Skip to content

Commit 8825eef

Browse files
geoffw0geoffw0
committed
Rust: More counterexamples for sensitive data as well.
1 parent 87218cb commit 8825eef

File tree

1 file changed

+41
-2
lines changed
  • rust/ql/test/library-tests/sensitivedata

1 file changed

+41
-2
lines changed

rust/ql/test/library-tests/sensitivedata/test.rs

Lines changed: 41 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ struct MyStruct {
1111
password_file_path: String,
1212
password_enabled: String,
1313
mfa: String,
14+
numfailed: String,
1415
}
1516

1617
impl MyStruct {
@@ -25,10 +26,11 @@ fn test_passwords(
2526
password: &str, pass_word: &str, passwd: &str, my_password: &str, password_str: &str,
2627
pass_phrase: &str, passphrase: &str, passPhrase: &str, backup_code: &str,
2728
auth_key: &str, authkey: &str, authKey: &str, authentication_key: &str, authenticationkey: &str, authenticationKey: &str, oauth: &str,
28-
harmless: &str, encrypted_password: &str, password_hash: &str,
29+
harmless: &str, encrypted_password: &str, password_hash: &str, passwordFile: &str,
2930
ms: &MyStruct
3031
) {
3132
// passwords
33+
3234
sink(password); // $ sensitive=password
3335
sink(pass_word); // $ MISSING: sensitive=password
3436
sink(passwd); // $ sensitive=password
@@ -59,13 +61,16 @@ fn test_passwords(
5961
sink(qry); // $ MISSING: sensitive=password
6062

6163
// not passwords
64+
6265
sink(harmless);
6366
sink(encrypted_password);
6467
sink(password_hash);
68+
sink(passwordFile); // $ SPURIOUS: sensitive=password
6569

6670
sink(ms.harmless.as_str());
6771
sink(ms.password_file_path.as_str());
6872
sink(ms.password_enabled.as_str());
73+
sink(ms.numfailed.as_str());
6974

7075
sink(get_string());
7176
let harmless2 = get_string();
@@ -82,10 +87,11 @@ fn get_next_token() -> String { get_string() }
8287
fn test_credentials(
8388
account_key: &str, accnt_key: &str, license_key: &str, secret_key: &str, is_secret: bool, num_accounts: i64,
8489
username: String, user_name: String, userid: i64, user_id: i64, my_user_id_64: i64, unique_id: i64, uid: i64,
85-
sessionkey: &[u64; 4], session_key: &[u64; 4], hashkey: &[u64; 4], hash_key: &[u64; 4],
90+
sessionkey: &[u64; 4], session_key: &[u64; 4], hashkey: &[u64; 4], hash_key: &[u64; 4], sessionkeypath: &[u64; 4], account_key_path: &[u64; 4],
8691
ms: &MyStruct
8792
) {
8893
// credentials
94+
8995
sink(account_key); // $ sensitive=id
9096
sink(accnt_key); // $ sensitive=id
9197
sink(license_key); // $ MISSING: sensitive=secret
@@ -108,12 +114,15 @@ fn test_credentials(
108114
sink(get_secret_token()); // $ sensitive=secret
109115

110116
// not (necessarily) credentials
117+
111118
sink(is_secret);
112119
sink(num_accounts); // $ SPURIOUS: sensitive=id
113120
sink(unique_id);
114121
sink(uid); // $ SPURIOUS: sensitive=id
115122
sink(hashkey);
116123
sink(hash_key);
124+
sink(sessionkeypath); // $ SPURIOUS: sensitive=id
125+
sink(account_key_path); // $ SPURIOUS: sensitive=id
117126

118127
sink(ms.get_certificate_url()); // $ SPURIOUS: sensitive=certificate
119128
sink(ms.get_certificate_file()); // $ SPURIOUS: sensitive=certificate
@@ -134,11 +143,17 @@ struct DeviceInfo {
134143
macaddr12: [u8;12],
135144
mac_addr: MacAddr,
136145
networkMacAddress: String,
146+
147+
// not private device info
148+
macro_value: bool,
149+
mac_command: u32,
150+
skip_address: String,
137151
}
138152

139153
impl DeviceInfo {
140154
fn test_device_info(&self, other: &DeviceInfo) {
141155
// private device info
156+
142157
sink(&self.api_key); // $ MISSING: sensitive=id
143158
sink(&other.api_key); // $ MISSING: sensitive=id
144159
sink(&self.deviceApiToken); // $ MISSING: sensitive=id
@@ -149,6 +164,12 @@ impl DeviceInfo {
149164
sink(self.mac_addr.values); // $ MISSING: sensitive=id
150165
sink(self.mac_addr.values[0]); // $ MISSING: sensitive=id
151166
sink(&self.networkMacAddress); // $ MISSING: sensitive=id
167+
168+
// not private device info
169+
170+
sink(self.macro_value);
171+
sink(self.mac_command);
172+
sink(&self.skip_address);
152173
}
153174
}
154175

@@ -164,6 +185,12 @@ struct Financials {
164185
routingNumberText: String,
165186
iban: String,
166187
iBAN: String,
188+
189+
num_accounts: i32,
190+
total_accounts: i32,
191+
accounting: i32,
192+
unaccounted: bool,
193+
multiband: bool,
167194
}
168195

169196
enum Gender {
@@ -210,12 +237,14 @@ enum ContactDetails {
210237
HomePhoneNumber(String),
211238
MobileNumber(String),
212239
Email(String),
240+
FavouriteColor(String),
213241
}
214242

215243
fn test_private_info(
216244
info: &MyPrivateInfo, details: &ContactDetails,
217245
) {
218246
// private info
247+
219248
sink(info.mobile_phone_num.as_str()); // $ MISSING: sensitive=private
220249
sink(info.mobile_phone_num.to_string()); // $ MISSING: sensitive=private
221250
sink(info.contact_email.as_str()); // $ MISSING: sensitive=private
@@ -273,5 +302,15 @@ fn test_private_info(
273302

274303
// not private info
275304

305+
let modulesEx = 1;
306+
sink(modulesEx);
307+
276308
sink(info.financials.harmless.as_str());
309+
sink(info.financials.num_accounts);
310+
sink(info.financials.total_accounts);
311+
sink(info.financials.accounting);
312+
sink(info.financials.unaccounted);
313+
sink(info.financials.multiband);
314+
315+
sink(ContactDetails::FavouriteColor("blue".to_string()));
277316
}

0 commit comments

Comments
 (0)