Rust: Add tests for sources involving regular rustls as well.

geoffw0 · geoffw0 · commit a5e1702d4b20 · 2025-05-29T16:45:18.000+01:00
diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
@@ -75,8 +75,8 @@
 | test.rs:619:26:619:61 | ...::connect_timeout | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:671:28:671:57 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:753:22:753:49 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
-| test.rs:775:16:775:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
-| test.rs:775:16:775:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
+| test.rs:806:16:806:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
+| test.rs:806:16:806:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
 | web_frameworks.rs:12:31:12:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:12:31:12:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:21:31:21:35 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -770,6 +770,37 @@ async fn test_std_to_tokio_tcpstream() -> std::io::Result<()> {
     Ok(())
 }
 
+fn test_rustls() -> std::io::Result<()> {
+    let config = rustls::ClientConfig::builder()
+        .with_root_certificates(rustls::RootCertStore::empty())
+        .with_no_client_auth();
+    let server_name = rustls::pki_types::ServerName::try_from("www.example.com").unwrap();
+    let config_arc = std::sync::Arc::new(config);
+    let mut client = rustls::ClientConnection::new(config_arc, server_name).unwrap(); // $ MISSING: Alert[rust/summary/taint-sources]
+    let mut reader = client.reader();
+    sink(&reader); // $ MISSING: hasTaintFlow
+
+    {
+        let mut buffer = [0u8; 100];
+        let _bytes = reader.read(&mut buffer)?;
+        sink(&buffer); // $ MISSING: hasTaintFlow
+    }
+
+    {
+        let mut buffer = Vec::<u8>::new();
+        let _bytes = reader.read_to_end(&mut buffer)?;
+        sink(&buffer); // $ MISSING: hasTaintFlow
+    }
+
+    {
+        let mut buffer = String::new();
+        let _bytes = reader.read_to_string(&mut buffer)?;
+        sink(&buffer); // $ MISSING: hasTaintFlow
+    }
+
+    Ok(())
+}
+
 #[tokio::main]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
     let case = std::env::args().nth(1).unwrap_or(String::from("1")).parse::<i64>().unwrap(); // $ Alert[rust/summary/taint-sources]
@@ -849,5 +880,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         Err(e) => println!("error: {}", e),
     }
 
+    println!("test_rustls...");
+    match test_rustls() {
+        Ok(_) => println!("complete"),
+        Err(e) => println!("error: {}", e),
+    }
+
     Ok(())
 }
