Rust: Split off sources/database test.

Author: geoffw0

rust/ql/test/library-tests/dataflow/sources/database/Cargo.lock

@@ -0,0 +1,36 @@
+/**
+ * @kind path-problem
+ */
+
+import rust
+import codeql.rust.dataflow.DataFlow
+import codeql.rust.Concepts
+import utils.test.InlineFlowTest
+
+/**
+ * Configuration for flow from any threat model source to an argument of the function `sink`.
+ */
+module MyFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelSource }
+
+  predicate isSink(DataFlow::Node sink) {
+    any(CallExpr call |
+      call.getFunction().(PathExpr).getPath().getSegment().getIdentifier().getText() = "sink"
+    ).getArgList().getAnArg() = sink.asExpr().getExpr()
+  }
+
+  predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
+    // flow out from any content at the sink.
+    isSink(node) and
+    exists(c)
+  }
+}
+
+module MyFlowTest = TaintFlowTest<MyFlowConfig>;
+
+import MyFlowTest
+import PathGraph
+
+from PathNode source, PathNode sink
+where flowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()

rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected

@@ -0,0 +1,25 @@
+| test.rs:15:47:15:51 | query | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:18:28:18:30 | get | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:21:28:21:34 | get_opt | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:24:28:24:31 | take | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:27:28:27:35 | take_opt | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:30:26:30:31 | as_ref | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:37:28:37:38 | query_first | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:40:27:40:35 | exec_iter | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:41:42:41:44 | get | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:48:22:48:30 | query_map | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:55:22:55:30 | query_map | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:64:26:64:35 | query_fold | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:70:22:70:31 | query_fold | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:102:53:102:57 | query | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:105:28:105:30 | get | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:108:28:108:34 | get_opt | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:111:28:111:31 | take | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:114:28:114:35 | take_opt | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:117:26:117:31 | as_ref | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:124:28:124:38 | query_first | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:127:27:127:35 | exec_iter | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:135:22:135:30 | query_map | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:142:22:142:30 | query_map | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:151:26:151:35 | query_fold | Flow source 'DatabaseSource' of type database (DEFAULT). |
+| test.rs:157:22:157:31 | query_fold | Flow source 'DatabaseSource' of type database (DEFAULT). |

rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.ql

@@ -0,0 +1,2 @@
+query: queries/summary/TaintSources.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

rust/ql/test/library-tests/dataflow/sources/database/TaintSources.expected

@@ -0,0 +1,7 @@
+qltest_cargo_check: true
+qltest_dependencies:
+    - async-std = { version = "1.13.1" }
+    - futures = { version = "0.3" }
+    - mysql = { version = "26.0.1" }
+    - mysql_async = { version = "0.36.1" }
+    - tokio = { version = "1.43.0", features = ["full"] }

rust/ql/test/library-tests/dataflow/sources/database/TaintSources.qlref

@@ -0,0 +1,222 @@
+fn sink<T>(_: T) { }
+
+// --- tests ---
+
+mod test_mysql {
+    use mysql::*;
+    use mysql::prelude::*;
+    use super::sink;
+
+    pub fn test_mysql() -> Result<(), Box<dyn std::error::Error>> {
+        // connect through a MySQL connection pool
+        let mut pool = mysql::Pool::new("")?;
+        let mut conn = pool.get_conn()?;
+
+        let mut rows : Vec<mysql::Row> = conn.query("SELECT id, name, age FROM person")?; // $ Alert[rust/summary/taint-sources]
+        let mut row = &mut rows[0];
+
+        let v1 : i64 = row.get(0).unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v1); // $ hasTaintFlow=0
+
+        let v2 : i64 = row.get_opt(0).unwrap().unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v2); // $ hasTaintFlow=0
+
+        let v3 : i64 = row.take(0).unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v3); // $ hasTaintFlow=0
+
+        let v4 : i64 = row.take_opt(0).unwrap().unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v4); // $ hasTaintFlow=0
+
+        let value5 = row.as_ref(0).unwrap(); // $ Alert[rust/summary/taint-sources]
+        if let mysql::Value::Int(v) = value5 {
+            sink(v); // $ MISSING: hasTaintFlow=0
+        } else if let mysql::Value::Bytes(v) = value5 {
+            sink(v); // $ MISSING: hasTaintFlow=0
+        }
+
+        let v6: i64 = conn.query_first("SELECT id FROM person")?.unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v6); // $ hasTaintFlow
+
+        let mut t1 = conn.exec_iter("SELECT id FROM person", (1, 2, 3))?; // $ Alert[rust/summary/taint-sources]
+        sink(t1.nth(0).unwrap().unwrap().get::<i64, usize>(1).unwrap()); // $ Alert[rust/summary/taint-sources] hasTaintFlow=1
+        for row in t1 {
+            for v in row {
+                sink(v); // $ hasTaintFlow
+            }
+        }
+
+        let _ = conn.query_map( // $ Alert[rust/summary/taint-sources]
+            "SELECT id FROM person",
+            |values: i64| -> () {
+                sink(values); // $ hasTaintFlow
+            }
+        )?;
+
+        let _ = conn.query_map( // $ Alert[rust/summary/taint-sources]
+            "SELECT id, name, age FROM person",
+            |values: (i64, String, i32)| -> () {
+                sink(values.0); // $ MISSING: hasTaintFlow
+                sink(values.1); // $ MISSING: hasTaintFlow
+                sink(values.2); // $ MISSING: hasTaintFlow
+            }
+        )?;
+
+        let total = conn.query_fold("SELECT id FROM person", 0, |acc: i64, row: i64| { // $ Alert[rust/summary/taint-sources]
+            sink(row); // $ hasTaintFlow
+            acc + row
+        })?;
+        sink(total); // $ hasTaintFlow
+
+        let _ = conn.query_fold("SELECT id, name, age FROM person", 0, |acc: i64, row: (i64, String, i32)| { // $ Alert[rust/summary/taint-sources]
+            let id: i64 = row.0;
+            let name: String = row.1;
+            let age: i32 = row.2;
+            sink(id); // $ MISSING: hasTaintFlow
+            sink(name); // $ MISSING: hasTaintFlow
+            sink(age); // $ MISSING: hasTaintFlow
+            acc + 1
+        })?;
+
+        Ok(())
+    }
+}
+
+mod test_mysql_async {
+    use mysql_async::*;
+    use mysql_async::prelude::*;
+    use async_std::stream::StreamExt;
+    use super::sink;
+
+    #[derive(Debug, PartialEq, Eq, Clone)]
+    struct Person {
+        id: i64,
+        name: String,
+        age: i32,
+    }
+
+    pub async fn test_mysql_async() -> Result<()> {
+        // connect through a MySQL connection pool
+        let mut pool = mysql_async::Pool::new("");
+        let mut conn = pool.get_conn().await?;
+
+        let mut rows : Vec<mysql_async::Row> = conn.query("SELECT id, name, age FROM person").await?; // $ Alert[rust/summary/taint-sources]
+        let mut row = &mut rows[0];
+
+        let v1 : i64 = row.get(0).unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v1); // $ hasTaintFlow=0
+
+        let v2 : i64 = row.get_opt(0).unwrap().unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v2); // $ hasTaintFlow=0
+
+        let v3 : i64 = row.take(0).unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v3); // $ hasTaintFlow=0
+
+        let v4 : i64 = row.take_opt(0).unwrap().unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v4); // $ hasTaintFlow=0
+
+        let value5 = row.as_ref(0).unwrap(); // $ Alert[rust/summary/taint-sources]
+        if let mysql_async::Value::Int(v) = value5 {
+            sink(v); // $ MISSING: hasTaintFlow=0
+        } else if let mysql_async::Value::Bytes(v) = value5 {
+            sink(v); // $ MISSING: hasTaintFlow=0
+        }
+
+        let v6: i64 = conn.query_first("SELECT id FROM person").await?.unwrap(); // $ Alert[rust/summary/taint-sources]
+        sink(v6); // $ MISSING: hasTaintFlow
+
+        let mut t1 = conn.exec_iter("SELECT id FROM person", (1, 2, 3)).await?; // $ Alert[rust/summary/taint-sources]
+        for mut row in t1.stream::<(i64, String, i32)>().await? {
+            while let v = row.next().await {
+                let v = v.unwrap();
+                sink(v); // $ MISSING: hasTaintFlow
+            }
+        }
+
+        let _ = conn.query_map( // $ Alert[rust/summary/taint-sources]
+            "SELECT id FROM person",
+            |values: i64| -> () {
+                sink(values); // $ hasTaintFlow
+            }
+        ).await?;
+
+        let _ = conn.query_map( // $ Alert[rust/summary/taint-sources]
+            "SELECT id, name, age FROM person",
+            |values: (i64, String, i32)| -> () {
+                sink(values.0); // $ MISSING: hasTaintFlow
+                sink(values.1); // $ MISSING: hasTaintFlow
+                sink(values.2); // $ MISSING: hasTaintFlow
+            }
+        ).await?;
+
+        let total = conn.query_fold("SELECT id FROM person", 0, |acc: i64, row: i64| { // $ Alert[rust/summary/taint-sources]
+            sink(row); // $ hasTaintFlow
+            acc + row
+        }).await?;
+        sink(total); // $ hasTaintFlow
+
+        let _ = conn.query_fold("SELECT id, name, age FROM person", 0, |acc: i64, row: (i64, String, i32)| { // $ Alert[rust/summary/taint-sources]
+            let id: i64 = row.0;
+            let name: String = row.1;
+            let age: i32 = row.2;
+            sink(id); // $ MISSING: hasTaintFlow
+            sink(name); // $ MISSING: hasTaintFlow
+            sink(age); // $ MISSING: hasTaintFlow
+            acc + 1
+        }).await?;
+
+        let ids = "SELECT id FROM person".with(()).map(&mut conn,
+            |person: i64| -> i64 {
+                sink(person); // $ MISSING: hasTaintFlow
+                person
+            }
+        ).await?;
+        sink(ids[0]); // $ MISSING: hasTaintFlow
+
+        let ages = "SELECT id, name, age FROM person".with(()).map(&mut conn, // $ MISSING: Alert[rust/summary/taint-sources]
+            |person: (i64, String, i32)| -> i32 {
+                sink(person.0); // $ MISSING: hasTaintFlow
+                sink(person.1); // $ MISSING: hasTaintFlow
+                sink(person.2); // $ MISSING: hasTaintFlow
+                person.2
+            }
+        ).await?;
+        sink(ages[0]); // $ MISSING: hasTaintFlow
+
+        {
+            let mut stream = "SELECT id FROM person".stream::<i64, _>(&mut conn).await?; // $ MISSING: Alert[rust/summary/taint-sources]
+            while let Some(row) = stream.next().await {
+                let id = row?;
+                sink(id); // $ MISSING: hasTaintFlow
+            }
+        }
+
+        {
+            let mut stream = "SELECT id, name, age FROM person".stream::<(i64, String, i32), _>(&mut conn).await?; // $ MISSING: Alert[rust/summary/taint-sources]
+            while let Some(row) = stream.next().await {
+                let (id, name, age) = row?;
+                sink(id); // $ MISSING: hasTaintFlow
+                sink(name); // $ MISSING: hasTaintFlow
+                sink(age); // $ MISSING: hasTaintFlow
+            }
+        }
+
+        Ok(())
+    }
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    println!("test_mysql...");
+    match test_mysql::test_mysql() {
+        Ok(_) => println!("complete"),
+        Err(e) => println!("error: {}", e),
+    }
+
+    println!("test_mysql_async...");
+    match futures::executor::block_on(test_mysql_async::test_mysql_async()) {
+        Ok(_) => println!("complete"),
+        Err(e) => println!("error: {}", e),
+    }
+
+    Ok(())
+}

rust/ql/test/library-tests/dataflow/sources/database/options.yml

@@ -16,5 +16,3 @@ qltest_dependencies:
     - futures-rustls = { version = "0.26.0" }
     - async-std = { version = "1.13.1" }
     - warp = { version = "0.4.2", features = ["server"] }
-    - mysql = { version = "26.0.1" }
-    - mysql_async = { version = "0.36.1" }