hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Add tests for taint flow

Browse Source
This commit is contained in:
Simon Friis Vindum
2024-12-04 12:54:36 +01:00
parent b7792d690c
commit f10ffa39e4
6 changed files with 164 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rust/ql/test/library-tests/dataflow/models/main.rs
View File

@@ -16,6 +16,16 @@ fn test_identify() {
sink(identity(s)); // $ hasValueFlow=1
}
// has a flow model
fn coerce(_i: i64) -> i64 {
0
}
fn test_coerce() {
let s = source(14);
sink(coerce(s)); // $ MISSING: hasTaintFlow=14
}
enum MyPosEnum {
A(i64),
B(i64),

138
rust/ql/test/library-tests/dataflow/models/models.expected
View File

@@ -1,57 +1,107 @@
models
edges
| main.rs:15:13:15:21 | source(...) | main.rs:16:19:16:19 | s | provenance | |
| main.rs:15:13:15:21 | source(...) | main.rs:16:19:16:19 | s | provenance | |
| main.rs:16:19:16:19 | s | main.rs:16:10:16:20 | identity(...) | provenance | |
| main.rs:30:13:30:21 | source(...) | main.rs:31:27:31:27 | s | provenance | |
| main.rs:31:14:31:28 | ...::A(...) [A] | main.rs:32:22:32:23 | e1 [A] | provenance | |
| main.rs:31:27:31:27 | s | main.rs:31:14:31:28 | ...::A(...) [A] | provenance | |
| main.rs:32:22:32:23 | e1 [A] | main.rs:32:10:32:24 | get_var_pos(...) | provenance | |
| main.rs:43:13:43:21 | source(...) | main.rs:44:26:44:26 | s | provenance | |
| main.rs:44:14:44:27 | set_var_pos(...) [B] | main.rs:47:9:47:23 | ...::B(...) [B] | provenance | |
| main.rs:44:26:44:26 | s | main.rs:44:14:44:27 | set_var_pos(...) [B] | provenance | |
| main.rs:47:9:47:23 | ...::B(...) [B] | main.rs:47:22:47:22 | i | provenance | |
| main.rs:47:22:47:22 | i | main.rs:47:33:47:33 | i | provenance | |
| main.rs:62:13:62:21 | source(...) | main.rs:63:40:63:40 | s | provenance | |
| main.rs:63:14:63:42 | ...::C {...} [C] | main.rs:64:24:64:25 | e1 [C] | provenance | |
| main.rs:63:40:63:40 | s | main.rs:63:14:63:42 | ...::C {...} [C] | provenance | |
| main.rs:64:24:64:25 | e1 [C] | main.rs:64:10:64:26 | get_var_field(...) | provenance | |
| main.rs:75:13:75:21 | source(...) | main.rs:76:28:76:28 | s | provenance | |
| main.rs:76:14:76:29 | set_var_field(...) [D] | main.rs:79:9:79:37 | ...::D {...} [D] | provenance | |
| main.rs:76:28:76:28 | s | main.rs:76:14:76:29 | set_var_field(...) [D] | provenance | |
| main.rs:79:9:79:37 | ...::D {...} [D] | main.rs:79:35:79:35 | i | provenance | |
| main.rs:79:35:79:35 | i | main.rs:79:47:79:47 | i | provenance | |
| main.rs:16:19:16:19 | s | main.rs:16:10:16:20 | identity(...) | provenance | |
| main.rs:40:13:40:21 | source(...) | main.rs:41:27:41:27 | s | provenance | |
| main.rs:40:13:40:21 | source(...) | main.rs:41:27:41:27 | s | provenance | |
| main.rs:41:14:41:28 | ...::A(...) [A] | main.rs:42:22:42:23 | e1 [A] | provenance | |
| main.rs:41:14:41:28 | ...::A(...) [A] | main.rs:42:22:42:23 | e1 [A] | provenance | |
| main.rs:41:27:41:27 | s | main.rs:41:14:41:28 | ...::A(...) [A] | provenance | |
| main.rs:41:27:41:27 | s | main.rs:41:14:41:28 | ...::A(...) [A] | provenance | |
| main.rs:42:22:42:23 | e1 [A] | main.rs:42:10:42:24 | get_var_pos(...) | provenance | |
| main.rs:42:22:42:23 | e1 [A] | main.rs:42:10:42:24 | get_var_pos(...) | provenance | |
| main.rs:53:13:53:21 | source(...) | main.rs:54:26:54:26 | s | provenance | |
| main.rs:53:13:53:21 | source(...) | main.rs:54:26:54:26 | s | provenance | |
| main.rs:54:14:54:27 | set_var_pos(...) [B] | main.rs:57:9:57:23 | ...::B(...) [B] | provenance | |
| main.rs:54:14:54:27 | set_var_pos(...) [B] | main.rs:57:9:57:23 | ...::B(...) [B] | provenance | |
| main.rs:54:26:54:26 | s | main.rs:54:14:54:27 | set_var_pos(...) [B] | provenance | |
| main.rs:54:26:54:26 | s | main.rs:54:14:54:27 | set_var_pos(...) [B] | provenance | |
| main.rs:57:9:57:23 | ...::B(...) [B] | main.rs:57:22:57:22 | i | provenance | |
| main.rs:57:9:57:23 | ...::B(...) [B] | main.rs:57:22:57:22 | i | provenance | |
| main.rs:57:22:57:22 | i | main.rs:57:33:57:33 | i | provenance | |
| main.rs:57:22:57:22 | i | main.rs:57:33:57:33 | i | provenance | |
| main.rs:72:13:72:21 | source(...) | main.rs:73:40:73:40 | s | provenance | |
| main.rs:72:13:72:21 | source(...) | main.rs:73:40:73:40 | s | provenance | |
| main.rs:73:14:73:42 | ...::C {...} [C] | main.rs:74:24:74:25 | e1 [C] | provenance | |
| main.rs:73:14:73:42 | ...::C {...} [C] | main.rs:74:24:74:25 | e1 [C] | provenance | |
| main.rs:73:40:73:40 | s | main.rs:73:14:73:42 | ...::C {...} [C] | provenance | |
| main.rs:73:40:73:40 | s | main.rs:73:14:73:42 | ...::C {...} [C] | provenance | |
| main.rs:74:24:74:25 | e1 [C] | main.rs:74:10:74:26 | get_var_field(...) | provenance | |
| main.rs:74:24:74:25 | e1 [C] | main.rs:74:10:74:26 | get_var_field(...) | provenance | |
| main.rs:85:13:85:21 | source(...) | main.rs:86:28:86:28 | s | provenance | |
| main.rs:85:13:85:21 | source(...) | main.rs:86:28:86:28 | s | provenance | |
| main.rs:86:14:86:29 | set_var_field(...) [D] | main.rs:89:9:89:37 | ...::D {...} [D] | provenance | |
| main.rs:86:14:86:29 | set_var_field(...) [D] | main.rs:89:9:89:37 | ...::D {...} [D] | provenance | |
| main.rs:86:28:86:28 | s | main.rs:86:14:86:29 | set_var_field(...) [D] | provenance | |
| main.rs:86:28:86:28 | s | main.rs:86:14:86:29 | set_var_field(...) [D] | provenance | |
| main.rs:89:9:89:37 | ...::D {...} [D] | main.rs:89:35:89:35 | i | provenance | |
| main.rs:89:9:89:37 | ...::D {...} [D] | main.rs:89:35:89:35 | i | provenance | |
| main.rs:89:35:89:35 | i | main.rs:89:47:89:47 | i | provenance | |
| main.rs:89:35:89:35 | i | main.rs:89:47:89:47 | i | provenance | |
nodes
| main.rs:15:13:15:21 | source(...) | semmle.label | source(...) |
| main.rs:15:13:15:21 | source(...) | semmle.label | source(...) |
| main.rs:16:10:16:20 | identity(...) | semmle.label | identity(...) |
| main.rs:16:10:16:20 | identity(...) | semmle.label | identity(...) |
| main.rs:16:19:16:19 | s | semmle.label | s |
| main.rs:30:13:30:21 | source(...) | semmle.label | source(...) |
| main.rs:31:14:31:28 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
| main.rs:31:27:31:27 | s | semmle.label | s |
| main.rs:32:10:32:24 | get_var_pos(...) | semmle.label | get_var_pos(...) |
| main.rs:32:22:32:23 | e1 [A] | semmle.label | e1 [A] |
| main.rs:43:13:43:21 | source(...) | semmle.label | source(...) |
| main.rs:44:14:44:27 | set_var_pos(...) [B] | semmle.label | set_var_pos(...) [B] |
| main.rs:44:26:44:26 | s | semmle.label | s |
| main.rs:47:9:47:23 | ...::B(...) [B] | semmle.label | ...::B(...) [B] |
| main.rs:47:22:47:22 | i | semmle.label | i |
| main.rs:47:33:47:33 | i | semmle.label | i |
| main.rs:62:13:62:21 | source(...) | semmle.label | source(...) |
| main.rs:63:14:63:42 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
| main.rs:63:40:63:40 | s | semmle.label | s |
| main.rs:64:10:64:26 | get_var_field(...) | semmle.label | get_var_field(...) |
| main.rs:64:24:64:25 | e1 [C] | semmle.label | e1 [C] |
| main.rs:75:13:75:21 | source(...) | semmle.label | source(...) |
| main.rs:76:14:76:29 | set_var_field(...) [D] | semmle.label | set_var_field(...) [D] |
| main.rs:76:28:76:28 | s | semmle.label | s |
| main.rs:79:9:79:37 | ...::D {...} [D] | semmle.label | ...::D {...} [D] |
| main.rs:79:35:79:35 | i | semmle.label | i |
| main.rs:79:47:79:47 | i | semmle.label | i |
| main.rs:16:19:16:19 | s | semmle.label | s |
| main.rs:40:13:40:21 | source(...) | semmle.label | source(...) |
| main.rs:40:13:40:21 | source(...) | semmle.label | source(...) |
| main.rs:41:14:41:28 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
| main.rs:41:14:41:28 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
| main.rs:41:27:41:27 | s | semmle.label | s |
| main.rs:41:27:41:27 | s | semmle.label | s |
| main.rs:42:10:42:24 | get_var_pos(...) | semmle.label | get_var_pos(...) |
| main.rs:42:10:42:24 | get_var_pos(...) | semmle.label | get_var_pos(...) |
| main.rs:42:22:42:23 | e1 [A] | semmle.label | e1 [A] |
| main.rs:42:22:42:23 | e1 [A] | semmle.label | e1 [A] |
| main.rs:53:13:53:21 | source(...) | semmle.label | source(...) |
| main.rs:53:13:53:21 | source(...) | semmle.label | source(...) |
| main.rs:54:14:54:27 | set_var_pos(...) [B] | semmle.label | set_var_pos(...) [B] |
| main.rs:54:14:54:27 | set_var_pos(...) [B] | semmle.label | set_var_pos(...) [B] |
| main.rs:54:26:54:26 | s | semmle.label | s |
| main.rs:54:26:54:26 | s | semmle.label | s |
| main.rs:57:9:57:23 | ...::B(...) [B] | semmle.label | ...::B(...) [B] |
| main.rs:57:9:57:23 | ...::B(...) [B] | semmle.label | ...::B(...) [B] |
| main.rs:57:22:57:22 | i | semmle.label | i |
| main.rs:57:22:57:22 | i | semmle.label | i |
| main.rs:57:33:57:33 | i | semmle.label | i |
| main.rs:57:33:57:33 | i | semmle.label | i |
| main.rs:72:13:72:21 | source(...) | semmle.label | source(...) |
| main.rs:72:13:72:21 | source(...) | semmle.label | source(...) |
| main.rs:73:14:73:42 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
| main.rs:73:14:73:42 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
| main.rs:73:40:73:40 | s | semmle.label | s |
| main.rs:73:40:73:40 | s | semmle.label | s |
| main.rs:74:10:74:26 | get_var_field(...) | semmle.label | get_var_field(...) |
| main.rs:74:10:74:26 | get_var_field(...) | semmle.label | get_var_field(...) |
| main.rs:74:24:74:25 | e1 [C] | semmle.label | e1 [C] |
| main.rs:74:24:74:25 | e1 [C] | semmle.label | e1 [C] |
| main.rs:85:13:85:21 | source(...) | semmle.label | source(...) |
| main.rs:85:13:85:21 | source(...) | semmle.label | source(...) |
| main.rs:86:14:86:29 | set_var_field(...) [D] | semmle.label | set_var_field(...) [D] |
| main.rs:86:14:86:29 | set_var_field(...) [D] | semmle.label | set_var_field(...) [D] |
| main.rs:86:28:86:28 | s | semmle.label | s |
| main.rs:86:28:86:28 | s | semmle.label | s |
| main.rs:89:9:89:37 | ...::D {...} [D] | semmle.label | ...::D {...} [D] |
| main.rs:89:9:89:37 | ...::D {...} [D] | semmle.label | ...::D {...} [D] |
| main.rs:89:35:89:35 | i | semmle.label | i |
| main.rs:89:35:89:35 | i | semmle.label | i |
| main.rs:89:47:89:47 | i | semmle.label | i |
| main.rs:89:47:89:47 | i | semmle.label | i |
subpaths
testFailures
invalidSpecComponent
#select
| main.rs:16:10:16:20 | identity(...) | main.rs:15:13:15:21 | source(...) | main.rs:16:10:16:20 | identity(...) | $@ | main.rs:15:13:15:21 | source(...) | source(...) |
| main.rs:32:10:32:24 | get_var_pos(...) | main.rs:30:13:30:21 | source(...) | main.rs:32:10:32:24 | get_var_pos(...) | $@ | main.rs:30:13:30:21 | source(...) | source(...) |
| main.rs:47:33:47:33 | i | main.rs:43:13:43:21 | source(...) | main.rs:47:33:47:33 | i | $@ | main.rs:43:13:43:21 | source(...) | source(...) |
| main.rs:64:10:64:26 | get_var_field(...) | main.rs:62:13:62:21 | source(...) | main.rs:64:10:64:26 | get_var_field(...) | $@ | main.rs:62:13:62:21 | source(...) | source(...) |
| main.rs:79:47:79:47 | i | main.rs:75:13:75:21 | source(...) | main.rs:79:47:79:47 | i | $@ | main.rs:75:13:75:21 | source(...) | source(...) |
| main.rs:16:10:16:20 | identity(...) | main.rs:15:13:15:21 | source(...) | main.rs:16:10:16:20 | identity(...) | $@ | main.rs:15:13:15:21 | source(...) | source(...) |
| main.rs:42:10:42:24 | get_var_pos(...) | main.rs:40:13:40:21 | source(...) | main.rs:42:10:42:24 | get_var_pos(...) | $@ | main.rs:40:13:40:21 | source(...) | source(...) |
| main.rs:42:10:42:24 | get_var_pos(...) | main.rs:40:13:40:21 | source(...) | main.rs:42:10:42:24 | get_var_pos(...) | $@ | main.rs:40:13:40:21 | source(...) | source(...) |
| main.rs:57:33:57:33 | i | main.rs:53:13:53:21 | source(...) | main.rs:57:33:57:33 | i | $@ | main.rs:53:13:53:21 | source(...) | source(...) |
| main.rs:57:33:57:33 | i | main.rs:53:13:53:21 | source(...) | main.rs:57:33:57:33 | i | $@ | main.rs:53:13:53:21 | source(...) | source(...) |
| main.rs:74:10:74:26 | get_var_field(...) | main.rs:72:13:72:21 | source(...) | main.rs:74:10:74:26 | get_var_field(...) | $@ | main.rs:72:13:72:21 | source(...) | source(...) |
| main.rs:74:10:74:26 | get_var_field(...) | main.rs:72:13:72:21 | source(...) | main.rs:74:10:74:26 | get_var_field(...) | $@ | main.rs:72:13:72:21 | source(...) | source(...) |
| main.rs:89:47:89:47 | i | main.rs:85:13:85:21 | source(...) | main.rs:89:47:89:47 | i | $@ | main.rs:85:13:85:21 | source(...) | source(...) |
| main.rs:89:47:89:47 | i | main.rs:85:13:85:21 | source(...) | main.rs:89:47:89:47 | i | $@ | main.rs:85:13:85:21 | source(...) | source(...) |

12
rust/ql/test/library-tests/dataflow/models/models.ql
View File

@@ -25,6 +25,16 @@ private class SummarizedCallableIdentity extends SummarizedCallable::Range {
}
}
private class SummarizedCallableCoerce extends SummarizedCallable::Range {
SummarizedCallableCoerce() { this = "repo::test::_::crate::coerce" }
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
input = "Argument[0]" and
output = "ReturnValue" and
preservesValue = false
}
}
private class SummarizedCallableGetVarPos extends SummarizedCallable::Range {
SummarizedCallableGetVarPos() { this = "repo::test::_::crate::get_var_pos" }
@@ -71,7 +81,7 @@ module CustomConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { DefaultFlowConfig::isSink(sink) }
}
import ValueFlowTest<CustomConfig>
import FlowTest<CustomConfig, CustomConfig>
from PathNode source, PathNode sink
where flowPath(source, sink)

6
rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected Normal file
View File

@@ -0,0 +1,6 @@
models
edges
nodes
subpaths
testFailures
#select

12
rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.ql Normal file
View File

@@ -0,0 +1,12 @@
/**
* @kind path-problem
*/
import rust
import utils.InlineFlowTest
import DefaultFlowTest
import TaintFlow::PathGraph
from TaintFlow::PathNode source, TaintFlow::PathNode sink
where TaintFlow::flowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()

31
rust/ql/test/library-tests/dataflow/taint/main.rs Normal file
View File

@@ -0,0 +1,31 @@
// Tests for taint flow.
fn source(i: i64) -> i64 {
1000 + i
}
fn sink(s: i64) {
println!("{}", s);
}
fn addition() {
let a = source(42);
sink(a + 1); // $ MISSING: hasTaintFlow=42
}
fn negation() {
let a = source(17);
sink(-a); // $ MISSING: hasTaintFlow=17
}
fn cast() {
let a = source(77);
let b = a as u8;
sink(b as i64); // $ MISSING: hasTaintFlow=77
}
fn main() {
addition();
negation();
cast();
}