hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
33efed92b8cb52f03604df0b6e23adcc17efc915
codeql/rust/ql/test/query-tests/security/CWE-020/main.rs
Geoffrey White 33efed92b8 Rust: Add integral type barrier for Regex injection.
2025-10-31 16:37:10 +00:00

45 lines
1.4 KiB
Rust
Raw Blame History

use regex::Regex;
fn simple_bad(hay: &str) -> Option<bool> {
let username = std::env::var("USER").unwrap_or("".to_string()); // $ Source=env
let regex = format!("foo{}bar", username);
let re = Regex::new(&regex).unwrap(); // $ Alert[rust/regex-injection]=env
Some(re.is_match(hay))
}
fn simple_good_escaped(hay: &str) -> Option<bool> {
let username = std::env::var("USER").unwrap_or("".to_string());
let escaped = regex::escape(&username);
let regex = format!("foo{}bar", escaped);
let re = Regex::new(&regex).unwrap();
Some(re.is_match(hay))
}
fn simple_good_numeric(hay: &str) -> Option<bool> {
let user_number = std::env::var("USER").unwrap_or("0".to_string()).parse::<u64>().unwrap_or(0);
let regex = format!("foo{}bar", user_number);
let re = Regex::new(&regex).unwrap();
Some(re.is_match(hay))
}
fn not_a_sink_literal() -> Option<bool> {
let username = std::env::var("USER").unwrap_or("".to_string());
let re = Regex::new("literal string").unwrap();
Some(re.is_match(&username))
}
fn not_a_sink_raw_literal() -> Option<bool> {
let username = std::env::var("USER").unwrap_or("".to_string());
let re = Regex::new(r"literal string").unwrap();
Some(re.is_match(&username))
}
fn main() {
let hay = "a string";
simple_bad(hay);
simple_good_escaped(hay);
simple_good_numeric(hay);
not_a_sink_literal();
not_a_sink_raw_literal();
}
Reference in New Issue View Git Blame Copy Permalink