From 344fea21283f09c7d51323d6cd9efb90647b1318 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 10 Mar 2025 13:23:20 +0100 Subject: [PATCH] Rust: Enable local threat models in tests and use active threat models for regex query --- rust/ql/src/queries/security/CWE-730/RegexInjection.ql | 2 +- rust/ql/test/default-threat-models.model.yml | 6 ++++++ rust/ql/test/qlpack.yml | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 rust/ql/test/default-threat-models.model.yml diff --git a/rust/ql/src/queries/security/CWE-730/RegexInjection.ql b/rust/ql/src/queries/security/CWE-730/RegexInjection.ql index 64cfff45cb0..0d50d8ead6d 100644 --- a/rust/ql/src/queries/security/CWE-730/RegexInjection.ql +++ b/rust/ql/src/queries/security/CWE-730/RegexInjection.ql @@ -21,7 +21,7 @@ private import codeql.rust.security.regex.RegexInjectionExtensions * A taint configuration for detecting regular expression injection vulnerabilities. */ module RegexInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof ThreatModelSource } + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink } diff --git a/rust/ql/test/default-threat-models.model.yml b/rust/ql/test/default-threat-models.model.yml new file mode 100644 index 00000000000..63507f47738 --- /dev/null +++ b/rust/ql/test/default-threat-models.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/threat-models + extensible: threatModelConfiguration + data: + - ["local", true, 0] diff --git a/rust/ql/test/qlpack.yml b/rust/ql/test/qlpack.yml index 7428ca33bed..1bf759f71e0 100644 --- a/rust/ql/test/qlpack.yml +++ b/rust/ql/test/qlpack.yml @@ -6,3 +6,5 @@ dependencies: extractor: rust tests: . warnOnImplicitThis: true +dataExtensions: + - default-threat-models.model.yml