Conversation
geoffw0
added
no-change-note-required
There was a problem hiding this comment.
Pull Request Overview
This PR adds a model for str.trim to bring consistency between String and str models, and adjusts test cases to reflect the expected security warnings.
- Updates test cases to include alerts for weak hash usage on password strings.
- Adds a model for "::trim" in lang-core.model.yml.
- Adds a model for "crate::string::String::trim" in lang-alloc.model.yml.
Reviewed Changes
Copilot reviewed 3 out of 5 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| rust/ql/test/query-tests/security/CWE-328/test.rs | Updates test comments to include alerts for weak-sensitive-data-hashing |
| rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml | Adds a model for ::trim (and related string conversion methods) |
| rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml | Adds models for String parsing and trimming in accordance with str models |
Files not reviewed (2)
- rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected: Language not supported
- rust/ql/test/query-tests/security/CWE-328/WeakSensitiveDataHashing.expected: Language not supported
Comments suppressed due to low confidence (1)
rust/ql/test/query-tests/security/CWE-328/test.rs:85
- Update the comment to remove the '$ MISSING:' prefix for consistency with the other alert comments.
_ = md5::Md5::digest(std::str::from_utf8(password_arr).unwrap()); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
aibaars
left a comment
aibaars
left a comment
There was a problem hiding this comment.
Looks good to me, let mark some steps as value instead of taint.
| - ["lang:core", "<str>::as_str", "Argument[self]", "ReturnValue", "taint", "manual"] | ||
| - ["lang:core", "<str>::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"] | ||
| - ["lang:core", "<str>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] |
There was a problem hiding this comment.
The function <str>::as_str is value preserving, it just returns self. I think as_bytes should be considered value preserving as well. It is defined as and doesn't change the value, only its type.
pub const fn as_bytes(&self) -> &[u8] {
// SAFETY: const sound because we transmute two types with the same layout
unsafe { mem::transmute(self) }
}
I'm a little in doubt of whether to consider str::to_string to be value preserving as well. I'm not sure whether we consider copies to be taint or value preserving in other cases.
There was a problem hiding this comment.
Good idea. Done.
I'm a little in doubt of whether to consider str::to_string to be value preserving as well.
I would say no, because in general to_string is not value preserving.
There was a problem hiding this comment.
True, it's only value "preserving" for String and str.
|
CI failure fixed. |
Add model for
str.trim. MakeStringandstrmodels consistent. Fixes a couple of test cases.