hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Base DataFlow::Node on AST instead of CFG

Browse Source
This commit is contained in:
Tom Hvitved
2025-11-19 11:55:22 +01:00
parent 0c43f2c4f0
commit 489fff9572
42 changed files with 403 additions and 366 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rust/ql/examples/snippets/simple_constant_password.ql
View File

@@ -25,7 +25,7 @@ import codeql.rust.dataflow.TaintTracking
module ConstantPasswordConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) {
// `node` is a string literal
node.asExpr().getExpr() instanceof StringLiteralExpr
node.asExpr() instanceof StringLiteralExpr
}
predicate isSink(DataFlow::Node node) {
@@ -34,7 +34,7 @@ module ConstantPasswordConfig implements DataFlow::ConfigSig {
call.getStaticTarget() = target and
v.getParameter() = target.getParam(argIndex) and
v.getText().matches("pass%") and
call.getArg(argIndex) = node.asExpr().getExpr()
call.getArg(argIndex) = node.asExpr()
)
}
}

2
rust/ql/examples/snippets/simple_sql_injection.ql
View File

@@ -25,7 +25,7 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
// `node` is the first argument of a call to `sqlx_core::query::query`
exists(CallExpr call |
call.getStaticTarget().getCanonicalPath() = "sqlx_core::query::query" and
call.getArg(0) = node.asExpr().getExpr()
call.getArg(0) = node.asExpr()
)
}
}