mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
feat(rust): Add models + tests
This commit is contained in:
15
rust/ql/lib/codeql/rust/frameworks/postgres.model.yml
Normal file
15
rust/ql/lib/codeql/rust/frameworks/postgres.model.yml
Normal file
@@ -0,0 +1,15 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/rust-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::execute", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::batch_execute", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::prepare", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::prepare_typed", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::query", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::query_one", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::query_opt", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::query_raw", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::query_typed", "Argument[0]", "sql-injection", "manual"]
|
||||
- ["repo:https://github.com/sfackler/rust-postgres:postgres", "<crate::client::Client>::query_typed_raw", "Argument[0]", "sql-injection", "manual"]
|
||||
19
rust/ql/test/library-tests/frameworks/postgres/Postgres.ql
Normal file
19
rust/ql/test/library-tests/frameworks/postgres/Postgres.ql
Normal file
@@ -0,0 +1,19 @@
|
||||
import rust
|
||||
import codeql.rust.security.SqlInjectionExtensions
|
||||
import utils.test.InlineExpectationsTest
|
||||
|
||||
module PostgresTest implements TestSig {
|
||||
string getARelevantTag() { result = "sql-sink" }
|
||||
|
||||
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
exists(SqlInjection::Sink sink |
|
||||
location = sink.getLocation() and
|
||||
location.getFile().getBaseName() != "" and
|
||||
element = sink.toString() and
|
||||
tag = "sql-sink" and
|
||||
value = ""
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import MakeTest<PostgresTest>
|
||||
Reference in New Issue
Block a user