hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(rust): Add ReSQLite source support

Browse Source
This commit is contained in:
GeekMasher
2025-02-10 11:11:01 +00:00
parent 6e5899b4ff
commit 3e38867cb2
3 changed files with 24 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rust/ql/test/library-tests/frameworks/rusqlite/Rusqlite.ql
View File

@@ -4,7 +4,7 @@ import codeql.rust.Concepts
import utils.test.InlineExpectationsTest
module RusqliteTest implements TestSig {
string getARelevantTag() { result = ["sql-sink"] }
string getARelevantTag() { result = ["sql-sink", "database-read"] }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(SqlInjection::Sink sink |
@@ -14,6 +14,14 @@ module RusqliteTest implements TestSig {
tag = "sql-sink" and
value = ""
)
or
exists(ModeledDatabaseSource sink |
location = sink.getLocation() and
location.getFile().getBaseName() != "" and
element = sink.toString() and
tag = "database-read" and
value = ""
)
}
}

12
rust/ql/test/library-tests/frameworks/rusqlite/main.rs
View File

@@ -31,18 +31,18 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
let person = connection.query_row(&query, (), |row| { // $ sql-sink
Ok(Person {
id: row.get(0)?,
name: row.get(1)?,
age: row.get(2)?,
id: row.get(0)?, // $ database-read
name: row.get(1)?, // $ database-read
age: row.get(2)?, // $ database-read
})
})?;
let mut stmt = connection.prepare("SELECT id, name, age FROM person")?; // $ sql-sink
let people = stmt.query_map([], |row| {
Ok(Person {
id: row.get(0)?,
name: row.get(1)?,
age: row.get(2)?,
id: row.get_unwrap(0), // $ database-read
name: row.get_unwrap(1), // $ database-read
age: row.get_unwrap(2), // $ database-read
})
})?;