Rust: Allow implicit flow out of content at the test sinks, so that we see our results.

geoffw0 · geoffw0 · commit 185a23b3c65d · 2025-01-28T08:43:06.000Z
diff --git a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.ql b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.ql
@@ -14,6 +14,12 @@ module MyFlowConfig implements DataFlow::ConfigSig {
         .getArgList()
         .getAnArg() = sink.asExpr().getExpr()
   }
+
+  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
+    // flow out from any content at the sink.
+    isSink(node) and
+    exists(c)
+  }
 }
 
 module MyFlowTest = TaintFlowTest<MyFlowConfig>;
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -5,8 +5,8 @@ fn sink<T>(_: T) { }
 // --- tests ---
 
 fn test_env_vars() {
-    sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] MISSING: hasTaintFlow
-    sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] MISSING: hasTaintFlow
+    sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="HOME"
+    sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="PATH"
 
     let var1 = std::env::var("HOME").expect("HOME not set"); // $ Alert[rust/summary/taint-sources]
     let var2 = std::env::var_os("PATH").unwrap(); // $ Alert[rust/summary/taint-sources]

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,12 @@ module MyFlowConfig implements DataFlow::ConfigSig {`
`14`	`14`	`.getArgList()`
`15`	`15`	`.getAnArg() = sink.asExpr().getExpr()`
`16`	`16`	`}`
	`17`	`+`
	`18`	`+ predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {`
	`19`	`+ // flow out from any content at the sink.`
	`20`	`+ isSink(node) and`
	`21`	`+ exists(c)`
	`22`	`+ }`
`17`	`23`	`}`
`18`	`24`
`19`	`25`	`module MyFlowTest = TaintFlowTest<MyFlowConfig>;`