Rust: Add string slice taint flow test

paldepind · paldepind · commit 70a296be895d · 2024-12-04T13:24:15.000+01:00
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.ql b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.ql
@@ -0,0 +1,4 @@
+import codeql.rust.dataflow.DataFlow
+import codeql.rust.dataflow.internal.TaintTrackingImpl
+
+query predicate additionalTaintStep = RustTaintTracking::defaultAdditionalTaintStep/3;
diff --git a/rust/ql/test/library-tests/dataflow/taint/main.rs b/rust/ql/test/library-tests/dataflow/taint/main.rs
@@ -24,8 +24,27 @@ fn cast() {
     sink(b as i64); // $ MISSING: hasTaintFlow=77
 }
 
+mod string {
+    fn source(i: i64) -> String {
+        format!("{}", i)
+    }
+
+    fn sink(s: &str) {
+        println!("{}", s);
+    }
+
+    pub fn string_slice() {
+        let s = source(35);
+        let sliced = &s[1..3];
+        sink(sliced); // $ MISSING: hasTaintFlow=35
+    }
+}
+
+use string::*;
+
 fn main() {
     addition();
     negation();
     cast();
+    string_slice();
 }
