Rust: Model StdoutLock, StderrLock methods and String.as_bytes.

geoffw0 · geoffw0 · commit 484331c3035f · 2025-01-23T17:17:02.000Z
diff --git a/rust/ql/lib/codeql/rust/frameworks/log.model.yml b/rust/ql/lib/codeql/rust/frameworks/log.model.yml
@@ -6,5 +6,9 @@ extensions:
       - ["repo:https://github.com/rust-lang/log:log", "crate::__private_api::log", "Argument[0]", "log-injection", "manual"]
       - ["lang:std", "crate::io::stdio::_print", "Argument[0]", "log-injection", "manual"]
       - ["lang:std", "crate::io::stdio::_eprint", "Argument[0]", "log-injection", "manual"]
+      - ["lang:std", "<crate::io::stdio::StdoutLock as crate::io::Write>::write", "Argument[0]", "log-injection", "manual"]
+      - ["lang:std", "<crate::io::stdio::StdoutLock as crate::io::Write>::write_all", "Argument[0]", "log-injection", "manual"]
+      - ["lang:std", "<crate::io::stdio::StderrLock as crate::io::Write>::write", "Argument[0]", "log-injection", "manual"]
+      - ["lang:std", "<crate::io::stdio::StderrLock as crate::io::Write>::write_all", "Argument[0]", "log-injection", "manual"]
       - ["lang:core", "crate::panicking::panic_fmt", "Argument[0]", "log-injection", "manual"]
       - ["lang:core", "<crate::option::Option>::expect", "Argument[0]", "log-injection", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
@@ -13,6 +13,7 @@ extensions:
       - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
       # String
       - ["lang:alloc", "<crate::string::String>::as_str", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["lang:alloc", "<crate::string::String>::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"]
       # Hint
       - ["lang:core", "crate::hint::must_use", "Argument[0]", "ReturnValue", "value", "manual"]
       # Fmt
diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected
@@ -33,6 +33,10 @@
 | test_logging.rs:162:16:162:55 | ...::panic_fmt | test_logging.rs:162:47:162:54 | password | test_logging.rs:162:16:162:55 | ...::panic_fmt | This operation writes '...::panic_fmt' to a log file. It may contain unencrypted sensitive data from $@. | test_logging.rs:162:47:162:54 | password | password |
 | test_logging.rs:165:16:165:61 | ...::panic_fmt | test_logging.rs:165:53:165:60 | password | test_logging.rs:165:16:165:61 | ...::panic_fmt | This operation writes '...::panic_fmt' to a log file. It may contain unencrypted sensitive data from $@. | test_logging.rs:165:53:165:60 | password | password |
 | test_logging.rs:168:27:168:32 | expect | test_logging.rs:168:58:168:65 | password | test_logging.rs:168:27:168:32 | expect | This operation writes 'expect' to a log file. It may contain unencrypted sensitive data from $@. | test_logging.rs:168:58:168:65 | password | password |
+| test_logging.rs:174:30:174:34 | write | test_logging.rs:174:60:174:67 | password | test_logging.rs:174:30:174:34 | write | This operation writes 'write' to a log file. It may contain unencrypted sensitive data from $@. | test_logging.rs:174:60:174:67 | password | password |
+| test_logging.rs:175:30:175:38 | write_all | test_logging.rs:175:64:175:71 | password | test_logging.rs:175:30:175:38 | write_all | This operation writes 'write_all' to a log file. It may contain unencrypted sensitive data from $@. | test_logging.rs:175:64:175:71 | password | password |
+| test_logging.rs:178:9:178:13 | write | test_logging.rs:178:39:178:46 | password | test_logging.rs:178:9:178:13 | write | This operation writes 'write' to a log file. It may contain unencrypted sensitive data from $@. | test_logging.rs:178:39:178:46 | password | password |
+| test_logging.rs:181:9:181:13 | write | test_logging.rs:181:39:181:46 | password | test_logging.rs:181:9:181:13 | write | This operation writes 'write' to a log file. It may contain unencrypted sensitive data from $@. | test_logging.rs:181:39:181:46 | password | password |
 edges
 | test_logging.rs:42:12:42:35 | MacroExpr | test_logging.rs:42:5:42:36 | ...::log | provenance | MaD:0 Sink:MaD:0 |
 | test_logging.rs:42:28:42:35 | password | test_logging.rs:42:12:42:35 | MacroExpr | provenance |  |
@@ -78,8 +82,8 @@ edges
 | test_logging.rs:99:14:99:46 | res | test_logging.rs:99:22:99:45 | { ... } | provenance |  |
 | test_logging.rs:99:22:99:45 | ...::format(...) | test_logging.rs:99:14:99:46 | res | provenance |  |
 | test_logging.rs:99:22:99:45 | ...::must_use(...) | test_logging.rs:99:9:99:10 | m3 | provenance |  |
-| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:19 |
-| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:18 |
+| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:24 |
+| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:23 |
 | test_logging.rs:99:38:99:45 | password | test_logging.rs:99:22:99:45 | MacroExpr | provenance |  |
 | test_logging.rs:100:11:100:18 | MacroExpr | test_logging.rs:100:5:100:19 | ...::log | provenance | MaD:0 Sink:MaD:0 |
 | test_logging.rs:118:12:118:41 | MacroExpr | test_logging.rs:118:5:118:42 | ...::log | provenance | MaD:0 Sink:MaD:0 |
@@ -98,26 +102,58 @@ edges
 | test_logging.rs:154:29:154:36 | password | test_logging.rs:154:13:154:36 | MacroExpr | provenance |  |
 | test_logging.rs:155:15:155:38 | MacroExpr | test_logging.rs:155:5:155:39 | ...::_eprint | provenance | MaD:2 Sink:MaD:2 |
 | test_logging.rs:155:31:155:38 | password | test_logging.rs:155:15:155:38 | MacroExpr | provenance |  |
-| test_logging.rs:158:23:158:46 | MacroExpr | test_logging.rs:158:16:158:47 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
+| test_logging.rs:158:23:158:46 | MacroExpr | test_logging.rs:158:16:158:47 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
 | test_logging.rs:158:39:158:46 | password | test_logging.rs:158:23:158:46 | MacroExpr | provenance |  |
-| test_logging.rs:159:22:159:45 | MacroExpr | test_logging.rs:159:16:159:46 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
+| test_logging.rs:159:22:159:45 | MacroExpr | test_logging.rs:159:16:159:46 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
 | test_logging.rs:159:38:159:45 | password | test_logging.rs:159:22:159:45 | MacroExpr | provenance |  |
-| test_logging.rs:160:31:160:54 | MacroExpr | test_logging.rs:160:16:160:55 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
+| test_logging.rs:160:31:160:54 | MacroExpr | test_logging.rs:160:16:160:55 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
 | test_logging.rs:160:47:160:54 | password | test_logging.rs:160:31:160:54 | MacroExpr | provenance |  |
-| test_logging.rs:161:29:161:52 | MacroExpr | test_logging.rs:161:16:161:53 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
+| test_logging.rs:161:29:161:52 | MacroExpr | test_logging.rs:161:16:161:53 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
 | test_logging.rs:161:45:161:52 | password | test_logging.rs:161:29:161:52 | MacroExpr | provenance |  |
-| test_logging.rs:162:31:162:54 | MacroExpr | test_logging.rs:162:16:162:55 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
+| test_logging.rs:162:31:162:54 | MacroExpr | test_logging.rs:162:16:162:55 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
 | test_logging.rs:162:47:162:54 | password | test_logging.rs:162:31:162:54 | MacroExpr | provenance |  |
-| test_logging.rs:165:37:165:60 | MacroExpr | test_logging.rs:165:16:165:61 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
+| test_logging.rs:165:37:165:60 | MacroExpr | test_logging.rs:165:16:165:61 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
 | test_logging.rs:165:53:165:60 | password | test_logging.rs:165:37:165:60 | MacroExpr | provenance |  |
-| test_logging.rs:168:34:168:66 | MacroExpr | test_logging.rs:168:34:168:75 | ... .as_str(...) | provenance | MaD:17 |
+| test_logging.rs:168:34:168:66 | MacroExpr | test_logging.rs:168:34:168:75 | ... .as_str(...) | provenance | MaD:21 |
 | test_logging.rs:168:34:168:66 | res | test_logging.rs:168:42:168:65 | { ... } | provenance |  |
-| test_logging.rs:168:34:168:75 | ... .as_str(...) | test_logging.rs:168:27:168:32 | expect | provenance | MaD:4 Sink:MaD:4 |
+| test_logging.rs:168:34:168:75 | ... .as_str(...) | test_logging.rs:168:27:168:32 | expect | provenance | MaD:8 Sink:MaD:8 |
 | test_logging.rs:168:42:168:65 | ...::format(...) | test_logging.rs:168:34:168:66 | res | provenance |  |
 | test_logging.rs:168:42:168:65 | ...::must_use(...) | test_logging.rs:168:34:168:66 | MacroExpr | provenance |  |
-| test_logging.rs:168:42:168:65 | MacroExpr | test_logging.rs:168:42:168:65 | ...::format(...) | provenance | MaD:19 |
-| test_logging.rs:168:42:168:65 | { ... } | test_logging.rs:168:42:168:65 | ...::must_use(...) | provenance | MaD:18 |
+| test_logging.rs:168:42:168:65 | MacroExpr | test_logging.rs:168:42:168:65 | ...::format(...) | provenance | MaD:24 |
+| test_logging.rs:168:42:168:65 | { ... } | test_logging.rs:168:42:168:65 | ...::must_use(...) | provenance | MaD:23 |
 | test_logging.rs:168:58:168:65 | password | test_logging.rs:168:42:168:65 | MacroExpr | provenance |  |
+| test_logging.rs:174:36:174:68 | MacroExpr | test_logging.rs:174:36:174:79 | ... .as_bytes(...) | provenance | MaD:22 |
+| test_logging.rs:174:36:174:68 | res | test_logging.rs:174:44:174:67 | { ... } | provenance |  |
+| test_logging.rs:174:36:174:79 | ... .as_bytes(...) | test_logging.rs:174:30:174:34 | write | provenance | MaD:3 Sink:MaD:3 |
+| test_logging.rs:174:44:174:67 | ...::format(...) | test_logging.rs:174:36:174:68 | res | provenance |  |
+| test_logging.rs:174:44:174:67 | ...::must_use(...) | test_logging.rs:174:36:174:68 | MacroExpr | provenance |  |
+| test_logging.rs:174:44:174:67 | MacroExpr | test_logging.rs:174:44:174:67 | ...::format(...) | provenance | MaD:24 |
+| test_logging.rs:174:44:174:67 | { ... } | test_logging.rs:174:44:174:67 | ...::must_use(...) | provenance | MaD:23 |
+| test_logging.rs:174:60:174:67 | password | test_logging.rs:174:44:174:67 | MacroExpr | provenance |  |
+| test_logging.rs:175:40:175:72 | MacroExpr | test_logging.rs:175:40:175:83 | ... .as_bytes(...) | provenance | MaD:22 |
+| test_logging.rs:175:40:175:72 | res | test_logging.rs:175:48:175:71 | { ... } | provenance |  |
+| test_logging.rs:175:40:175:83 | ... .as_bytes(...) | test_logging.rs:175:30:175:38 | write_all | provenance | MaD:5 Sink:MaD:5 |
+| test_logging.rs:175:48:175:71 | ...::format(...) | test_logging.rs:175:40:175:72 | res | provenance |  |
+| test_logging.rs:175:48:175:71 | ...::must_use(...) | test_logging.rs:175:40:175:72 | MacroExpr | provenance |  |
+| test_logging.rs:175:48:175:71 | MacroExpr | test_logging.rs:175:48:175:71 | ...::format(...) | provenance | MaD:24 |
+| test_logging.rs:175:48:175:71 | { ... } | test_logging.rs:175:48:175:71 | ...::must_use(...) | provenance | MaD:23 |
+| test_logging.rs:175:64:175:71 | password | test_logging.rs:175:48:175:71 | MacroExpr | provenance |  |
+| test_logging.rs:178:15:178:47 | MacroExpr | test_logging.rs:178:15:178:58 | ... .as_bytes(...) | provenance | MaD:22 |
+| test_logging.rs:178:15:178:47 | res | test_logging.rs:178:23:178:46 | { ... } | provenance |  |
+| test_logging.rs:178:15:178:58 | ... .as_bytes(...) | test_logging.rs:178:9:178:13 | write | provenance | MaD:3 Sink:MaD:3 |
+| test_logging.rs:178:23:178:46 | ...::format(...) | test_logging.rs:178:15:178:47 | res | provenance |  |
+| test_logging.rs:178:23:178:46 | ...::must_use(...) | test_logging.rs:178:15:178:47 | MacroExpr | provenance |  |
+| test_logging.rs:178:23:178:46 | MacroExpr | test_logging.rs:178:23:178:46 | ...::format(...) | provenance | MaD:24 |
+| test_logging.rs:178:23:178:46 | { ... } | test_logging.rs:178:23:178:46 | ...::must_use(...) | provenance | MaD:23 |
+| test_logging.rs:178:39:178:46 | password | test_logging.rs:178:23:178:46 | MacroExpr | provenance |  |
+| test_logging.rs:181:15:181:47 | MacroExpr | test_logging.rs:181:15:181:58 | ... .as_bytes(...) | provenance | MaD:22 |
+| test_logging.rs:181:15:181:47 | res | test_logging.rs:181:23:181:46 | { ... } | provenance |  |
+| test_logging.rs:181:15:181:58 | ... .as_bytes(...) | test_logging.rs:181:9:181:13 | write | provenance | MaD:4 Sink:MaD:4 |
+| test_logging.rs:181:23:181:46 | ...::format(...) | test_logging.rs:181:15:181:47 | res | provenance |  |
+| test_logging.rs:181:23:181:46 | ...::must_use(...) | test_logging.rs:181:15:181:47 | MacroExpr | provenance |  |
+| test_logging.rs:181:23:181:46 | MacroExpr | test_logging.rs:181:23:181:46 | ...::format(...) | provenance | MaD:24 |
+| test_logging.rs:181:23:181:46 | { ... } | test_logging.rs:181:23:181:46 | ...::must_use(...) | provenance | MaD:23 |
+| test_logging.rs:181:39:181:46 | password | test_logging.rs:181:23:181:46 | MacroExpr | provenance |  |
 nodes
 | test_logging.rs:42:5:42:36 | ...::log | semmle.label | ...::log |
 | test_logging.rs:42:12:42:35 | MacroExpr | semmle.label | MacroExpr |
@@ -237,4 +273,40 @@ nodes
 | test_logging.rs:168:42:168:65 | MacroExpr | semmle.label | MacroExpr |
 | test_logging.rs:168:42:168:65 | { ... } | semmle.label | { ... } |
 | test_logging.rs:168:58:168:65 | password | semmle.label | password |
+| test_logging.rs:174:30:174:34 | write | semmle.label | write |
+| test_logging.rs:174:36:174:68 | MacroExpr | semmle.label | MacroExpr |
+| test_logging.rs:174:36:174:68 | res | semmle.label | res |
+| test_logging.rs:174:36:174:79 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) |
+| test_logging.rs:174:44:174:67 | ...::format(...) | semmle.label | ...::format(...) |
+| test_logging.rs:174:44:174:67 | ...::must_use(...) | semmle.label | ...::must_use(...) |
+| test_logging.rs:174:44:174:67 | MacroExpr | semmle.label | MacroExpr |
+| test_logging.rs:174:44:174:67 | { ... } | semmle.label | { ... } |
+| test_logging.rs:174:60:174:67 | password | semmle.label | password |
+| test_logging.rs:175:30:175:38 | write_all | semmle.label | write_all |
+| test_logging.rs:175:40:175:72 | MacroExpr | semmle.label | MacroExpr |
+| test_logging.rs:175:40:175:72 | res | semmle.label | res |
+| test_logging.rs:175:40:175:83 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) |
+| test_logging.rs:175:48:175:71 | ...::format(...) | semmle.label | ...::format(...) |
+| test_logging.rs:175:48:175:71 | ...::must_use(...) | semmle.label | ...::must_use(...) |
+| test_logging.rs:175:48:175:71 | MacroExpr | semmle.label | MacroExpr |
+| test_logging.rs:175:48:175:71 | { ... } | semmle.label | { ... } |
+| test_logging.rs:175:64:175:71 | password | semmle.label | password |
+| test_logging.rs:178:9:178:13 | write | semmle.label | write |
+| test_logging.rs:178:15:178:47 | MacroExpr | semmle.label | MacroExpr |
+| test_logging.rs:178:15:178:47 | res | semmle.label | res |
+| test_logging.rs:178:15:178:58 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) |
+| test_logging.rs:178:23:178:46 | ...::format(...) | semmle.label | ...::format(...) |
+| test_logging.rs:178:23:178:46 | ...::must_use(...) | semmle.label | ...::must_use(...) |
+| test_logging.rs:178:23:178:46 | MacroExpr | semmle.label | MacroExpr |
+| test_logging.rs:178:23:178:46 | { ... } | semmle.label | { ... } |
+| test_logging.rs:178:39:178:46 | password | semmle.label | password |
+| test_logging.rs:181:9:181:13 | write | semmle.label | write |
+| test_logging.rs:181:15:181:47 | MacroExpr | semmle.label | MacroExpr |
+| test_logging.rs:181:15:181:47 | res | semmle.label | res |
+| test_logging.rs:181:15:181:58 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) |
+| test_logging.rs:181:23:181:46 | ...::format(...) | semmle.label | ...::format(...) |
+| test_logging.rs:181:23:181:46 | ...::must_use(...) | semmle.label | ...::must_use(...) |
+| test_logging.rs:181:23:181:46 | MacroExpr | semmle.label | MacroExpr |
+| test_logging.rs:181:23:181:46 | { ... } | semmle.label | { ... } |
+| test_logging.rs:181:39:181:46 | password | semmle.label | password |
 subpaths
diff --git a/rust/ql/test/query-tests/security/CWE-312/test_logging.rs b/rust/ql/test/query-tests/security/CWE-312/test_logging.rs
@@ -171,12 +171,12 @@ fn test_std(password: String, i: i32, opt_i: Option<i32>) {
 
     std::io::stdout().lock().write_fmt(format_args!("message = {}", password)); // $ MISSING: Alert[rust/cleartext-logging]
     std::io::stderr().lock().write_fmt(format_args!("message = {}", password)); // $ MISSING: Alert[rust/cleartext-logging]
-    std::io::stdout().lock().write(format!("message = {}", password).as_bytes()); // $ MISSING: Alert[rust/cleartext-logging]
-    std::io::stdout().lock().write_all(format!("message = {}", password).as_bytes()); // $ MISSING: Alert[rust/cleartext-logging]
+    std::io::stdout().lock().write(format!("message = {}", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
+    std::io::stdout().lock().write_all(format!("message = {}", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
 
     let mut out = std::io::stdout().lock();
-    out.write(format!("message = {}", password).as_bytes()); // $ MISSING: Alert[rust/cleartext-logging]
+    out.write(format!("message = {}", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
 
     let mut err = std::io::stderr().lock();
-    err.write(format!("message = {}", password).as_bytes()); // $ MISSING: Alert[rust/cleartext-logging]
+    err.write(format!("message = {}", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
 }
