Rust: Relabel reqwest sinks as request-url

2025-12-16 16:53:25 +01:00 · 2025-09-08 13:05:58 +02:00
parent c5cb86ac24
commit eea11dbf5f
4 changed files with 21 additions and 21 deletions
--- a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
@@ -9,8 +9,8 @@ extensions:
      pack: codeql/rust-all
      extensible: sinkModel
    data:
-      - ["<reqwest::async_impl::client::Client>::request", "Argument[1]", "transmission", "manual"]
-      - ["<reqwest::blocking::client::Client>::request", "Argument[1]", "transmission", "manual"]
+      - ["<reqwest::async_impl::client::Client>::request", "Argument[1]", "request-url", "manual"]
+      - ["<reqwest::blocking::client::Client>::request", "Argument[1]", "request-url", "manual"]
  - addsTo:
      pack: codeql/rust-all
      extensible: summaryModel
--- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
@@ -53,6 +53,6 @@ module CleartextTransmission {
   * A sink defined through MaD.
   */
  private class ModelsAsDataSink extends Sink {
-    ModelsAsDataSink() { sinkNode(this, "transmission") }
+    ModelsAsDataSink() { sinkNode(this, ["transmission", "request-url"]) }
  }
 }
--- a/rust/ql/lib/ext/generated/reqwest.model.yml
+++ b/rust/ql/lib/ext/generated/reqwest.model.yml
@@ -424,21 +424,21 @@ extensions:
      pack: codeql/rust-all
      extensible: sinkModel
    data:
-      - ["<reqwest::async_impl::client::Client>::delete", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::async_impl::client::Client>::get", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::async_impl::client::Client>::head", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::async_impl::client::Client>::patch", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::async_impl::client::Client>::post", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::async_impl::client::Client>::put", "Argument[0]", "transmission", "df-generated"]
+      - ["<reqwest::async_impl::client::Client>::delete", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::async_impl::client::Client>::get", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::async_impl::client::Client>::head", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::async_impl::client::Client>::patch", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::async_impl::client::Client>::post", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::async_impl::client::Client>::put", "Argument[0]", "request-url", "df-generated"]
      - ["<reqwest::async_impl::multipart::Form>::into_stream", "Argument[self]", "log-injection", "df-generated"]
      - ["<reqwest::async_impl::multipart::Form>::stream", "Argument[self]", "log-injection", "df-generated"]
      - ["<reqwest::async_impl::request::RequestBuilder>::multipart", "Argument[0]", "log-injection", "df-generated"]
-      - ["<reqwest::blocking::client::Client>::delete", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::blocking::client::Client>::get", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::blocking::client::Client>::head", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::blocking::client::Client>::patch", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::blocking::client::Client>::post", "Argument[0]", "transmission", "df-generated"]
-      - ["<reqwest::blocking::client::Client>::put", "Argument[0]", "transmission", "df-generated"]
+      - ["<reqwest::blocking::client::Client>::delete", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::blocking::client::Client>::get", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::blocking::client::Client>::head", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::blocking::client::Client>::patch", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::blocking::client::Client>::post", "Argument[0]", "request-url", "df-generated"]
+      - ["<reqwest::blocking::client::Client>::put", "Argument[0]", "request-url", "df-generated"]
      - ["<reqwest::blocking::multipart::Form>::into_reader", "Argument[self]", "log-injection", "df-generated"]
      - ["<reqwest::blocking::multipart::Form>::reader", "Argument[self]", "log-injection", "df-generated"]
      - ["<reqwest::blocking::multipart::Reader as std::io::Read>::read", "Argument[self]", "log-injection", "df-generated"]
@@ -450,9 +450,9 @@ extensions:
      - ["<reqwest::blocking::response::Response>::text_with_charset", "Argument[self]", "pointer-access", "df-generated"]
      - ["<reqwest::connect::ConnectorService as tower_service::Service>::call", "Argument[0]", "log-injection", "df-generated"]
      - ["<reqwest::error::Error>::new", "Argument[1]", "pointer-access", "df-generated"]
-      - ["reqwest::blocking::get", "Argument[0]", "transmission", "df-generated"]
+      - ["reqwest::blocking::get", "Argument[0]", "request-url", "df-generated"]
      - ["reqwest::blocking::wait::timeout", "Argument[1]", "pointer-access", "df-generated"]
-      - ["reqwest::get", "Argument[0]", "transmission", "df-generated"]
+      - ["reqwest::get", "Argument[0]", "request-url", "df-generated"]
  - addsTo:
      pack: codeql/rust-all
      extensible: sourceModel
--- a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected
+++ b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected
@@ -51,10 +51,10 @@ edges
 | main.rs:33:50:33:57 | password | main.rs:33:23:33:57 | MacroExpr | provenance |  |
 | main.rs:35:33:35:35 | url | main.rs:35:12:35:18 | request | provenance | MaD:2 Sink:MaD:2 |
 models
-| 1 | Sink: <reqwest::async_impl::client::Client>::post; Argument[0]; transmission |
-| 2 | Sink: <reqwest::async_impl::client::Client>::request; Argument[1]; transmission |
-| 3 | Sink: <reqwest::blocking::client::Client>::request; Argument[1]; transmission |
-| 4 | Sink: reqwest::blocking::get; Argument[0]; transmission |
+| 1 | Sink: <reqwest::async_impl::client::Client>::post; Argument[0]; request-url |
+| 2 | Sink: <reqwest::async_impl::client::Client>::request; Argument[1]; request-url |
+| 3 | Sink: <reqwest::blocking::client::Client>::request; Argument[1]; request-url |
+| 4 | Sink: reqwest::blocking::get; Argument[0]; request-url |
 | 5 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
 | 6 | Summary: <url::Url>::parse; Argument[0].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
 | 7 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |