Rust: Add more general test cases for async_std::fs and tokio::fs.

geoffw0 · geoffw0 · commit bc226e21170b · 2025-08-21T16:47:10.000+01:00
diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
@@ -74,13 +74,13 @@
 | test.rs:607:21:607:41 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:608:21:608:41 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
 | test.rs:616:21:616:41 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
-| test.rs:648:26:648:53 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
-| test.rs:667:26:667:61 | ...::connect_timeout | Flow source 'RemoteSource' of type remote (DEFAULT). |
-| test.rs:719:28:719:57 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
-| test.rs:801:22:801:49 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
-| test.rs:827:22:827:50 | ...::new | Flow source 'RemoteSource' of type remote (DEFAULT). |
-| test.rs:854:16:854:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
-| test.rs:854:16:854:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
+| test.rs:658:26:658:53 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:677:26:677:61 | ...::connect_timeout | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:729:28:729:57 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:811:22:811:49 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:837:22:837:50 | ...::new | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:864:16:864:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
+| test.rs:864:16:864:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs (DEFAULT). |
 | test_futures_io.rs:19:15:19:32 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -625,6 +625,16 @@ async fn test_tokio_file() -> std::io::Result<()> {
 use async_std::io::ReadExt;
 
 async fn test_async_std_file() -> std::io::Result<()> {
+    // --- file ---
+
+    let mut file = async_std::fs::File::open("file.txt").await?; // $ MISSING: Alert[rust/summary/taint-sources]
+
+    {
+        let mut buffer = [0u8; 100];
+        let _bytes = file.read(&mut buffer).await?;
+        sink(&buffer); // $ MISSING: hasTaintFlow="file.txt"
+    }
+
     // --- OpenOptions ---
 
     {
diff --git a/rust/ql/test/query-tests/security/CWE-022/src/main.rs b/rust/ql/test/query-tests/security/CWE-022/src/main.rs
@@ -124,7 +124,15 @@ fn sinks(path1: &Path, path2: &Path) {
     let _ = std::fs::File::open(path1); // $ path-injection-sink
     let _ = std::fs::File::open_buffered(path1); // $ path-injection-sink
     let _ = std::fs::OpenOptions::new().open(path1); // $ MISSING: path-injection-sink
+
+    let _ = tokio::fs::read(path1); // $ MISSING: path-injection-sink
+    let _ = tokio::fs::read_to_string(path1); // $ MISSING: path-injection-sink
+    let _ = tokio::fs::remove_file(path1); // $ MISSING: path-injection-sink
     let _ = tokio::fs::OpenOptions::new().open(path1); // $ MISSING: path-injection-sink
+
+    let _ = async_std::fs::read(path1); // $ MISSING: path-injection-sink
+    let _ = async_std::fs::read_to_string(path1); // $ MISSING: path-injection-sink
+    let _ = async_std::fs::remove_file(path1); // $ MISSING: path-injection-sink
     let _ = async_std::fs::OpenOptions::new().open(path1); // $ MISSING: path-injection-sink
 }
 
