Apply suggestions from code review

Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2026-04-27 09:45:15 +02:00 · 2025-09-10 14:34:54 +02:00
parent 4f9d8271a2
commit 50cd200ec5
3 changed files with 1 additions and 8 deletions
--- a/rust/ql/src/queries/security/CWE-918/RequestForgery.qhelp
+++ b/rust/ql/src/queries/security/CWE-918/RequestForgery.qhelp
@@ -46,9 +46,6 @@ known fixed string.
  <li>
    <a href="https://owasp.org/www-community/attacks/Server_Side_Request_Forgery">OWASP SSRF</a>
  </li>
-  <li>
-    <a href="https://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>
-  </li>
 </references>

 </qhelp>
--- a/rust/ql/src/queries/security/CWE-918/RequestForgery.ql
+++ b/rust/ql/src/queries/security/CWE-918/RequestForgery.ql
@@ -13,9 +13,6 @@
 private import rust
 private import codeql.rust.dataflow.TaintTracking
 private import codeql.rust.dataflow.DataFlow
-private import codeql.rust.dataflow.FlowSink
-private import codeql.rust.Concepts
-private import codeql.rust.security.CleartextTransmissionExtensions
 private import codeql.rust.security.RequestForgeryExtensions

 /**
@@ -37,5 +34,5 @@ import RequestForgeryFlow::PathGraph

 from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink
 where RequestForgeryFlow::flowPath(source, sink)
-select sink.getNode(), source, sink, "The $@ of this request depends on a $@.", sink, "URL",
+select sink.getNode(), source, sink, "The URL of this request depends on a $@.",
  source.getNode(), "user-provided value"
--- a/rust/ql/test/query-tests/security/CWE-918/options.yml
+++ b/rust/ql/test/query-tests/security/CWE-918/options.yml
@@ -3,4 +3,3 @@ qltest_dependencies:
    - reqwest = { version = "0.12.23", features = ["blocking", "json"] }
    - tokio = { version = "1.0", features = ["full"] }
    - poem = { version = "3.1.12", features = ["server"] }
-    - serde = { version = "1.0", features = ["derive"] }