Rust: Model std::fs::OpenOptions and similar.

Author: geoffw0

rust/ql/lib/codeql/rust/frameworks/asyncstd/fs.model.yml

@@ -9,6 +9,7 @@ extensions:
       - ["<async_std::fs::dir_entry::DirEntry>::path", "ReturnValue", "file", "manual"]
       - ["<async_std::fs::dir_entry::DirEntry>::file_name", "ReturnValue", "file", "manual"]
       - ["<async_std::fs::file::File>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["<async_std::fs::open_options::OpenOptions>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: sinkModel
@@ -32,6 +33,7 @@ extensions:
       - ["<async_std::fs::dir_builder::DirBuilder>::create", "Argument[0]", "path-injection", "manual"]
       - ["<async_std::fs::file::File>::create", "Argument[0]", "path-injection", "manual"]
       - ["<async_std::fs::file::File>::open", "Argument[0]", "path-injection", "manual"]
+      - ["<async_std::fs::open_options::OpenOptions>::open", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: summaryModel

rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml

@@ -10,6 +10,7 @@ extensions:
       - ["<std::fs::DirEntry>::file_name", "ReturnValue", "file", "manual"]
       - ["<std::fs::File>::open", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
       - ["<std::fs::File>::open_buffered", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["<std::fs::OpenOptions>::open", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: sinkModel
@@ -37,6 +38,7 @@ extensions:
       - ["<std::fs::File>::create_new", "Argument[0]", "path-injection", "manual"]
       - ["<std::fs::File>::open", "Argument[0]", "path-injection", "manual"]
       - ["<std::fs::File>::open_buffered", "Argument[0]", "path-injection", "manual"]
+      - ["<std::fs::OpenOptions>::open", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: summaryModel

rust/ql/lib/codeql/rust/frameworks/tokio/fs.model.yml

@@ -9,6 +9,7 @@ extensions:
       - ["<tokio::fs::read_dir::DirEntry>::path", "ReturnValue", "file", "manual"]
       - ["<tokio::fs::read_dir::DirEntry>::file_name", "ReturnValue", "file", "manual"]
       - ["<tokio::fs::file::File>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["<tokio::fs::open_options::OpenOptions>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: sinkModel
@@ -37,6 +38,7 @@ extensions:
       - ["<tokio::fs::file::File>::create", "Argument[0]", "path-injection", "manual"]
       - ["<tokio::fs::file::File>::create_new", "Argument[0]", "path-injection", "manual"]
       - ["<tokio::fs::file::File>::open", "Argument[0]", "path-injection", "manual"]
+      - ["<tokio::fs::open_options::OpenOptions>::open", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: summaryModel

rust/ql/test/library-tests/dataflow/sources/TaintSources.expected

@@ -69,14 +69,19 @@
 | test.rs:487:31:487:39 | file_name | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:493:22:493:41 | ...::read_link | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:503:20:503:38 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:536:50:536:53 | open | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:543:67:543:70 | open | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:550:101:550:104 | open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:560:21:560:39 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:561:21:561:39 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:569:21:569:39 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:581:20:581:40 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:627:52:627:55 | open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:637:21:637:41 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:638:21:638:41 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:646:21:646:41 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:660:20:660:44 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:671:56:671:59 | open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:688:26:688:53 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:707:26:707:61 | ...::connect_timeout | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:759:28:759:57 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |

rust/ql/test/library-tests/dataflow/sources/test.rs

@@ -533,24 +533,24 @@ fn test_io_file() -> std::io::Result<()> {
     // --- OpenOptions ---
 
     {
-        let mut f1 = std::fs::OpenOptions::new().open("f1.txt").unwrap(); // $ MISSING: Alert[rust/summary/taint-sources]
+        let mut f1 = std::fs::OpenOptions::new().open("f1.txt").unwrap(); // $ Alert[rust/summary/taint-sources]
         let mut buffer = [0u8; 1024];
         let _bytes = f1.read(&mut buffer)?;
-        sink(&buffer); // $ MISSING: hasTaintFlow="f1.txt"
+        sink(&buffer); // $ hasTaintFlow="f1.txt"
     }
 
     {
-        let mut f2 = std::fs::OpenOptions::new().create_new(true).open("f2.txt").unwrap(); // $ MISSING: Alert[rust/summary/taint-sources]
+        let mut f2 = std::fs::OpenOptions::new().create_new(true).open("f2.txt").unwrap(); // $ Alert[rust/summary/taint-sources]
         let mut buffer = [0u8; 1024];
         let _bytes = f2.read(&mut buffer)?;
-        sink(&buffer); // $ MISSING: hasTaintFlow="f2.txt"
+        sink(&buffer); // $ hasTaintFlow="f2.txt"
     }
 
     {
-        let mut f3 = std::fs::OpenOptions::new().read(true).write(true).truncate(true).create(true).open("f3.txt").unwrap(); // $ MISSING: Alert[rust/summary/taint-sources]
+        let mut f3 = std::fs::OpenOptions::new().read(true).write(true).truncate(true).create(true).open("f3.txt").unwrap(); // $ Alert[rust/summary/taint-sources]
         let mut buffer = [0u8; 1024];
         let _bytes = f3.read(&mut buffer)?;
-        sink(&buffer); // $ MISSING: hasTaintFlow="f3.txt"
+        sink(&buffer); // $ hasTaintFlow="f3.txt"
     }
 
     // --- misc operations ---
@@ -624,7 +624,7 @@ async fn test_tokio_file() -> std::io::Result<()> {
     // --- OpenOptions ---
 
     {
-        let mut f1 = tokio::fs::OpenOptions::new().open("f1.txt").await?; // $ MISSING: Alert[rust/summary/taint-sources]
+        let mut f1 = tokio::fs::OpenOptions::new().open("f1.txt").await?; // $ Alert[rust/summary/taint-sources]
         let mut buffer = [0u8; 1024];
         let _bytes = f1.read(&mut buffer).await?;
         sink(&buffer); // $ MISSING: hasTaintFlow="f1.txt"
@@ -668,7 +668,7 @@ async fn test_async_std_file() -> std::io::Result<()> {
     // --- OpenOptions ---
 
     {
-        let mut f1 = async_std::fs::OpenOptions::new().open("f1.txt").await?; // $ MISSING: Alert[rust/summary/taint-sources]
+        let mut f1 = async_std::fs::OpenOptions::new().open("f1.txt").await?; // $ Alert[rust/summary/taint-sources]
         let mut buffer = [0u8; 1024];
         let _bytes = f1.read(&mut buffer).await?;
         sink(&buffer); // $ MISSING: hasTaintFlow="f1.txt"

rust/ql/test/query-tests/security/CWE-022/src/main.rs

@@ -148,21 +148,21 @@ fn sinks(path1: &Path, path2: &Path) {
     let _ = std::fs::File::open_buffered(path1); // $ path-injection-sink
     let _ = std::fs::DirBuilder::new().create(path1); // $ path-injection-sink
     let _ = std::fs::DirBuilder::new().recursive(true).create(path1); // $ path-injection-sink
-    let _ = std::fs::OpenOptions::new().open(path1); // $ MISSING: path-injection-sink
+    let _ = std::fs::OpenOptions::new().open(path1); // $ path-injection-sink
 
     let _ = tokio::fs::read(path1); // $ path-injection-sink
     let _ = tokio::fs::read_to_string(path1); // $ path-injection-sink
     let _ = tokio::fs::remove_file(path1); // $ path-injection-sink
     let _ = tokio::fs::DirBuilder::new().create(path1); // $ path-injection-sink
     let _ = tokio::fs::DirBuilder::new().recursive(true).create(path1); // $ path-injection-sink
-    let _ = tokio::fs::OpenOptions::new().open(path1); // $ MISSING: path-injection-sink
+    let _ = tokio::fs::OpenOptions::new().open(path1); // $ path-injection-sink
 
     let _ = async_std::fs::read(path1); // $ path-injection-sink
     let _ = async_std::fs::read_to_string(path1); // $ path-injection-sink
     let _ = async_std::fs::remove_file(path1); // $ path-injection-sink
     let _ = async_std::fs::DirBuilder::new().create(path1); // $ path-injection-sink
     let _ = async_std::fs::DirBuilder::new().recursive(true).create(path1); // $ path-injection-sink
-    let _ = async_std::fs::OpenOptions::new().open(path1); // $ MISSING: path-injection-sink
+    let _ = async_std::fs::OpenOptions::new().open(path1); // $ path-injection-sink
 }
 
 fn main() {}