Rust: Remove Sqlx.qll.

geoffw0 · geoffw0 · commit 87deab861fc6 · 2025-07-16T16:23:50.000+01:00
diff --git a/rust/ql/lib/codeql/rust/Frameworks.qll b/rust/ql/lib/codeql/rust/Frameworks.qll
@@ -4,6 +4,5 @@
 
 private import codeql.rust.frameworks.rustcrypto.RustCrypto
 private import codeql.rust.frameworks.Poem
-private import codeql.rust.frameworks.Sqlx
 private import codeql.rust.frameworks.stdlib.Clone
 private import codeql.rust.frameworks.stdlib.Stdlib
diff --git a/rust/ql/lib/codeql/rust/frameworks/Sqlx.qll b/rust/ql/lib/codeql/rust/frameworks/Sqlx.qll
diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -1,88 +1,10 @@
 #select
-| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
-| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value |
-| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
 edges
-| sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance |  |
-| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:2  |
-| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:3 |
-| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:5 |
-| sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance |  |
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:9 |
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:9 |
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance |  |
-| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:1  |
-| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:6 |
-| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:10 |
-| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:7 |
-| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance |  |
-| sqlx.rs:49:9:49:21 | remote_number | sqlx.rs:52:32:52:87 | MacroExpr | provenance |  |
-| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:7 |
-| sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | sqlx.rs:49:9:49:21 | remote_number | provenance |  |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:36 | safe_query_3 | provenance |  |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:8 |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:4 |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:8 |
-| sqlx.rs:52:24:52:88 | res | sqlx.rs:52:32:52:87 | { ... } | provenance |  |
-| sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:24:52:88 | res | provenance |  |
-| sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance |  |
-| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:11 |
-| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:12 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | provenance | MaD:8 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | provenance | MaD:4 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | provenance | MaD:8 |
-| sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance |  |
-| sqlx.rs:53:27:53:36 | arg_string | sqlx.rs:53:26:53:36 | &arg_string [&ref] | provenance |  |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | provenance | MaD:8 |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | provenance | MaD:4 |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | provenance | MaD:8 |
-| sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance |  |
-| sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance |  |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:8 |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:4 |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:8 |
-models
-| 1 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
-| 2 | Source: std::env::args; ReturnValue.Element; commandargs |
-| 3 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
-| 4 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
-| 5 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 6 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 7 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 8 | Summary: <core::str>::as_str; Argument[self]; ReturnValue; value |
-| 9 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 10 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 11 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
-| 12 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
 nodes
-| sqlx.rs:47:9:47:18 | arg_string | semmle.label | arg_string |
-| sqlx.rs:47:22:47:35 | ...::args | semmle.label | ...::args |
-| sqlx.rs:47:22:47:37 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
-| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] |
-| sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| sqlx.rs:48:9:48:21 | remote_string | semmle.label | remote_string |
-| sqlx.rs:48:25:48:46 | ...::get | semmle.label | ...::get |
-| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
-| sqlx.rs:48:25:48:78 | ... .unwrap() | semmle.label | ... .unwrap() |
-| sqlx.rs:48:25:48:85 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
-| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| sqlx.rs:49:9:49:21 | remote_number | semmle.label | remote_number |
-| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | semmle.label | remote_string.parse() [Ok] |
-| sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| sqlx.rs:52:9:52:20 | safe_query_3 | semmle.label | safe_query_3 |
-| sqlx.rs:52:24:52:88 | res | semmle.label | res |
-| sqlx.rs:52:32:52:87 | ...::format(...) | semmle.label | ...::format(...) |
-| sqlx.rs:52:32:52:87 | ...::must_use(...) | semmle.label | ...::must_use(...) |
-| sqlx.rs:52:32:52:87 | MacroExpr | semmle.label | MacroExpr |
-| sqlx.rs:52:32:52:87 | { ... } | semmle.label | { ... } |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | semmle.label | unsafe_query_1 [&ref] |
-| sqlx.rs:53:26:53:36 | &arg_string [&ref] | semmle.label | &arg_string [&ref] |
-| sqlx.rs:53:27:53:36 | arg_string | semmle.label | arg_string |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] |
-| sqlx.rs:54:26:54:39 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
-| sqlx.rs:54:27:54:39 | remote_string | semmle.label | remote_string |
-| sqlx.rs:77:25:77:36 | safe_query_3 | semmle.label | safe_query_3 |
-| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | semmle.label | safe_query_3.as_str() |
-| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() |
-| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | semmle.label | unsafe_query_2.as_str() |
 subpaths
+testFailures
+| sqlx.rs:47:80:47:96 | //... | Missing result: Source=args1 |
+| sqlx.rs:48:121:48:139 | //... | Missing result: Source=remote1 |
+| sqlx.rs:77:71:77:129 | //... | Fixed spurious result: Alert[rust/sql-injection]=remote1 |
+| sqlx.rs:78:73:78:117 | //... | Missing result: Alert[rust/sql-injection]=args1 |
+| sqlx.rs:80:77:80:123 | //... | Missing result: Alert[rust/sql-injection]=remote1 |
diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlSinks.expected b/rust/ql/test/query-tests/security/CWE-089/SqlSinks.expected
@@ -0,0 +1,39 @@
+| sqlx.rs:75:71:75:83 | //... | Missing result: sql-sink |
+| sqlx.rs:76:71:76:83 | //... | Missing result: sql-sink |
+| sqlx.rs:77:71:77:129 | //... | Missing result: sql-sink |
+| sqlx.rs:78:73:78:117 | //... | Missing result: sql-sink |
+| sqlx.rs:80:77:80:123 | //... | Missing result: sql-sink |
+| sqlx.rs:81:77:81:132 | //... | Missing result: sql-sink |
+| sqlx.rs:82:77:82:132 | //... | Missing result: sql-sink |
+| sqlx.rs:84:94:84:106 | //... | Missing result: sql-sink |
+| sqlx.rs:85:92:85:104 | //... | Missing result: sql-sink |
+| sqlx.rs:87:99:87:111 | //... | Missing result: sql-sink |
+| sqlx.rs:88:99:88:111 | //... | Missing result: sql-sink |
+| sqlx.rs:111:77:111:89 | //... | Missing result: sql-sink |
+| sqlx.rs:113:83:113:138 | //... | Missing result: sql-sink |
+| sqlx.rs:117:75:117:87 | //... | Missing result: sql-sink |
+| sqlx.rs:118:99:118:111 | //... | Missing result: sql-sink |
+| sqlx.rs:120:81:120:136 | //... | Missing result: sql-sink |
+| sqlx.rs:121:104:121:116 | //... | Missing result: sql-sink |
+| sqlx.rs:124:66:124:78 | //... | Missing result: sql-sink |
+| sqlx.rs:125:90:125:102 | //... | Missing result: sql-sink |
+| sqlx.rs:127:72:127:127 | //... | Missing result: sql-sink |
+| sqlx.rs:128:95:128:107 | //... | Missing result: sql-sink |
+| sqlx.rs:131:106:131:118 | //... | Missing result: sql-sink |
+| sqlx.rs:133:130:133:142 | //... | Missing result: sql-sink |
+| sqlx.rs:136:109:136:164 | //... | Missing result: sql-sink |
+| sqlx.rs:137:132:137:144 | //... | Missing result: sql-sink |
+| sqlx.rs:140:129:140:141 | //... | Missing result: sql-sink |
+| sqlx.rs:142:153:142:165 | //... | Missing result: sql-sink |
+| sqlx.rs:145:132:145:189 | //... | Missing result: sql-sink |
+| sqlx.rs:146:155:146:167 | //... | Missing result: sql-sink |
+| sqlx.rs:149:77:149:89 | //... | Missing result: sql-sink |
+| sqlx.rs:150:101:150:113 | //... | Missing result: sql-sink |
+| sqlx.rs:151:116:151:128 | //... | Missing result: sql-sink |
+| sqlx.rs:153:83:153:138 | //... | Missing result: sql-sink |
+| sqlx.rs:154:106:154:118 | //... | Missing result: sql-sink |
+| sqlx.rs:155:121:155:133 | //... | Missing result: sql-sink |
+| sqlx.rs:185:71:185:83 | //... | Missing result: sql-sink |
+| sqlx.rs:186:95:186:107 | //... | Missing result: sql-sink |
+| sqlx.rs:188:77:188:132 | //... | Missing result: sql-sink |
+| sqlx.rs:189:100:189:112 | //... | Missing result: sql-sink |
