Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test: Don't expect 'Source' tag when source and alert are on the same same #18653

Merged
merged 5 commits into from
Feb 4, 2025
Merged

Test: Don't expect 'Source' tag when source and alert are on the same same #18653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
28472ae
Test: Don't expect 'Source' tag when source and alert are on same line
asgerf Jan 30, 2025
78a7f26
JS: Update a JS test case
asgerf Jan 31, 2025
fc1d36f
Rust: update a Rust test case
asgerf Jan 31, 2025
fc04ad1
Test: Remove location parsing
hvitved Feb 4, 2025
7bf69d9
Merge pull request #2 from hvitved/js/source-on-same-line
asgerf Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion javascript/ql/test/query-tests/Security/CWE-611/libxml.noent.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ express().post('/some/path', function (req, res) {
// NOT OK: unguarded entity expansion
libxmljs.parseXmlString(req.param("some-xml"), { noent: true }) // $ Alert
// NOT OK: unguarded entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Source=files $ Alert=files
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Alert

// OK - no entity expansion
libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: false })
Expand Down
88 changes: 44 additions & 44 deletions rust/ql/test/query-tests/security/CWE-312/test_logging.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,51 +39,51 @@ impl std::fmt::Display for MyStruct2 {

fn test_log(harmless: String, password: String, encrypted_password: String) {
// logging macros
debug!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
info!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
trace!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
warn!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
log!(Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
debug!("message = {}", password); // $ Alert[rust/cleartext-logging]
error!("message = {}", password); // $ Alert[rust/cleartext-logging]
info!("message = {}", password); // $ Alert[rust/cleartext-logging]
trace!("message = {}", password); // $ Alert[rust/cleartext-logging]
warn!("message = {}", password); // $ Alert[rust/cleartext-logging]
log!(Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]

// debug! macro, various formatting
debug!("message");
debug!("message = {}", harmless);
debug!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
debug!("message = {}", password); // $ Alert[rust/cleartext-logging]
debug!("message = {}", encrypted_password);
debug!("message = {} {}", harmless, password); // $ Source Alert[rust/cleartext-logging]
debug!("message = {} {}", harmless, password); // $ Alert[rust/cleartext-logging]
debug!("message = {harmless}");
debug!("message = {harmless} {}", password); // $ Source Alert[rust/cleartext-logging]
debug!("message = {password}"); // $ Source Alert[rust/cleartext-logging]
debug!("message = {password:?}"); // $ Source Alert[rust/cleartext-logging]
debug!("message = {harmless} {}", password); // $ Alert[rust/cleartext-logging]
debug!("message = {password}"); // $ Alert[rust/cleartext-logging]
debug!("message = {password:?}"); // $ Alert[rust/cleartext-logging]
debug!(target: "target", "message = {}", harmless);
debug!(target: "target", "message = {}", password); // $ Source Alert[rust/cleartext-logging]
debug!(target: &password, "message = {}", harmless); // $ Source Alert[rust/cleartext-logging]
debug!(target: "target", "message = {}", password); // $ Alert[rust/cleartext-logging]
debug!(target: &password, "message = {}", harmless); // $ Alert[rust/cleartext-logging]

// log! macro, various formatting
log!(Level::Error, "message = {}", harmless);
log!(Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
log!(Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]
log!(target: "target", Level::Error, "message = {}", harmless);
log!(target: "target", Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
log!(target: &password, Level::Error, "message = {}", harmless); // $ Source Alert[rust/cleartext-logging]
log!(target: "target", Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]
log!(target: &password, Level::Error, "message = {}", harmless); // $ Alert[rust/cleartext-logging]

// structured logging
error!(value = 1; "message = {}", harmless);
error!(value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(target: "target", value = 1; "message");
error!(target: "target", value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(target: &password, value = 1; "message"); // $ Source Alert[rust/cleartext-logging]
error!(value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(target: "target", value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(target: &password, value = 1; "message"); // $ Alert[rust/cleartext-logging]
error!(value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(value = password.as_str(); "message"); // $ MISSING: Alert[rust/cleartext-logging]
error!(value:? = password.as_str(); "message"); // $ MISSING: Alert[rust/cleartext-logging]

let value1 = 1;
error!(value1; "message = {}", harmless);
error!(value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(value1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(target: "target", value1; "message");
error!(target: "target", value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(target: &password, value1; "message"); // $ Source Alert[rust/cleartext-logging]
error!(value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
error!(target: "target", value1; "message = {}", password); // $ Alert[rust/cleartext-logging]
error!(target: &password, value1; "message"); // $ Alert[rust/cleartext-logging]
error!(value1; "message = {}", password); // $ Alert[rust/cleartext-logging]

let value2 = password.as_str();
error!(value2; "message"); // $ MISSING: Alert[rust/cleartext-logging]
Expand Down Expand Up @@ -115,7 +115,7 @@ fn test_log(harmless: String, password: String, encrypted_password: String) {
}

// logging with a call
trace!("message = {}", get_password()); // $ Source Alert[rust/cleartext-logging]
trace!("message = {}", get_password()); // $ Alert[rust/cleartext-logging]

let str1 = "123456".to_string();
trace!("message = {}", &str1); // $ MISSING: Alert[rust/cleartext-logging]
Expand Down Expand Up @@ -149,36 +149,36 @@ fn test_log(harmless: String, password: String, encrypted_password: String) {
}

fn test_std(password: String, i: i32, opt_i: Option<i32>) {
print!("message = {}\n", password); // $ Source Alert[rust/cleartext-logging]
println!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
eprint!("message = {}\n", password); // $ Source Alert[rust/cleartext-logging]
eprintln!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
print!("message = {}\n", password); // $ Alert[rust/cleartext-logging]
println!("message = {}", password); // $ Alert[rust/cleartext-logging]
eprint!("message = {}\n", password); // $ Alert[rust/cleartext-logging]
eprintln!("message = {}", password); // $ Alert[rust/cleartext-logging]

match i {
1 => { panic!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
2 => { todo!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
3 => { unimplemented!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
4 => { unreachable!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
5 => { assert!(false, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
6 => { assert_eq!(1, 2, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
7 => { assert_ne!(1, 1, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
8 => { debug_assert!(false, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
9 => { debug_assert_eq!(1, 2, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
10 => { debug_assert_ne!(1, 1, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
11 => { _ = opt_i.expect(format!("message = {}", password).as_str()); } // $ Source Alert[rust/cleartext-logging]
1 => { panic!("message = {}", password); } // $ Alert[rust/cleartext-logging]
2 => { todo!("message = {}", password); } // $ Alert[rust/cleartext-logging]
3 => { unimplemented!("message = {}", password); } // $ Alert[rust/cleartext-logging]
4 => { unreachable!("message = {}", password); } // $ Alert[rust/cleartext-logging]
5 => { assert!(false, "message = {}", password); } // $ Alert[rust/cleartext-logging]
6 => { assert_eq!(1, 2, "message = {}", password); } // $ Alert[rust/cleartext-logging]
7 => { assert_ne!(1, 1, "message = {}", password); } // $ Alert[rust/cleartext-logging]
8 => { debug_assert!(false, "message = {}", password); } // $ Alert[rust/cleartext-logging]
9 => { debug_assert_eq!(1, 2, "message = {}", password); } // $ Alert[rust/cleartext-logging]
10 => { debug_assert_ne!(1, 1, "message = {}", password); } // $ Alert[rust/cleartext-logging]
11 => { _ = opt_i.expect(format!("message = {}", password).as_str()); } // $ Alert[rust/cleartext-logging]
_ => {}
}

std::io::stdout().lock().write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
std::io::stderr().lock().write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
std::io::stdout().lock().write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
std::io::stdout().lock().write_all(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
std::io::stdout().lock().write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
std::io::stdout().lock().write_all(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]

let mut out = std::io::stdout().lock();
out.write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
out.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]

let mut err = std::io::stderr().lock();
err.write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
err.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
}

fn main() {
Expand Down
54 changes: 31 additions & 23 deletions shared/util/codeql/util/test/InlineExpectationsTest.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -645,6 +645,21 @@ module TestPostProcessing {
private import InlineExpectationsTest as InlineExpectationsTest
private import InlineExpectationsTest::Make<Input>

/** Holds if the given locations refer to the same lines, but possibly with different column numbers. */
bindingset[loc1, loc2]
pragma[inline_late]
private predicate sameLineInfo(Input::Location loc1, Input::Location loc2) {
exists(string file, int line1, int line2 |
loc1.hasLocationInfo(file, line1, _, line2, _) and
loc2.hasLocationInfo(file, line1, _, line2, _)
)
}

pragma[nomagic]
private predicate mainQueryResult(int row, int column, Input::Location loc) {
queryResults(mainResultSet(), row, column, Input2::getRelativeUrl(loc))
}

/**
* Gets the tag to be used for the path-problem source at result row `row`.
*
Expand All @@ -653,8 +668,10 @@ module TestPostProcessing {
*/
private string getSourceTag(int row) {
getQueryKind() = "path-problem" and
exists(string loc | queryResults(mainResultSet(), row, 2, loc) |
if queryResults(mainResultSet(), row, 0, loc) then result = "Alert" else result = "Source"
exists(Input::Location sourceLoc, Input::Location selectLoc |
mainQueryResult(row, 0, selectLoc) and
mainQueryResult(row, 2, sourceLoc) and
if sameLineInfo(selectLoc, sourceLoc) then result = "Alert" else result = "Source"
)
}

Expand Down Expand Up @@ -719,13 +736,10 @@ module TestPostProcessing {
int row, Input::Location location, string element, string tag, string value
) {
getQueryKind() = "path-problem" and
exists(string loc |
queryResults(mainResultSet(), row, 2, loc) and
queryResults(mainResultSet(), row, 3, element) and
tag = getSourceTag(row) and
value = "" and
Input2::getRelativeUrl(location) = loc
)
mainQueryResult(row, 2, location) and
queryResults(mainResultSet(), row, 3, element) and
tag = getSourceTag(row) and
value = ""
}

predicate hasActualResult(Input::Location location, string element, string tag, string value) {
Expand Down Expand Up @@ -759,24 +773,18 @@ module TestPostProcessing {
int row, Input::Location location, string element, string tag
) {
getQueryKind() = "path-problem" and
exists(string loc |
queryResults(mainResultSet(), row, 4, loc) and
queryResults(mainResultSet(), row, 5, element) and
tag = getSinkTag(row) and
Input2::getRelativeUrl(location) = loc
)
mainQueryResult(row, 4, location) and
queryResults(mainResultSet(), row, 5, element) and
tag = getSinkTag(row)
}

private predicate hasAlert(int row, Input::Location location, string element, string tag) {
getQueryKind() = ["problem", "path-problem"] and
exists(string loc |
queryResults(mainResultSet(), row, 0, loc) and
queryResults(mainResultSet(), row, 2, element) and
tag = "Alert" and
Input2::getRelativeUrl(location) = loc and
not hasPathProblemSource(row, location, _, _, _) and
not hasPathProblemSink(row, location, _, _)
)
mainQueryResult(row, 0, location) and
queryResults(mainResultSet(), row, 2, element) and
tag = "Alert" and
not hasPathProblemSource(row, location, _, _, _) and
not hasPathProblemSink(row, location, _, _)
}

/**
Expand Down