hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Enable local threat models in tests and use active threat models for regex query

Browse Source
This commit is contained in:
Simon Friis Vindum
2025-03-10 13:23:20 +01:00
parent 179ea041f4
commit 344fea2128
3 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rust/ql/src/queries/security/CWE-730/RegexInjection.ql
View File

@@ -21,7 +21,7 @@ private import codeql.rust.security.regex.RegexInjectionExtensions
* A taint configuration for detecting regular expression injection vulnerabilities.
*/
module RegexInjectionConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelSource }
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink }

6
rust/ql/test/default-threat-models.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/threat-models
extensible: threatModelConfiguration
data:
- ["local", true, 0]

2
rust/ql/test/qlpack.yml
View File

@@ -6,3 +6,5 @@ dependencies:
extractor: rust
tests: .
warnOnImplicitThis: true
dataExtensions:
- default-threat-models.model.yml