Skip to content

Commit c77bf2b

Browse files
geoffw0geoffw0
committed
Rust: Add a test for sensitive data.
1 parent f23e56b commit c77bf2b

File tree

1 file changed

+150
-0
lines changed
  • rust/ql/test/library-tests/sensitivedata

1 file changed

+150
-0
lines changed

rust/ql/test/library-tests/sensitivedata/test.rs

+150
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,150 @@
1+
2+
fn get_string() -> String { "string".to_string() }
3+
4+
fn sink<T>(_: T) { }
5+
6+
// --- tests ---
7+
8+
struct MyStruct {
9+
harmless: String,
10+
password: String,
11+
password_file_path: String,
12+
password_enabled: String,
13+
}
14+
15+
impl MyStruct {
16+
fn get_certificate(&self) -> String { return get_string() }
17+
fn get_certificate_url(&self) -> String { return get_string() }
18+
fn get_certificate_file(&self) -> String { return get_string() }
19+
}
20+
21+
fn get_password() -> String { get_string() }
22+
23+
fn test_passwords(
24+
password: &str, passwd: &str, my_password: &str, password_str: &str, pass_phrase: &str,
25+
auth_key: &str, authenticationkey: &str, authKey: &str,
26+
harmless: &str, encrypted_password: &str, password_hash: &str,
27+
ms: &MyStruct
28+
) {
29+
// passwords
30+
sink(password); // $ MISSING: sensitive=password
31+
sink(passwd); // $ MISSING: sensitive=password
32+
sink(my_password); // $ MISSING: sensitive=password
33+
sink(password_str); // $ MISSING: sensitive=password
34+
sink(pass_phrase); // $ MISSING: sensitive=password
35+
sink(auth_key); // $ MISSING: sensitive=password
36+
sink(authenticationkey); // $ MISSING: sensitive=password
37+
sink(authKey); // $ MISSING: sensitive=password
38+
39+
sink(ms); // $ MISSING: sensitive=password
40+
sink(ms.password.as_str()); // $ MISSING: sensitive=password
41+
42+
sink(get_password()); // $ MISSING: sensitive=password
43+
let password2 = get_string();
44+
sink(password2); // $ MISSING: sensitive=password
45+
46+
// not passwords
47+
sink(harmless);
48+
sink(encrypted_password);
49+
sink(password_hash);
50+
51+
sink(ms.harmless.as_str());
52+
sink(ms.password_file_path.as_str());
53+
sink(ms.password_enabled.as_str());
54+
55+
sink(get_string());
56+
let harmless2 = get_string();
57+
sink(harmless2);
58+
}
59+
60+
fn generate_secret_key() -> String { get_string() }
61+
fn get_secure_key() -> String { get_string() }
62+
fn get_private_key() -> String { get_string() }
63+
fn get_public_key() -> String { get_string() }
64+
fn get_secret_token() -> String { get_string() }
65+
fn get_next_token() -> String { get_string() }
66+
67+
fn test_credentials(
68+
account_key: &str, accnt_key: &str, license_key: &str, secret_key: &str, is_secret: bool, num_accounts: i64, uid: i64,
69+
ms: &MyStruct
70+
) {
71+
// credentials
72+
sink(account_key); // $ MISSING: sensitive=secret
73+
sink(accnt_key); // $ MISSING: sensitive=secret
74+
sink(license_key); // $ MISSING: sensitive=secret
75+
sink(secret_key); // $ MISSING: sensitive=secret
76+
77+
sink(ms.get_certificate()); // $ MISSING: sensitive=certificate
78+
79+
sink(generate_secret_key()); // $ MISSING: sensitive=secret
80+
sink(get_secure_key()); // $ MISSING: sensitive=secret
81+
sink(get_private_key()); // $ MISSING: sensitive=secret
82+
sink(get_secret_token()); // $ MISSING: sensitive=secret
83+
84+
// not credentials
85+
sink(is_secret);
86+
sink(num_accounts);
87+
sink(uid);
88+
89+
sink(ms.get_certificate_url());
90+
sink(ms.get_certificate_file());
91+
92+
sink(get_public_key());
93+
sink(get_next_token());
94+
}
95+
96+
struct Financials {
97+
harmless: String,
98+
my_bank_account_number: String,
99+
credit_card_no: String,
100+
credit_rating: i32,
101+
user_ccn: String
102+
}
103+
104+
struct MyPrivateInfo {
105+
mobile_phone_num: String,
106+
contact_email: String,
107+
contact_e_mail_2: String,
108+
my_ssn: String,
109+
birthday: String,
110+
emergency_contact: String,
111+
name_of_employer: String,
112+
113+
medical_notes: Vec<String>,
114+
latitude: f64,
115+
longitude: Option<f64>,
116+
117+
financials: Financials
118+
}
119+
120+
fn test_private_info(
121+
info: &MyPrivateInfo
122+
) {
123+
// private info
124+
sink(info.mobile_phone_num.as_str()); // $ MISSING: sensitive=private
125+
sink(info.mobile_phone_num.to_string()); // $ MISSING: sensitive=private
126+
sink(info.contact_email.as_str()); // $ MISSING: sensitive=private
127+
sink(info.contact_e_mail_2.as_str()); // $ MISSING: sensitive=private
128+
sink(info.my_ssn.as_str()); // $ MISSING: sensitive=private
129+
sink(info.birthday.as_str()); // $ MISSING: sensitive=private
130+
sink(info.emergency_contact.as_str()); // $ MISSING: sensitive=private
131+
sink(info.name_of_employer.as_str()); // $ MISSING: sensitive=private
132+
133+
sink(&info.medical_notes); // $ MISSING: sensitive=private
134+
sink(info.medical_notes[0].as_str()); // $ MISSING: sensitive=private
135+
for n in info.medical_notes.iter() {
136+
sink(n.as_str()); // $ MISSING: sensitive=private
137+
}
138+
139+
sink(info.latitude); // $ MISSING: sensitive=private
140+
let x = info.longitude.unwrap();
141+
sink(x); // $ MISSING: sensitive=private
142+
143+
sink(info.financials.my_bank_account_number.as_str()); // $ MISSING: sensitive=private
144+
sink(info.financials.credit_card_no.as_str()); // $ MISSING: sensitive=private
145+
sink(info.financials.credit_rating); // $ MISSING: sensitive=private
146+
sink(info.financials.user_ccn.as_str()); // $ MISSING: sensitive=private
147+
148+
// not private info
149+
sink(info.financials.harmless.as_str());
150+
}

0 commit comments

Comments
 (0)