Skip to content

Commit 88fc7be

Browse files
geoffw0geoffw0
committed
Rust: Implement the query.
1 parent 9ead2dc commit 88fc7be

File tree

3 files changed

+43
-12
lines changed

3 files changed

+43
-12
lines changed

rust/ql/src/queries/security/CWE-696/BadCtorInitialization.ql

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,26 @@
1313

1414
import rust
1515

16-
select 0
16+
/**
17+
* A `#[ctor]` or `#[dtor]` attribute.
18+
*/
19+
class CtorAttr extends Attr {
20+
CtorAttr() { this.getMeta().getPath().getPart().getNameRef().getText() = ["ctor", "dtor"] }
21+
}
22+
23+
/**
24+
* A call into the Rust standard library.
25+
*/
26+
class StdCall extends Expr {
27+
StdCall() {
28+
this.(CallExpr).getExpr().(PathExpr).getPath().getResolvedCrateOrigin() = "lang:std" or
29+
this.(MethodCallExpr).getResolvedCrateOrigin() = "lang:std"
30+
}
31+
}
32+
33+
from CtorAttr ctor, Function f, StdCall call
34+
where
35+
f.getAnAttr() = ctor and
36+
call.getEnclosingCallable() = f
37+
select f.getName(), "This function has the $@ attribute but calls $@ in the standard library.",
38+
ctor, ctor.toString(), call, call.toString()

rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1,10 @@
1-
| 0 |
1+
| test.rs:30:4:30:9 | bad1_1 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:29:1:29:13 | Attr | Attr | test.rs:31:9:31:25 | ...::stdout(...) | ...::stdout(...) |
2+
| test.rs:35:4:35:9 | bad1_2 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:34:1:34:13 | Attr | Attr | test.rs:36:9:36:25 | ...::stdout(...) | ...::stdout(...) |
3+
| test.rs:42:4:42:9 | bad1_3 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:40:1:40:13 | Attr | Attr | test.rs:43:9:43:25 | ...::stdout(...) | ...::stdout(...) |
4+
| test.rs:52:4:52:9 | bad2_1 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:51:1:51:7 | Attr | Attr | test.rs:53:9:53:16 | stdout(...) | stdout(...) |
5+
| test.rs:57:4:57:9 | bad2_2 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:56:1:56:7 | Attr | Attr | test.rs:58:9:58:16 | stderr(...) | stderr(...) |
6+
| test.rs:62:4:62:9 | bad2_3 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:61:1:61:7 | Attr | Attr | test.rs:63:14:63:28 | ...::_print(...) | ...::_print(...) |
7+
| test.rs:67:4:67:9 | bad2_4 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:66:1:66:7 | Attr | Attr | test.rs:69:9:69:24 | ...::stdin(...) | ...::stdin(...) |
8+
| test.rs:89:4:89:9 | bad2_7 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:88:1:88:7 | Attr | Attr | test.rs:90:5:90:35 | ...::sleep(...) | ...::sleep(...) |
9+
| test.rs:96:4:96:9 | bad2_8 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:95:1:95:7 | Attr | Attr | test.rs:97:5:97:23 | ...::exit(...) | ...::exit(...) |
10+
| test.rs:142:4:142:9 | bad4_1 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:141:1:141:7 | Attr | Attr | test.rs:143:5:143:15 | ...::stdout(...) | ...::stdout(...) |

rust/ql/test/query-tests/security/CWE-696/test.rs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -27,19 +27,19 @@ fn harmless1_5() {
2727
}
2828

2929
#[ctor::ctor]
30-
fn bad1_1() { // $ MISSING: Alert[rust/ctor-initialization]
30+
fn bad1_1() { // $ Alert[rust/ctor-initialization]
3131
_ = std::io::stdout().write(b"Hello, world!");
3232
}
3333

3434
#[ctor::dtor]
35-
fn bad1_2() { // $ MISSING: Alert[rust/ctor-initialization]
35+
fn bad1_2() { // $ Alert[rust/ctor-initialization]
3636
_ = std::io::stdout().write(b"Hello, world!");
3737
}
3838

3939
#[rustfmt::skip]
4040
#[ctor::dtor]
4141
#[rustfmt::skip]
42-
fn bad1_3() { // $ MISSING: Alert[rust/ctor-initialization]
42+
fn bad1_3() { // $ Alert[rust/ctor-initialization]
4343
_ = std::io::stdout().write(b"Hello, world!");
4444
}
4545

@@ -49,22 +49,22 @@ use ctor::ctor;
4949
use std::io::*;
5050

5151
#[ctor]
52-
fn bad2_1() { // $ MISSING: Alert[rust/ctor-initialization]
52+
fn bad2_1() { // $ Alert[rust/ctor-initialization]
5353
_ = stdout().write(b"Hello, world!");
5454
}
5555

5656
#[ctor]
57-
fn bad2_2() { // $ MISSING: Alert[rust/ctor-initialization]
57+
fn bad2_2() { // $ Alert[rust/ctor-initialization]
5858
_ = stderr().write_all(b"Hello, world!");
5959
}
6060

6161
#[ctor]
62-
fn bad2_3() { // $ MISSING: Alert[rust/ctor-initialization]
62+
fn bad2_3() { // $ Alert[rust/ctor-initialization]
6363
println!("Hello, world!");
6464
}
6565

6666
#[ctor]
67-
fn bad2_4() { // $ MISSING: Alert[rust/ctor-initialization]
67+
fn bad2_4() { // $ Alert[rust/ctor-initialization]
6868
let mut buff = String::new();
6969
_ = std::io::stdin().read_line(&mut buff);
7070
}
@@ -86,14 +86,14 @@ use std::time::Duration;
8686
const DURATION2_7: Duration = Duration::new(1, 0);
8787

8888
#[ctor]
89-
fn bad2_7() { // $ MISSING: Alert[rust/ctor-initialization]
89+
fn bad2_7() { // $ Alert[rust/ctor-initialization]
9090
std::thread::sleep(DURATION2_7);
9191
}
9292

9393
use std::process;
9494

9595
#[ctor]
96-
fn bad2_8() { // $ MISSING: Alert[rust/ctor-initialization]
96+
fn bad2_8() { // $ Alert[rust/ctor-initialization]
9797
process::exit(1234);
9898
}
9999

@@ -139,6 +139,6 @@ macro_rules! macro4_1 {
139139
}
140140

141141
#[ctor]
142-
fn bad4_1() { // $ MISSING: Alert[rust/ctor-initialization]
142+
fn bad4_1() { // $ Alert[rust/ctor-initialization]
143143
macro4_1!();
144144
}

0 commit comments

Comments
 (0)