Rust: Splits off sources/net.

Author: geoffw0

rust/ql/test/library-tests/dataflow/sources/net/Cargo.lock

@@ -0,0 +1,36 @@
+/**
+ * @kind path-problem
+ */
+
+import rust
+import codeql.rust.dataflow.DataFlow
+import codeql.rust.Concepts
+import utils.test.InlineFlowTest
+
+/**
+ * Configuration for flow from any threat model source to an argument of the function `sink`.
+ */
+module MyFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelSource }
+
+  predicate isSink(DataFlow::Node sink) {
+    any(CallExpr call |
+      call.getFunction().(PathExpr).getPath().getSegment().getIdentifier().getText() = "sink"
+    ).getArgList().getAnArg() = sink.asExpr().getExpr()
+  }
+
+  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
+    // flow out from any content at the sink.
+    isSink(node) and
+    exists(c)
+  }
+}
+
+module MyFlowTest = TaintFlowTest<MyFlowConfig>;
+
+import MyFlowTest
+import PathGraph
+
+from PathNode source, PathNode sink
+where flowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()

rust/ql/test/library-tests/dataflow/sources/net/InlineFlow.expected

@@ -0,0 +1,17 @@
+| test.rs:11:26:11:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:14:26:14:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:17:26:17:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:20:26:20:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:23:26:23:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:26:26:26:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:29:24:29:35 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:45:18:45:47 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:60:31:60:42 | send_request | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:67:31:67:42 | send_request | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:155:26:155:53 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:174:26:174:61 | ...::connect_timeout | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:224:28:224:57 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:306:22:306:49 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:332:22:332:50 | ...::new | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:359:16:359:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
+| test.rs:359:16:359:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |

rust/ql/test/library-tests/dataflow/sources/net/InlineFlow.ql

@@ -0,0 +1,2 @@
+query: queries/summary/TaintSources.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

rust/ql/test/library-tests/dataflow/sources/net/TaintSources.expected

@@ -0,0 +1,12 @@
+qltest_cargo_check: true
+qltest_dependencies:
+    - reqwest = { version = "0.12.9", features = ["blocking"] }
+    - hyper = { version = "1.5.2", features = ["full"] }
+    - hyper-util = { version = "0.1.10", features = ["full"] }
+    - http-body-util = { version = "0.1.2" }
+    - http = { version = "1.2.0" }
+    - tokio = { version = "1.43.0", features = ["full"] }
+    - futures = { version = "0.3" }
+    - rustls = { version = "0.23.27" }
+    - futures-rustls = { version = "0.26.0" }
+    - async-std = { version = "1.13.1" }

rust/ql/test/library-tests/dataflow/sources/net/TaintSources.qlref

@@ -1,9 +1,12 @@
-#![allow(deprecated)]
-
 fn sink<T>(_: T) { }
 
 // --- tests ---
 
+use std::io::{Read, Write, BufRead};
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+use http_body_util::BodyExt;
+use std::net::ToSocketAddrs;
+
 async fn test_reqwest() -> Result<(), reqwest::Error> {
     let remote_string1 = reqwest::blocking::get("example.com")?.text()?; // $ Alert[rust/summary/taint-sources]
     sink(remote_string1); // $ hasTaintFlow="example.com"
@@ -32,9 +35,6 @@ async fn test_reqwest() -> Result<(), reqwest::Error> {
     Ok(())
 }
 
-use std::io::Write;
-use http_body_util::BodyExt;
-
 async fn test_hyper_http(case: i64) -> Result<(), Box<dyn std::error::Error>> {
     // using http + hyper libs to fetch a web page
     let address = "example.com:80";
@@ -146,8 +146,6 @@ async fn test_hyper_http(case: i64) -> Result<(), Box<dyn std::error::Error>> {
     Ok(())
 }
 
-use std::net::ToSocketAddrs;
-
 async fn test_std_tcpstream(case: i64) -> std::io::Result<()> {
     // using std::net to fetch a web page
     let address = "example.com:80";
@@ -217,8 +215,6 @@ async fn test_std_tcpstream(case: i64) -> std::io::Result<()> {
     Ok(())
 }
 
-use tokio::io::AsyncWriteExt;
-
 async fn test_tokio_tcpstream(case: i64) -> std::io::Result<()> {
     // using tokio::io to fetch a web page
     let address = "example.com:80";

rust/ql/test/library-tests/dataflow/sources/net/options.yml

@@ -1,9 +1,5 @@
 qltest_cargo_check: true
 qltest_dependencies:
-    - reqwest = { version = "0.12.9", features = ["blocking"] }
-    - hyper = { version = "1.5.2", features = ["full"] }
-    - hyper-util = { version = "0.1.10", features = ["full"] }
-    - http-body-util = { version = "0.1.2" }
     - http = { version = "1.2.0" }
     - tokio = { version = "1.43.0", features = ["full"] }
     - futures = { version = "0.3" }
@@ -12,7 +8,5 @@ qltest_dependencies:
     - actix-web = { version = "4.10.2" }
     - axum = { version = "0.8.4" }
     - serde_json = { version = "1.0.140" }
-    - rustls = { version = "0.23.27" }
-    - futures-rustls = { version = "0.26.0" }
     - async-std = { version = "1.13.1" }
     - warp = { version = "0.4.2", features = ["server"] }