Skip to content

Rust: Update legacy MaD models 2 #19942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

Rust: Update legacy MaD models 2 #19942

wants to merge 9 commits into from
+138 −191

Conversation

geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Jul 1, 2025

Update some more legacy MaD models to the new model format (continues from #19934 , but should be independent of that).

@geoffw0 geoffw0 added no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code labels Jul 1, 2025
@geoffw0 geoffw0 mentioned this pull request Jul 1, 2025
Draft
@geoffw0
Copy link
Contributor Author

geoffw0 commented Jul 2, 2025

Accepted test regressions. There are almost no results left for rust/weak-sensitive-data-hashing, this needs addressing before the PR can be merged (@hvitved please advise).

We also lose some results in a test case involving a loop, similar to the one discussed in #19934 (comment) .

aibaars
aibaars reviewed Jul 4, 2025
View reviewed changes
rust/ql/lib/codeql/rust/frameworks/rustcrypto/rustcrypto.model.yml Outdated
- ["repo:https://github.com/RustCrypto/traits:digest", "<_ as crate::digest::Digest>::chain_update", "Argument[0]", "hasher-input", "manual"]
- ["repo:https://github.com/RustCrypto/traits:digest", "<_ as crate::digest::Digest>::digest", "Argument[0]", "hasher-input", "manual"]
- ["repo:https://github.com/stainless-steel/md5:md5", "crate::compute", "Argument[0]", "hasher-input", "manual"]
- ["<digest::core_api::wrapper::CoreWrapper as digest::Update>::new_with_prefix", "Argument[0]", "hasher-input", "manual"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks a bit strange. The digest::Update trait does not have a new_with_prefix as far as I know. I think it doesn't have chain_update or digest either.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll investigate this...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In real world (MRVA) projects we mostly don't get a canonical path at all on new_with_prefix, when we do it's something like the above or <_ as digest::digest::Digest>::new_with_prefix. The latter looks better actually, so I've switched to that.

I plan to convert this to a trait model at some point, which will be more robust, but I don't think we (quite) have everything in place for that yet.

aibaars
aibaars reviewed Jul 4, 2025
View reviewed changes
aibaars
aibaars reviewed Jul 4, 2025
View reviewed changes
rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml
- ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>:::read_f32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[self]", "ReturnValue", "taint", "manual"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These probably do not belong in the tokio models anymore.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, but I'm keen to save moving stuff around for after these four PRs are merged (to prevent merge conflicts and confusing diffs).

I do have an issue tracking this.

aibaars
aibaars reviewed Jul 7, 2025
View reviewed changes
aibaars
aibaars reviewed Jul 8, 2025
View reviewed changes
rust/ql/test/query-tests/security/CWE-328/test.rs
@@ -11,8 +11,8 @@ fn test_hash_algorithms(

// MD5
_ = md5::Md5::digest(harmless);
_ = md5::Md5::digest(credit_card_no); // $ Alert[rust/weak-sensitive-data-hashing]
_ = md5::Md5::digest(password); // $ Alert[rust/weak-sensitive-data-hashing]
_ = md5::Md5::digest(credit_card_no); // $ MISSING: Alert[rust/weak-sensitive-data-hashing]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently getStaticTarget() fails on md5::Md5::digest. This are the relevant lines:

pub type Md5 = CoreWrapper<Md5Core>;

impl<D: FixedOutput + Default + Update + HashMarker> Digest for D {
    fn digest(data: impl AsRef<[u8]>) -> Output<Self> { ... }
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hvitved I guess the type variable in for D is the cause of the trouble, isn't it?

aibaars
aibaars reviewed Jul 8, 2025
View reviewed changes
rust/ql/test/library-tests/frameworks/postgres/main.rs Outdated
Comment on lines 36 to 38
let id: i32 = row.get("id"); // $ MISSING: database-read
let name: &str = row.try_get("name")?; // $ MISSING: database-read
let age: i32 = row.try_get("age").unwrap(); // $ MISSING: database-read
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem seems to be that the type inferencer fails to infer the type of row. The following trick should make the tests pass again. We ought to fix the type inferencer, but the purpose of this test case is to validate whether the postgres models work. @hvitved Any idea why the type inferencer didn't work here?

Suggested change
let id: i32 = row.get("id"); // $ MISSING: database-read
let name: &str = row.try_get("name")?; // $ MISSING: database-read
let age: i32 = row.try_get("age").unwrap(); // $ MISSING: database-read
let row: &postgres::Row = row;
let id: i32 = row.get("id"); // $ database-read
let name: &str = row.try_get("name")?; // $ database-read
let age: i32 = row.try_get("age").unwrap(); // $ database-read

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've accepted this, and we can now see that the model works. But I've also added back the original test, as I don't like the idea we could be gradually simplifying our tests and hiding problematic areas.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aibaars aibaars aibaars left review comments

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@geoffw0 @aibaars