rust detecterliberarys added on aws

rust/src/detectors/arithmetic-overflow/compliant.rs

@@ -0,0 +1,16 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=arithmetic-overflow@v1.0 defects=0}
+// Compliant: Used `checked_add` for adding the numbers
+    fn compliant() {
+    	     let a: u32 = std::u32::MAX;
+    	     let b: u32 = 1;
+    	     let result = a.checked_add(b);
+    	     match result {
+    	         Some(val) => println!("Result: {}", val),
+    	         None => println!("Addition overflowed"),
+    }
+// {/fact}

rust/src/detectors/arithmetic-overflow/non-compliant.rs

@@ -0,0 +1,14 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=arithmetic-overflow@v1.0 defects=1}
+// Noncompliant: Operator used to airthmatic operation
+	 fn noncompliant() {
+              let a: u32 = std::u32::MAX;
+              let b: u32 = 1;
+              let result = a + b;
+              println!("Result: {}", result);
+            }
+// {/fact}

rust/src/detectors/classic-buffer-overflow/compliant.rs

@@ -0,0 +1,13 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=classic-buffer-overflow@v1.0 defects=0}
+// Compliant: The `to_le_bytes` method to convert a `u32` integer to a byte array
+    fn compliant2() {
+	     let num: u32 = 12345;
+	     let bytes: [u8; 4] = num.to_le_bytes();
+	     println!("{:?}", bytes);
+	 }
+// {/fact}

rust/src/detectors/classic-buffer-overflow/non-compliant.rs

@@ -0,0 +1,13 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=classic-buffer-overflow@v1.0 defects=1}
+// Noncompliant: Use of `mem::transmute(num)`
+     fn noncompliant() {
+	     let num: u32 = 12345;
+	     let bytes: [u8; 4] = unsafe { mem::transmute(num) };
+	     println!("{:?}", bytes);
+	   }
+// {/fact}

rust/src/detectors/deadlock-and-lock-inconsistency/compliant.rs

@@ -0,0 +1,38 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=deadlock-and-lock-inconsistency@v1.0 defects=0}
+ use std::sync::{Arc, Mutex,RwLock};
+ use std::sync::atomic::{AtomicUsize, Ordering};
+ use std::thread;
+
+    fn compliant() {
+    // Compliant: using `std::sync` module types `Mutex `, `RwLock`
+	     let data = Arc::new(Mutex::new(0));
+	     let t1 = {
+	         let data = Arc::clone(&data);
+	         thread::spawn(move || {
+	             let mut data = data.lock().unwrap();
+	             for _ in 0..1_000_000 {
+	                 *data += 1;
+	             }
+	         })
+	     };
+
+	     let t2 = {
+	         let data = Arc::clone(&data);
+	         thread::spawn(move || {
+	             let mut data = data.lock().unwrap();
+	             for _ in 0..1_000_000 {
+	                 *data -= 1;
+	             }
+	         })
+	     };
+	     t1.join().unwrap();
+	     t2.join().unwrap();
+
+	     println!("Final data value: {:?}", data.lock().unwrap());
+	}
+// {/fact}

rust/src/detectors/deadlock-and-lock-inconsistency/non-compliant.rs

@@ -0,0 +1,33 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=deadlock-and-lock-inconsistency@v1.0 defects=1}
+
+use std::sync::atomic::{AtomicUsize, Ordering};
+use std::sync::{Arc, Mutex,RwLock};
+use std::thread;
+
+static COUNTER: AtomicUsize = AtomicUsize::new(0);
+    fn noncompliant() {
+	     let mut data = 0;
+    // Noncompliant: Not using sync module types `Mutex `, `RwLock`
+	     let t1 = thread::spawn(move || {
+	         for _ in 0..1_000_000 {
+	             data += 1;
+	         }
+	     });
+
+	     let t2 = thread::spawn(move || {
+	         for _ in 0..1_000_000 {
+	             data -= 1;
+	         }
+	     });
+
+	     t1.join().unwrap();
+	     t2.join().unwrap();
+
+	     println!("Final data value: {}", data);
+	}
+// {/fact}

rust/src/detectors/file-race-bad/compliant.rs

@@ -0,0 +1,20 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=file-race-bad@v1.0 defects=0}
+// Compliant: Validated symbolic links before removing
+fn safe_remove_dir_all(dir_path: &str) {
+	     if let Ok(metadata) = fs::symlink_metadata(dir_path) {
+	         if metadata.file_type().is_dir() {
+	             unix_fs::symlink_metadata(dir_path).map(|metadata| {
+	                 if metadata.file_type().is_symlink() {
+	                     fs::remove_file(dir_path).unwrap();
+	                 }
+	             }).unwrap();
+	             fs::remove_dir_all(dir_path).unwrap();
+	         }
+	    }
+	 }
+// {/fact}

rust/src/detectors/file-race-bad/non-compliant.rs

@@ -0,0 +1,14 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=file-race-bad@v1.0 defects=1}
+// Noncompliant: Use of `remove_dir_all` without validating symbolic links
+
+fn vulnerable_remove_dir_all(dir_path: &str) {
+	     if fs::metadata(dir_path).unwrap().is_dir() {
+	         fs::remove_dir_all(dir_path).unwrap();
+	     }
+	 }
+// {/fact}

rust/src/detectors/improper-certificate-validation/compliant.rs

@@ -0,0 +1,11 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-certificate-validation@v1.0 defects=0}
+// Compliant: ssl verification is enabled
+use openssl::ssl::{SslMethod, SslConnectorBuilder, SSL_VERIFY_NONE};
+let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
+connector.builder_mut().set_verify(SSL_VERIFY_PEER);
+// {/fact}

rust/src/detectors/improper-certificate-validation/non-compliant.rs

@@ -0,0 +1,11 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-certificate-validation@v1.0 defects=1}
+// Noncompliant: ssl verification is disabled
+use openssl::ssl::{SslMethod, SslConnectorBuilder, SSL_VERIFY_NONE};
+let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
+connector.builder_mut().set_verify(SSL_VERIFY_NONE);
+// {/fact}

rust/src/detectors/improper-error-handling/compliant.rs

@@ -0,0 +1,10 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-error-handling@v1.0 defects=0}
+// Compliant: `?` operator enables more structured and graceful error handling
+    let mut f = std::fs::File::open(filename)?;
+	let mut buf = Vec::new();
+// {/fact}

rust/src/detectors/improper-error-handling/non-compliant.rs

@@ -0,0 +1,10 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-error-handling@v1.0 defects=1}
+// Noncompliant: Usage of `unwrap()` to handle the result of `File::open()`
+    let mut f = std::fs::File::open("../monsterdata_test.mon").unwrap();
+	let mut buf = Vec::new();
+// {/fact}

rust/src/detectors/improper-input-validation/compliant.rs

@@ -0,0 +1,15 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-input-validation@v1.0 defects=0}
+// Compliant: Used `from_utf8` to get valid UTF-8 data
+
+    let input_bytes: &[u8] = b"Hello, world!";
+
+	 fn process_input(input_bytes: &[u8]) -> Result<&str, str::Utf8Error> {
+	     let input_str = str::from_utf8(input_bytes)?;
+	     Ok(input_str)
+	 }
+// {/fact}

rust/src/detectors/improper-input-validation/non-compliant.rs

@@ -0,0 +1,17 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-input-validation@v1.0 defects=1}
+// Noncompliant: from_utf8_unchecked can cause invalid UTF-8 data
+
+use std::str;
+
+	 let input_bytes: &[u8] = b"Hello, world! \xF0";
+	 fn process_input_unchecked(input_bytes: &[u8]) -> &str {
+	     unsafe {
+	         str::from_utf8_unchecked(input_bytes);
+	     }
+	 }
+// {/fact}

rust/src/detectors/improper-size-of-a-memory-buffer/compliant.rs

@@ -0,0 +1,16 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-size-of-a-memory-buffer@v1.0 defects=0}
+// Compliant: Buffer initialized with size
+
+fn compliant(file_path: &str, buffer: &mut Vec<u8>) -> io::Result<()>{
+	     let mut file = File::open(file_path)?;
+	     let file_size = file.metadata()?.len() as usize;
+	     buffer.reserve(file_size);
+	     file.read_to_end(buffer)?;
+	     Ok(())
+	 }
+// {/fact}

rust/src/detectors/improper-size-of-a-memory-buffer/non-compliant.rs

@@ -0,0 +1,17 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=improper-size-of-a-memory-buffer@v1.0 defects=1}
+// Noncompliant: Buffer is not initialized with size
+
+use std::fs::File;
+use std::io::{self,Read};
+
+	 fn nonCompliant(file_path: &str, buffer: &mut Vec<u8>) -> io::Result<()>{
+	     let mut file = File::open(file_path)?;
+	     file.read_to_end(buffer)?;
+	     Ok(())
+	 }
+// {/fact}

rust/src/detectors/incomplete-cleanup/compliant.rs

@@ -0,0 +1,20 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=incomplete-cleanup@v1.0 defects=0}
+// Compliant: `match` statement to handle the result of the `TcpListener::bind("127.0.0.1:8080")` operation
+
+use std::net::{TcpListener, TcpStream};
+
+    fn compliant() {
+	     let listener = match TcpListener::bind("127.0.0.1:8080") {
+	         Ok(listener) => listener,
+	         Err(e) => {
+	             eprintln!("Failed to bind: {}", e);
+	             return;
+	         }
+	     };
+	 }
+// {/fact}

rust/src/detectors/incomplete-cleanup/non-compliant.rs

@@ -0,0 +1,14 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=incomplete-cleanup@v1.0 defects=1}
+// Noncompliant: Calling `unwrap()` will cause the program to panic immediately
+
+use std::net::{TcpListener, TcpStream};
+
+	 fn noncompliant() {
+	     let listener = TcpListener::bind("127.0.0.1:8080").unwrap();
+	 }
+// {/fact}

rust/src/detectors/incorrect-conversion-of-numeric-types/compliant.rs

@@ -0,0 +1,17 @@
+/*
+ *  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+
+ // {fact rule=incorrect-conversion-of-numeric-types@v1.0 defects=0}
+ // Compliant: Convert f64 to u64 safely by flooring, checking range.
+ fn try_floor_u64(value: f64) -> Option<u64> {
+    let mut rug_float = rug::Float::with_val(53, value);
+    rug_float = rug_float.floor();
+    if rug_float >= 0.0 && rug_float <= u64::MAX as f64 {
+        Some(rug_float.to_u64().unwrap()) 
+    } else {
+        None 
+    }
+}
+ // {/fact}

rust/src/detectors/incorrect-conversion-of-numeric-types/non-compliant.rs

@@ -0,0 +1,13 @@
+/*
+ *  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+
+ // {fact rule=incorrect-conversion-of-numeric-types@v1.0 defects=1}
+ // Noncompliant: Unsafe rounding of f64 to u64 without range verification.
+
+ fn try_round_u64(value: f64) -> Option<u64> {
+    Some(value.round() as u64)
+}
+
+ // {/fact}

rust/src/detectors/inherently-dangerous-function/compliant.rs

@@ -0,0 +1,14 @@
+/*
+*  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+*  SPDX-License-Identifier: Apache-2.0
+*/
+
+// {fact rule=inherently-dangerous-function@v1.0 defects=0}
+// Compliant: attempts to prevent dereferencing a null pointer
+unsafe fn compliant2() {
+     let ptr: *const i32 = std::ptr::null();
+     if !ptr.is_null() {
+         let val = unsafe { *ptr };
+     }
+}
+// {/fact}