Rust: Add std::mem::zeroed as a source.

Author: geoffw0

rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml

@@ -1,4 +1,9 @@
 extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["lang:core", "crate::mem::zeroed", "ReturnValue.Element", "constant-source", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: summaryModel

rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll

@@ -69,9 +69,14 @@ module HardcodedCryptographicValue {
    * ```
    */
   private class ArrayListSource extends Source {
-    ArrayListSource() {
-      this.asExpr().getExpr().(ArrayListExpr).getExpr(_) instanceof LiteralExpr
-    }
+    ArrayListSource() { this.asExpr().getExpr().(ArrayListExpr).getExpr(_) instanceof LiteralExpr }
+  }
+
+  /**
+   * An externally modeled source for constant values.
+   */
+  private class ModeledSource extends Source {
+    ModeledSource() { sourceNode(this, "constant-source") }
   }
 
   /**

rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected

@@ -5,6 +5,7 @@
 | test_cipher.rs:37:27:37:74 | [...] | test_cipher.rs:37:27:37:74 | [...] | test_cipher.rs:38:30:38:47 | ...::new | This hard-coded value is used as $@. | test_cipher.rs:38:30:38:47 | ...::new | a key |
 | test_cipher.rs:41:29:41:76 | [...] | test_cipher.rs:41:29:41:76 | [...] | test_cipher.rs:42:30:42:47 | ...::new | This hard-coded value is used as $@. | test_cipher.rs:42:30:42:47 | ...::new | a key |
 | test_cipher.rs:45:27:45:50 | [...] | test_cipher.rs:45:27:45:50 | [...] | test_cipher.rs:47:30:47:47 | ...::new | This hard-coded value is used as $@. | test_cipher.rs:47:30:47:47 | ...::new | a key |
+| test_cipher.rs:50:37:50:52 | ...::zeroed | test_cipher.rs:50:37:50:52 | ...::zeroed | test_cipher.rs:51:31:51:48 | ...::new | This hard-coded value is used as $@. | test_cipher.rs:51:31:51:48 | ...::new | a key |
 | test_cipher.rs:66:20:66:22 | 0u8 | test_cipher.rs:66:20:66:22 | 0u8 | test_cipher.rs:67:23:67:33 | ...::new | This hard-coded value is used as $@. | test_cipher.rs:67:23:67:33 | ...::new | a key |
 | test_cipher.rs:73:20:73:22 | 0u8 | test_cipher.rs:73:20:73:22 | 0u8 | test_cipher.rs:74:23:74:44 | ...::new_from_slice | This hard-coded value is used as $@. | test_cipher.rs:74:23:74:44 | ...::new_from_slice | a key |
 | test_cipher.rs:80:20:80:22 | 0u8 | test_cipher.rs:80:20:80:22 | 0u8 | test_cipher.rs:81:23:81:61 | ...::new | This hard-coded value is used as $@. | test_cipher.rs:81:23:81:61 | ...::new | a key |
@@ -45,16 +46,22 @@ edges
 | test_cipher.rs:45:9:45:14 | const9 | test_cipher.rs:46:32:46:37 | const9 | provenance |  |
 | test_cipher.rs:45:27:45:50 | [...] | test_cipher.rs:45:9:45:14 | const9 | provenance |  |
 | test_cipher.rs:46:9:46:19 | const9_conv [&ref, element] | test_cipher.rs:47:73:47:83 | const9_conv [&ref, element] | provenance |  |
-| test_cipher.rs:46:32:46:37 | const9 | test_cipher.rs:46:32:46:54 | const9.align_to(...) [tuple.1, &ref, element] | provenance | MaD:103 |
+| test_cipher.rs:46:32:46:37 | const9 | test_cipher.rs:46:32:46:54 | const9.align_to(...) [tuple.1, &ref, element] | provenance | MaD:104 |
 | test_cipher.rs:46:32:46:54 | const9.align_to(...) [tuple.1, &ref, element] | test_cipher.rs:46:32:46:56 | ... .1 [&ref, element] | provenance |  |
 | test_cipher.rs:46:32:46:56 | ... .1 [&ref, element] | test_cipher.rs:46:9:46:19 | const9_conv [&ref, element] | provenance |  |
 | test_cipher.rs:47:49:47:84 | ...::from_slice(...) [&ref, element] | test_cipher.rs:47:30:47:47 | ...::new | provenance | MaD:58 Sink:MaD:58 Sink:MaD:58 |
 | test_cipher.rs:47:73:47:83 | const9_conv [&ref, element] | test_cipher.rs:47:49:47:84 | ...::from_slice(...) [&ref, element] | provenance | MaD:0 |
+| test_cipher.rs:50:9:50:15 | const10 [element] | test_cipher.rs:51:75:51:81 | const10 [element] | provenance |  |
+| test_cipher.rs:50:37:50:52 | ...::zeroed | test_cipher.rs:50:37:50:54 | ...::zeroed(...) [element] | provenance | Src:MaD:101  |
+| test_cipher.rs:50:37:50:54 | ...::zeroed(...) [element] | test_cipher.rs:50:9:50:15 | const10 [element] | provenance |  |
+| test_cipher.rs:51:50:51:82 | ...::from_slice(...) [&ref, element] | test_cipher.rs:51:31:51:48 | ...::new | provenance | MaD:58 Sink:MaD:58 Sink:MaD:58 |
+| test_cipher.rs:51:74:51:81 | &const10 [&ref, element] | test_cipher.rs:51:50:51:82 | ...::from_slice(...) [&ref, element] | provenance | MaD:0 |
+| test_cipher.rs:51:75:51:81 | const10 [element] | test_cipher.rs:51:74:51:81 | &const10 [&ref, element] | provenance |  |
 | test_cipher.rs:66:9:66:14 | const2 [&ref, element] | test_cipher.rs:67:35:67:40 | const2 [&ref, element] | provenance |  |
 | test_cipher.rs:66:18:66:26 | &... [&ref, element] | test_cipher.rs:66:9:66:14 | const2 [&ref, element] | provenance |  |
 | test_cipher.rs:66:19:66:26 | [0u8; 32] [element] | test_cipher.rs:66:18:66:26 | &... [&ref, element] | provenance |  |
 | test_cipher.rs:66:20:66:22 | 0u8 | test_cipher.rs:66:19:66:26 | [0u8; 32] [element] | provenance |  |
-| test_cipher.rs:67:35:67:40 | const2 [&ref, element] | test_cipher.rs:67:35:67:47 | const2.into(...) [element] | provenance | MaD:102 |
+| test_cipher.rs:67:35:67:40 | const2 [&ref, element] | test_cipher.rs:67:35:67:47 | const2.into(...) [element] | provenance | MaD:103 |
 | test_cipher.rs:67:35:67:47 | const2.into(...) [element] | test_cipher.rs:67:23:67:33 | ...::new | provenance | MaD:76 Sink:MaD:76 |
 | test_cipher.rs:73:9:73:14 | const2 [&ref, element] | test_cipher.rs:74:46:74:51 | const2 [&ref, element] | provenance |  |
 | test_cipher.rs:73:18:73:26 | &... [&ref, element] | test_cipher.rs:73:9:73:14 | const2 [&ref, element] | provenance |  |
@@ -65,13 +72,13 @@ edges
 | test_cipher.rs:80:18:80:26 | &... [&ref, element] | test_cipher.rs:80:9:80:14 | const6 [&ref, element] | provenance |  |
 | test_cipher.rs:80:19:80:26 | [0u8; 32] [element] | test_cipher.rs:80:18:80:26 | &... [&ref, element] | provenance |  |
 | test_cipher.rs:80:20:80:22 | 0u8 | test_cipher.rs:80:19:80:26 | [0u8; 32] [element] | provenance |  |
-| test_cipher.rs:81:63:81:68 | const6 [&ref, element] | test_cipher.rs:81:63:81:75 | const6.into(...) [element] | provenance | MaD:102 |
+| test_cipher.rs:81:63:81:68 | const6 [&ref, element] | test_cipher.rs:81:63:81:75 | const6.into(...) [element] | provenance | MaD:103 |
 | test_cipher.rs:81:63:81:75 | const6.into(...) [element] | test_cipher.rs:81:23:81:61 | ...::new | provenance | MaD:86 Sink:MaD:86 |
 | test_cipher.rs:84:9:84:14 | const7 [&ref, element] | test_cipher.rs:85:75:85:80 | const7 [&ref, element] | provenance |  |
 | test_cipher.rs:84:18:84:27 | &... [&ref, element] | test_cipher.rs:84:9:84:14 | const7 [&ref, element] | provenance |  |
 | test_cipher.rs:84:19:84:27 | [0u8; 16] [element] | test_cipher.rs:84:18:84:27 | &... [&ref, element] | provenance |  |
 | test_cipher.rs:84:20:84:22 | 0u8 | test_cipher.rs:84:19:84:27 | [0u8; 16] [element] | provenance |  |
-| test_cipher.rs:85:75:85:80 | const7 [&ref, element] | test_cipher.rs:85:75:85:87 | const7.into(...) [element] | provenance | MaD:102 |
+| test_cipher.rs:85:75:85:80 | const7 [&ref, element] | test_cipher.rs:85:75:85:87 | const7.into(...) [element] | provenance | MaD:103 |
 | test_cipher.rs:85:75:85:87 | const7.into(...) [element] | test_cipher.rs:85:23:85:61 | ...::new | provenance | MaD:87 Sink:MaD:87 |
 | test_cipher.rs:124:9:124:12 | key2 [element] | test_cipher.rs:126:35:126:38 | key2 [element] | provenance |  |
 | test_cipher.rs:124:25:124:30 | [0; 32] [element] | test_cipher.rs:124:9:124:12 | key2 [element] | provenance |  |
@@ -80,10 +87,10 @@ edges
 | test_cipher.rs:125:18:125:23 | [0; 12] [element] | test_cipher.rs:125:9:125:14 | nonce2 [element] | provenance |  |
 | test_cipher.rs:125:19:125:19 | 0 | test_cipher.rs:125:18:125:23 | [0; 12] [element] | provenance |  |
 | test_cipher.rs:126:34:126:45 | &... [&ref, element] | test_cipher.rs:126:19:126:32 | ...::new | provenance | MaD:90 Sink:MaD:90 Sink:MaD:90 |
-| test_cipher.rs:126:35:126:38 | key2 [element] | test_cipher.rs:126:35:126:45 | key2.into(...) [element] | provenance | MaD:101 |
+| test_cipher.rs:126:35:126:38 | key2 [element] | test_cipher.rs:126:35:126:45 | key2.into(...) [element] | provenance | MaD:102 |
 | test_cipher.rs:126:35:126:45 | key2.into(...) [element] | test_cipher.rs:126:34:126:45 | &... [&ref, element] | provenance |  |
 | test_cipher.rs:127:29:127:42 | &... [&ref, element] | test_cipher.rs:127:21:127:27 | encrypt | provenance | MaD:91 Sink:MaD:91 Sink:MaD:91 |
-| test_cipher.rs:127:30:127:35 | nonce2 [element] | test_cipher.rs:127:30:127:42 | nonce2.into(...) [element] | provenance | MaD:101 |
+| test_cipher.rs:127:30:127:35 | nonce2 [element] | test_cipher.rs:127:30:127:42 | nonce2.into(...) [element] | provenance | MaD:102 |
 | test_cipher.rs:127:30:127:42 | nonce2.into(...) [element] | test_cipher.rs:127:29:127:42 | &... [&ref, element] | provenance |  |
 | test_cipher.rs:129:9:129:18 | key3_array [&ref, element] | test_cipher.rs:130:45:130:54 | key3_array [&ref, element] | provenance |  |
 | test_cipher.rs:129:32:129:41 | &... [&ref, element] | test_cipher.rs:129:9:129:18 | key3_array [&ref, element] | provenance |  |
@@ -99,7 +106,7 @@ edges
 | test_cipher.rs:132:34:132:38 | &key3 [&ref, &ref, element] | test_cipher.rs:132:19:132:32 | ...::new | provenance | MaD:90 Sink:MaD:90 Sink:MaD:90 Sink:MaD:90 |
 | test_cipher.rs:132:35:132:38 | key3 [&ref, element] | test_cipher.rs:132:34:132:38 | &key3 [&ref, &ref, element] | provenance |  |
 | test_cipher.rs:133:29:133:42 | &... [&ref, element] | test_cipher.rs:133:21:133:27 | encrypt | provenance | MaD:91 Sink:MaD:91 Sink:MaD:91 |
-| test_cipher.rs:133:30:133:35 | nonce3 [element] | test_cipher.rs:133:30:133:42 | nonce3.into(...) [element] | provenance | MaD:101 |
+| test_cipher.rs:133:30:133:35 | nonce3 [element] | test_cipher.rs:133:30:133:42 | nonce3.into(...) [element] | provenance | MaD:102 |
 | test_cipher.rs:133:30:133:42 | nonce3.into(...) [element] | test_cipher.rs:133:29:133:42 | &... [&ref, element] | provenance |  |
 nodes
 | test_cipher.rs:18:9:18:14 | const1 [&ref, element] | semmle.label | const1 [&ref, element] |
@@ -144,6 +151,13 @@ nodes
 | test_cipher.rs:47:30:47:47 | ...::new | semmle.label | ...::new |
 | test_cipher.rs:47:49:47:84 | ...::from_slice(...) [&ref, element] | semmle.label | ...::from_slice(...) [&ref, element] |
 | test_cipher.rs:47:73:47:83 | const9_conv [&ref, element] | semmle.label | const9_conv [&ref, element] |
+| test_cipher.rs:50:9:50:15 | const10 [element] | semmle.label | const10 [element] |
+| test_cipher.rs:50:37:50:52 | ...::zeroed | semmle.label | ...::zeroed |
+| test_cipher.rs:50:37:50:54 | ...::zeroed(...) [element] | semmle.label | ...::zeroed(...) [element] |
+| test_cipher.rs:51:31:51:48 | ...::new | semmle.label | ...::new |
+| test_cipher.rs:51:50:51:82 | ...::from_slice(...) [&ref, element] | semmle.label | ...::from_slice(...) [&ref, element] |
+| test_cipher.rs:51:74:51:81 | &const10 [&ref, element] | semmle.label | &const10 [&ref, element] |
+| test_cipher.rs:51:75:51:81 | const10 [element] | semmle.label | const10 [element] |
 | test_cipher.rs:66:9:66:14 | const2 [&ref, element] | semmle.label | const2 [&ref, element] |
 | test_cipher.rs:66:18:66:26 | &... [&ref, element] | semmle.label | &... [&ref, element] |
 | test_cipher.rs:66:19:66:26 | [0u8; 32] [element] | semmle.label | [0u8; 32] [element] |

rust/ql/test/query-tests/security/CWE-798/test_cipher.rs

@@ -47,8 +47,8 @@ fn test_stream_cipher_rabbit(
     let mut rabbit_cipher9 = RabbitKeyOnly::new(rabbit::Key::from_slice(const9_conv)); // $ Sink
     rabbit_cipher9.apply_keystream(&mut data);
 
-    let const10: [u8;16] = unsafe { std::mem::zeroed() }; // $ MISSING: Alert[rust/hardcoded-crytographic-value]
-    let mut rabbit_cipher10 = RabbitKeyOnly::new(rabbit::Key::from_slice(&const10));
+    let const10: [u8;16] = unsafe { std::mem::zeroed() }; // $ Alert[rust/hardcoded-crytographic-value]
+    let mut rabbit_cipher10 = RabbitKeyOnly::new(rabbit::Key::from_slice(&const10)); // $ Sink
     rabbit_cipher10.apply_keystream(&mut data);
 }