Rust: Also add the good example and a couple of other cited good cases to the test.

geoffw0 · geoffw0 · commit be5bd1da0a2a · 2024-11-25T19:54:04.000Z
diff --git a/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected b/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected
@@ -7,4 +7,4 @@
 | test.rs:67:4:67:9 | bad2_4 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:66:1:66:7 | Attr | Attr | test.rs:69:9:69:24 | ...::stdin(...) | ...::stdin(...) |
 | test.rs:89:4:89:9 | bad2_7 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:88:1:88:7 | Attr | Attr | test.rs:90:5:90:35 | ...::sleep(...) | ...::sleep(...) |
 | test.rs:96:4:96:9 | bad2_8 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:95:1:95:7 | Attr | Attr | test.rs:97:5:97:23 | ...::exit(...) | ...::exit(...) |
-| test.rs:142:4:142:9 | bad4_1 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:141:1:141:7 | Attr | Attr | test.rs:143:5:143:15 | ...::stdout(...) | ...::stdout(...) |
+| test.rs:165:4:165:9 | bad4_1 | This function has the $@ attribute but calls $@ in the standard library. | test.rs:164:1:164:7 | Attr | Attr | test.rs:166:5:166:15 | ...::stdout(...) | ...::stdout(...) |
diff --git a/rust/ql/test/query-tests/security/CWE-696/options.yml b/rust/ql/test/query-tests/security/CWE-696/options.yml
@@ -1,3 +1,4 @@
 qltest_cargo_check: true
 qltest_dependencies:
     - ctor = { version = "0.2.9" }
+    - libc-print = { version = "0.1.23" }
diff --git a/rust/ql/test/query-tests/security/CWE-696/test.rs b/rust/ql/test/query-tests/security/CWE-696/test.rs
@@ -97,6 +97,29 @@ fn bad2_8() { // $ Alert[rust/ctor-initialization]
     process::exit(1234);
 }
 
+#[ctor::ctor]
+fn harmless2_9() {
+    libc_print::libc_println!("Hello, world!"); // does not use the std library
+}
+
+#[ctor::ctor]
+fn harmless2_10() {
+    core::assert!(true); // core library should be OK in this context
+}
+
+extern crate alloc;
+use alloc::alloc::{alloc, dealloc, Layout};
+
+#[ctor::ctor]
+unsafe fn harmless2_11() {
+    let layout = Layout::new::<u64>();
+    let ptr = alloc(layout); // alloc library should be OK in this context
+
+    if !ptr.is_null() {
+        dealloc(ptr, layout);
+    }
+}
+
 // --- transitive cases ---
 
 fn call_target3_1() {
