Merge branch 'main' into redsun82/cargo-upgrade-2

Author: redsun82

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll

@@ -756,9 +756,9 @@ private predicate modeledFlowBarrier(Node n) {
     partialFlowFunc = call.getStaticCallTarget() and
     not partialFlowFunc.isPartialWrite(output)
   |
-    call.getStaticCallTarget().(DataFlow::DataFlowFunction).hasDataFlow(_, output)
+    partialFlowFunc.(DataFlow::DataFlowFunction).hasDataFlow(_, output)
     or
-    call.getStaticCallTarget().(Taint::TaintFunction).hasTaintFlow(_, output)
+    partialFlowFunc.(Taint::TaintFunction).hasTaintFlow(_, output)
   )
   or
   exists(Operand operand, Instruction instr, Node n0, int indirectionIndex |

cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll

@@ -170,6 +170,16 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
       output.isParameterDeref(this.getOutputParameterIndex(_))
     )
   }
+
+  final override predicate isPartialWrite(FunctionOutput output) {
+    exists(int outputParameterIndex |
+      output.isParameterDeref(outputParameterIndex) and
+      // We require the output to be a stream since that definitely means that
+      // it's a partial write. If it's not a stream then it will most likely
+      // fill the whole buffer.
+      outputParameterIndex = this.getOutputParameterIndex(true)
+    )
+  }
 }
 
 /**

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

@@ -7767,6 +7767,10 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
 | taint.cpp:830:20:830:34 | call to indirect_source | taint.cpp:832:23:832:24 | in |  |
 | taint.cpp:831:15:831:17 | out | taint.cpp:832:18:832:20 | out |  |
 | taint.cpp:831:15:831:17 | out | taint.cpp:833:8:833:10 | out |  |
+| taint.cpp:841:21:841:35 | call to indirect_source | taint.cpp:842:11:842:12 | fp |  |
+| taint.cpp:841:21:841:35 | call to indirect_source | taint.cpp:843:16:843:17 | fp |  |
+| taint.cpp:842:11:842:12 | ref arg fp | taint.cpp:843:16:843:17 | fp |  |
+| taint.cpp:842:15:842:16 |  | taint.cpp:842:11:842:12 | ref arg fp | TAINT |
 | thread.cpp:10:27:10:27 | s | thread.cpp:10:27:10:27 | s |  |
 | thread.cpp:10:27:10:27 | s | thread.cpp:11:8:11:8 | s |  |
 | thread.cpp:14:26:14:26 | s | thread.cpp:15:8:15:8 | s |  |

cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp

@@ -831,4 +831,15 @@ void test_write_to_const_ptr_ptr() {
   const char* out;
   take_const_ptr(out, in);
   sink(out); // $ SPURIOUS: ast
+}
+
+void indirect_sink(FILE *fp);
+int fprintf(FILE *fp, const char *format, ...);
+
+int f7(void)
+{
+  FILE* fp = (FILE*)indirect_source();
+  fprintf(fp, "");
+	indirect_sink(fp); // $ ir MISSING: ast
+  return 0;
 }

cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql

@@ -117,6 +117,11 @@ module IRTest {
         call.getTarget().getName() = "sink" and
         [sink.asExpr(), sink.asIndirectExpr()] = call.getAnArgument()
       )
+      or
+      exists(FunctionCall call |
+        call.getTarget().getName() = "indirect_sink" and
+        sink.asIndirectExpr() = call.getAnArgument()
+      )
     }
 
     predicate isBarrier(DataFlow::Node barrier) {

cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected

@@ -17670,6 +17670,55 @@ signatureMatches
 | taint.cpp:822:6:822:19 | take_const_ptr | (unsigned long *,const char *) |  | set_cert_ex | 1 |
 | taint.cpp:822:6:822:19 | take_const_ptr | (unsigned long *,const char *) |  | set_name_ex | 1 |
 | taint.cpp:822:6:822:19 | take_const_ptr | (uv_pipe_t *,const char *) |  | uv_pipe_bind | 1 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_default_uflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_feof | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_ferror | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_file_close_mmap | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_file_underflow_mmap | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_ftell | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_getc | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_getwc | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_new_file_underflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_peekc_locked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_str_count | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_str_underflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_sungetc | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_sungetwc | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_wdefault_uflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_wfile_underflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_wfile_underflow_mmap | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_wstr_count | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | _IO_wstr_underflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __fbufsize | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __feof_unlocked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __ferror_unlocked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __fileno | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __flbf | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __fopen_maybe_mmap | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __fpending | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __ftello | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __fwriting | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __getc_unlocked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __getwc_unlocked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __uflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __underflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __wuflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | __wunderflow | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | feof_unlocked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | ferror_unlocked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | fgetc_unlocked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | fgetgrent | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | fgetpwent | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | fgetsgent | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | fgetspent | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | getc_unlocked | 0 |
+| taint.cpp:836:6:836:18 | indirect_sink | (FILE *) |  | getmntent | 0 |
+| taint.cpp:837:5:837:11 | fprintf | (CURLSH *,CURLSHoption,...) |  | curl_share_setopt | 2 |
+| taint.cpp:837:5:837:11 | fprintf | (Jim_Interp *,const char *,...) |  | Jim_SetResultFormatted | 1 |
+| taint.cpp:837:5:837:11 | fprintf | (Jim_Interp *,const char *,...) |  | Jim_SetResultFormatted | 2 |
+| taint.cpp:837:5:837:11 | fprintf | (char **,const char *,...) |  | ___asprintf | 1 |
+| taint.cpp:837:5:837:11 | fprintf | (char **,const char *,...) |  | ___asprintf | 2 |
+| taint.cpp:837:5:837:11 | fprintf | (curl_httppost **,curl_httppost **,...) |  | curl_formadd | 2 |
 | thread.cpp:4:6:4:9 | sink | (int) |  | ASN1_STRING_type_new | 0 |
 | thread.cpp:4:6:4:9 | sink | (int) |  | ASN1_tag2bit | 0 |
 | thread.cpp:4:6:4:9 | sink | (int) |  | ASN1_tag2str | 0 |
@@ -47191,6 +47240,10 @@ getParameterTypeName
 | taint.cpp:817:6:817:27 | write_to_const_ptr_ptr | 1 | const char ** |
 | taint.cpp:822:6:822:19 | take_const_ptr | 0 | const char * |
 | taint.cpp:822:6:822:19 | take_const_ptr | 1 | const char * |
+| taint.cpp:836:6:836:18 | indirect_sink | 0 | FILE * |
+| taint.cpp:837:5:837:11 | fprintf | 0 | FILE * |
+| taint.cpp:837:5:837:11 | fprintf | 1 | const char * |
+| taint.cpp:837:5:837:11 | fprintf | 2 | ... |
 | thread.cpp:4:6:4:9 | sink | 0 | int |
 | thread.cpp:6:8:6:8 | operator= | 0 | S && |
 | thread.cpp:6:8:6:8 | operator= | 0 | const S & |

rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll

@@ -5,6 +5,8 @@
 private import rust
 private import codeql.rust.Concepts
 private import codeql.rust.dataflow.DataFlow
+private import codeql.rust.internal.TypeInference
+private import codeql.rust.internal.Type
 
 bindingset[algorithmName]
 private string simplifyAlgorithmName(string algorithmName) {
@@ -21,28 +23,20 @@ class StreamCipherInit extends Cryptography::CryptographicOperation::Range {
 
   StreamCipherInit() {
     // a call to `cipher::KeyInit::new`, `cipher::KeyInit::new_from_slice`,
-    // `cipher::KeyIvInit::new`, `cipher::KeyIvInit::new_from_slices` or `rc2::Rc2::new_with_eff_key_len`.
-    exists(PathExpr p, string rawAlgorithmName |
-      this.asExpr().getExpr().(CallExpr).getFunction() = p and
-      p.getResolvedCrateOrigin().matches("%/RustCrypto%") and
-      p.getPath().getText() = ["new", "new_from_slice", "new_from_slices", "new_with_eff_key_len"] and
-      (
-        rawAlgorithmName = p.getPath().getQualifier().getText() or
+    // `cipher::KeyIvInit::new`, `cipher::KeyIvInit::new_from_slices`, `rc2::Rc2::new_with_eff_key_len` or similar.
+    exists(CallExprBase ce, string rawAlgorithmName |
+      ce = this.asExpr().getExpr() and
+      ce.getStaticTarget().getName().getText() =
+        ["new", "new_from_slice", "new_with_eff_key_len", "new_from_slices"] and
+      // extract the algorithm name from the type of `ce` or its receiver.
+      exists(Type t, TypePath tp |
+        t = inferType([ce, ce.(MethodCallExpr).getReceiver()], tp) and
         rawAlgorithmName =
-          p.getPath()
-              .getQualifier()
-              .getSegment()
-              .getGenericArgList()
-              .getGenericArg(0)
-              .(TypeArg)
-              .getTypeRepr()
-              .(PathTypeRepr)
-              .getPath()
-              .getSegment()
-              .getIdentifier()
-              .getText()
+          t.(StructType).asItemNode().(Addressable).getCanonicalPath().splitAt("::")
       ) and
-      algorithmName = simplifyAlgorithmName(rawAlgorithmName)
+      algorithmName = simplifyAlgorithmName(rawAlgorithmName) and
+      // only match a known cryptographic algorithm
+      any(Cryptography::CryptographicAlgorithm alg).matchesName(algorithmName)
     )
   }
 

rust/ql/test/query-tests/security/CWE-327/BrokenCryptoAlgorithm.expected

@@ -2,20 +2,22 @@
 | test_cipher.rs:23:27:23:60 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:23:27:23:60 | ...::new_from_slice(...) | The cryptographic algorithm RC4 |
 | test_cipher.rs:26:27:26:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:26:27:26:48 | ...::new(...) | The cryptographic algorithm RC4 |
 | test_cipher.rs:29:27:29:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:29:27:29:48 | ...::new(...) | The cryptographic algorithm RC4 |
-| test_cipher.rs:59:23:59:42 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:59:23:59:42 | ...::new(...) | The cryptographic algorithm DES |
-| test_cipher.rs:63:23:63:47 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:63:23:63:47 | ...::new(...) | The cryptographic algorithm DES |
-| test_cipher.rs:67:23:67:46 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:67:23:67:46 | ...::new_from_slice(...) | The cryptographic algorithm DES |
-| test_cipher.rs:71:23:71:42 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:71:23:71:42 | ...::new(...) | The cryptographic algorithm DES |
-| test_cipher.rs:75:27:75:46 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:75:27:75:46 | ...::new(...) | The cryptographic algorithm DES |
-| test_cipher.rs:80:24:80:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:80:24:80:48 | ...::new(...) | The cryptographic algorithm 3DES |
+| test_cipher.rs:59:29:59:45 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:59:29:59:45 | ...::new(...) | The cryptographic algorithm DES |
+| test_cipher.rs:63:23:63:42 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:63:23:63:42 | ...::new(...) | The cryptographic algorithm DES |
+| test_cipher.rs:67:23:67:47 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:67:23:67:47 | ...::new(...) | The cryptographic algorithm DES |
+| test_cipher.rs:71:23:71:46 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:71:23:71:46 | ...::new_from_slice(...) | The cryptographic algorithm DES |
+| test_cipher.rs:75:23:75:42 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:75:23:75:42 | ...::new(...) | The cryptographic algorithm DES |
+| test_cipher.rs:79:27:79:46 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:79:27:79:46 | ...::new(...) | The cryptographic algorithm DES |
 | test_cipher.rs:84:24:84:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:84:24:84:48 | ...::new(...) | The cryptographic algorithm 3DES |
+| test_cipher.rs:84:24:84:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:84:24:84:48 | ...::new(...) | The cryptographic algorithm DES |
 | test_cipher.rs:88:24:88:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:88:24:88:48 | ...::new(...) | The cryptographic algorithm 3DES |
-| test_cipher.rs:92:24:92:52 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:92:24:92:52 | ...::new_from_slice(...) | The cryptographic algorithm 3DES |
-| test_cipher.rs:97:23:97:42 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:97:23:97:42 | ...::new(...) | The cryptographic algorithm RC2 |
-| test_cipher.rs:101:23:101:46 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:101:23:101:46 | ...::new_from_slice(...) | The cryptographic algorithm RC2 |
-| test_cipher.rs:105:23:105:56 | ...::new_with_eff_key_len(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:105:23:105:56 | ...::new_with_eff_key_len(...) | The cryptographic algorithm RC2 |
-| test_cipher.rs:110:23:110:50 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:110:23:110:50 | ...::new(...) | The cryptographic algorithm RC5 |
-| test_cipher.rs:114:23:114:55 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:114:23:114:55 | ...::new_from_slice(...) | The cryptographic algorithm RC5 |
-| test_cipher.rs:132:23:132:76 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:132:23:132:76 | ...::new(...) | The cryptographic algorithm DES |
-| test_cipher.rs:138:23:138:76 | ...::new_from_slices(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:138:23:138:76 | ...::new_from_slices(...) | The cryptographic algorithm DES |
-| test_cipher.rs:141:23:141:76 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:141:23:141:76 | ...::new(...) | The cryptographic algorithm DES |
+| test_cipher.rs:88:24:88:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:88:24:88:48 | ...::new(...) | The cryptographic algorithm DES |
+| test_cipher.rs:92:24:92:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:92:24:92:48 | ...::new(...) | The cryptographic algorithm 3DES |
+| test_cipher.rs:92:24:92:48 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:92:24:92:48 | ...::new(...) | The cryptographic algorithm DES |
+| test_cipher.rs:96:24:96:52 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:96:24:96:52 | ...::new_from_slice(...) | The cryptographic algorithm 3DES |
+| test_cipher.rs:96:24:96:52 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:96:24:96:52 | ...::new_from_slice(...) | The cryptographic algorithm DES |
+| test_cipher.rs:101:23:101:42 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:101:23:101:42 | ...::new(...) | The cryptographic algorithm RC2 |
+| test_cipher.rs:105:23:105:46 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:105:23:105:46 | ...::new_from_slice(...) | The cryptographic algorithm RC2 |
+| test_cipher.rs:109:23:109:56 | ...::new_with_eff_key_len(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:109:23:109:56 | ...::new_with_eff_key_len(...) | The cryptographic algorithm RC2 |
+| test_cipher.rs:114:23:114:50 | ...::new(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:114:23:114:50 | ...::new(...) | The cryptographic algorithm RC5 |
+| test_cipher.rs:118:23:118:55 | ...::new_from_slice(...) | $@ is broken or weak, and should not be used. | test_cipher.rs:118:23:118:55 | ...::new_from_slice(...) | The cryptographic algorithm RC5 |

rust/ql/test/query-tests/security/CWE-327/CONSISTENCY/PathResolutionConsistency.expected

@@ -4,4 +4,4 @@ multipleCallTargets
 | test_cipher.rs:29:27:29:48 | ...::new(...) |
 | test_cipher.rs:36:30:36:59 | ...::new(...) |
 | test_cipher.rs:39:30:39:63 | ...::new(...) |
-| test_cipher.rs:110:23:110:50 | ...::new(...) |
+| test_cipher.rs:114:23:114:50 | ...::new(...) |

rust/ql/test/query-tests/security/CWE-327/test_cipher.rs

@@ -42,7 +42,7 @@ fn test_stream_cipher(
 
 fn test_block_cipher(
     key: &[u8], key128: &[u8;16], key192: &[u8;24], key256: &[u8;32],
-    data: &mut [u8], input: &[u8], block128: &mut [u8;16]
+    data: &mut [u8], input: &[u8], block128: &mut [u8;16], des_key : &cipher::Key<Des>
 ) {
     // aes
     let aes_cipher1 = Aes128::new(key128.into());
@@ -56,6 +56,10 @@ fn test_block_cipher(
     aes_cipher3.decrypt_block(block128.into());
 
     // des (broken)
+    let des_cipher0 : Des = Des::new(des_key); // $ Alert[rust/weak-cryptographic-algorithm]
+    des_cipher0.encrypt_block(data.into());
+    des_cipher0.decrypt_block(data.into());
+
     let des_cipher1 = Des::new(key.into()); // $ Alert[rust/weak-cryptographic-algorithm]
     des_cipher1.encrypt_block(data.into());
     des_cipher1.decrypt_block(data.into());
@@ -129,15 +133,15 @@ fn test_cbc(
     _ = aes_cipher1.encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
 
     // des (broken)
-    let des_cipher1 = cbc::Encryptor::<des::Des>::new(key.into(), iv.into()); // $ Alert[rust/weak-cryptographic-algorithm]
+    let des_cipher1 = cbc::Encryptor::<des::Des>::new(key.into(), iv.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
     _ = des_cipher1.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
 
     let des_cipher2 = MyDesEncryptor::new(key.into(), iv.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
     _ = des_cipher2.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
 
-    let des_cipher3 = cbc::Encryptor::<des::Des>::new_from_slices(&key, &iv).unwrap(); // $ Alert[rust/weak-cryptographic-algorithm]
+    let des_cipher3 = cbc::Encryptor::<des::Des>::new_from_slices(&key, &iv).unwrap(); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
     _ = des_cipher3.encrypt_padded_mut::<des::cipher::block_padding::Pkcs7>(data, data_len).unwrap();
 
-    let des_cipher4 = cbc::Encryptor::<des::Des>::new(key.into(), iv.into()); // $ Alert[rust/weak-cryptographic-algorithm]
+    let des_cipher4 = cbc::Encryptor::<des::Des>::new(key.into(), iv.into()); // $ MISSING: Alert[rust/weak-cryptographic-algorithm]
     _ = des_cipher4.encrypt_padded_b2b_mut::<des::cipher::block_padding::Pkcs7>(input, data).unwrap();
 }