Rust: Implement the query.

geoffw0 · geoffw0 · commit 4297d05c05c1 · 2025-01-23T17:16:59.000Z
diff --git a/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql b/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
@@ -14,7 +14,35 @@
  */
 
 import rust
+import codeql.rust.security.CleartextLoggingExtensions
+import codeql.rust.dataflow.DataFlow
+import codeql.rust.dataflow.TaintTracking
 
-from Element e
-where none()
-select e, ""
+/**
+ * A taint-tracking configuration for cleartext logging vulnerabilities.
+ */
+module CleartextLoggingConfig implements DataFlow::ConfigSig {
+  import CleartextLogging
+
+  predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier }
+
+  predicate isBarrierIn(DataFlow::Node node) {
+    // make sources barriers so that we only report the closest instance
+    isSource(node)
+  }
+}
+
+module CleartextLoggingFlow = TaintTracking::Global<CleartextLoggingConfig>;
+
+import CleartextLoggingFlow::PathGraph
+
+from CleartextLoggingFlow::PathNode source, CleartextLoggingFlow::PathNode sink
+where CleartextLoggingFlow::flowPath(source, sink)
+select sink.getNode(), source, sink,
+  "This operation writes '" + sink.toString() +
+    "' to a log file. It may contain unencrypted sensitive data from $@.", source,
+  source.getNode().toString()
diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected
@@ -0,0 +1,4 @@
+#select
+edges
+nodes
+subpaths

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +#select
 +edges
 +nodes
 +subpaths