Rust: Add Warp test to request forgery query tests

Author: paldepind

rust/ql/test/query-tests/security/CWE-918/Cargo.lock

@@ -3,3 +3,4 @@ qltest_dependencies:
     - reqwest = { version = "0.12.23", features = ["blocking", "json"] }
     - tokio = { version = "1.0", features = ["full"] }
     - poem = { version = "3.1.12", features = ["server"] }
+    - warp = { version = "0.4.2", features = ["server"] }

rust/ql/test/query-tests/security/CWE-918/options.yml

@@ -54,6 +54,26 @@ mod poem_server {
     }
 }
 
+mod warp_test {
+    use warp::Filter;
+
+    #[tokio::main]
+    #[rustfmt::skip]
+    async fn test_warp() {
+        // A route with parameter and `and_then`
+        let map_route =
+            warp::path::param().and_then(async |a: String| // $ MISSING: Source=a
+            {
+
+            let response = reqwest::get(&a).await; // $ MISSING: Alert[rust/request-forgery]=a
+            match response {
+                Ok(resp) => Ok(resp.text().await.unwrap_or_default()),
+                Err(_err) => Err(warp::reject::not_found()),
+            }
+        });
+    }
+}
+
 /// Start the Poem web application
 pub fn start() {
     tokio::runtime::Runtime::new()