diff --git a/rust/ql/lib/codeql/rust/Concepts.qll b/rust/ql/lib/codeql/rust/Concepts.qll index 51d601070000..9f1924095d7b 100644 --- a/rust/ql/lib/codeql/rust/Concepts.qll +++ b/rust/ql/lib/codeql/rust/Concepts.qll @@ -7,6 +7,7 @@ private import codeql.rust.dataflow.DataFlow private import codeql.threatmodels.ThreatModels private import codeql.rust.Frameworks +private import codeql.rust.dataflow.FlowSource /** * A data flow source for a specific threat-model. @@ -66,6 +67,13 @@ module CommandLineArgsSource { } } +/** + * An externally modeled source for command line arguments. + */ +class ModeledCommandLineArgsSource extends CommandLineArgsSource::Range { + ModeledCommandLineArgsSource() { sourceNode(this, "command-line-source") } +} + /** * A data flow source corresponding to the program's environment. */ @@ -85,6 +93,13 @@ module EnvironmentSource { } } +/** + * An externally modeled source for data from the program's environment. + */ +class ModeledEnvironmentSource extends EnvironmentSource::Range { + ModeledEnvironmentSource() { sourceNode(this, "environment-source") } +} + /** * A data flow source for remote (network) data. */ @@ -104,6 +119,13 @@ module RemoteSource { } } +/** + * An externally modeled source for remote (network) data. + */ +class ModeledRemoteSource extends RemoteSource::Range { + ModeledRemoteSource() { sourceNode(this, "remote-source") } +} + /** * A data flow node that constructs a SQL statement (for later execution). * diff --git a/rust/ql/lib/codeql/rust/Frameworks.qll b/rust/ql/lib/codeql/rust/Frameworks.qll index 6a5e95c82e56..6d9dcaea5058 100644 --- a/rust/ql/lib/codeql/rust/Frameworks.qll +++ b/rust/ql/lib/codeql/rust/Frameworks.qll @@ -2,7 +2,5 @@ * This file imports all models of frameworks and libraries. */ -private import codeql.rust.frameworks.Reqwest private import codeql.rust.frameworks.rustcrypto.RustCrypto -private import codeql.rust.frameworks.stdlib.Env private import codeql.rust.frameworks.Sqlx diff --git a/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll b/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll deleted file mode 100644 index 2d3e04f94b3b..000000000000 --- a/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll +++ /dev/null @@ -1,19 +0,0 @@ -/** - * Provides modeling for the `reqwest` library. - */ - -private import rust -private import codeql.rust.Concepts - -/** - * A call to `reqwest::get` or `reqwest::blocking::get`. - */ -private class ReqwestGet extends RemoteSource::Range { - ReqwestGet() { - exists(CallExpr ce | - this.asExpr().getExpr() = ce and - ce.getFunction().(PathExpr).getResolvedCrateOrigin().matches("%reqwest") and - ce.getFunction().(PathExpr).getResolvedPath() = ["crate::get", "crate::blocking::get"] - ) - } -} diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml index 8b2b9afc79b4..051687fa4e61 100644 --- a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml @@ -1,4 +1,10 @@ extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::get", "ReturnValue", "remote-source", "manual"] + - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::blocking::get", "ReturnValue", "remote-source", "manual"] - addsTo: pack: codeql/rust-all extensible: summaryModel diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll b/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll deleted file mode 100644 index 8410da77a069..000000000000 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll +++ /dev/null @@ -1,36 +0,0 @@ -/** - * Provides modeling for the `std::env` library. - */ - -private import rust -private import codeql.rust.Concepts - -/** - * A call to `std::env::args` or `std::env::args_os`. - */ -private class StdEnvArgs extends CommandLineArgsSource::Range { - StdEnvArgs() { - this.asExpr().getExpr().(CallExpr).getFunction().(PathExpr).getResolvedPath() = - ["crate::env::args", "crate::env::args_os"] - } -} - -/** - * A call to `std::env::current_dir`, `std::env::current_exe` or `std::env::home_dir`. - */ -private class StdEnvDir extends CommandLineArgsSource::Range { - StdEnvDir() { - this.asExpr().getExpr().(CallExpr).getFunction().(PathExpr).getResolvedPath() = - ["crate::env::current_dir", "crate::env::current_exe", "crate::env::home_dir"] - } -} - -/** - * A call to `std::env::var`, `std::env::var_os`, `std::env::vars` or `std::env::vars_os`. - */ -private class StdEnvVar extends EnvironmentSource::Range { - StdEnvVar() { - this.asExpr().getExpr().(CallExpr).getFunction().(PathExpr).getResolvedPath() = - ["crate::env::var", "crate::env::var_os", "crate::env::vars", "crate::env::vars_os"] - } -} diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml new file mode 100644 index 000000000000..ceb5a88f0c12 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["lang:std", "crate::env::args", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::args_os", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::current_dir", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::current_exe", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::home_dir", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::var", "ReturnValue", "environment-source", "manual"] + - ["lang:std", "crate::env::var_os", "ReturnValue", "environment-source", "manual"] + - ["lang:std", "crate::env::vars", "ReturnValue", "environment-source", "manual"] + - ["lang:std", "crate::env::vars_os", "ReturnValue", "environment-source", "manual"] diff --git a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll index 8407ee4467d1..61caa4dd4758 100644 --- a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll @@ -174,7 +174,8 @@ module ComputationallyExpensiveHashFunction { } /** - * An externally modeled operation that hashes data, for example a call to `md5::Md5::digest(data)`. + * An externally modeled operation that hashes data, for example a call to `md5::Md5::digest(data)`. The + * model should identify the argument of a call that is the data to be hashed. */ class ModeledHashOperation extends Cryptography::CryptographicOperation::Range { DataFlow::Node input; diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index cebbc00f3a5e..e127b06cce96 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -1,17 +1,17 @@ -| test.rs:8:10:8:30 | ...::var(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:9:10:9:33 | ...::var_os(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:11:16:11:36 | ...::var(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:12:16:12:39 | ...::var_os(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:17:25:17:40 | ...::vars(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:22:25:22:43 | ...::vars_os(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:29:29:29:44 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:32:16:32:31 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:33:16:33:34 | ...::args_os(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:40:16:40:31 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:44:16:44:34 | ...::args_os(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:50:15:50:37 | ...::current_dir(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:51:15:51:37 | ...::current_exe(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:52:16:52:35 | ...::home_dir(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:60:26:60:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | -| test.rs:63:26:63:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | -| test.rs:66:26:66:60 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | +| test.rs:8:10:8:22 | ...::var | Flow source 'EnvironmentSource' of type environment. | +| test.rs:9:10:9:25 | ...::var_os | Flow source 'EnvironmentSource' of type environment. | +| test.rs:11:16:11:28 | ...::var | Flow source 'EnvironmentSource' of type environment. | +| test.rs:12:16:12:31 | ...::var_os | Flow source 'EnvironmentSource' of type environment. | +| test.rs:17:25:17:38 | ...::vars | Flow source 'EnvironmentSource' of type environment. | +| test.rs:22:25:22:41 | ...::vars_os | Flow source 'EnvironmentSource' of type environment. | +| test.rs:29:29:29:42 | ...::args | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:32:16:32:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:33:16:33:32 | ...::args_os | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:40:16:40:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:44:16:44:32 | ...::args_os | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:50:15:50:35 | ...::current_dir | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:51:15:51:35 | ...::current_exe | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:52:16:52:33 | ...::home_dir | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:60:26:60:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). | +| test.rs:63:26:63:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). | +| test.rs:66:26:66:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). | diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs index 7b33a00864e2..de482c251065 100644 --- a/rust/ql/test/library-tests/dataflow/sources/test.rs +++ b/rust/ql/test/library-tests/dataflow/sources/test.rs @@ -5,8 +5,8 @@ fn sink(_: T) { } // --- tests --- fn test_env_vars() { - sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow - sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow + sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="HOME" + sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="PATH" let var1 = std::env::var("HOME").expect("HOME not set"); // $ Alert[rust/summary/taint-sources] let var2 = std::env::var_os("PATH").unwrap(); // $ Alert[rust/summary/taint-sources] diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected index b2b6872a6d25..2182c664f4f7 100644 --- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected @@ -1,6 +1,6 @@ -| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:14 | -| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:12 | -| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:0 | +| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:25 | +| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:23 | +| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:2 | | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... | | | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... | | | main.rs:8:20:8:20 | s | main.rs:8:14:8:20 | FormatArgsExpr | |