From cb6640474ed280239eb7496828b8c9575d479685 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 19 Jun 2025 19:39:38 +0100 Subject: [PATCH 1/8] Rust: Translate more legacy models -> new models (from data + manual extrapolation). --- .../codeql/rust/frameworks/postgres.model.yml | 22 ++--- .../rustcrypto/rustcrypto.model.yml | 12 +-- .../rust/frameworks/stdlib/io.model.yml | 64 +++++++------- .../rust/frameworks/tokio-postgres.model.yml | 33 ++++--- .../codeql/rust/frameworks/tokio/io.model.yml | 88 +++++++++---------- 5 files changed, 109 insertions(+), 110 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/postgres.model.yml b/rust/ql/lib/codeql/rust/frameworks/postgres.model.yml index 4aba20e34505..81877ed17bdf 100644 --- a/rust/ql/lib/codeql/rust/frameworks/postgres.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/postgres.model.yml @@ -1,15 +1,15 @@ extensions: - addsTo: pack: codeql/rust-all - extensible: sinkModelDeprecated + extensible: sinkModel data: - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::execute", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::batch_execute", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::prepare", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::prepare_typed", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::query", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::query_one", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::query_opt", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::query_raw", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::query_typed", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:postgres", "::query_typed_raw", "Argument[0]", "sql-injection", "manual"] + - ["::execute", "Argument[0]", "sql-injection", "manual"] + - ["::batch_execute", "Argument[0]", "sql-injection", "manual"] + - ["::prepare", "Argument[0]", "sql-injection", "manual"] + - ["::prepare_typed", "Argument[0]", "sql-injection", "manual"] + - ["::query", "Argument[0]", "sql-injection", "manual"] + - ["::query_one", "Argument[0]", "sql-injection", "manual"] + - ["::query_opt", "Argument[0]", "sql-injection", "manual"] + - ["::query_raw", "Argument[0]", "sql-injection", "manual"] + - ["::query_typed", "Argument[0]", "sql-injection", "manual"] + - ["::query_typed_raw", "Argument[0]", "sql-injection", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml index 7b7a79644004..d1aefe5b9830 100644 --- a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml @@ -1,10 +1,10 @@ extensions: - addsTo: pack: codeql/rust-all - extensible: sinkModelDeprecated + extensible: sinkModel data: - - ["repo:https://github.com/RustCrypto/traits:digest", "<_ as crate::digest::Digest>::new_with_prefix", "Argument[0]", "hasher-input", "manual"] - - ["repo:https://github.com/RustCrypto/traits:digest", "<_ as crate::digest::Digest>::update", "Argument[0]", "hasher-input", "manual"] - - ["repo:https://github.com/RustCrypto/traits:digest", "<_ as crate::digest::Digest>::chain_update", "Argument[0]", "hasher-input", "manual"] - - ["repo:https://github.com/RustCrypto/traits:digest", "<_ as crate::digest::Digest>::digest", "Argument[0]", "hasher-input", "manual"] - - ["repo:https://github.com/stainless-steel/md5:md5", "crate::compute", "Argument[0]", "hasher-input", "manual"] + - ["::new_with_prefix", "Argument[0]", "hasher-input", "manual"] + - ["::update", "Argument[0]", "hasher-input", "manual"] + - ["::chain_update", "Argument[0]", "hasher-input", "manual"] + - ["::digest", "Argument[0]", "hasher-input", "manual"] + - ["md5::compute", "Argument[0]", "hasher-input", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml index fc86d2fb908f..b05ee5105866 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml @@ -1,39 +1,39 @@ extensions: - addsTo: pack: codeql/rust-all - extensible: sourceModelDeprecated + extensible: sourceModel data: - - ["lang:std", "crate::io::stdio::stdin", "ReturnValue", "stdin", "manual"] + - ["std::io::stdio::stdin", "ReturnValue", "stdin", "manual"] - addsTo: pack: codeql/rust-all - extensible: summaryModelDeprecated + extensible: summaryModel data: - - ["lang:std", "::new", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["lang:std", "::fill_buf", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["lang:std", "::buffer", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:std", "::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "crate::io::Read::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "crate::io::Read::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", ":::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", ":::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "crate::io::Read::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "crate::io::Read::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "crate::io::BufRead::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["lang:std", "crate::io::BufRead::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"] - - ["lang:std", "crate::io::BufRead::split", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:std", "crate::io::BufRead::lines", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:std", "crate::io::Read::bytes", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:std", "crate::io::Read::chain", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:std", "crate::io::Read::chain", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["lang:std", "crate::io::Read::take", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:std", "::lock", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:std", "::next", "Argument[self]", "ReturnValue.Field[core::option::Option::Some(0)].Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::new", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["::fill_buf", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::buffer", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as std::io::Read>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_to_string", "", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as std::io::Read>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as std::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as std::io::Read>::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as std::io::BufRead>::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as std::io::BufRead>::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"] + - ["<_ as std::io::BufRead>::split", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as std::io::BufRead>::lines", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as std::io::Read>::bytes", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as std::io::Read>::chain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as std::io::Read>::chain", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["<_ as std::io::Read>::take", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::lock", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::next", "Argument[self]", "ReturnValue.Field[core::option::Option::Some(0)].Field[core::result::Result::Ok(0)]", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml b/rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml index 7ad540227846..9cac599357df 100644 --- a/rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml @@ -1,24 +1,23 @@ extensions: - addsTo: pack: codeql/rust-all - extensible: sinkModelDeprecated + extensible: sinkModel data: - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::execute", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::batch_execute", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::execute_raw", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::prepare", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::prepare_typed", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::query", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::query_opt", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::query_raw", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::query_typed", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::query_typed_raw", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::simple_query", "Argument[0]", "sql-injection", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::simple_query_raw", "Argument[0]", "sql-injection", "manual"] - + - ["::execute", "Argument[0]", "sql-injection", "manual"] + - ["::batch_execute", "Argument[0]", "sql-injection", "manual"] + - ["::execute_raw", "Argument[0]", "sql-injection", "manual"] + - ["::prepare", "Argument[0]", "sql-injection", "manual"] + - ["::prepare_typed", "Argument[0]", "sql-injection", "manual"] + - ["::query", "Argument[0]", "sql-injection", "manual"] + - ["::query_opt", "Argument[0]", "sql-injection", "manual"] + - ["::query_raw", "Argument[0]", "sql-injection", "manual"] + - ["::query_typed", "Argument[0]", "sql-injection", "manual"] + - ["::query_typed_raw", "Argument[0]", "sql-injection", "manual"] + - ["::simple_query", "Argument[0]", "sql-injection", "manual"] + - ["::simple_query_raw", "Argument[0]", "sql-injection", "manual"] - addsTo: pack: codeql/rust-all - extensible: sourceModelDeprecated + extensible: sourceModel data: - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::get", "ReturnValue", "database", "manual"] - - ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "::try_get", "ReturnValue.Field[core::result::Result::Ok(0)]", "database", "manual"] + - ["::get", "ReturnValue", "database", "manual"] + - ["::try_get", "ReturnValue.Field[core::result::Result::Ok(0)]", "database", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml index 35dcd597c0d6..d5e91afa663b 100644 --- a/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml @@ -1,51 +1,51 @@ extensions: - addsTo: pack: codeql/rust-all - extensible: sourceModelDeprecated + extensible: sourceModel data: - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::stdin::stdin", "ReturnValue", "stdin", "manual"] + - ["tokio::io::stdin::stdin", "ReturnValue", "stdin", "manual"] - addsTo: pack: codeql/rust-all - extensible: summaryModelDeprecated + extensible: summaryModel data: - - ["repo:https://github.com/tokio-rs/tokio:tokio", "::new", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_buf_read_ext::AsyncBufReadExt::fill_buf", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "::buffer", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_buf_read_ext::AsyncBufReadExt::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_buf_read_ext::AsyncBufReadExt::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_buf_read_ext::AsyncBufReadExt::split", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "::next_segment", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_buf_read_ext::AsyncBufReadExt::lines", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "::next_line", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_buf", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u8", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u8_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u16", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u16_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u32", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u128", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_u128_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i8", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i8_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i16", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i16_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i32", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i128", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_i128_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_f32", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_f32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_f64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read_f64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::chain", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::chain", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::take", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::new", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["<_ as tokio::io::util::async_buf_read_ext::AsyncBufReadExt>::fill_buf", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::buffer", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_exact ", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as tokio::io::util::async_buf_read_ext::AsyncBufReadExt>::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as tokio::io::util::async_buf_read_ext::AsyncBufReadExt>::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"] + - ["<_ as tokio::io::util::async_buf_read_ext::AsyncBufReadExt>::split", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::next_segment", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_buf_read_ext::AsyncBufReadExt>::lines", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::next_line", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_buf", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u8", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u8_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u16", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u16_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u32", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u128", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_u128_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i8", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i8_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i16", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i16_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i32", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i128", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_i128_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f32", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>:::read_f32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::take", "Argument[self]", "ReturnValue", "taint", "manual"] From e56b9debf876fec8b755e0efc10b613faabeee08 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 1 Jul 2025 16:55:00 +0100 Subject: [PATCH 2/8] Rust: Fix mistake. --- rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml index b05ee5105866..41f1348879f2 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml @@ -15,7 +15,7 @@ extensions: - ["::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["<_ as std::io::Read>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["::read_to_string", "", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["<_ as std::io::Read>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] From 3e11dbded0f2e5f983ee2340d3af0d57ed7b7fe3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 1 Jul 2025 17:31:15 +0100 Subject: [PATCH 3/8] Rust: Accept test changes. --- .../library-tests/dataflow/sources/test.rs | 2 +- .../library-tests/frameworks/postgres/main.rs | 10 +-- .../CWE-328/WeakSensitiveDataHashing.expected | 66 +------------------ .../test/query-tests/security/CWE-328/test.rs | 26 ++++---- 4 files changed, 22 insertions(+), 82 deletions(-) diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs index 845050c2fc93..a3dc78f9c525 100644 --- a/rust/ql/test/library-tests/dataflow/sources/test.rs +++ b/rust/ql/test/library-tests/dataflow/sources/test.rs @@ -214,7 +214,7 @@ fn test_io_stdin() -> std::io::Result<()> { { let mut buffer = Vec::::new(); let _bytes = std::io::stdin().read_to_end(&mut buffer)?; // $ Alert[rust/summary/taint-sources] - sink(&buffer); // $ MISSING: hasTaintFlow + sink(&buffer); // $ hasTaintFlow } { diff --git a/rust/ql/test/library-tests/frameworks/postgres/main.rs b/rust/ql/test/library-tests/frameworks/postgres/main.rs index 8a04f8d00e83..1ca39fb9427f 100644 --- a/rust/ql/test/library-tests/frameworks/postgres/main.rs +++ b/rust/ql/test/library-tests/frameworks/postgres/main.rs @@ -16,7 +16,7 @@ fn main() -> Result<(), Box> { )", &[], )?; - + let query = format!("INSERT INTO person (name, age) VALUES ('{}', '{}')", name, age); conn.execute(query.as_str(), &[])?; // $ sql-sink @@ -33,11 +33,11 @@ fn main() -> Result<(), Box> { // conn.query_typed_raw(query.as_str(), &[])?; for row in &conn.query("SELECT id, name, age FROM person", &[])? { // $ sql-sink - let id: i32 = row.get("id"); // $ database-read - let name: &str = row.try_get("name")?; // $ database-read - let age: i32 = row.try_get("age").unwrap(); // $ database-read + let id: i32 = row.get("id"); // $ MISSING: database-read + let name: &str = row.try_get("name")?; // $ MISSING: database-read + let age: i32 = row.try_get("age").unwrap(); // $ MISSING: database-read println!("found person: {} {} {}", id, name, age); } Ok(()) -} \ No newline at end of file +} diff --git a/rust/ql/test/query-tests/security/CWE-328/WeakSensitiveDataHashing.expected b/rust/ql/test/query-tests/security/CWE-328/WeakSensitiveDataHashing.expected index 062e3a63cc31..2d4e7cd6e726 100644 --- a/rust/ql/test/query-tests/security/CWE-328/WeakSensitiveDataHashing.expected +++ b/rust/ql/test/query-tests/security/CWE-328/WeakSensitiveDataHashing.expected @@ -1,74 +1,14 @@ #select -| test.rs:14:9:14:24 | ...::digest | test.rs:14:26:14:39 | credit_card_no | test.rs:14:9:14:24 | ...::digest | $@ is used in a hashing algorithm (MD5) that is insecure. | test.rs:14:26:14:39 | credit_card_no | Sensitive data (private) | -| test.rs:15:9:15:24 | ...::digest | test.rs:15:26:15:33 | password | test.rs:15:9:15:24 | ...::digest | $@ is used in a hashing algorithm (MD5) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:15:26:15:33 | password | Sensitive data (password) | | test.rs:20:9:20:24 | ...::compute | test.rs:20:26:20:39 | credit_card_no | test.rs:20:9:20:24 | ...::compute | $@ is used in a hashing algorithm (MD5) that is insecure. | test.rs:20:26:20:39 | credit_card_no | Sensitive data (private) | | test.rs:21:9:21:24 | ...::compute | test.rs:21:26:21:33 | password | test.rs:21:9:21:24 | ...::compute | $@ is used in a hashing algorithm (MD5) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:21:26:21:33 | password | Sensitive data (password) | -| test.rs:26:9:26:26 | ...::digest | test.rs:26:28:26:41 | credit_card_no | test.rs:26:9:26:26 | ...::digest | $@ is used in a hashing algorithm (SHA1) that is insecure. | test.rs:26:28:26:41 | credit_card_no | Sensitive data (private) | -| test.rs:27:9:27:26 | ...::digest | test.rs:27:28:27:35 | password | test.rs:27:9:27:26 | ...::digest | $@ is used in a hashing algorithm (SHA1) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:27:28:27:35 | password | Sensitive data (password) | -| test.rs:32:9:32:34 | ...::digest | test.rs:32:36:32:49 | credit_card_no | test.rs:32:9:32:34 | ...::digest | $@ is used in a hashing algorithm (SHA1) that is insecure. | test.rs:32:36:32:49 | credit_card_no | Sensitive data (private) | -| test.rs:33:9:33:34 | ...::digest | test.rs:33:36:33:43 | password | test.rs:33:9:33:34 | ...::digest | $@ is used in a hashing algorithm (SHA1) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:33:36:33:43 | password | Sensitive data (password) | -| test.rs:39:9:39:30 | ...::digest | test.rs:39:32:39:39 | password | test.rs:39:9:39:30 | ...::digest | $@ is used in a hashing algorithm (SHA3256) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:39:32:39:39 | password | Sensitive data (password) | -| test.rs:60:9:60:24 | ...::digest | test.rs:60:26:60:37 | password_str | test.rs:60:9:60:24 | ...::digest | $@ is used in a hashing algorithm (MD5) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:60:26:60:37 | password_str | Sensitive data (password) | -| test.rs:62:9:62:24 | ...::digest | test.rs:62:26:62:37 | password_arr | test.rs:62:9:62:24 | ...::digest | $@ is used in a hashing algorithm (MD5) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:62:26:62:37 | password_arr | Sensitive data (password) | -| test.rs:64:9:64:24 | ...::digest | test.rs:64:26:64:37 | password_vec | test.rs:64:9:64:24 | ...::digest | $@ is used in a hashing algorithm (MD5) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:64:26:64:37 | password_vec | Sensitive data (password) | -| test.rs:77:9:77:33 | ...::new_with_prefix | test.rs:77:35:77:42 | password | test.rs:77:9:77:33 | ...::new_with_prefix | $@ is used in a hashing algorithm (MD5) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:77:35:77:42 | password | Sensitive data (password) | -| test.rs:81:9:81:24 | ...::digest | test.rs:81:26:81:33 | password | test.rs:81:9:81:24 | ...::digest | $@ is used in a hashing algorithm (MD5) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:81:26:81:33 | password | Sensitive data (password) | -| test.rs:83:9:83:24 | ...::digest | test.rs:83:26:83:33 | password | test.rs:83:9:83:24 | ...::digest | $@ is used in a hashing algorithm (MD5) that is insecure for password hashing, since it is not a computationally expensive hash function. | test.rs:83:26:83:33 | password | Sensitive data (password) | edges -| test.rs:14:26:14:39 | credit_card_no | test.rs:14:9:14:24 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:15:26:15:33 | password | test.rs:15:9:15:24 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:20:26:20:39 | credit_card_no | test.rs:20:9:20:24 | ...::compute | provenance | MaD:3 Sink:MaD:3 | -| test.rs:21:26:21:33 | password | test.rs:21:9:21:24 | ...::compute | provenance | MaD:3 Sink:MaD:3 | -| test.rs:26:28:26:41 | credit_card_no | test.rs:26:9:26:26 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:27:28:27:35 | password | test.rs:27:9:27:26 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:32:36:32:49 | credit_card_no | test.rs:32:9:32:34 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:33:36:33:43 | password | test.rs:33:9:33:34 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:39:32:39:39 | password | test.rs:39:9:39:30 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:60:26:60:37 | password_str | test.rs:60:9:60:24 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:62:26:62:37 | password_arr | test.rs:62:9:62:24 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:64:26:64:37 | password_vec | test.rs:64:9:64:24 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:77:35:77:42 | password | test.rs:77:9:77:33 | ...::new_with_prefix | provenance | MaD:2 Sink:MaD:2 | -| test.rs:81:26:81:33 | password | test.rs:81:26:81:40 | password.trim() [&ref] | provenance | MaD:5 | -| test.rs:81:26:81:40 | password.trim() [&ref] | test.rs:81:9:81:24 | ...::digest | provenance | MaD:1 Sink:MaD:1 | -| test.rs:83:26:83:33 | password | test.rs:83:26:83:44 | password.as_bytes() | provenance | MaD:4 | -| test.rs:83:26:83:44 | password.as_bytes() | test.rs:83:9:83:24 | ...::digest | provenance | MaD:1 Sink:MaD:1 | +| test.rs:20:26:20:39 | credit_card_no | test.rs:20:9:20:24 | ...::compute | provenance | MaD:1 Sink:MaD:1 | +| test.rs:21:26:21:33 | password | test.rs:21:9:21:24 | ...::compute | provenance | MaD:1 Sink:MaD:1 | models -| 1 | Sink: repo:https://github.com/RustCrypto/traits:digest; <_ as crate::digest::Digest>::digest; Argument[0]; hasher-input | -| 2 | Sink: repo:https://github.com/RustCrypto/traits:digest; <_ as crate::digest::Digest>::new_with_prefix; Argument[0]; hasher-input | -| 3 | Sink: repo:https://github.com/stainless-steel/md5:md5; crate::compute; Argument[0]; hasher-input | -| 4 | Summary: lang:core; ::as_bytes; Argument[self]; ReturnValue; taint | -| 5 | Summary: lang:core; ::trim; Argument[self]; ReturnValue.Reference; taint | +| 1 | Sink: md5::compute; Argument[0]; hasher-input | nodes -| test.rs:14:9:14:24 | ...::digest | semmle.label | ...::digest | -| test.rs:14:26:14:39 | credit_card_no | semmle.label | credit_card_no | -| test.rs:15:9:15:24 | ...::digest | semmle.label | ...::digest | -| test.rs:15:26:15:33 | password | semmle.label | password | | test.rs:20:9:20:24 | ...::compute | semmle.label | ...::compute | | test.rs:20:26:20:39 | credit_card_no | semmle.label | credit_card_no | | test.rs:21:9:21:24 | ...::compute | semmle.label | ...::compute | | test.rs:21:26:21:33 | password | semmle.label | password | -| test.rs:26:9:26:26 | ...::digest | semmle.label | ...::digest | -| test.rs:26:28:26:41 | credit_card_no | semmle.label | credit_card_no | -| test.rs:27:9:27:26 | ...::digest | semmle.label | ...::digest | -| test.rs:27:28:27:35 | password | semmle.label | password | -| test.rs:32:9:32:34 | ...::digest | semmle.label | ...::digest | -| test.rs:32:36:32:49 | credit_card_no | semmle.label | credit_card_no | -| test.rs:33:9:33:34 | ...::digest | semmle.label | ...::digest | -| test.rs:33:36:33:43 | password | semmle.label | password | -| test.rs:39:9:39:30 | ...::digest | semmle.label | ...::digest | -| test.rs:39:32:39:39 | password | semmle.label | password | -| test.rs:60:9:60:24 | ...::digest | semmle.label | ...::digest | -| test.rs:60:26:60:37 | password_str | semmle.label | password_str | -| test.rs:62:9:62:24 | ...::digest | semmle.label | ...::digest | -| test.rs:62:26:62:37 | password_arr | semmle.label | password_arr | -| test.rs:64:9:64:24 | ...::digest | semmle.label | ...::digest | -| test.rs:64:26:64:37 | password_vec | semmle.label | password_vec | -| test.rs:77:9:77:33 | ...::new_with_prefix | semmle.label | ...::new_with_prefix | -| test.rs:77:35:77:42 | password | semmle.label | password | -| test.rs:81:9:81:24 | ...::digest | semmle.label | ...::digest | -| test.rs:81:26:81:33 | password | semmle.label | password | -| test.rs:81:26:81:40 | password.trim() [&ref] | semmle.label | password.trim() [&ref] | -| test.rs:83:9:83:24 | ...::digest | semmle.label | ...::digest | -| test.rs:83:26:83:33 | password | semmle.label | password | -| test.rs:83:26:83:44 | password.as_bytes() | semmle.label | password.as_bytes() | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-328/test.rs b/rust/ql/test/query-tests/security/CWE-328/test.rs index 56b6fe7821d9..a7e17404df16 100644 --- a/rust/ql/test/query-tests/security/CWE-328/test.rs +++ b/rust/ql/test/query-tests/security/CWE-328/test.rs @@ -11,8 +11,8 @@ fn test_hash_algorithms( // MD5 _ = md5::Md5::digest(harmless); - _ = md5::Md5::digest(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing] - _ = md5::Md5::digest(password); // $ Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::digest(credit_card_no); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::digest(password); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5::Md5::digest(encrypted_password); // MD5 (alternative / older library) @@ -23,20 +23,20 @@ fn test_hash_algorithms( // SHA-1 _ = sha1::Sha1::digest(harmless); - _ = sha1::Sha1::digest(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing] - _ = sha1::Sha1::digest(password); // $ Alert[rust/weak-sensitive-data-hashing] + _ = sha1::Sha1::digest(credit_card_no); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] + _ = sha1::Sha1::digest(password); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = sha1::Sha1::digest(encrypted_password); // SHA-1 checked _ = sha1_checked::Sha1::digest(harmless); - _ = sha1_checked::Sha1::digest(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing] - _ = sha1_checked::Sha1::digest(password); // $ Alert[rust/weak-sensitive-data-hashing] + _ = sha1_checked::Sha1::digest(credit_card_no); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] + _ = sha1_checked::Sha1::digest(password); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = sha1_checked::Sha1::digest(encrypted_password); // SHA-256 (appropriate for sensitive data hashing) _ = sha3::Sha3_256::digest(harmless); _ = sha3::Sha3_256::digest(credit_card_no); - _ = sha3::Sha3_256::digest(password); // $ Alert[rust/weak-sensitive-data-hashing] + _ = sha3::Sha3_256::digest(password); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = sha3::Sha3_256::digest(encrypted_password); // Argon2 (appropriate for password hashing) @@ -57,11 +57,11 @@ fn test_hash_code_patterns( // hash different types of data _ = md5::Md5::digest(harmless_str); - _ = md5::Md5::digest(password_str); // $ Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::digest(password_str); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5::Md5::digest(harmless_arr); - _ = md5::Md5::digest(password_arr); // $ Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::digest(password_arr); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5::Md5::digest(harmless_vec); - _ = md5::Md5::digest(password_vec); // $ Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::digest(password_vec); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] // hash through a hasher object let mut md5_hasher = md5::Md5::new(); @@ -74,13 +74,13 @@ fn test_hash_code_patterns( _ = md5::Md5::new().chain_update(harmless).chain_update(password).chain_update(harmless).finalize(); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5::Md5::new_with_prefix(harmless).finalize(); - _ = md5::Md5::new_with_prefix(password).finalize(); // $ Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::new_with_prefix(password).finalize(); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] // hash transformed data _ = md5::Md5::digest(harmless.trim()); - _ = md5::Md5::digest(password.trim()); // $ Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::digest(password.trim()); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5::Md5::digest(harmless.as_bytes()); - _ = md5::Md5::digest(password.as_bytes()); // $ Alert[rust/weak-sensitive-data-hashing] + _ = md5::Md5::digest(password.as_bytes()); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] _ = md5::Md5::digest(std::str::from_utf8(harmless_arr).unwrap()); _ = md5::Md5::digest(std::str::from_utf8(password_arr).unwrap()); // $ MISSING: Alert[rust/weak-sensitive-data-hashing] } From a486549956ce75a7a1a1df56f14849820123c634 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Jul 2025 14:01:00 +0100 Subject: [PATCH 4/8] Update rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml Co-authored-by: Arthur Baars --- rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml index d5e91afa663b..ae58b2a077aa 100644 --- a/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml @@ -14,7 +14,7 @@ extensions: - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_exact ", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["<_ as tokio::io::util::async_buf_read_ext::AsyncBufReadExt>::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - ["<_ as tokio::io::util::async_buf_read_ext::AsyncBufReadExt>::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"] - ["<_ as tokio::io::util::async_buf_read_ext::AsyncBufReadExt>::split", "Argument[self]", "ReturnValue", "taint", "manual"] From a25330e6ed15ca68e14ab087e7d56a4d44cee535 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Jul 2025 15:10:59 +0100 Subject: [PATCH 5/8] Rust: Update rustcrypto models. --- .../rust/frameworks/rustcrypto/rustcrypto.model.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml index d1aefe5b9830..f29973e377ca 100644 --- a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/rust-all extensible: sinkModel data: - - ["::new_with_prefix", "Argument[0]", "hasher-input", "manual"] - - ["::update", "Argument[0]", "hasher-input", "manual"] - - ["::chain_update", "Argument[0]", "hasher-input", "manual"] - - ["::digest", "Argument[0]", "hasher-input", "manual"] + - ["<_ as digest::digest::Digest>::new_with_prefix::new_with_prefix", "Argument[0]", "hasher-input", "manual"] + - ["<_ as digest::digest::Digest>::new_with_prefix::update", "Argument[0]", "hasher-input", "manual"] + - ["<_ as digest::digest::Digest>::new_with_prefix::chain_update", "Argument[0]", "hasher-input", "manual"] + - ["<_ as digest::digest::Digest>::new_with_prefix::digest", "Argument[0]", "hasher-input", "manual"] - ["md5::compute", "Argument[0]", "hasher-input", "manual"] From 7211f4ace37e13b28ff20eb2b16d7cd334e55f1e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 8 Jul 2025 15:01:43 +0100 Subject: [PATCH 6/8] Update rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml Co-authored-by: Arthur Baars --- .../rust/frameworks/rustcrypto/rustcrypto.model.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml index f29973e377ca..84f3247d782e 100644 --- a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/rust-all extensible: sinkModel data: - - ["<_ as digest::digest::Digest>::new_with_prefix::new_with_prefix", "Argument[0]", "hasher-input", "manual"] - - ["<_ as digest::digest::Digest>::new_with_prefix::update", "Argument[0]", "hasher-input", "manual"] - - ["<_ as digest::digest::Digest>::new_with_prefix::chain_update", "Argument[0]", "hasher-input", "manual"] - - ["<_ as digest::digest::Digest>::new_with_prefix::digest", "Argument[0]", "hasher-input", "manual"] + - ["<_ as digest::digest::Digest>::new_with_prefix", "Argument[0]", "hasher-input", "manual"] + - ["<_ as digest::digest::Digest>::update", "Argument[0]", "hasher-input", "manual"] + - ["<_ as digest::digest::Digest>::chain_update", "Argument[0]", "hasher-input", "manual"] + - ["<_ as digest::digest::Digest>::digest", "Argument[0]", "hasher-input", "manual"] - ["md5::compute", "Argument[0]", "hasher-input", "manual"] From d19259e6bb64597d5fde7fd03efdb3fe8e441d3a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 8 Jul 2025 15:03:44 +0100 Subject: [PATCH 7/8] Update rust/ql/test/library-tests/frameworks/postgres/main.rs Co-authored-by: Arthur Baars --- rust/ql/test/library-tests/frameworks/postgres/main.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/rust/ql/test/library-tests/frameworks/postgres/main.rs b/rust/ql/test/library-tests/frameworks/postgres/main.rs index 1ca39fb9427f..6f0f730787f6 100644 --- a/rust/ql/test/library-tests/frameworks/postgres/main.rs +++ b/rust/ql/test/library-tests/frameworks/postgres/main.rs @@ -33,9 +33,10 @@ fn main() -> Result<(), Box> { // conn.query_typed_raw(query.as_str(), &[])?; for row in &conn.query("SELECT id, name, age FROM person", &[])? { // $ sql-sink - let id: i32 = row.get("id"); // $ MISSING: database-read - let name: &str = row.try_get("name")?; // $ MISSING: database-read - let age: i32 = row.try_get("age").unwrap(); // $ MISSING: database-read + let row: &postgres::Row = row; + let id: i32 = row.get("id"); // $ database-read + let name: &str = row.try_get("name")?; // $ database-read + let age: i32 = row.try_get("age").unwrap(); // $ database-read println!("found person: {} {} {}", id, name, age); } From b1d5b8175c578707f0c5ed8184cba85d8316bc0a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 8 Jul 2025 15:10:55 +0100 Subject: [PATCH 8/8] Rust: Add the original test back as well. --- .../test/library-tests/frameworks/postgres/main.rs | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/rust/ql/test/library-tests/frameworks/postgres/main.rs b/rust/ql/test/library-tests/frameworks/postgres/main.rs index 6f0f730787f6..28f6abbc41bf 100644 --- a/rust/ql/test/library-tests/frameworks/postgres/main.rs +++ b/rust/ql/test/library-tests/frameworks/postgres/main.rs @@ -34,9 +34,16 @@ fn main() -> Result<(), Box> { for row in &conn.query("SELECT id, name, age FROM person", &[])? { // $ sql-sink let row: &postgres::Row = row; - let id: i32 = row.get("id"); // $ database-read - let name: &str = row.try_get("name")?; // $ database-read - let age: i32 = row.try_get("age").unwrap(); // $ database-read + let id: i32 = row.get("id"); // $ database-read + let name: &str = row.try_get("name")?; // $ database-read + let age: i32 = row.try_get("age").unwrap(); // $ database-read + println!("found person: {} {} {}", id, name, age); + } + + for row in &conn.query("SELECT id, name, age FROM person", &[])? { // $ sql-sink + let id: i32 = row.get("id"); // $ MISSING: database-read + let name: &str = row.try_get("name")?; // $ MISSING: database-read + let age: i32 = row.try_get("age").unwrap(); // $ MISSING: database-read println!("found person: {} {} {}", id, name, age); }