mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
130 lines
5.0 KiB
Rust
130 lines
5.0 KiB
Rust
use std::env;
|
|
use log::{info, warn, error, debug, trace};
|
|
|
|
fn main() {
|
|
env_logger::init();
|
|
|
|
// Sources of user input
|
|
let args: Vec<String> = env::args().collect();
|
|
let username = args.get(1).unwrap_or(&String::from("Guest")).clone(); // $ MISSING: Source=commandargs
|
|
let user_input = std::env::var("USER_INPUT").unwrap_or("default".to_string()); // $ Source=environment
|
|
let remote_data = reqwest::blocking::get("http://example.com/user") // $ Source=remote
|
|
.unwrap().text().unwrap_or("remote_user".to_string());
|
|
|
|
// BAD: Direct logging of user input
|
|
info!("User login: {}", username); // $ MISSING: Alert[rust/log-injection]
|
|
warn!("Warning for user: {}", user_input); // $ Alert[rust/log-injection]=environment
|
|
error!("Error processing: {}", remote_data); // $ Alert[rust/log-injection]=remote
|
|
debug!("Debug info: {}", username); // $ MISSING: Alert[rust/log-injection]
|
|
trace!("Trace data: {}", user_input); // $ Alert[rust/log-injection]=environment
|
|
|
|
// BAD: Formatted strings with user input
|
|
let formatted_msg = format!("Processing user: {}", username);
|
|
info!("{}", formatted_msg); // $ MISSING: Alert[rust/log-injection]
|
|
|
|
// BAD: String concatenation with user input
|
|
let concat_msg = "User activity: ".to_string() + &username;
|
|
info!("{}", concat_msg); // $ MISSING: Alert[rust/log-injection]
|
|
|
|
// BAD: Complex formatting
|
|
info!("User {} accessed resource at {}", username, remote_data); // $ Alert[rust/log-injection]=remote
|
|
|
|
// GOOD: Sanitized input
|
|
let sanitized_username = username.replace('\n', "").replace('\r', "");
|
|
info!("Sanitized user login: {}", sanitized_username);
|
|
|
|
// GOOD: Constant strings
|
|
info!("System startup complete");
|
|
|
|
// GOOD: Non-user-controlled data
|
|
let system_time = std::time::SystemTime::now();
|
|
info!("Current time: {:?}", system_time);
|
|
|
|
// GOOD: Numeric data derived from user input (indirectly)
|
|
let user_id = username.len();
|
|
info!("User ID length: {}", user_id);
|
|
|
|
// GOOD: Numeric data derived from user input (directly)
|
|
let number = remote_data.parse::<u64>().unwrap_or(0);
|
|
info!("Number: {}", number);
|
|
|
|
// More complex test cases
|
|
test_complex_scenarios(&username, &user_input);
|
|
test_indirect_flows(&remote_data);
|
|
}
|
|
|
|
fn test_complex_scenarios(username: &str, user_input: &str) {
|
|
// BAD: Indirect logging through variables
|
|
let log_message = format!("Activity for {}", username);
|
|
info!("{}", log_message); // $ MISSING: Alert[rust/log-injection]
|
|
|
|
// BAD: Through function parameters
|
|
log_user_activity(username); // Function call - should be tracked
|
|
|
|
// BAD: Through struct fields
|
|
let user_info = UserInfo { name: username.to_string() };
|
|
info!("User info: {}", user_info.name); // $ MISSING: Alert[rust/log-injection]
|
|
|
|
// GOOD: After sanitization
|
|
let clean_input = sanitize_input(user_input);
|
|
info!("Clean input: {}", clean_input);
|
|
}
|
|
|
|
fn log_user_activity(user: &str) {
|
|
info!("User activity: {}", user); // $ MISSING: Alert[rust/log-injection]
|
|
}
|
|
|
|
fn sanitize_input(input: &str) -> String {
|
|
input.replace('\n', "").replace('\r', "").replace('\t', " ")
|
|
}
|
|
|
|
struct UserInfo {
|
|
name: String,
|
|
}
|
|
|
|
fn test_indirect_flows(data: &str) {
|
|
// BAD: Flow through intermediate variables
|
|
let temp_var = data;
|
|
let another_var = temp_var;
|
|
info!("Indirect flow: {}", another_var); // $ MISSING: Alert[rust/log-injection]
|
|
|
|
// BAD: Flow through collections
|
|
let data_vec = vec![data];
|
|
if let Some(item) = data_vec.first() {
|
|
info!("Vector item: {}", item); // $ MISSING: Alert[rust/log-injection]
|
|
}
|
|
|
|
// BAD: Flow through Option/Result
|
|
let optional_data = Some(data);
|
|
if let Some(unwrapped) = optional_data {
|
|
info!("Unwrapped data: {}", unwrapped); // $ MISSING: Alert[rust/log-injection]
|
|
}
|
|
}
|
|
|
|
// Additional test patterns for different logging scenarios
|
|
mod additional_tests {
|
|
use log::*;
|
|
|
|
pub fn test_macro_variations() {
|
|
let user_data = std::env::args().nth(1).unwrap_or_default(); // $ Source=commandargs
|
|
|
|
// BAD: Different log macro variations
|
|
info!("Info: {}", user_data); // $ Alert[rust/log-injection]=commandargs
|
|
warn!("Warning: {}", user_data); // $ Alert[rust/log-injection]=commandargs
|
|
error!("Error: {}", user_data); // $ Alert[rust/log-injection]=commandargs
|
|
debug!("Debug: {}", user_data); // $ Alert[rust/log-injection]=commandargs
|
|
trace!("Trace: {}", user_data); // $ Alert[rust/log-injection]=commandargs
|
|
|
|
// BAD: Complex format strings
|
|
info!("User {} did action {} at time {}", user_data, "login", "now"); // $ Alert[rust/log-injection]=commandargs
|
|
}
|
|
|
|
pub fn test_println_patterns() {
|
|
let user_data = std::env::var("USER").unwrap_or_default(); // $ Source=environment
|
|
|
|
// These might not be caught depending on model coverage, but are potential logging sinks
|
|
println!("User: {}", user_data); // $ Alert[rust/log-injection]=environment
|
|
eprintln!("Error for user: {}", user_data); // $ Alert[rust/log-injection]=environment
|
|
}
|
|
}
|