hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Accept test changes

Browse Source
This commit is contained in:
Simon Friis Vindum
2025-09-10 11:15:16 +02:00
parent 29ba013580
commit 12dcd751d3
8 changed files with 86 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
View File

@@ -1005,12 +1005,15 @@ readStep
| main.rs:458:5:458:11 | mut_arr | file://:0:0:0:0 | element | main.rs:458:5:458:14 | mut_arr[1] |
| main.rs:459:13:459:19 | mut_arr | file://:0:0:0:0 | element | main.rs:459:13:459:22 | mut_arr[1] |
| main.rs:461:10:461:16 | mut_arr | file://:0:0:0:0 | element | main.rs:461:10:461:19 | mut_arr[0] |
| main.rs:467:24:467:33 | [post] receiver for source(...) | file://:0:0:0:0 | &ref | main.rs:467:24:467:33 | [post] source(...) |
| main.rs:468:9:468:20 | TuplePat | file://:0:0:0:0 | tuple.0 | main.rs:468:10:468:13 | cond |
| main.rs:468:9:468:20 | TuplePat | file://:0:0:0:0 | tuple.1 | main.rs:468:16:468:19 | name |
| main.rs:468:25:468:29 | names | file://:0:0:0:0 | element | main.rs:468:9:468:20 | TuplePat |
| main.rs:470:41:470:67 | [post] \|...\| ... | main.rs:467:9:467:20 | captured default_name | main.rs:470:41:470:67 | [post] default_name |
| main.rs:470:44:470:55 | [post] receiver for default_name | file://:0:0:0:0 | &ref | main.rs:470:44:470:55 | [post] default_name |
| main.rs:470:44:470:55 | this | main.rs:467:9:467:20 | captured default_name | main.rs:470:44:470:55 | default_name |
| main.rs:471:18:471:18 | [post] receiver for n | file://:0:0:0:0 | &ref | main.rs:471:18:471:18 | [post] n |
| main.rs:494:13:494:13 | [post] receiver for a | file://:0:0:0:0 | &ref | main.rs:494:13:494:13 | [post] a |
| main.rs:495:13:495:13 | [post] receiver for b | file://:0:0:0:0 | &ref | main.rs:495:13:495:13 | [post] b |
| main.rs:496:18:496:18 | [post] receiver for b | file://:0:0:0:0 | &ref | main.rs:496:18:496:18 | [post] b |
| main.rs:507:10:507:11 | vs | file://:0:0:0:0 | element | main.rs:507:10:507:14 | vs[0] |
@@ -1110,8 +1113,11 @@ storeStep
| main.rs:455:27:455:27 | 2 | file://:0:0:0:0 | element | main.rs:455:23:455:31 | [...] |
| main.rs:455:30:455:30 | 3 | file://:0:0:0:0 | element | main.rs:455:23:455:31 | [...] |
| main.rs:458:18:458:27 | source(...) | file://:0:0:0:0 | element | main.rs:458:5:458:11 | [post] mut_arr |
| main.rs:467:24:467:33 | source(...) | file://:0:0:0:0 | &ref | main.rs:467:24:467:33 | receiver for source(...) |
| main.rs:470:41:470:67 | default_name | main.rs:467:9:467:20 | captured default_name | main.rs:470:41:470:67 | \|...\| ... |
| main.rs:470:44:470:55 | default_name | file://:0:0:0:0 | &ref | main.rs:470:44:470:55 | receiver for default_name |
| main.rs:471:18:471:18 | n | file://:0:0:0:0 | &ref | main.rs:471:18:471:18 | receiver for n |
| main.rs:494:13:494:13 | a | file://:0:0:0:0 | &ref | main.rs:494:13:494:13 | receiver for a |
| main.rs:495:13:495:13 | b | file://:0:0:0:0 | &ref | main.rs:495:13:495:13 | receiver for b |
| main.rs:496:18:496:18 | b | file://:0:0:0:0 | &ref | main.rs:496:18:496:18 | receiver for b |
| main.rs:505:15:505:24 | source(...) | file://:0:0:0:0 | element | main.rs:505:14:505:34 | [...] |

12
rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected
View File

@@ -73,6 +73,18 @@ multipleCallTargets
| test.rs:977:14:977:29 | ...::_print(...) |
| test.rs:979:27:979:36 | ...::_print(...) |
| test.rs:980:28:980:41 | ...::_print(...) |
| test_futures_io.rs:45:27:45:84 | ...::read(...) |
| test_futures_io.rs:49:27:49:51 | reader.read(...) |
| test_futures_io.rs:83:22:83:39 | reader2.fill_buf() |
| test_futures_io.rs:103:27:103:85 | ...::read(...) |
| test_futures_io.rs:107:27:107:52 | reader2.read(...) |
| test_futures_io.rs:125:22:125:39 | reader2.fill_buf() |
| test_futures_io.rs:132:27:132:62 | reader2.read_until(...) |
| test_futures_io.rs:139:27:139:54 | reader2.read_line(...) |
| test_futures_io.rs:146:27:146:58 | reader2.read_to_end(...) |
| test_futures_io.rs:152:32:152:46 | reader2.lines() |
| test_futures_io.rs:153:14:153:32 | lines_stream.next() |
| test_futures_io.rs:154:32:154:50 | lines_stream.next() |
| web_frameworks.rs:13:14:13:22 | a.as_str() |
| web_frameworks.rs:13:14:13:23 | a.as_str() |
| web_frameworks.rs:14:14:14:24 | a.as_bytes() |

58
rust/ql/test/library-tests/dataflow/sources/test.rs
View File

@@ -309,28 +309,28 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = [0u8; 100];
let _bytes = stdin.read(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow
}
{
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = Vec::<u8>::new();
let _bytes = stdin.read_to_end(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_to_end` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow
}
{
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = String::new();
let _bytes = stdin.read_to_string(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_to_string` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow
}
{
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = [0; 100];
stdin.read_exact(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_exact` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow
}
{
@@ -339,17 +339,17 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
let v2 = stdin.read_i16().await?;
let v3 = stdin.read_f32().await?;
let v4 = stdin.read_i64_le().await?;
sink(v1); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_u8` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v2); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_i16` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v3); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_f32` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v4); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_i64_le` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v1); // $ hasTaintFlow
sink(v2); // $ hasTaintFlow
sink(v3); // $ hasTaintFlow
sink(v4); // $ hasTaintFlow
}
{
let mut stdin = tokio::io::stdin(); // $ Alert[rust/summary/taint-sources]
let mut buffer = bytes::BytesMut::new();
stdin.read_buf(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_buf` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow
}
// --- async reading from stdin (BufReader) ---
@@ -357,7 +357,7 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
{
let mut reader = tokio::io::BufReader::new(tokio::io::stdin()); // $ Alert[rust/summary/taint-sources]
let data = reader.fill_buf().await?;
sink(&data); // $ MISSING: hasTaintFlow -- we cannot resolve the `fill_buf` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(&data); // $ hasTaintFlow
}
{
@@ -370,31 +370,31 @@ async fn test_tokio_stdin() -> Result<(), Box<dyn std::error::Error>> {
let mut buffer = String::new();
let mut reader = tokio::io::BufReader::new(tokio::io::stdin()); // $ Alert[rust/summary/taint-sources]
reader.read_line(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_line` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(&buffer); // $ hasTaintFlow
}
{
let mut buffer = Vec::<u8>::new();
let mut reader = tokio::io::BufReader::new(tokio::io::stdin()); // $ Alert[rust/summary/taint-sources]
reader.read_until(b',', &mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_until` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(buffer[0]); // $ MISSING: hasTaintFlow -- we cannot resolve the `read_until` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(&buffer); // $ hasTaintFlow
sink(buffer[0]); // $ hasTaintFlow
}
{
let mut reader_split = tokio::io::BufReader::new(tokio::io::stdin()).split(b','); // $ Alert[rust/summary/taint-sources]
sink(reader_split.next_segment().await?.unwrap()); // $ MISSING: hasTaintFlow -- we cannot resolve the `split` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(reader_split.next_segment().await?.unwrap()); // $ hasTaintFlow
while let Some(chunk) = reader_split.next_segment().await? {
sink(chunk); // $ MISSING: hasTaintFlow
sink(chunk); // $ hasTaintFlow
}
}
{
let reader = tokio::io::BufReader::new(tokio::io::stdin()); // $ Alert[rust/summary/taint-sources]
let mut lines = reader.lines();
sink(lines.next_line().await?.unwrap()); // $ MISSING: hasTaintFlow -- we cannot resolve the `lines` call above, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(lines.next_line().await?.unwrap()); // $ hasTaintFlow
while let Some(line) = lines.next_line().await? {
sink(line); // $ MISSING: hasTaintFlow
sink(line); // $ hasTaintFlow
}
}
@@ -583,25 +583,25 @@ async fn test_tokio_file() -> std::io::Result<()> {
{
let mut buffer = [0u8; 100];
let _bytes = file.read(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow="file.txt"
}
{
let mut buffer = Vec::<u8>::new();
let _bytes = file.read_to_end(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_to_end` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow="file.txt"
}
{
let mut buffer = String::new();
let _bytes = file.read_to_string(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_to_string` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow="file.txt"
}
{
let mut buffer = [0; 100];
file.read_exact(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_exact` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow="file.txt"
}
{
@@ -609,16 +609,16 @@ async fn test_tokio_file() -> std::io::Result<()> {
let v2 = file.read_i16().await?;
let v3 = file.read_f32().await?;
let v4 = file.read_i64_le().await?;
sink(v1); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_u8` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v2); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_i16` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v3); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_f32` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v4); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_i64_le` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(v1); // $ hasTaintFlow="file.txt"
sink(v2); // $ hasTaintFlow="file.txt"
sink(v3); // $ hasTaintFlow="file.txt"
sink(v4); // $ hasTaintFlow="file.txt"
}
{
let mut buffer = bytes::BytesMut::new();
file.read_buf(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow="file.txt" -- we cannot resolve the `read_buf` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ hasTaintFlow="file.txt"
}
// --- OpenOptions ---
@@ -627,7 +627,7 @@ async fn test_tokio_file() -> std::io::Result<()> {
let mut f1 = tokio::fs::OpenOptions::new().open("f1.txt").await?; // $ Alert[rust/summary/taint-sources]
let mut buffer = [0u8; 1024];
let _bytes = f1.read(&mut buffer).await?;
sink(&buffer); // $ MISSING: hasTaintFlow="f1.txt"
sink(&buffer); // $ hasTaintFlow="f1.txt"
}
// --- misc operations ---
@@ -775,8 +775,8 @@ async fn test_tokio_tcpstream(case: i64) -> std::io::Result<()> {
sink(buffer1[0]); // $ hasTaintFlow=address
println!("buffer2 = {:?}", buffer2);
sink(&buffer2); // $ MISSING: hasTaintFlow=address -- we cannot resolve the `read` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(buffer2[0]); // $ MISSING: hasTaintFlow=address -- we cannot resolve the `read` call above, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer2); // $ hasTaintFlow=address
sink(buffer2[0]); // $ hasTaintFlow=address
let buffer_string = String::from_utf8_lossy(&buffer2[..n2]);
println!("string = {}", buffer_string);

18
rust/ql/test/library-tests/dataflow/sources/test_futures_io.rs
View File

@@ -43,12 +43,12 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
// using the `AsyncReadExt::read` extension method (higher-level)
let mut buffer1 = [0u8; 64];
let bytes_read1 = futures::io::AsyncReadExt::read(&mut reader, &mut buffer1).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer1[..bytes_read1]); // $ MISSING: hasTaintFlow=url
sink(&buffer1[..bytes_read1]); // $ hasTaintFlow=url
let mut buffer2 = [0u8; 64];
let bytes_read2 = reader.read(&mut buffer2).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer2[..bytes_read2]); // $ MISSING: hasTaintFlow=url
sink(&buffer2[..bytes_read2]); // $ hasTaintFlow=url
}
let mut reader2 = futures::io::BufReader::new(reader);
@@ -81,7 +81,7 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
{
// using the `AsyncBufReadExt::fill_buf` extension method (higher-level)
let buffer = reader2.fill_buf().await?; // we cannot resolve the `fill_buf` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(buffer); // $ MISSING: hasTaintFlow=url
sink(buffer); // $ hasTaintFlow=url
}
{
@@ -101,11 +101,11 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
// using the `AsyncReadExt::read` extension method (higher-level)
let mut buffer1 = [0u8; 64];
let bytes_read1 = futures::io::AsyncReadExt::read(&mut reader2, &mut buffer1).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer1[..bytes_read1]); // $ MISSING: hasTaintFlow=url
sink(&buffer1[..bytes_read1]); // $ hasTaintFlow=url
let mut buffer2 = [0u8; 64];
let bytes_read2 = reader2.read(&mut buffer2).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer2[..bytes_read2]); // $ MISSING: hasTaintFlow=url
sink(&buffer2[..bytes_read2]); // $ hasTaintFlow=url
}
{
@@ -123,28 +123,28 @@ async fn test_futures_rustls_futures_io() -> io::Result<()> {
{
// using the `AsyncBufReadExt::fill_buf` extension method (higher-level)
let buffer = reader2.fill_buf().await?; // we cannot resolve the `fill_buf` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(buffer); // $ MISSING: hasTaintFlow=url
sink(buffer); // $ hasTaintFlow=url
}
{
// using the `AsyncBufReadExt::read_until` extension method
let mut line = Vec::new();
let _bytes_read = reader2.read_until(b'\n', &mut line).await?; // we cannot resolve the `read_until` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(&line); // $ MISSING: hasTaintFlow=url
sink(&line); // $ hasTaintFlow=url
}
{
// using the `AsyncBufReadExt::read_line` extension method
let mut line = String::new();
let _bytes_read = reader2.read_line(&mut line).await?; // we cannot resolve the `read_line` call, which comes from `impl<R: AsyncBufRead + ?Sized> AsyncBufReadExt for R {}` in `async_buf_read_ext.rs`
sink(&line); // $ MISSING: hasTaintFlow=url
sink(&line); // $ hasTaintFlow=url
}
{
// using the `AsyncBufReadExt::read_to_end` extension method
let mut buffer = Vec::with_capacity(1024);
let _bytes_read = reader2.read_to_end(&mut buffer).await?; // we cannot resolve the `read` call, which comes from `impl<R: AsyncRead + ?Sized> AsyncReadExt for R {}` in `async_read_ext.rs`
sink(&buffer); // $ MISSING: hasTaintFlow=url
sink(&buffer); // $ hasTaintFlow=url
}
{

2
rust/ql/test/library-tests/path-resolution/my.rs
View File

@@ -30,7 +30,7 @@ fn int_div(
) -> Result<i32> // $ item=my::Result $ item=i32
{
if y == 0 {
return Err("Div by zero".to_string()); // $ item=Err
return Err("Div by zero".to_string()); // $ item=Err item=to_string
}
Ok(x / y) // $ item=Ok
}

2
rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
View File

@@ -12,12 +12,14 @@ multipleCallTargets
| sqlx.rs:67:26:67:48 | unsafe_query_1.as_str() |
| sqlx.rs:69:30:69:52 | unsafe_query_2.as_str() |
| sqlx.rs:70:30:70:52 | unsafe_query_3.as_str() |
| sqlx.rs:71:30:71:52 | unsafe_query_4.as_str() |
| sqlx.rs:75:25:75:45 | safe_query_1.as_str() |
| sqlx.rs:76:25:76:45 | safe_query_2.as_str() |
| sqlx.rs:77:25:77:45 | safe_query_3.as_str() |
| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() |
| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() |
| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() |
| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() |
| sqlx.rs:84:25:84:49 | prepared_query_1.as_str() |
| sqlx.rs:85:25:85:49 | prepared_query_1.as_str() |
| sqlx.rs:87:29:87:53 | prepared_query_1.as_str() |

26
rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
View File

@@ -2,6 +2,7 @@
| sqlx.rs:77:13:77:23 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:77:13:77:23 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
| sqlx.rs:78:13:78:23 | ...::query | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:78:13:78:23 | ...::query | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value |
| sqlx.rs:80:17:80:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:17:80:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
| sqlx.rs:82:17:82:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:82:17:82:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
edges
| sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance | |
| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:3 |
@@ -11,6 +12,7 @@ edges
| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:10 |
| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:10 |
| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | |
| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance | |
| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:2 |
| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:7 |
| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:11 |
@@ -38,6 +40,15 @@ edges
| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:9 |
| sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | |
| sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | |
| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:42 | unsafe_query_4 | provenance | |
| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:9 |
| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:5 |
| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:9 |
| sqlx.rs:59:9:59:15 | res | sqlx.rs:59:17:59:72 | { ... } | provenance | |
| sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:9:59:15 | res | provenance | |
| sqlx.rs:59:17:59:72 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance | |
| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:12 |
| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:13 |
| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:9 |
| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:5 |
| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:9 |
@@ -45,6 +56,11 @@ edges
| sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | sqlx.rs:78:13:78:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | sqlx.rs:80:17:80:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:9 |
| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:5 |
| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:9 |
| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
models
| 1 | Sink: sqlx_core::query::query; Argument[0]; sql-injection |
| 2 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
@@ -86,6 +102,12 @@ nodes
| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] |
| sqlx.rs:54:26:54:39 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
| sqlx.rs:54:27:54:39 | remote_string | semmle.label | remote_string |
| sqlx.rs:56:9:56:22 | unsafe_query_4 | semmle.label | unsafe_query_4 |
| sqlx.rs:59:9:59:15 | res | semmle.label | res |
| sqlx.rs:59:17:59:72 | ...::format(...) | semmle.label | ...::format(...) |
| sqlx.rs:59:17:59:72 | ...::must_use(...) | semmle.label | ...::must_use(...) |
| sqlx.rs:59:17:59:72 | MacroExpr | semmle.label | MacroExpr |
| sqlx.rs:59:17:59:72 | { ... } | semmle.label | { ... } |
| sqlx.rs:77:13:77:23 | ...::query | semmle.label | ...::query |
| sqlx.rs:77:25:77:36 | safe_query_3 | semmle.label | safe_query_3 |
| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | semmle.label | safe_query_3.as_str() |
@@ -94,4 +116,8 @@ nodes
| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] |
| sqlx.rs:80:17:80:27 | ...::query | semmle.label | ...::query |
| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | semmle.label | unsafe_query_2.as_str() [&ref] |
| sqlx.rs:82:17:82:27 | ...::query | semmle.label | ...::query |
| sqlx.rs:82:29:82:42 | unsafe_query_4 | semmle.label | unsafe_query_4 |
| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() |
| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | semmle.label | unsafe_query_4.as_str() [&ref] |
subpaths

2
rust/ql/test/query-tests/security/CWE-089/sqlx.rs
View File

@@ -79,7 +79,7 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
if enable_remote {
let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
}
let _ = sqlx::query(prepared_query_1.as_str()).bind(const_string).execute(&pool).await?; // $ sql-sink
let _ = sqlx::query(prepared_query_1.as_str()).bind(arg_string).execute(&pool).await?; // $ sql-sink