hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Fix based on review

Browse Source
This commit is contained in:
Simon Friis Vindum
2025-09-10 14:38:23 +02:00
parent 50cd200ec5
commit c73d081a32
4 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rust/ql/lib/codeql/rust/security/RequestForgeryExtensions.qll
View File

@@ -8,7 +8,6 @@ private import codeql.rust.dataflow.DataFlow
private import codeql.rust.dataflow.FlowSink
private import codeql.rust.dataflow.FlowSource
private import codeql.rust.Concepts
private import codeql.rust.security.CleartextTransmissionExtensions
/**
* Provides default sources, sinks and barriers for detecting request forgery
@@ -41,8 +40,6 @@ module RequestForgery {
*/
private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { }
// TODO: Do this in a cleaner way
// private class ClearTextTransmissionSink extends Sink instanceof CleartextTransmission::Sink { }
/**
* A sink for request forgery from model data.
*/

1
rust/ql/src/queries/summary/Stats.qll
View File

@@ -22,6 +22,7 @@ private import codeql.rust.security.AccessInvalidPointerExtensions
private import codeql.rust.security.CleartextLoggingExtensions
private import codeql.rust.security.CleartextStorageDatabaseExtensions
private import codeql.rust.security.CleartextTransmissionExtensions
private import codeql.rust.security.RequestForgeryExtensions
private import codeql.rust.security.LogInjectionExtensions
private import codeql.rust.security.SqlInjectionExtensions
private import codeql.rust.security.TaintedPathExtensions

1
rust/ql/test/query-tests/security/CWE-918/Cargo.lock generated
View File

@@ -1336,7 +1336,6 @@ version = "0.0.1"
dependencies = [
"poem",
"reqwest",
"serde",
"tokio",
]

18
rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected
View File

@@ -1,13 +1,13 @@
#select
| request_forgery_tests.rs:8:24:8:35 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:8:24:8:35 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:8:24:8:35 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:8:24:8:35 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:8:24:8:35 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:8:24:8:35 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:17:25:17:36 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:17:25:17:36 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:17:25:17:36 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:21:25:21:36 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:21:25:21:36 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:21:25:21:36 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:25:25:25:36 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:25:25:25:36 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:25:25:25:36 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:31:29:31:40 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:31:29:31:40 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:31:29:31:40 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:31:29:31:40 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:31:29:31:40 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:31:29:31:40 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:37:37:37:48 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:37:37:37:48 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:37:37:37:48 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:37:37:37:48 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:37:37:37:48 | ...::get | The $@ of this request depends on a $@. | request_forgery_tests.rs:37:37:37:48 | ...::get | URL | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:8:24:8:35 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:8:24:8:35 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:8:24:8:35 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:8:24:8:35 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:17:25:17:36 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:17:25:17:36 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:21:25:21:36 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:21:25:21:36 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:25:25:25:36 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:25:25:25:36 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:31:29:31:40 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:31:29:31:40 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:31:29:31:40 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:31:29:31:40 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:37:37:37:48 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:37:37:37:48 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
| request_forgery_tests.rs:37:37:37:48 | ...::get | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:37:37:37:48 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:5:29:5:36 | user_url | user-provided value |
edges
| request_forgery_tests.rs:4:5:4:14 | res | request_forgery_tests.rs:16:27:16:49 | { ... } | provenance | |
| request_forgery_tests.rs:4:5:4:14 | res | request_forgery_tests.rs:20:27:20:57 | { ... } | provenance | |