Rust: Add test cases for requests through hyper + http.

geoffw0 · geoffw0 · commit d64d955253b3 · 2025-02-04T10:27:58.000Z
diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
@@ -19,3 +19,4 @@
 | test.rs:72:26:72:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:75:26:75:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:78:24:78:35 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:193:16:193:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
diff --git a/rust/ql/test/library-tests/dataflow/sources/options.yml b/rust/ql/test/library-tests/dataflow/sources/options.yml
@@ -1,3 +1,9 @@
 qltest_cargo_check: true
 qltest_dependencies:
     - reqwest = { version = "0.12.9", features = ["blocking"] }
+    - hyper = { version = "1.5.2", features = ["full"] }
+    - hyper-util = { version = "0.1.10", features = ["full"] }
+    - http-body-util = { version = "0.1.2" }
+    - http = { version = "1.2.0" }
+    - tokio = { version = "1.43.0", features = ["full"] }
+    - futures = { version = "0.3" }
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -82,3 +82,122 @@ async fn test_reqwest() -> Result<(), reqwest::Error> {
 
     Ok(())
 }
+
+use std::io::Write;
+use http_body_util::BodyExt;
+
+async fn test_hyper_http(case: i64) -> Result<(), Box<dyn std::error::Error>> {
+    // using http + hyper libs to fetch a web page
+    let address = "example.com:80";
+    let url = "http://example.com/";
+
+    // create the connection
+    println!("connecting to {}...", address);
+    let stream = tokio::net::TcpStream::connect(address).await?;
+    let io = hyper_util::rt::TokioIo::new(stream);
+    let (mut sender, conn) = hyper::client::conn::http1::handshake(io).await?;
+
+    // drive the HTTP connection
+    tokio::task::spawn(async move {
+        conn.await.expect("connection failed");
+    });
+
+    // make the request
+    println!("sending request...");
+    let request = http::Request::builder().uri(url).body(String::from(""))?;
+    let mut response = sender.send_request(request).await?; // $ MISSING: Alert[rust/summary/taint-sources]
+    sink(&response); // $ MISSING: hasTaintFlow
+
+    if !response.status().is_success() {
+        return Err("request failed".into())
+    }
+
+    match case {
+        1 => {
+            sink(response.body()); // $ MISSING: hasTaintFlow
+            sink(response.body_mut()); // $ MISSING: hasTaintFlow
+
+            let body = response.into_body();
+            sink(&body); // $ MISSING: hasTaintFlow
+
+            println!("awaiting response...");
+            let data = body.collect().await?;
+            sink(&data); // $ MISSING: hasTaintFlow
+
+            let bytes = data.to_bytes();
+            println!("bytes = {:?}", &bytes);
+            sink(bytes); // $ MISSING: hasTaintFlow
+        }
+        2 => {
+            println!("streaming response...");
+            while let Some(frame) = response.frame().await {
+                if let Some(data) = frame?.data_ref() {
+                    std::io::stdout().write_all(data);
+
+                    sink(data); // $ MISSING: hasTaintFlow
+                    sink(data[0]); // $ MISSING: hasTaintFlow
+                    for byte in data {
+                        sink(byte); // $ MISSING: hasTaintFlow
+                    }
+                }
+            }
+        }
+        3 => {
+            let headers = response.headers();
+
+            if headers.contains_key(http::header::CONTENT_TYPE) {
+                println!("CONTENT_TYPE = {}", response.headers()[http::header::CONTENT_TYPE].to_str().unwrap());
+                sink(&headers[http::header::CONTENT_TYPE]); // $ MISSING: hasTaintFlow
+                sink(headers[http::header::CONTENT_TYPE].to_str().unwrap()); // $ MISSING: hasTaintFlow
+                sink(headers[http::header::CONTENT_TYPE].as_bytes()); // $ MISSING: hasTaintFlow
+                sink(headers.get(http::header::CONTENT_TYPE).unwrap()); // $ MISSING: hasTaintFlow
+            }
+
+            if headers.contains_key("Content-type") {
+                println!("Content-type = {}", response.headers().get("Content-type").unwrap().to_str().unwrap());
+                sink(headers.get("Content-type").unwrap()); // $ MISSING: hasTaintFlow
+                sink(headers.get("Content-type").unwrap().to_str().unwrap()); // $ MISSING: hasTaintFlow
+                sink(headers.get("Content-type").unwrap().as_bytes()); // $ MISSING: hasTaintFlow
+                sink(&headers["Content-type"]); // $ MISSING: hasTaintFlow
+            }
+
+            if headers.contains_key(http::header::COOKIE) {
+                sink(response.headers().get(http::header::COOKIE)); // $ MISSING: hasTaintFlow
+                for cookie in headers.get_all(http::header::COOKIE) {
+                    println!("cookie = {}", cookie.to_str().unwrap());
+                    sink(cookie); // $ MISSING: hasTaintFlow
+                    sink(cookie.to_str().unwrap()); // $ MISSING: hasTaintFlow
+                }
+            }
+
+            let (parts, body) = response.into_parts();
+
+            if parts.headers.contains_key(http::header::CONTENT_TYPE) {
+                println!("CONTENT_TYPE = {}", parts.headers[http::header::CONTENT_TYPE].to_str().unwrap());
+                sink(&parts.headers[http::header::CONTENT_TYPE]); // $ MISSING: hasTaintFlow
+                sink(parts.headers[http::header::CONTENT_TYPE].to_str().unwrap()); // $ MISSING: hasTaintFlow
+                sink(parts.headers[http::header::CONTENT_TYPE].as_bytes()); // $ MISSING: hasTaintFlow
+                sink(parts.headers.get(http::header::CONTENT_TYPE).unwrap()); // $ MISSING: hasTaintFlow
+            }
+
+            sink(body); // $ MISSING: hasTaintFlow
+        }
+        _ => {}
+    }
+
+    Ok(())
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let case = std::env::args().nth(1).unwrap_or(String::from("1")).parse::<i64>().unwrap(); // $ Alert[rust/summary/taint-sources]
+
+    println!("test_hyper_http...");
+    match futures::executor::block_on(test_hyper_http(case)) {
+        Ok(_) => println!("complete"),
+        Err(e) => println!("error: {}", e),
+    }
+    println!("");
+
+    Ok(())
+}
