Rust: Add models for actix-web

2026-04-27 09:45:15 +02:00 · 2025-09-29 09:12:36 +02:00
parent 9dfd87c284
commit 6b7d5d2902
4 changed files with 519 additions and 435 deletions
--- a/rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["<actix_web::route::Route>::to", "Argument[0].Parameter[0..7]", "remote", "manual"]
+      # Actix attributes such as `get` expand to this `to` call on the handler.
+      - ["<actix_web::resource::Resource>::to", "Argument[0].Parameter[0..7]", "remote", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: summaryModel
+    data:
+        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue", "taint", "manual"]
--- a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected
--- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
@@ -100,6 +100,38 @@
 | web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
--- a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs
@@ -95,18 +95,18 @@ mod actix_test {
    use actix_web::{get, web, App};

    async fn my_actix_handler_1(
-        path: web::Path<String>, // $ MISSING: Alert[rust/summary/taint-sources]
+        path: web::Path<String>,
    ) -> String {
        let a = path.into_inner();
-        sink(a.as_str()); // $ MISSING: hasTaintFlow
-        sink(a.as_bytes()); // $ MISSING: hasTaintFlow
-        sink(a); // $ MISSING: hasTaintFlow
+        sink(a.as_str()); // $ hasTaintFlow=my_actix_handler_1
+        sink(a.as_bytes()); // $ hasTaintFlow=my_actix_handler_1
+        sink(a); // $ hasTaintFlow=my_actix_handler_1

        "".to_string()
    }

    async fn my_actix_handler_2(
-        path: web::Path<(String, String)>, // $ MISSING: Alert[rust/summary/taint-sources]
+        path: web::Path<(String, String)>,
    ) -> String {
        let (a, b) = path.into_inner();

@@ -117,28 +117,28 @@ mod actix_test {
    }

    async fn my_actix_handler_3(
-        web::Query(a): web::Query<String>, // $ MISSING: Alert[rust/summary/taint-sources]
+        web::Query(a): web::Query<String>,
    ) -> String {
        sink(a); // $ MISSING: hasTaintFlow

        "".to_string()
    }

-    #[get("/4/{a}")]
+    #[get("/4/{a}")] // $ Alert[rust/summary/taint-sources]
    async fn my_actix_handler_4(
-        path: web::Path<String>, // $ MISSING: Alert[rust/summary/taint-sources]
+        path: web::Path<String>,
    ) -> String {
        let a = path.into_inner();
-        sink(a); // $ MISSING: hasTaintFlow
+        sink(a); // $ hasTaintFlow=my_actix_handler_4

        "".to_string()
    }

    async fn test_actix() {
        let app = App::new()
-            .route("/1/{a}", web::get().to(my_actix_handler_1))
-            .route("/2/{a}/{b}", web::get().to(my_actix_handler_2))
-            .route("/3/{a}", web::get().to(my_actix_handler_3))
+            .route("/1/{a}", web::get().to(my_actix_handler_1)) // $ Alert[rust/summary/taint-sources]
+            .route("/2/{a}/{b}", web::get().to(my_actix_handler_2)) // $ Alert[rust/summary/taint-sources]
+            .route("/3/{a}", web::get().to(my_actix_handler_3)) // $ Alert[rust/summary/taint-sources]
            .service(my_actix_handler_4);

        // ...