hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Split off sources/web_frameworks.

Browse Source
This commit is contained in:
Geoffrey White
2025-10-21 17:46:59 +01:00
parent 5ba331e986
commit 8c02cb2ed1
7 changed files with 2437 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2055
rust/ql/test/library-tests/dataflow/sources/web_frameworks/Cargo.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

238
rust/ql/test/library-tests/dataflow/sources/web_frameworks/InlineFlow.expected Normal file
View File

@@ -0,0 +1,238 @@
models
| 1 | Source: <_ as warp::filter::Filter>::and_then; Argument[0].Parameter[0..7]; remote |
| 2 | Source: <_ as warp::filter::Filter>::map; Argument[0].Parameter[0..7]; remote |
| 3 | Source: <_ as warp::filter::Filter>::then; Argument[0].Parameter[0..7]; remote |
| 4 | Source: <actix_web::resource::Resource>::to; Argument[0].Parameter[0..7]; remote |
| 5 | Source: <actix_web::route::Route>::to; Argument[0].Parameter[0..7]; remote |
| 6 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue.Field[0]; taint |
| 7 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue.Field[1]; taint |
| 8 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue.Field[2]; taint |
| 9 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue; taint |
| 10 | Summary: <alloc::string::String>::as_bytes; Argument[self]; ReturnValue; value |
| 11 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
| 12 | Summary: <core::str>::as_bytes; Argument[self]; ReturnValue; value |
| 13 | Summary: <core::str>::as_str; Argument[self]; ReturnValue; value |
edges
| test.rs:11:31:11:31 | a | test.rs:13:14:13:14 | a | provenance | |
| test.rs:11:31:11:31 | a | test.rs:13:14:13:14 | a | provenance | |
| test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:11 |
| test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:11 |
| test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:13 |
| test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:13 |
| test.rs:11:31:11:31 | a | test.rs:14:14:14:14 | a | provenance | |
| test.rs:11:31:11:31 | a | test.rs:14:14:14:14 | a | provenance | |
| test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:11:31:11:31 | a | test.rs:15:14:15:14 | a | provenance | |
| test.rs:11:31:11:31 | a | test.rs:15:14:15:14 | a | provenance | |
| test.rs:13:14:13:14 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:11 |
| test.rs:13:14:13:14 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:11 |
| test.rs:13:14:13:14 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:13 |
| test.rs:13:14:13:14 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:13 |
| test.rs:14:14:14:14 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:14:14:14:14 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:14:14:14:14 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:14:14:14:14 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:68:15:68:15 | a | test.rs:70:14:70:14 | a | provenance | |
| test.rs:68:15:68:15 | a | test.rs:70:14:70:14 | a | provenance | |
| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() | provenance | MaD:9 |
| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() [tuple.0] | provenance | MaD:6 |
| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() [tuple.1] | provenance | MaD:7 |
| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() [tuple.2] | provenance | MaD:8 |
| test.rs:100:13:100:13 | a | test.rs:101:14:101:14 | a | provenance | |
| test.rs:100:13:100:13 | a | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
| test.rs:100:13:100:13 | a | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:13 |
| test.rs:100:13:100:13 | a | test.rs:102:14:102:14 | a | provenance | |
| test.rs:100:13:100:13 | a | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:100:13:100:13 | a | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:100:13:100:13 | a | test.rs:103:14:103:14 | a | provenance | |
| test.rs:100:13:100:13 | a [tuple.0] | test.rs:101:14:101:14 | a [tuple.0] | provenance | |
| test.rs:100:13:100:13 | a [tuple.0] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
| test.rs:100:13:100:13 | a [tuple.0] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:13 |
| test.rs:100:13:100:13 | a [tuple.0] | test.rs:102:14:102:14 | a [tuple.0] | provenance | |
| test.rs:100:13:100:13 | a [tuple.0] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:100:13:100:13 | a [tuple.0] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:100:13:100:13 | a [tuple.0] | test.rs:103:14:103:14 | a | provenance | |
| test.rs:100:13:100:13 | a [tuple.1] | test.rs:101:14:101:14 | a [tuple.1] | provenance | |
| test.rs:100:13:100:13 | a [tuple.1] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
| test.rs:100:13:100:13 | a [tuple.1] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:13 |
| test.rs:100:13:100:13 | a [tuple.1] | test.rs:102:14:102:14 | a [tuple.1] | provenance | |
| test.rs:100:13:100:13 | a [tuple.1] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:100:13:100:13 | a [tuple.1] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:100:13:100:13 | a [tuple.1] | test.rs:103:14:103:14 | a | provenance | |
| test.rs:100:13:100:13 | a [tuple.2] | test.rs:101:14:101:14 | a [tuple.2] | provenance | |
| test.rs:100:13:100:13 | a [tuple.2] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
| test.rs:100:13:100:13 | a [tuple.2] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:13 |
| test.rs:100:13:100:13 | a [tuple.2] | test.rs:102:14:102:14 | a [tuple.2] | provenance | |
| test.rs:100:13:100:13 | a [tuple.2] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:100:13:100:13 | a [tuple.2] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:100:13:100:13 | a [tuple.2] | test.rs:103:14:103:14 | a | provenance | |
| test.rs:100:17:100:33 | path.into_inner() | test.rs:100:13:100:13 | a | provenance | |
| test.rs:100:17:100:33 | path.into_inner() [tuple.0] | test.rs:100:13:100:13 | a [tuple.0] | provenance | |
| test.rs:100:17:100:33 | path.into_inner() [tuple.1] | test.rs:100:13:100:13 | a [tuple.1] | provenance | |
| test.rs:100:17:100:33 | path.into_inner() [tuple.2] | test.rs:100:13:100:13 | a [tuple.2] | provenance | |
| test.rs:101:14:101:14 | a | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
| test.rs:101:14:101:14 | a | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:13 |
| test.rs:101:14:101:14 | a [tuple.0] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
| test.rs:101:14:101:14 | a [tuple.0] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:13 |
| test.rs:101:14:101:14 | a [tuple.1] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
| test.rs:101:14:101:14 | a [tuple.1] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:13 |
| test.rs:101:14:101:14 | a [tuple.2] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
| test.rs:101:14:101:14 | a [tuple.2] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:13 |
| test.rs:102:14:102:14 | a | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:102:14:102:14 | a | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:102:14:102:14 | a [tuple.0] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:102:14:102:14 | a [tuple.0] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:102:14:102:14 | a [tuple.1] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:102:14:102:14 | a [tuple.1] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:102:14:102:14 | a [tuple.2] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
| test.rs:102:14:102:14 | a [tuple.2] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:12 |
| test.rs:109:9:109:41 | ...: ...::Path::<...> | test.rs:111:22:111:38 | path.into_inner() [tuple.0] | provenance | MaD:6 |
| test.rs:109:9:109:41 | ...: ...::Path::<...> | test.rs:111:22:111:38 | path.into_inner() [tuple.1] | provenance | MaD:7 |
| test.rs:111:13:111:18 | TuplePat [tuple.0] | test.rs:111:14:111:14 | a | provenance | |
| test.rs:111:13:111:18 | TuplePat [tuple.1] | test.rs:111:17:111:17 | b | provenance | |
| test.rs:111:14:111:14 | a | test.rs:113:14:113:14 | a | provenance | |
| test.rs:111:17:111:17 | b | test.rs:114:14:114:14 | b | provenance | |
| test.rs:111:22:111:38 | path.into_inner() [tuple.0] | test.rs:111:13:111:18 | TuplePat [tuple.0] | provenance | |
| test.rs:111:22:111:38 | path.into_inner() [tuple.1] | test.rs:111:13:111:18 | TuplePat [tuple.1] | provenance | |
| test.rs:127:5:127:20 | to | test.rs:129:9:129:31 | ...: ...::Path::<...> | provenance | Src:MaD:4 |
| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() | provenance | MaD:9 |
| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() [tuple.0] | provenance | MaD:6 |
| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() [tuple.1] | provenance | MaD:7 |
| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() [tuple.2] | provenance | MaD:8 |
| test.rs:131:13:131:13 | a | test.rs:132:14:132:14 | a | provenance | |
| test.rs:131:13:131:13 | a [tuple.0] | test.rs:132:14:132:14 | a | provenance | |
| test.rs:131:13:131:13 | a [tuple.1] | test.rs:132:14:132:14 | a | provenance | |
| test.rs:131:13:131:13 | a [tuple.2] | test.rs:132:14:132:14 | a | provenance | |
| test.rs:131:17:131:33 | path.into_inner() | test.rs:131:13:131:13 | a | provenance | |
| test.rs:131:17:131:33 | path.into_inner() [tuple.0] | test.rs:131:13:131:13 | a [tuple.0] | provenance | |
| test.rs:131:17:131:33 | path.into_inner() [tuple.1] | test.rs:131:13:131:13 | a [tuple.1] | provenance | |
| test.rs:131:17:131:33 | path.into_inner() [tuple.2] | test.rs:131:13:131:13 | a [tuple.2] | provenance | |
| test.rs:139:41:139:42 | to | test.rs:98:9:98:31 | ...: ...::Path::<...> | provenance | Src:MaD:5 |
| test.rs:140:45:140:46 | to | test.rs:109:9:109:41 | ...: ...::Path::<...> | provenance | Src:MaD:5 |
| test.rs:242:33:242:35 | map | test.rs:242:38:242:46 | ...: String | provenance | Src:MaD:2 |
| test.rs:242:33:242:35 | map | test.rs:242:38:242:46 | ...: String | provenance | Src:MaD:2 |
| test.rs:242:38:242:46 | ...: String | test.rs:244:18:244:18 | a | provenance | |
| test.rs:242:38:242:46 | ...: String | test.rs:244:18:244:18 | a | provenance | |
| test.rs:250:46:250:49 | then | test.rs:251:25:251:33 | ...: String | provenance | Src:MaD:3 |
| test.rs:250:46:250:49 | then | test.rs:251:25:251:33 | ...: String | provenance | Src:MaD:3 |
| test.rs:251:25:251:33 | ...: String | test.rs:252:22:252:22 | a | provenance | |
| test.rs:251:25:251:33 | ...: String | test.rs:252:22:252:22 | a | provenance | |
| test.rs:259:50:259:57 | and_then | test.rs:260:26:260:32 | ...: u64 | provenance | Src:MaD:1 |
| test.rs:259:50:259:57 | and_then | test.rs:260:26:260:32 | ...: u64 | provenance | Src:MaD:1 |
| test.rs:260:26:260:32 | ...: u64 | test.rs:263:22:263:23 | id | provenance | |
| test.rs:260:26:260:32 | ...: u64 | test.rs:263:22:263:23 | id | provenance | |
| test.rs:272:75:272:77 | map | test.rs:273:15:273:23 | ...: String | provenance | Src:MaD:2 |
| test.rs:272:75:272:77 | map | test.rs:273:15:273:23 | ...: String | provenance | Src:MaD:2 |
| test.rs:273:15:273:23 | ...: String | test.rs:275:22:275:22 | a | provenance | |
| test.rs:273:15:273:23 | ...: String | test.rs:275:22:275:22 | a | provenance | |
nodes
| test.rs:11:31:11:31 | a | semmle.label | a |
| test.rs:11:31:11:31 | a | semmle.label | a |
| test.rs:13:14:13:14 | a | semmle.label | a |
| test.rs:13:14:13:14 | a | semmle.label | a |
| test.rs:13:14:13:23 | a.as_str() | semmle.label | a.as_str() |
| test.rs:13:14:13:23 | a.as_str() | semmle.label | a.as_str() |
| test.rs:14:14:14:14 | a | semmle.label | a |
| test.rs:14:14:14:14 | a | semmle.label | a |
| test.rs:14:14:14:25 | a.as_bytes() | semmle.label | a.as_bytes() |
| test.rs:14:14:14:25 | a.as_bytes() | semmle.label | a.as_bytes() |
| test.rs:15:14:15:14 | a | semmle.label | a |
| test.rs:15:14:15:14 | a | semmle.label | a |
| test.rs:68:15:68:15 | a | semmle.label | a |
| test.rs:68:15:68:15 | a | semmle.label | a |
| test.rs:70:14:70:14 | a | semmle.label | a |
| test.rs:70:14:70:14 | a | semmle.label | a |
| test.rs:98:9:98:31 | ...: ...::Path::<...> | semmle.label | ...: ...::Path::<...> |
| test.rs:100:13:100:13 | a | semmle.label | a |
| test.rs:100:13:100:13 | a [tuple.0] | semmle.label | a [tuple.0] |
| test.rs:100:13:100:13 | a [tuple.1] | semmle.label | a [tuple.1] |
| test.rs:100:13:100:13 | a [tuple.2] | semmle.label | a [tuple.2] |
| test.rs:100:17:100:33 | path.into_inner() | semmle.label | path.into_inner() |
| test.rs:100:17:100:33 | path.into_inner() [tuple.0] | semmle.label | path.into_inner() [tuple.0] |
| test.rs:100:17:100:33 | path.into_inner() [tuple.1] | semmle.label | path.into_inner() [tuple.1] |
| test.rs:100:17:100:33 | path.into_inner() [tuple.2] | semmle.label | path.into_inner() [tuple.2] |
| test.rs:101:14:101:14 | a | semmle.label | a |
| test.rs:101:14:101:14 | a [tuple.0] | semmle.label | a [tuple.0] |
| test.rs:101:14:101:14 | a [tuple.1] | semmle.label | a [tuple.1] |
| test.rs:101:14:101:14 | a [tuple.2] | semmle.label | a [tuple.2] |
| test.rs:101:14:101:23 | a.as_str() | semmle.label | a.as_str() |
| test.rs:102:14:102:14 | a | semmle.label | a |
| test.rs:102:14:102:14 | a [tuple.0] | semmle.label | a [tuple.0] |
| test.rs:102:14:102:14 | a [tuple.1] | semmle.label | a [tuple.1] |
| test.rs:102:14:102:14 | a [tuple.2] | semmle.label | a [tuple.2] |
| test.rs:102:14:102:25 | a.as_bytes() | semmle.label | a.as_bytes() |
| test.rs:103:14:103:14 | a | semmle.label | a |
| test.rs:109:9:109:41 | ...: ...::Path::<...> | semmle.label | ...: ...::Path::<...> |
| test.rs:111:13:111:18 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] |
| test.rs:111:13:111:18 | TuplePat [tuple.1] | semmle.label | TuplePat [tuple.1] |
| test.rs:111:14:111:14 | a | semmle.label | a |
| test.rs:111:17:111:17 | b | semmle.label | b |
| test.rs:111:22:111:38 | path.into_inner() [tuple.0] | semmle.label | path.into_inner() [tuple.0] |
| test.rs:111:22:111:38 | path.into_inner() [tuple.1] | semmle.label | path.into_inner() [tuple.1] |
| test.rs:113:14:113:14 | a | semmle.label | a |
| test.rs:114:14:114:14 | b | semmle.label | b |
| test.rs:127:5:127:20 | to | semmle.label | to |
| test.rs:129:9:129:31 | ...: ...::Path::<...> | semmle.label | ...: ...::Path::<...> |
| test.rs:131:13:131:13 | a | semmle.label | a |
| test.rs:131:13:131:13 | a [tuple.0] | semmle.label | a [tuple.0] |
| test.rs:131:13:131:13 | a [tuple.1] | semmle.label | a [tuple.1] |
| test.rs:131:13:131:13 | a [tuple.2] | semmle.label | a [tuple.2] |
| test.rs:131:17:131:33 | path.into_inner() | semmle.label | path.into_inner() |
| test.rs:131:17:131:33 | path.into_inner() [tuple.0] | semmle.label | path.into_inner() [tuple.0] |
| test.rs:131:17:131:33 | path.into_inner() [tuple.1] | semmle.label | path.into_inner() [tuple.1] |
| test.rs:131:17:131:33 | path.into_inner() [tuple.2] | semmle.label | path.into_inner() [tuple.2] |
| test.rs:132:14:132:14 | a | semmle.label | a |
| test.rs:139:41:139:42 | to | semmle.label | to |
| test.rs:140:45:140:46 | to | semmle.label | to |
| test.rs:242:33:242:35 | map | semmle.label | map |
| test.rs:242:33:242:35 | map | semmle.label | map |
| test.rs:242:38:242:46 | ...: String | semmle.label | ...: String |
| test.rs:242:38:242:46 | ...: String | semmle.label | ...: String |
| test.rs:244:18:244:18 | a | semmle.label | a |
| test.rs:244:18:244:18 | a | semmle.label | a |
| test.rs:250:46:250:49 | then | semmle.label | then |
| test.rs:250:46:250:49 | then | semmle.label | then |
| test.rs:251:25:251:33 | ...: String | semmle.label | ...: String |
| test.rs:251:25:251:33 | ...: String | semmle.label | ...: String |
| test.rs:252:22:252:22 | a | semmle.label | a |
| test.rs:252:22:252:22 | a | semmle.label | a |
| test.rs:259:50:259:57 | and_then | semmle.label | and_then |
| test.rs:259:50:259:57 | and_then | semmle.label | and_then |
| test.rs:260:26:260:32 | ...: u64 | semmle.label | ...: u64 |
| test.rs:260:26:260:32 | ...: u64 | semmle.label | ...: u64 |
| test.rs:263:22:263:23 | id | semmle.label | id |
| test.rs:263:22:263:23 | id | semmle.label | id |
| test.rs:272:75:272:77 | map | semmle.label | map |
| test.rs:272:75:272:77 | map | semmle.label | map |
| test.rs:273:15:273:23 | ...: String | semmle.label | ...: String |
| test.rs:273:15:273:23 | ...: String | semmle.label | ...: String |
| test.rs:275:22:275:22 | a | semmle.label | a |
| test.rs:275:22:275:22 | a | semmle.label | a |
subpaths
testFailures
#select
| test.rs:13:14:13:23 | a.as_str() | test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | $@ | test.rs:11:31:11:31 | a | a |
| test.rs:13:14:13:23 | a.as_str() | test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | $@ | test.rs:11:31:11:31 | a | a |
| test.rs:14:14:14:25 | a.as_bytes() | test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | $@ | test.rs:11:31:11:31 | a | a |
| test.rs:14:14:14:25 | a.as_bytes() | test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | $@ | test.rs:11:31:11:31 | a | a |
| test.rs:15:14:15:14 | a | test.rs:11:31:11:31 | a | test.rs:15:14:15:14 | a | $@ | test.rs:11:31:11:31 | a | a |
| test.rs:15:14:15:14 | a | test.rs:11:31:11:31 | a | test.rs:15:14:15:14 | a | $@ | test.rs:11:31:11:31 | a | a |
| test.rs:70:14:70:14 | a | test.rs:68:15:68:15 | a | test.rs:70:14:70:14 | a | $@ | test.rs:68:15:68:15 | a | a |
| test.rs:70:14:70:14 | a | test.rs:68:15:68:15 | a | test.rs:70:14:70:14 | a | $@ | test.rs:68:15:68:15 | a | a |
| test.rs:101:14:101:23 | a.as_str() | test.rs:139:41:139:42 | to | test.rs:101:14:101:23 | a.as_str() | $@ | test.rs:139:41:139:42 | to | to |
| test.rs:102:14:102:25 | a.as_bytes() | test.rs:139:41:139:42 | to | test.rs:102:14:102:25 | a.as_bytes() | $@ | test.rs:139:41:139:42 | to | to |
| test.rs:103:14:103:14 | a | test.rs:139:41:139:42 | to | test.rs:103:14:103:14 | a | $@ | test.rs:139:41:139:42 | to | to |
| test.rs:113:14:113:14 | a | test.rs:140:45:140:46 | to | test.rs:113:14:113:14 | a | $@ | test.rs:140:45:140:46 | to | to |
| test.rs:114:14:114:14 | b | test.rs:140:45:140:46 | to | test.rs:114:14:114:14 | b | $@ | test.rs:140:45:140:46 | to | to |
| test.rs:132:14:132:14 | a | test.rs:127:5:127:20 | to | test.rs:132:14:132:14 | a | $@ | test.rs:127:5:127:20 | to | to |
| test.rs:244:18:244:18 | a | test.rs:242:33:242:35 | map | test.rs:244:18:244:18 | a | $@ | test.rs:242:33:242:35 | map | map |
| test.rs:244:18:244:18 | a | test.rs:242:33:242:35 | map | test.rs:244:18:244:18 | a | $@ | test.rs:242:33:242:35 | map | map |
| test.rs:252:22:252:22 | a | test.rs:250:46:250:49 | then | test.rs:252:22:252:22 | a | $@ | test.rs:250:46:250:49 | then | then |
| test.rs:252:22:252:22 | a | test.rs:250:46:250:49 | then | test.rs:252:22:252:22 | a | $@ | test.rs:250:46:250:49 | then | then |
| test.rs:263:22:263:23 | id | test.rs:259:50:259:57 | and_then | test.rs:263:22:263:23 | id | $@ | test.rs:259:50:259:57 | and_then | and_then |
| test.rs:263:22:263:23 | id | test.rs:259:50:259:57 | and_then | test.rs:263:22:263:23 | id | $@ | test.rs:259:50:259:57 | and_then | and_then |
| test.rs:275:22:275:22 | a | test.rs:272:75:272:77 | map | test.rs:275:22:275:22 | a | $@ | test.rs:272:75:272:77 | map | map |
| test.rs:275:22:275:22 | a | test.rs:272:75:272:77 | map | test.rs:275:22:275:22 | a | $@ | test.rs:272:75:272:77 | map | map |

36
rust/ql/test/library-tests/dataflow/sources/web_frameworks/InlineFlow.ql Normal file
View File

@@ -0,0 +1,36 @@
/**
* @kind path-problem
*/
import rust
import codeql.rust.dataflow.DataFlow
import codeql.rust.Concepts
import utils.test.InlineFlowTest
/**
* Configuration for flow from any threat model source to an argument of the function `sink`.
*/
module MyFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelSource }
predicate isSink(DataFlow::Node sink) {
any(CallExpr call |
call.getFunction().(PathExpr).getPath().getSegment().getIdentifier().getText() = "sink"
).getArgList().getAnArg() = sink.asExpr().getExpr()
}
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
// flow out from any content at the sink.
isSink(node) and
exists(c)
}
}
module MyFlowTest = TaintFlowTest<MyFlowConfig>;
import MyFlowTest
import PathGraph
from PathNode source, PathNode sink
where flowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()

106
rust/ql/test/library-tests/dataflow/sources/web_frameworks/TaintSources.expected Normal file
View File

@@ -0,0 +1,106 @@
| test.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:22:14:22:19 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:22:14:22:19 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:48:14:48:30 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:48:14:48:30 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
| test.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |

2
rust/ql/test/library-tests/dataflow/sources/web_frameworks/TaintSources.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: queries/summary/TaintSources.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

289
rust/ql/test/library-tests/dataflow/sources/web_frameworks/test.rs Normal file
View File

@@ -0,0 +1,289 @@
fn sink<T>(_: T) {}
// --- tests ---
mod poem_test {
use super::sink;
use poem::{get, handler, listener::TcpListener, web::Path, web::Query, Route, Server};
use serde::Deserialize;
#[handler]
fn my_poem_handler_1(Path(a): Path<String>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(a.as_str()); // $ hasTaintFlow
sink(a.as_bytes()); // $ hasTaintFlow
sink(a); // $ hasTaintFlow
"".to_string()
}
#[handler]
fn my_poem_handler_2(
Path((a, b)): Path<(String, String)>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(a); // $ MISSING: hasTaintFlow
sink(b); // $ MISSING: hasTaintFlow
"".to_string()
}
#[handler]
fn my_poem_handler_3(
path: Path<(String, String)>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> String {
sink(&path.0); // $ MISSING: hasTaintFlow
sink(&path.1); // $ MISSING: hasTaintFlow
"".to_string()
}
#[derive(Deserialize)]
struct MyStruct {
a: String,
b: String,
}
#[handler]
fn my_poem_handler_4(
Path(MyStruct { a, b }): Path<MyStruct>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(a); // $ MISSING: hasTaintFlow
sink(b); // $ MISSING: hasTaintFlow
"".to_string()
}
#[handler]
fn my_poem_handler_5(
Path(ms): Path<MyStruct>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(ms.a); // $ MISSING: hasTaintFlow
sink(ms.b); // $ MISSING: hasTaintFlow
"".to_string()
}
#[handler]
fn my_poem_handler_6(
Query(a): Query<String>, // $ Alert[rust/summary/taint-sources]
) -> String {
sink(a); // $ hasTaintFlow
"".to_string()
}
async fn test_poem() {
let app = Route::new()
.at("/1/:a", get(my_poem_handler_1))
.at("/2/:a/:b", get(my_poem_handler_2))
.at("/3/:a/:b", get(my_poem_handler_3))
.at("/4/:a/:b", get(my_poem_handler_4))
.at("/5/:a/:b", get(my_poem_handler_5))
.at("/6/:a/", get(my_poem_handler_6));
Server::new(TcpListener::bind("0.0.0.0:3000"))
.run(app)
.await
.unwrap();
// ...
}
}
mod actix_test {
use super::sink;
use actix_web::{get, web, App};
async fn my_actix_handler_1(
path: web::Path<String>,
) -> String {
let a = path.into_inner();
sink(a.as_str()); // $ hasTaintFlow=my_actix_handler_1
sink(a.as_bytes()); // $ hasTaintFlow=my_actix_handler_1
sink(a); // $ hasTaintFlow=my_actix_handler_1
"".to_string()
}
async fn my_actix_handler_2(
path: web::Path<(String, String)>,
) -> String {
let (a, b) = path.into_inner();
sink(a); // $ hasTaintFlow=my_actix_handler_2
sink(b); // $ hasTaintFlow=my_actix_handler_2
"".to_string()
}
async fn my_actix_handler_3(
web::Query(a): web::Query<String>,
) -> String {
sink(a); // $ MISSING: hasTaintFlow
"".to_string()
}
#[get("/4/{a}")] // $ Alert[rust/summary/taint-sources]
async fn my_actix_handler_4(
path: web::Path<String>,
) -> String {
let a = path.into_inner();
sink(a); // $ hasTaintFlow=my_actix_handler_4
"".to_string()
}
async fn test_actix() {
let app = App::new()
.route("/1/{a}", web::get().to(my_actix_handler_1)) // $ Alert[rust/summary/taint-sources]
.route("/2/{a}/{b}", web::get().to(my_actix_handler_2)) // $ Alert[rust/summary/taint-sources]
.route("/3/{a}", web::get().to(my_actix_handler_3)) // $ Alert[rust/summary/taint-sources]
.service(my_actix_handler_4);
// ...
}
}
mod axum_test {
use super::sink;
use axum::extract::{Json, Path, Query, Request};
use axum::routing::get;
use axum::Router;
use std::collections::HashMap;
async fn my_axum_handler_1(
Path(a): Path<String>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(a.as_str()); // $ MISSING: hasTaintFlow
sink(a.as_bytes()); // $ MISSING: hasTaintFlow
sink(a); // $ MISSING: hasTaintFlow
""
}
async fn my_axum_handler_2(
Path((a, b)): Path<(String, String)>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(a); // $ MISSING: hasTaintFlow
sink(b); // $ MISSING: hasTaintFlow
""
}
async fn my_axum_handler_3(
Query(params): Query<HashMap<String, String>>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
for (key, value) in params {
sink(key); // $ MISSING: hasTaintFlow
sink(value); // $ MISSING: hasTaintFlow
}
""
}
async fn my_axum_handler_4(
request: Request, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(request.body()); // $ MISSING: hasTaintFlow
request.headers().get("header").unwrap(); // $ MISSING: hasTaintFlow
sink(request.into_body()); // $ MISSING: hasTaintFlow
""
}
async fn my_axum_handler_5(
Json(payload): Json<serde_json::Value>, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(payload.as_str()); // $ MISSING: hasTaintFlow
sink(payload); // $ MISSING: hasTaintFlow
""
}
async fn my_axum_handler_6(
body: String, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(body); // $ MISSING: hasTaintFlow
""
}
async fn my_axum_handler_7(
body: String, // $ MISSING: Alert[rust/summary/taint-sources]
) -> &'static str {
sink(body); // $ MISSING: hasTaintFlow
""
}
async fn test_axum() {
let app = Router::<()>::new()
.route("/1/{a}", get(my_axum_handler_1))
.route("/2/{a}/{b}", get(my_axum_handler_2))
.route("/3/:a", get(my_axum_handler_3))
.route("/4/:a", get(my_axum_handler_4))
.route("/5/:a", get(my_axum_handler_5))
.route("/67/:a", get(my_axum_handler_6).get(my_axum_handler_7));
// ...
}
}
mod warp_test {
use super::sink;
use warp::Filter;
#[tokio::main]
#[rustfmt::skip]
async fn test_warp() {
// A route with parameter and `map`
let map_route =
warp::path::param().map(|a: String| // $ Alert[rust/summary/taint-sources]
{
sink(a); // $ hasTaintFlow
"".to_string()
});
// A route with parameter and `then`
let then_route = warp::path::param().then( // $ Alert[rust/summary/taint-sources]
async move |a: String| {
sink(a); // $ hasTaintFlow
"".to_string()
},
);
// A route with parameter and `and_then`
let and_then_route = warp::path::param().and_then( // $ Alert[rust/summary/taint-sources]
async move | id: u64 |
{
if id != 0 {
sink(id); // $ hasTaintFlow
Ok("".to_string())
} else {
Err(warp::reject::not_found())
}
},
);
// A route with path, parameter, and `and_then`
let path_and_map_route = warp::path("1").and(warp::path::param()).map( // $ Alert[rust/summary/taint-sources]
| a: String |
{
sink(a); // $ hasTaintFlow
"".to_string()
},
);
let routes = warp::get().and(
map_route
.or(then_route)
.or(and_then_route)
.or(path_and_map_route),
);
warp::serve(routes).run(([127, 0, 0, 1], 3030)).await;
}
}