Skip to content

Commit cd0fd02

Browse files
committed
Rust: Remove 'Source' annotations from same line as Alert
Source tags should no longer be used when on the same line as the Alert. The ones in this file went unnoticed however because *all* of them were on the same line as an Alert, which made the test library ignore all Source tags.
1 parent cd2c4d5 commit cd0fd02

File tree

1 file changed

+13
-13
lines changed
  • rust/ql/test/query-tests/security/CWE-328

1 file changed

+13
-13
lines changed

rust/ql/test/query-tests/security/CWE-328/test.rs

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,32 +11,32 @@ fn test_hash_algorithms(
1111

1212
// MD5
1313
_ = md5::Md5::digest(harmless);
14-
_ = md5::Md5::digest(credit_card_no); // $ Source Alert[rust/weak-sensitive-data-hashing]
15-
_ = md5::Md5::digest(password); // $ Source Alert[rust/weak-sensitive-data-hashing]
14+
_ = md5::Md5::digest(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing]
15+
_ = md5::Md5::digest(password); // $ Alert[rust/weak-sensitive-data-hashing]
1616
_ = md5::Md5::digest(encrypted_password);
1717

1818
// MD5 (alternative / older library)
1919
_ = md5_alt::compute(harmless);
20-
_ = md5_alt::compute(credit_card_no); // $ Source Alert[rust/weak-sensitive-data-hashing]
21-
_ = md5_alt::compute(password); // $ Source Alert[rust/weak-sensitive-data-hashing]
20+
_ = md5_alt::compute(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing]
21+
_ = md5_alt::compute(password); // $ Alert[rust/weak-sensitive-data-hashing]
2222
_ = md5_alt::compute(encrypted_password);
2323

2424
// SHA-1
2525
_ = sha1::Sha1::digest(harmless);
26-
_ = sha1::Sha1::digest(credit_card_no); // $ Source Alert[rust/weak-sensitive-data-hashing]
27-
_ = sha1::Sha1::digest(password); // $ Source Alert[rust/weak-sensitive-data-hashing]
26+
_ = sha1::Sha1::digest(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing]
27+
_ = sha1::Sha1::digest(password); // $ Alert[rust/weak-sensitive-data-hashing]
2828
_ = sha1::Sha1::digest(encrypted_password);
2929

3030
// SHA-1 checked
3131
_ = sha1_checked::Sha1::digest(harmless);
32-
_ = sha1_checked::Sha1::digest(credit_card_no); // $ Source Alert[rust/weak-sensitive-data-hashing]
33-
_ = sha1_checked::Sha1::digest(password); // $ Source Alert[rust/weak-sensitive-data-hashing]
32+
_ = sha1_checked::Sha1::digest(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing]
33+
_ = sha1_checked::Sha1::digest(password); // $ Alert[rust/weak-sensitive-data-hashing]
3434
_ = sha1_checked::Sha1::digest(encrypted_password);
3535

3636
// SHA-256 (appropriate for sensitive data hashing)
3737
_ = sha3::Sha3_256::digest(harmless);
3838
_ = sha3::Sha3_256::digest(credit_card_no);
39-
_ = sha3::Sha3_256::digest(password); // $ Source Alert[rust/weak-sensitive-data-hashing]
39+
_ = sha3::Sha3_256::digest(password); // $ Alert[rust/weak-sensitive-data-hashing]
4040
_ = sha3::Sha3_256::digest(encrypted_password);
4141

4242
// Argon2 (appropriate for password hashing)
@@ -57,11 +57,11 @@ fn test_hash_code_patterns(
5757

5858
// hash different types of data
5959
_ = md5::Md5::digest(harmless_str);
60-
_ = md5::Md5::digest(password_str); // $ Source Alert[rust/weak-sensitive-data-hashing]
60+
_ = md5::Md5::digest(password_str); // $ Alert[rust/weak-sensitive-data-hashing]
6161
_ = md5::Md5::digest(harmless_arr);
62-
_ = md5::Md5::digest(password_arr); // $ Source Alert[rust/weak-sensitive-data-hashing]
62+
_ = md5::Md5::digest(password_arr); // $ Alert[rust/weak-sensitive-data-hashing]
6363
_ = md5::Md5::digest(harmless_vec);
64-
_ = md5::Md5::digest(password_vec); // $ Source Alert[rust/weak-sensitive-data-hashing]
64+
_ = md5::Md5::digest(password_vec); // $ Alert[rust/weak-sensitive-data-hashing]
6565

6666
// hash through a hasher object
6767
let mut md5_hasher = md5::Md5::new();
@@ -74,7 +74,7 @@ fn test_hash_code_patterns(
7474
_ = md5::Md5::new().chain_update(harmless).chain_update(password).chain_update(harmless).finalize(); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
7575

7676
_ = md5::Md5::new_with_prefix(harmless).finalize();
77-
_ = md5::Md5::new_with_prefix(password).finalize(); // $ Source Alert[rust/weak-sensitive-data-hashing]
77+
_ = md5::Md5::new_with_prefix(password).finalize(); // $ Alert[rust/weak-sensitive-data-hashing]
7878

7979
// hash transformed data
8080
_ = md5::Md5::digest(harmless.trim());

0 commit comments

Comments
 (0)