Skip to content

Commit 8e09948

Browse files
geoffw0geoffw0
committed
Rust: Add tests for heuristics.
1 parent c43b03b commit 8e09948

File tree

1 file changed

+62
-0
lines changed

1 file changed

+62
-0
lines changed

rust/ql/test/query-tests/security/CWE-798/test_heuristic.rs

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
2+
// --- tests ---
3+
4+
fn encrypt_with(plaintext: &str, key: &[u8;16], iv: &[u8;16]) {
5+
// ...
6+
}
7+
8+
fn encrypt2(plaintext: &str, crypto_key: &[u8;16], iv_bytes: &[u8;16]) {
9+
// ...
10+
}
11+
12+
fn database_op(text: &str, primary_key: &str, pivot: &str) {
13+
// note: this one has nothing to do with encryption, but has
14+
// `key` and `iv` contained within the parameter names.
15+
}
16+
17+
struct MyCryptor {
18+
}
19+
20+
impl MyCryptor {
21+
fn new(password: &str) -> MyCryptor {
22+
MyCryptor { }
23+
}
24+
25+
fn set_nonce(&self, nonce: &[u8;16]) {
26+
// ...
27+
}
28+
29+
fn encrypt(&self, plaintext: &str, salt: &[u8;16]) {
30+
// ...
31+
}
32+
}
33+
34+
fn test(var_string: &str, var_data: &[u8;16]) {
35+
encrypt_with("plaintext", var_data, var_data); // $ MISSING: Sink
36+
37+
let const_key: &[u8;16] = &[0u8;16]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
38+
encrypt_with("plaintext", const_key, var_data); // $ MISSING: Sink
39+
40+
let const_iv: &[u8;16] = &[0u8;16]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
41+
encrypt_with("plaintext", var_data, const_iv); // $ MISSING: Sink
42+
43+
encrypt2("plaintext", var_data, var_data); // $ MISSING: Sink
44+
45+
let const_key2: &[u8;16] = &[1u8;16]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
46+
encrypt2("plaintext", const_key2, var_data); // $ MISSING: Sink
47+
48+
let const_iv: &[u8;16] = &[1u8;16]; // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
49+
encrypt2("plaintext", var_data, const_iv); // $ MISSING: Sink
50+
51+
let const_key_str = "primary_key";
52+
let const_pivot_str = "pivot";
53+
database_op("text", const_key_str, const_pivot_str);
54+
55+
let mc1 = MyCryptor::new(var_string);
56+
mc1.set_nonce(var_data);
57+
mc1.encrypt("plaintext", var_data);
58+
59+
let mc2 = MyCryptor::new("secret"); // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
60+
mc2.set_nonce(&[0u8;16]); // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
61+
mc2.encrypt("plaintext", &[0u8;16]); // $ MISSING: Alert[rust/hard-coded-cryptographic-value]
62+
}

0 commit comments

Comments
 (0)