Rust: Add source models for fs.

Author: geoffw0

rust/ql/lib/codeql/rust/Concepts.qll

@@ -102,6 +102,32 @@ class ModeledEnvironmentSource extends EnvironmentSource::Range {
   ModeledEnvironmentSource() { sourceNode(this, "environment-source") }
 }
 
+/**
+ * A data flow source corresponding to a file access.
+ */
+final class FileSource = FileSource::Range;
+
+/**
+ * An externally modeled source for data from a file access.
+ */
+class ModeledFileSource extends FileSource::Range {
+  ModeledFileSource() { sourceNode(this, "file") }
+}
+
+/**
+ * Provides a class for modeling new sources for file accesses.
+ */
+module FileSource {
+  /**
+   * A data flow source corresponding to a file access.
+   */
+  abstract class Range extends ThreatModelSource::Range {
+    override string getThreatModel() { result = "file" }
+
+    override string getSourceType() { result = "FileSource" }
+  }
+}
+
 /**
  * A data flow source corresponding to the program's database reads.
  */

rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml

@@ -2,7 +2,14 @@ extensions:
   - addsTo:
       pack: codeql/rust-all
       extensible: sourceModel
-    data: []
+    data:
+      - ["lang:std", "crate::fs::read", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"]
+      - ["lang:std", "crate::fs::read_to_string", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"]
+      - ["lang:std", "crate::fs::read_link", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"]
+      - ["lang:std", "<crate::fs::DirEntry>::path", "ReturnValue", "file", "manual"]
+      - ["lang:std", "<crate::fs::DirEntry>::file_name", "ReturnValue", "file", "manual"]
+      - ["lang:std", "<crate::fs::File>::open", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"]
+      - ["lang:std", "<crate::fs::File>::open_buffered", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: sinkModel
@@ -34,7 +41,6 @@ extensions:
       - ["lang:std", "<crate::fs::File>::create_new", "Argument[0]", "path-injection", "manual"]
       - ["lang:std", "<crate::fs::File>::open", "Argument[0]", "path-injection", "manual"]
       - ["lang:std", "<crate::fs::File>::open_buffered", "Argument[0]", "path-injection", "manual"]
-
   - addsTo:
       pack: codeql/rust-all
       extensible: summaryModel

rust/ql/test/library-tests/dataflow/sources/TaintSources.expected

@@ -22,4 +22,14 @@
 | test.rs:80:24:80:35 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:112:35:112:46 | send_request | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:119:31:119:42 | send_request | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:205:31:205:43 | ...::read | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:210:31:210:38 | ...::read | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:215:22:215:39 | ...::read_to_string | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:221:22:221:25 | path | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:222:27:222:35 | file_name | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:228:22:228:34 | ...::read_link | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:271:20:271:38 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:360:25:360:43 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:361:25:361:43 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
+| test.rs:369:25:369:43 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:386:16:386:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |

rust/ql/test/library-tests/dataflow/sources/test.rs

@@ -202,31 +202,31 @@ use std::fs;
 
 fn test_fs() -> Result<(), Box<dyn std::error::Error>> {
     {
-        let buffer: Vec<u8> = std::fs::read("file.bin")?; // $ MISSING: Alert[rust/summary/taint-sources]
-        sink(buffer); // $ MISSING: hasTaintFlow
+        let buffer: Vec<u8> = std::fs::read("file.bin")?; // $ Alert[rust/summary/taint-sources]
+        sink(buffer); // $ hasTaintFlow="file.bin"
     }
 
     {
-        let buffer: Vec<u8> = fs::read("file.bin")?; // $ MISSING: Alert[rust/summary/taint-sources]
-        sink(buffer); // $ MISSING: hasTaintFlow
+        let buffer: Vec<u8> = fs::read("file.bin")?; // $ Alert[rust/summary/taint-sources]
+        sink(buffer); // $ hasTaintFlow="file.bin"
     }
 
     {
-        let buffer = fs::read_to_string("file.txt")?; // $ MISSING: Alert[rust/summary/taint-sources]
-        sink(buffer); // $ MISSING: hasTaintFlow
+        let buffer = fs::read_to_string("file.txt")?; // $ Alert[rust/summary/taint-sources]
+        sink(buffer); // $ hasTaintFlow="file.txt"
     }
 
     for entry in fs::read_dir("directory")? {
         let e = entry?;
-        let path = e.path(); // $ MISSING: Alert[rust/summary/taint-sources]
-        let file_name = e.file_name(); // $ MISSING: Alert[rust/summary/taint-sources]
-        sink(path); // $ MISSING: hasTaintFlow
-        sink(file_name); // $ MISSING: hasTaintFlow
+        let path = e.path(); // $ Alert[rust/summary/taint-sources]
+        let file_name = e.file_name(); // $ Alert[rust/summary/taint-sources]
+        sink(path); // $ hasTaintFlow
+        sink(file_name); // $ hasTaintFlow
     }
 
     {
-        let target = fs::read_link("symlink.txt")?; // $ MISSING: Alert[rust/summary/taint-sources]
-        sink(target); // $ MISSING: hasTaintFlow
+        let target = fs::read_link("symlink.txt")?; // $ Alert[rust/summary/taint-sources]
+        sink(target); // $ hasTaintFlow="symlink.txt"
     }
 
     Ok(())
@@ -268,7 +268,7 @@ fn test_io_fs() -> std::io::Result<()> {
 
     // --- file ---
 
-    let mut file = std::fs::File::open("file.txt")?; // $ MISSING: Alert[rust/summary/taint-sources]
+    let mut file = std::fs::File::open("file.txt")?; // $ Alert[rust/summary/taint-sources]
 
     {
         let mut buffer = [0u8; 100];
@@ -357,16 +357,16 @@ fn test_io_fs() -> std::io::Result<()> {
 
     {
         let mut buffer = String::new();
-        let mut file1 = std::fs::File::open("file.txt")?; // $ MISSING: Alert[rust/summary/taint-sources]
-        let mut file2 = std::fs::File::open("another_file.txt")?; // $ MISSING: Alert[rust/summary/taint-sources]
+        let mut file1 = std::fs::File::open("file.txt")?; // $ Alert[rust/summary/taint-sources]
+        let mut file2 = std::fs::File::open("another_file.txt")?; // $ Alert[rust/summary/taint-sources]
         let mut reader = file1.chain(file2);
         reader.read_to_string(&mut buffer)?;
         sink(&buffer); // $ MISSING: hasTaintFlow
     }
 
     {
         let mut buffer = String::new();
-        let mut file1 = std::fs::File::open("file.txt")?; // $ MISSING: Alert[rust/summary/taint-sources]
+        let mut file1 = std::fs::File::open("file.txt")?; // $ Alert[rust/summary/taint-sources]
         let mut reader = file1.take(100);
         reader.read_to_string(&mut buffer)?;
         sink(&buffer); // $ MISSING: hasTaintFlow