diff --git a/rust/ql/lib/codeql/rust/Concepts.qll b/rust/ql/lib/codeql/rust/Concepts.qll index 723cde6913a8..544a87e11f18 100644 --- a/rust/ql/lib/codeql/rust/Concepts.qll +++ b/rust/ql/lib/codeql/rust/Concepts.qll @@ -102,6 +102,58 @@ class ModeledEnvironmentSource extends EnvironmentSource::Range { ModeledEnvironmentSource() { sourceNode(this, "environment-source") } } +/** + * A data flow source corresponding to a file access. + */ +final class FileSource = FileSource::Range; + +/** + * An externally modeled source for data from a file access. + */ +class ModeledFileSource extends FileSource::Range { + ModeledFileSource() { sourceNode(this, "file") } +} + +/** + * Provides a class for modeling new sources for file accesses. + */ +module FileSource { + /** + * A data flow source corresponding to a file access. + */ + abstract class Range extends ThreatModelSource::Range { + override string getThreatModel() { result = "file" } + + override string getSourceType() { result = "FileSource" } + } +} + +/** + * A data flow source corresponding to standard input. + */ +final class StdInSource = StdInSource::Range; + +/** + * An externally modeled source for data from standard input. + */ +class ModeledStdInSourceSource extends StdInSource::Range { + ModeledStdInSourceSource() { sourceNode(this, "stdin") } +} + +/** + * Provides a class for modeling new sources for standard input. + */ +module StdInSource { + /** + * A data flow source corresponding to standard input. + */ + abstract class Range extends ThreatModelSource::Range { + override string getThreatModel() { result = "stdin" } + + override string getSourceType() { result = "StdInSource" } + } +} + /** * A data flow source corresponding to the program's database reads. */ diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml index c7fa72793306..436ff2002baa 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml @@ -2,7 +2,14 @@ extensions: - addsTo: pack: codeql/rust-all extensible: sourceModel - data: [] + data: + - ["lang:std", "crate::fs::read", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"] + - ["lang:std", "crate::fs::read_to_string", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"] + - ["lang:std", "crate::fs::read_link", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"] + - ["lang:std", "::path", "ReturnValue", "file", "manual"] + - ["lang:std", "::file_name", "ReturnValue", "file", "manual"] + - ["lang:std", "::open", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"] + - ["lang:std", "::open_buffered", "ReturnValue.Field[crate::result::Result::Ok(0)]", "file", "manual"] - addsTo: pack: codeql/rust-all extensible: sinkModel @@ -34,7 +41,6 @@ extensions: - ["lang:std", "::create_new", "Argument[0]", "path-injection", "manual"] - ["lang:std", "::open", "Argument[0]", "path-injection", "manual"] - ["lang:std", "::open_buffered", "Argument[0]", "path-injection", "manual"] - - addsTo: pack: codeql/rust-all extensible: summaryModel diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml new file mode 100644 index 000000000000..3cdbb911b5b8 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml @@ -0,0 +1,38 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["lang:std", "crate::io::stdio::stdin", "ReturnValue", "stdin", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["lang:std", "::new", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["lang:std", "::fill_buf", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:std", "::buffer", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:std", "::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "crate::io::Read::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "crate::io::Read::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", ":::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", ":::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "crate::io::Read::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "crate::io::Read::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "crate::io::BufRead::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["lang:std", "crate::io::BufRead::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"] + - ["lang:std", "crate::io::BufRead::split", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:std", "crate::io::BufRead::lines", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:std", "crate::io::Read::bytes", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:std", "crate::io::Read::chain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:std", "crate::io::Read::chain", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["lang:std", "crate::io::Read::take", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:std", "::lock", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index c147ec62e2e9..0fc990c1e921 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -1940,8 +1940,25 @@ storeStep | file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:proc_macro::_::::decode | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:proc_macro::_::::decode | | file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:proc_macro::_::::decode | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:proc_macro::_::::decode | | file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:proc_macro::_::::decode | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:proc_macro::_::::decode | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_:::::read_to_end | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_:::::read_to_end | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_:::::read_to_end | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_:::::read_to_end | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read_exact | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read_exact | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read_to_end | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read_to_end | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read_to_string | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read_to_string | | file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::advance_slices | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::advance_slices | | file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::advance_slices | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::advance_slices | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read_exact | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read_exact | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read_to_string | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read_to_string | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read_exact | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read_exact | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::::read_to_string | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::::read_to_string | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::crate::io::BufRead::read_line | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::crate::io::BufRead::read_line | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::crate::io::Read::read | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::crate::io::Read::read | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::crate::io::Read::read_exact | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::crate::io::Read::read_exact | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::crate::io::Read::read_to_end | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::crate::io::Read::read_to_end | +| file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:std::_::crate::io::Read::read_to_string | &ref | file://:0:0:0:0 | [post] [summary param] 0 in lang:std::_::crate::io::Read::read_to_string | | file://:0:0:0:0 | [summary] to write: Argument[0].Reference.Reference in lang:proc_macro::_::<&[u8] as crate::bridge::rpc::DecodeMut>::decode | &ref | file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:proc_macro::_::<&[u8] as crate::bridge::rpc::DecodeMut>::decode | | file://:0:0:0:0 | [summary] to write: Argument[0].Reference.Reference in lang:proc_macro::_::::decode | &ref | file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:proc_macro::_::::decode | | file://:0:0:0:0 | [summary] to write: Argument[0].Reference.Reference in lang:proc_macro::_::::decode | &ref | file://:0:0:0:0 | [summary] to write: Argument[0].Reference in lang:proc_macro::_::::decode | @@ -1957,6 +1974,7 @@ storeStep | file://:0:0:0:0 | [summary] to write: Argument[1].Parameter[0].Reference in lang:core::_::::map_split | &ref | file://:0:0:0:0 | [summary] to write: Argument[1].Parameter[0] in lang:core::_::::map_split | | file://:0:0:0:0 | [summary] to write: Argument[1].Parameter[0].Reference in lang:std::_::::wait_while | &ref | file://:0:0:0:0 | [summary] to write: Argument[1].Parameter[0] in lang:std::_::::wait_while | | file://:0:0:0:0 | [summary] to write: Argument[1].Reference in lang:core::_::<_ as crate::clone::uninit::CopySpec>::clone_one | &ref | file://:0:0:0:0 | [post] [summary param] 1 in lang:core::_::<_ as crate::clone::uninit::CopySpec>::clone_one | +| file://:0:0:0:0 | [summary] to write: Argument[1].Reference in lang:std::_::crate::io::BufRead::read_until | &ref | file://:0:0:0:0 | [post] [summary param] 1 in lang:std::_::crate::io::BufRead::read_until | | file://:0:0:0:0 | [summary] to write: Argument[2].Parameter[0].Reference in lang:core::_::crate::cmp::max_by | &ref | file://:0:0:0:0 | [summary] to write: Argument[2].Parameter[0] in lang:core::_::crate::cmp::max_by | | file://:0:0:0:0 | [summary] to write: Argument[2].Parameter[0].Reference in lang:core::_::crate::cmp::max_by_key | &ref | file://:0:0:0:0 | [summary] to write: Argument[2].Parameter[0] in lang:core::_::crate::cmp::max_by_key | | file://:0:0:0:0 | [summary] to write: Argument[2].Parameter[0].Reference in lang:core::_::crate::cmp::min_by | &ref | file://:0:0:0:0 | [summary] to write: Argument[2].Parameter[0] in lang:core::_::crate::cmp::min_by | @@ -2185,6 +2203,7 @@ storeStep | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::or_else | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::or_else | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::parse | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::parse | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::<&[u8] as crate::io::BufRead>::fill_buf | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:std::_::<&[u8] as crate::io::BufRead>::fill_buf | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::fill_buf | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:std::_::::fill_buf | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::canonicalize | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:std::_::::canonicalize | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::wait | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:std::_::::wait | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::wait_timeout | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:std::_::::wait_timeout | diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index 8448ee783720..ba7eeae00081 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -22,4 +22,28 @@ | test.rs:80:24:80:35 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). | | test.rs:112:35:112:46 | send_request | Flow source 'RemoteSource' of type remote (DEFAULT). | | test.rs:119:31:119:42 | send_request | Flow source 'RemoteSource' of type remote (DEFAULT). | -| test.rs:203:16:203:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). | +| test.rs:205:31:205:43 | ...::read | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:210:31:210:38 | ...::read | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:215:22:215:39 | ...::read_to_string | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:221:22:221:25 | path | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:222:27:222:35 | file_name | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:228:22:228:34 | ...::read_link | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:243:22:243:35 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:249:22:249:35 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:255:22:255:35 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:261:9:261:22 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:265:17:265:30 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:271:20:271:38 | ...::open | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:304:50:304:63 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:310:50:310:63 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:317:50:317:63 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:324:50:324:63 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:331:56:331:69 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:338:50:338:63 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:345:50:345:63 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:351:50:351:63 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:360:25:360:43 | ...::open | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:361:25:361:43 | ...::open | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:369:25:369:43 | ...::open | Flow source 'FileSource' of type file (DEFAULT). | +| test.rs:377:22:377:35 | ...::stdin | Flow source 'StdInSource' of type stdin (DEFAULT). | +| test.rs:386:16:386:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). | diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs index e4c6b2736d74..2ec0b8964ca2 100644 --- a/rust/ql/test/library-tests/dataflow/sources/test.rs +++ b/rust/ql/test/library-tests/dataflow/sources/test.rs @@ -198,6 +198,189 @@ async fn test_hyper_http(case: i64) -> Result<(), Box> { Ok(()) } +use std::fs; + +fn test_fs() -> Result<(), Box> { + { + let buffer: Vec = std::fs::read("file.bin")?; // $ Alert[rust/summary/taint-sources] + sink(buffer); // $ hasTaintFlow="file.bin" + } + + { + let buffer: Vec = fs::read("file.bin")?; // $ Alert[rust/summary/taint-sources] + sink(buffer); // $ hasTaintFlow="file.bin" + } + + { + let buffer = fs::read_to_string("file.txt")?; // $ Alert[rust/summary/taint-sources] + sink(buffer); // $ hasTaintFlow="file.txt" + } + + for entry in fs::read_dir("directory")? { + let e = entry?; + let path = e.path(); // $ Alert[rust/summary/taint-sources] + let file_name = e.file_name(); // $ Alert[rust/summary/taint-sources] + sink(path); // $ hasTaintFlow + sink(file_name); // $ hasTaintFlow + } + + { + let target = fs::read_link("symlink.txt")?; // $ Alert[rust/summary/taint-sources] + sink(target); // $ hasTaintFlow="symlink.txt" + } + + Ok(()) +} + +use std::io::Read; +use std::io::BufRead; + +fn test_io_fs() -> std::io::Result<()> { + // --- stdin --- + + { + let mut buffer = [0u8; 100]; + let _bytes = std::io::stdin().read(&mut buffer)?; // $ Alert[rust/summary/taint-sources] + sink(&buffer); // $ hasTaintFlow + } + + { + let mut buffer = Vec::::new(); + let _bytes = std::io::stdin().read_to_end(&mut buffer)?; // $ Alert[rust/summary/taint-sources] + sink(&buffer); // $ MISSING: hasTaintFlow + } + + { + let mut buffer = String::new(); + let _bytes = std::io::stdin().read_to_string(&mut buffer)?; // $ Alert[rust/summary/taint-sources] + sink(&buffer); // $ hasTaintFlow + } + + { + let mut buffer = [0; 100]; + std::io::stdin().read_exact(&mut buffer)?; // $ Alert[rust/summary/taint-sources] + sink(&buffer); // $ hasTaintFlow + } + + for byte in std::io::stdin().bytes() { // $ Alert[rust/summary/taint-sources] + sink(byte); // $ hasTaintFlow + } + + // --- file --- + + let mut file = std::fs::File::open("file.txt")?; // $ Alert[rust/summary/taint-sources] + + { + let mut buffer = [0u8; 100]; + let _bytes = file.read(&mut buffer)?; + sink(&buffer); // $ hasTaintFlow="file.txt" + } + + { + let mut buffer = Vec::::new(); + let _bytes = file.read_to_end(&mut buffer)?; + sink(&buffer); // $ hasTaintFlow="file.txt" + } + + { + let mut buffer = String::new(); + let _bytes = file.read_to_string(&mut buffer)?; + sink(&buffer); // $ hasTaintFlow="file.txt" + } + + { + let mut buffer = [0; 100]; + file.read_exact(&mut buffer)?; + sink(&buffer); // $ hasTaintFlow="file.txt" + } + + for byte in file.bytes() { + sink(byte); // $ hasTaintFlow="file.txt" + } + + // --- BufReader --- + + { + let mut reader = std::io::BufReader::new(std::io::stdin()); // $ Alert[rust/summary/taint-sources] + let data = reader.fill_buf()?; + sink(&data); // $ hasTaintFlow + } + + { + let mut reader = std::io::BufReader::new(std::io::stdin()); // $ Alert[rust/summary/taint-sources] + let data = reader.buffer(); + sink(&data); // $ hasTaintFlow + } + + { + let mut buffer = String::new(); + let mut reader = std::io::BufReader::new(std::io::stdin()); // $ Alert[rust/summary/taint-sources] + reader.read_line(&mut buffer)?; + sink(&buffer); // $ hasTaintFlow + } + + { + let mut buffer = Vec::::new(); + let mut reader = std::io::BufReader::new(std::io::stdin()); // $ Alert[rust/summary/taint-sources] + reader.read_until(b',', &mut buffer)?; + sink(&buffer); // $ hasTaintFlow + } + + { + let mut buffer = Vec::::new(); + let mut reader_split = std::io::BufReader::new(std::io::stdin()).split(b','); // $ Alert[rust/summary/taint-sources] + while let Some(chunk) = reader_split.next() { + sink(chunk.unwrap()); // $ MISSING: hasTaintFlow + } + } + + { + let mut reader = std::io::BufReader::new(std::io::stdin()); // $ Alert[rust/summary/taint-sources] + for line in reader.lines() { + sink(line); // $ hasTaintFlow + } + } + + { + let mut reader = std::io::BufReader::new(std::io::stdin()); // $ Alert[rust/summary/taint-sources] + let line = reader.lines().nth(1).unwrap(); + sink(line.unwrap().clone()); // $ MISSING: hasTaintFlow + } + + { + let mut reader = std::io::BufReader::new(std::io::stdin()); // $ Alert[rust/summary/taint-sources] + let lines: Vec<_> = reader.lines().collect(); + sink(lines[1].as_ref().unwrap().clone()); // $ MISSING: hasTaintFlow + } + + // --- misc operations --- + + { + let mut buffer = String::new(); + let mut file1 = std::fs::File::open("file.txt")?; // $ Alert[rust/summary/taint-sources] + let mut file2 = std::fs::File::open("another_file.txt")?; // $ Alert[rust/summary/taint-sources] + let mut reader = file1.chain(file2); + reader.read_to_string(&mut buffer)?; + sink(&buffer); // $ hasTaintFlow="file.txt" hasTaintFlow="another_file.txt" + } + + { + let mut buffer = String::new(); + let mut file1 = std::fs::File::open("file.txt")?; // $ Alert[rust/summary/taint-sources] + let mut reader = file1.take(100); + reader.read_to_string(&mut buffer)?; + sink(&buffer); // $ hasTaintFlow="file.txt" + } + + { + let mut buffer = String::new(); + let _bytes = std::io::stdin().lock().read_to_string(&mut buffer)?; // $ Alert[rust/summary/taint-sources] + sink(&buffer); // $ hasTaintFlow + } + + Ok(()) +} + #[tokio::main] async fn main() -> Result<(), Box> { let case = std::env::args().nth(1).unwrap_or(String::from("1")).parse::().unwrap(); // $ Alert[rust/summary/taint-sources]