Rust: Fix up the test annotations.

geoffw0 · geoffw0 · commit 7b04cf1a73dd · 2025-09-16T12:20:29.000+01:00
diff --git a/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected b/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected
@@ -66,13 +66,3 @@ nodes
 | main.rs:60:21:60:42 | ...::get | semmle.label | ...::get |
 | main.rs:60:44:60:46 | url | semmle.label | url |
 subpaths
-testFailures
-| main.rs:22:20:22:39 | "http://example.com" | Unexpected result: Source |
-| main.rs:22:42:22:71 | //... | Missing result: Alert[rust/non-https-url] |
-| main.rs:25:21:25:42 | ...::get | Unexpected result: Alert |
-| main.rs:33:20:33:28 | "http://" | Unexpected result: Source |
-| main.rs:33:31:33:60 | //... | Missing result: Alert[rust/non-https-url] |
-| main.rs:36:30:36:51 | ...::get | Unexpected result: Alert |
-| main.rs:59:15:59:49 | "http://example.com/sensitive-... | Unexpected result: Source |
-| main.rs:59:52:59:81 | //... | Missing result: Alert[rust/non-https-url] |
-| main.rs:60:21:60:42 | ...::get | Unexpected result: Alert |
diff --git a/rust/ql/test/query-tests/security/CWE-319/main.rs b/rust/ql/test/query-tests/security/CWE-319/main.rs
@@ -11,30 +11,30 @@ fn test_direct_literals() {
     // BAD: Direct HTTP URLs that should be flagged
     let _response1 = reqwest::blocking::get("http://example.com/api").unwrap(); // $ Alert[rust/non-https-url]
     let _response2 = reqwest::blocking::get("http://api.example.com/data").unwrap(); // $ Alert[rust/non-https-url]
-    
-    // GOOD: HTTPS URLs that should not be flagged  
+
+    // GOOD: HTTPS URLs that should not be flagged
     let _response3 = reqwest::blocking::get("https://example.com/api").unwrap();
     let _response4 = reqwest::blocking::get("https://api.example.com/data").unwrap();
 }
 
 fn test_dynamic_urls() {
     // BAD: HTTP URLs constructed dynamically
-    let base_url = "http://example.com"; // $ Alert[rust/non-https-url]
+    let base_url = "http://example.com"; // $ Source
     let endpoint = "/api/users";
     let full_url = format!("{}{}", base_url, endpoint);
-    let _response = reqwest::blocking::get(&full_url).unwrap();
-    
+    let _response = reqwest::blocking::get(&full_url).unwrap(); // $ Alert[rust/non-https-url]
+
     // GOOD: HTTPS URLs constructed dynamically
     let secure_base = "https://example.com";
     let secure_full = format!("{}{}", secure_base, endpoint);
     let _secure_response = reqwest::blocking::get(&secure_full).unwrap();
-    
+
     // BAD: HTTP protocol string
-    let protocol = "http://"; // $ Alert[rust/non-https-url]
+    let protocol = "http://"; // $ Source
     let host = "api.example.com";
     let insecure_url = format!("{}{}", protocol, host);
-    let _insecure_response = reqwest::blocking::get(&insecure_url).unwrap();
-    
+    let _insecure_response = reqwest::blocking::get(&insecure_url).unwrap(); // $ Alert[rust/non-https-url]
+
     // GOOD: HTTPS protocol string
     let secure_protocol = "https://";
     let secure_url = format!("{}{}", secure_protocol, host);
@@ -47,7 +47,7 @@ fn test_localhost_exemptions() {
     let _local2 = reqwest::blocking::get("http://127.0.0.1:3000/test").unwrap();
     let _local3 = reqwest::blocking::get("http://192.168.1.100/internal").unwrap();
     let _local4 = reqwest::blocking::get("http://10.0.0.1/admin").unwrap();
-    
+
     // Test IPv6 localhost variants
     let _local5 = reqwest::blocking::get("http://[::1]:8080/api").unwrap();
     let _local6 = reqwest::blocking::get("http://[0:0:0:0:0:0:0:1]/test").unwrap();
@@ -56,10 +56,10 @@ fn test_localhost_exemptions() {
 // Additional test cases that mirror the Bad/Good examples
 fn test_examples() {
     // From UseOfHttpBad.rs - BAD case
-    let url = "http://example.com/sensitive-data"; // $ Alert[rust/non-https-url]
-    let _response = reqwest::blocking::get(url).unwrap();
-    
-    // From UseOfHttpGood.rs - GOOD case  
+    let url = "http://example.com/sensitive-data"; // $ Source
+    let _response = reqwest::blocking::get(url).unwrap(); // $ Alert[rust/non-https-url]
+
+    // From UseOfHttpGood.rs - GOOD case
     let secure_url = "https://example.com/sensitive-data";
     let _secure_response = reqwest::blocking::get(secure_url).unwrap();
-}
+}
