Rust: Add data flow tests for macros and format_args

paldepind · paldepind · commit f09632df586e · 2025-01-03T13:28:19.000+01:00
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -456,7 +456,10 @@ localStep
 | main.rs:396:15:396:62 | name.unwrap_or_else(...) | main.rs:396:11:396:11 | n |
 | main.rs:396:35:396:61 | [SSA] <captured entry> default_name | main.rs:396:38:396:49 | default_name |
 | main.rs:398:7:398:14 | [SSA] [input] SSA phi read(default_name) | main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) |
-| main.rs:425:13:425:33 | result_questionmark(...) | main.rs:425:9:425:9 | _ |
+| main.rs:410:9:410:9 | [SSA] s | main.rs:411:10:411:10 | s |
+| main.rs:410:9:410:9 | s | main.rs:410:9:410:9 | [SSA] s |
+| main.rs:410:13:410:27 | MacroExpr | main.rs:410:9:410:9 | s |
+| main.rs:436:13:436:33 | result_questionmark(...) | main.rs:436:9:436:9 | _ |
 storeStep
 | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text |
 | main.rs:94:14:94:22 | source(...) | tuple.0 | main.rs:94:13:94:26 | TupleExpr |
@@ -529,7 +532,7 @@ storeStep
 | main.rs:381:30:381:30 | 3 | array[] | main.rs:381:23:381:31 | [...] |
 | main.rs:384:18:384:27 | source(...) | array[] | main.rs:384:5:384:11 | [post] mut_arr |
 | main.rs:396:35:396:61 | default_name | captured default_name | main.rs:396:35:396:61 | \|...\| ... |
-| main.rs:407:27:407:27 | 0 | Some | main.rs:407:22:407:28 | Some(...) |
+| main.rs:418:27:418:27 | 0 | Some | main.rs:418:22:418:28 | Some(...) |
 readStep
 | file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | Some | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap |
 | file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap_or | Some | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap_or |
diff --git a/rust/ql/test/library-tests/dataflow/local/main.rs b/rust/ql/test/library-tests/dataflow/local/main.rs
@@ -400,6 +400,17 @@ pub fn captured_variable_and_continue(names: Vec<(bool, Option<String>)>) {
   }
 }
 
+macro_rules! get_source {
+    ($e:expr) => {
+        source($e)
+    };
+}
+
+fn macro_invocation() {
+    let s = get_source!(37);
+    sink(s); // $ MISSING: hasValueFlow=37
+}
+
 fn main() {
     direct();
     variable_usage();
@@ -435,4 +446,5 @@ fn main() {
     array_slice_pattern();
     array_assignment();
     captured_variable_and_continue(vec![]);
+    macro_invocation();
 }
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -1,35 +1,35 @@
 models
 | 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
 edges
-| main.rs:20:9:20:9 | s | main.rs:21:19:21:25 | s[...] | provenance |  |
-| main.rs:20:13:20:22 | source(...) | main.rs:20:9:20:9 | s | provenance |  |
-| main.rs:21:9:21:14 | sliced [&ref] | main.rs:22:16:22:21 | sliced | provenance |  |
-| main.rs:21:18:21:25 | &... [&ref] | main.rs:21:9:21:14 | sliced [&ref] | provenance |  |
-| main.rs:21:19:21:25 | s[...] | main.rs:21:18:21:25 | &... [&ref] | provenance |  |
-| main.rs:26:9:26:10 | s1 | main.rs:29:9:29:10 | s4 | provenance |  |
-| main.rs:26:14:26:23 | source(...) | main.rs:26:9:26:10 | s1 | provenance |  |
-| main.rs:29:9:29:10 | s4 | main.rs:32:10:32:11 | s4 | provenance |  |
-| main.rs:57:9:57:9 | s | main.rs:58:16:58:16 | s | provenance |  |
-| main.rs:57:13:57:22 | source(...) | main.rs:57:9:57:9 | s | provenance |  |
-| main.rs:58:16:58:16 | s | main.rs:58:16:58:25 | s.as_str(...) | provenance | MaD:1 |
+| main.rs:26:9:26:9 | s | main.rs:27:19:27:25 | s[...] | provenance |  |
+| main.rs:26:13:26:22 | source(...) | main.rs:26:9:26:9 | s | provenance |  |
+| main.rs:27:9:27:14 | sliced [&ref] | main.rs:28:16:28:21 | sliced | provenance |  |
+| main.rs:27:18:27:25 | &... [&ref] | main.rs:27:9:27:14 | sliced [&ref] | provenance |  |
+| main.rs:27:19:27:25 | s[...] | main.rs:27:18:27:25 | &... [&ref] | provenance |  |
+| main.rs:32:9:32:10 | s1 | main.rs:35:9:35:10 | s4 | provenance |  |
+| main.rs:32:14:32:23 | source(...) | main.rs:32:9:32:10 | s1 | provenance |  |
+| main.rs:35:9:35:10 | s4 | main.rs:38:10:38:11 | s4 | provenance |  |
+| main.rs:63:9:63:9 | s | main.rs:64:16:64:16 | s | provenance |  |
+| main.rs:63:13:63:22 | source(...) | main.rs:63:9:63:9 | s | provenance |  |
+| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str(...) | provenance | MaD:1 |
 nodes
-| main.rs:20:9:20:9 | s | semmle.label | s |
-| main.rs:20:13:20:22 | source(...) | semmle.label | source(...) |
-| main.rs:21:9:21:14 | sliced [&ref] | semmle.label | sliced [&ref] |
-| main.rs:21:18:21:25 | &... [&ref] | semmle.label | &... [&ref] |
-| main.rs:21:19:21:25 | s[...] | semmle.label | s[...] |
-| main.rs:22:16:22:21 | sliced | semmle.label | sliced |
-| main.rs:26:9:26:10 | s1 | semmle.label | s1 |
-| main.rs:26:14:26:23 | source(...) | semmle.label | source(...) |
-| main.rs:29:9:29:10 | s4 | semmle.label | s4 |
-| main.rs:32:10:32:11 | s4 | semmle.label | s4 |
-| main.rs:57:9:57:9 | s | semmle.label | s |
-| main.rs:57:13:57:22 | source(...) | semmle.label | source(...) |
-| main.rs:58:16:58:16 | s | semmle.label | s |
-| main.rs:58:16:58:25 | s.as_str(...) | semmle.label | s.as_str(...) |
+| main.rs:26:9:26:9 | s | semmle.label | s |
+| main.rs:26:13:26:22 | source(...) | semmle.label | source(...) |
+| main.rs:27:9:27:14 | sliced [&ref] | semmle.label | sliced [&ref] |
+| main.rs:27:18:27:25 | &... [&ref] | semmle.label | &... [&ref] |
+| main.rs:27:19:27:25 | s[...] | semmle.label | s[...] |
+| main.rs:28:16:28:21 | sliced | semmle.label | sliced |
+| main.rs:32:9:32:10 | s1 | semmle.label | s1 |
+| main.rs:32:14:32:23 | source(...) | semmle.label | source(...) |
+| main.rs:35:9:35:10 | s4 | semmle.label | s4 |
+| main.rs:38:10:38:11 | s4 | semmle.label | s4 |
+| main.rs:63:9:63:9 | s | semmle.label | s |
+| main.rs:63:13:63:22 | source(...) | semmle.label | source(...) |
+| main.rs:64:16:64:16 | s | semmle.label | s |
+| main.rs:64:16:64:25 | s.as_str(...) | semmle.label | s.as_str(...) |
 subpaths
 testFailures
 #select
-| main.rs:22:16:22:21 | sliced | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | $@ | main.rs:20:13:20:22 | source(...) | source(...) |
-| main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) |
-| main.rs:58:16:58:25 | s.as_str(...) | main.rs:57:13:57:22 | source(...) | main.rs:58:16:58:25 | s.as_str(...) | $@ | main.rs:57:13:57:22 | source(...) | source(...) |
+| main.rs:28:16:28:21 | sliced | main.rs:26:13:26:22 | source(...) | main.rs:28:16:28:21 | sliced | $@ | main.rs:26:13:26:22 | source(...) | source(...) |
+| main.rs:38:10:38:11 | s4 | main.rs:32:14:32:23 | source(...) | main.rs:38:10:38:11 | s4 | $@ | main.rs:32:14:32:23 | source(...) | source(...) |
+| main.rs:64:16:64:25 | s.as_str(...) | main.rs:63:13:63:22 | source(...) | main.rs:64:16:64:25 | s.as_str(...) | $@ | main.rs:63:13:63:22 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/strings/main.rs b/rust/ql/test/library-tests/dataflow/strings/main.rs
@@ -1,9 +1,15 @@
+use std::fmt;
+
 // Taint tests for strings
 
 fn source(i: i64) -> String {
     format!("{}", i)
 }
 
+fn source_usize(i: usize) -> usize {
+    i
+}
+
 fn source_slice(_i: i64) -> &'static str {
     "source"
 }
@@ -18,7 +24,7 @@ fn sink(s: String) {
 
 fn string_slice() {
     let s = source(35);
-    let sliced = &s[1..3];
+    let sliced = &s[1..2];
     sink_slice(sliced); // $ hasTaintFlow=35
 }
 
@@ -58,16 +64,28 @@ fn as_str() {
     sink_slice(s.as_str()); // $ hasTaintFlow=67
 }
 
-fn string_format() {
+fn format_args_built_in() {
+    let s = source(88);
+
+    let formatted1 = fmt::format(format_args!("Hello {}!", s));
+    sink(formatted1); // $ MISSING: hasTaintFlow=88
+
+    let formatted2 = fmt::format(format_args!("Hello {s}!"));
+    sink(formatted2); // $ MISSING: hasTaintFlow=88
+
+    let width = source_usize(10);
+    let formatted3 = fmt::format(format_args!("Hello {:width$}!", "World"));
+    sink(formatted3); // $ MISSING: hasTaintFlow=10
+}
+
+fn format_macro() {
     let s1 = source(34);
     let s2 = "2";
     let s3 = "3";
 
-    let s4 = format!("{s1} and {s3}");
-    let s5 = format!("{s2} and {s3}");
-
-    sink_slice(&s4); // $ MISSING: hasTaintFlow=34
-    sink_slice(&s5);
+    sink(format!("{}", s1)); // $ MISSING: hasTaintFlow=34
+    sink(format!("{s1} and {s3}")); // $ MISSING: hasTaintFlow=34
+    sink(format!("{s2} and {s3}"));
 }
 
 fn main() {
@@ -77,5 +95,6 @@ fn main() {
     string_from();
     as_str();
     string_to_string();
-    string_format();
+    format_args_built_in();
+    format_macro();
 }
