mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
37 lines
1.2 KiB
Plaintext
37 lines
1.2 KiB
Plaintext
import rust
|
|
import codeql.rust.dataflow.DataFlow
|
|
import codeql.rust.dataflow.TaintTracking
|
|
import codeql.rust.security.SensitiveData
|
|
import utils.test.InlineExpectationsTest
|
|
|
|
/**
|
|
* Configuration for flow from any sensitive data source to an argument of the function `sink`.
|
|
*/
|
|
module SensitiveDataConfig implements DataFlow::ConfigSig {
|
|
predicate isSource(DataFlow::Node source) { source instanceof SensitiveData }
|
|
|
|
predicate isSink(DataFlow::Node sink) {
|
|
any(CallExpr call |
|
|
call.getFunction().(PathExpr).getPath().getSegment().getIdentifier().getText() = "sink"
|
|
).getArgList().getAnArg() = sink.asExpr()
|
|
}
|
|
}
|
|
|
|
module SensitiveDataFlow = TaintTracking::Global<SensitiveDataConfig>;
|
|
|
|
module SensitiveDataTest implements TestSig {
|
|
string getARelevantTag() { result = "sensitive" }
|
|
|
|
predicate hasActualResult(Location location, string element, string tag, string value) {
|
|
exists(DataFlow::Node source, DataFlow::Node sink |
|
|
SensitiveDataFlow::flow(source, sink) and
|
|
location = sink.getLocation() and
|
|
element = sink.toString() and
|
|
tag = "sensitive" and
|
|
value = source.(SensitiveData).getClassification()
|
|
)
|
|
}
|
|
}
|
|
|
|
import MakeTest<SensitiveDataTest>
|