue; value |
nodes
| test_storage.rs:71:9:71:21 | insert_query2 | semmle.label | insert_query2 |
| test_storage.rs:71:25:71:114 | ... + ... | semmle.label | ... + ... |
@@ -88,4 +121,26 @@ nodes
| test_storage.rs:139:25:139:37 | insert_query2 | semmle.label | insert_query2 |
| test_storage.rs:139:25:139:46 | insert_query2.as_str() | semmle.label | insert_query2.as_str() |
| test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | semmle.label | insert_query2.as_str() [&ref] |
| test_storage.rs:189:9:189:24 | insert_query_bad | semmle.label | insert_query_bad |
| test_storage.rs:189:28:189:117 | ... + ... | semmle.label | ... + ... |
| test_storage.rs:189:28:189:124 | ... + ... | semmle.label | ... + ... |
| test_storage.rs:189:99:189:117 | &... | semmle.label | &... |
| test_storage.rs:189:100:189:117 | get_phone_number(...) | semmle.label | get_phone_number(...) |
| test_storage.rs:190:9:190:24 | select_query_bad | semmle.label | select_query_bad |
| test_storage.rs:190:28:190:103 | ... + ... | semmle.label | ... + ... |
| test_storage.rs:190:28:190:109 | ... + ... | semmle.label | ... + ... |
| test_storage.rs:190:85:190:103 | &... | semmle.label | &... |
| test_storage.rs:190:86:190:103 | get_phone_number(...) | semmle.label | get_phone_number(...) |
| test_storage.rs:194:16:194:22 | execute | semmle.label | execute |
| test_storage.rs:194:24:194:40 | &insert_query_bad | semmle.label | &insert_query_bad |
| test_storage.rs:194:24:194:40 | &insert_query_bad [&ref] | semmle.label | &insert_query_bad [&ref] |
| test_storage.rs:194:25:194:40 | insert_query_bad | semmle.label | insert_query_bad |
| test_storage.rs:196:24:196:32 | query_row | semmle.label | query_row |
| test_storage.rs:196:34:196:50 | &select_query_bad | semmle.label | &select_query_bad |
| test_storage.rs:196:34:196:50 | &select_query_bad [&ref] | semmle.label | &select_query_bad [&ref] |
| test_storage.rs:196:35:196:50 | select_query_bad | semmle.label | select_query_bad |
| test_storage.rs:204:31:204:37 | prepare | semmle.label | prepare |
| test_storage.rs:204:39:204:55 | &select_query_bad | semmle.label | &select_query_bad |
| test_storage.rs:204:39:204:55 | &select_query_bad [&ref] | semmle.label | &select_query_bad [&ref] |
| test_storage.rs:204:40:204:55 | select_query_bad | semmle.label | select_query_bad |
subpaths

10
rust/ql/test/query-tests/security/CWE-312/test_storage.rs
View File

@@ -186,14 +186,14 @@ async fn test_storage_rusqlite_sql_command(url: &str) -> Result<(), Box<dyn std:
// construct queries
let id = "123";
let insert_query_good = String::from("INSERT INTO CONTACTS(ID, HARMLESS) VALUES(") + id + ", '" + &get_harmless() + "')";
let insert_query_bad = String::from("INSERT INTO CONTACTS(ID, PHONE) VALUES(") + id + ", '" + &get_phone_number() + "')"; // $ MISSING: Source[rust/cleartext-storage-database]
let select_query_bad = String::from("SELECT * FROM CONTACTS WHERE PHONE = '") + &get_phone_number() + "'";
let insert_query_bad = String::from("INSERT INTO CONTACTS(ID, PHONE) VALUES(") + id + ", '" + &get_phone_number() + "')"; // $ Source[rust/cleartext-storage-database]
let select_query_bad = String::from("SELECT * FROM CONTACTS WHERE PHONE = '") + &get_phone_number() + "'"; // $ Source[rust/cleartext-storage-database]
// execute queries - rusqlite
connection.execute(&insert_query_good, ())?;
connection.execute(&insert_query_bad, ())?; // $ MISSING: Alert[rust/cleartext-storage-database]
connection.execute(&insert_query_bad, ())?; // $ Alert[rust/cleartext-storage-database]
let _ = connection.query_row(&select_query_bad, (), |row| { // $ MISSING: Alert[rust/cleartext-storage-database]
let _ = connection.query_row(&select_query_bad, (), |row| { // $ Alert[rust/cleartext-storage-database]
let row: &rusqlite::Row<'_> = row;
Ok(Contact {
id: row.get(0)?,
@@ -201,7 +201,7 @@ async fn test_storage_rusqlite_sql_command(url: &str) -> Result<(), Box<dyn std:
})
})?;
let mut stmt = connection.prepare(&select_query_bad)?; // $ MISSING: Alert[rust/cleartext-storage-database]
let mut stmt = connection.prepare(&select_query_bad)?; // $ Alert[rust/cleartext-storage-database]
let people = stmt.query_map([], |row| {
let row: &rusqlite::Row<'_> = row;
Ok(Contact {