From bfe934118d6767c2b6cf69fc2fe44a20f09f213b Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Tue, 9 Sep 2025 15:11:17 +0200 Subject: [PATCH 1/6] Rust: Add web framework tests for Warp --- .../library-tests/dataflow/sources/Cargo.lock | 72 +++++++++++++++++++ .../dataflow/sources/options.yml | 1 + .../dataflow/sources/web_frameworks.rs | 58 +++++++++++++++ 3 files changed, 131 insertions(+) diff --git a/rust/ql/test/library-tests/dataflow/sources/Cargo.lock b/rust/ql/test/library-tests/dataflow/sources/Cargo.lock index 5bdbe2c0ebbf..887f9016bc7d 100644 --- a/rust/ql/test/library-tests/dataflow/sources/Cargo.lock +++ b/rust/ql/test/library-tests/dataflow/sources/Cargo.lock @@ -1514,6 +1514,16 @@ version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" +[[package]] +name = "mime_guess" +version = "2.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e" +dependencies = [ + "mime", + "unicase", +] + [[package]] name = "minimal-lexical" version = "0.2.1" @@ -1680,6 +1690,26 @@ version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" +[[package]] +name = "pin-project" +version = "1.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677f1add503faace112b9f1373e43e9e054bfdd22ff1a63c1bc485eaec6a6a8a" +dependencies = [ + "pin-project-internal", +] + +[[package]] +name = "pin-project-internal" +version = "1.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e918e4ff8c4549eb882f14b3a4bc8c8bc93de829416eacf579f1207a8fbf861" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "pin-project-lite" version = "0.2.16" @@ -2069,6 +2099,12 @@ dependencies = [ "windows-sys 0.59.0", ] +[[package]] +name = "scoped-tls" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294" + [[package]] name = "scopeguard" version = "1.2.0" @@ -2297,6 +2333,7 @@ dependencies = [ "serde", "serde_json", "tokio", + "warp", ] [[package]] @@ -2538,6 +2575,12 @@ dependencies = [ "version_check", ] +[[package]] +name = "unicase" +version = "2.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539" + [[package]] name = "unicode-ident" version = "1.0.18" @@ -2600,6 +2643,35 @@ dependencies = [ "try-lock", ] +[[package]] +name = "warp" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d06d9202adc1f15d709c4f4a2069be5428aa912cc025d6f268ac441ab066b0" +dependencies = [ + "bytes", + "futures-util", + "headers", + "http 1.3.1", + "http-body", + "http-body-util", + "hyper", + "hyper-util", + "log", + "mime", + "mime_guess", + "percent-encoding", + "pin-project", + "scoped-tls", + "serde", + "serde_json", + "serde_urlencoded", + "tokio", + "tokio-util", + "tower-service", + "tracing", +] + [[package]] name = "wasi" version = "0.11.1+wasi-snapshot-preview1" diff --git a/rust/ql/test/library-tests/dataflow/sources/options.yml b/rust/ql/test/library-tests/dataflow/sources/options.yml index a05a970f7b87..1fc6475170a3 100644 --- a/rust/ql/test/library-tests/dataflow/sources/options.yml +++ b/rust/ql/test/library-tests/dataflow/sources/options.yml @@ -16,3 +16,4 @@ qltest_dependencies: - rustls = { version = "0.23.27" } - futures-rustls = { version = "0.26.0" } - async-std = { version = "1.13.1" } + - warp = { version = "0.4.2", features = ["server"] } diff --git a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs index 32cae626593b..757ef3371e13 100644 --- a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs +++ b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs @@ -229,3 +229,61 @@ mod axum_test { // ... } } + +mod warp_test { + use super::sink; + use warp::Filter; + + #[tokio::main] + #[rustfmt::skip] + async fn test_warp() { + // A route with parameter and `map` + let map_route = + warp::path::param().map(|a: String| // $ MISSING: Alert[rust/summary/taint-sources] + { + sink(a); // $ MISSING: hasTaintFlow + + "".to_string() + }); + + // A route with parameter and `then` + let then_route = warp::path::param().then( // $ MISSING: Alert[rust/summary/taint-sources] + |a: String| async move { + sink(a); // $ MISSING: hasTaintFlow + + "".to_string() + }, + ); + + // A route with parameter and `and_then` + let and_then_route = warp::path::param().and_then( // $ MISSING: Alert[rust/summary/taint-sources] + | id: u64 | + async move { + if id != 0 { + sink(id); // $ MISSING: hasTaintFlow + Ok("".to_string()) + } else { + Err(warp::reject::not_found()) + } + }, + ); + + // A route with path, parameter, and `and_then` + let path_and_map_route = warp::path("1").and(warp::path::param()).map( // $ MISSING: Alert[rust/summary/taint-sources] + | a: String | + { + sink(a); // $ MISSING: hasTaintFlow + + "".to_string() + }, + ); + + let routes = warp::get().and( + map_route + .or(then_route) + .or(and_then_route) + .or(path_and_map_route), + ); + warp::serve(routes).run(([127, 0, 0, 1], 3030)).await; + } +} From 1af6b37fc4da5b2fbaac504cbaa063de0162950e Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Wed, 10 Sep 2025 11:47:32 +0200 Subject: [PATCH 2/6] Rust: Add models for Warp --- .../lib/codeql/rust/frameworks/warp.model.yml | 20 +++++++++++++ .../dataflow/sources/TaintSources.expected | 30 +++++++++++++++++++ .../dataflow/sources/web_frameworks.rs | 6 ++-- 3 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/warp.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/warp.model.yml b/rust/ql/lib/codeql/rust/frameworks/warp.model.yml new file mode 100644 index 000000000000..c44e58274d1d --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/warp.model.yml @@ -0,0 +1,20 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[0]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[1]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[2]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[3]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[4]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[0]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[1]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[2]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[3]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[4]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[0]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[1]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[2]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[3]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[4]", "remote", "manual"] \ No newline at end of file diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index 59f1e9b4e0c4..7182c231ba1b 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -100,3 +100,33 @@ | web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | diff --git a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs index 757ef3371e13..19df053b0b6d 100644 --- a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs +++ b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs @@ -239,7 +239,7 @@ mod warp_test { async fn test_warp() { // A route with parameter and `map` let map_route = - warp::path::param().map(|a: String| // $ MISSING: Alert[rust/summary/taint-sources] + warp::path::param().map(|a: String| // $ Alert[rust/summary/taint-sources] { sink(a); // $ MISSING: hasTaintFlow @@ -247,7 +247,7 @@ mod warp_test { }); // A route with parameter and `then` - let then_route = warp::path::param().then( // $ MISSING: Alert[rust/summary/taint-sources] + let then_route = warp::path::param().then( // $ Alert[rust/summary/taint-sources] |a: String| async move { sink(a); // $ MISSING: hasTaintFlow @@ -256,7 +256,7 @@ mod warp_test { ); // A route with parameter and `and_then` - let and_then_route = warp::path::param().and_then( // $ MISSING: Alert[rust/summary/taint-sources] + let and_then_route = warp::path::param().and_then( // $ Alert[rust/summary/taint-sources] | id: u64 | async move { if id != 0 { From f432498574fe9f7a8e9297957a56c938729b30c7 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 15 Sep 2025 09:38:17 +0200 Subject: [PATCH 3/6] Rust: Use comma notation in Warp model --- .../lib/codeql/rust/frameworks/warp.model.yml | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/warp.model.yml b/rust/ql/lib/codeql/rust/frameworks/warp.model.yml index c44e58274d1d..716f81d4852b 100644 --- a/rust/ql/lib/codeql/rust/frameworks/warp.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/warp.model.yml @@ -3,18 +3,6 @@ extensions: pack: codeql/rust-all extensible: sourceModel data: - - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[0]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[1]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[2]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[3]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[4]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[0]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[1]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[2]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[3]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[4]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[0]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[1]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[2]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[3]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[4]", "remote", "manual"] \ No newline at end of file + - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[0,1,2,3,4,5,6]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[0,1,2,3,4,5,6]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[0,1,2,3,4,5,6]", "remote", "manual"] \ No newline at end of file From 46cd62bd516a0cc41a2b05d6bd103575890b9443 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Wed, 17 Sep 2025 09:17:35 +0200 Subject: [PATCH 4/6] Rust: Use `..` notation in model --- rust/ql/lib/codeql/rust/frameworks/warp.model.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/warp.model.yml b/rust/ql/lib/codeql/rust/frameworks/warp.model.yml index 716f81d4852b..5071b4dea868 100644 --- a/rust/ql/lib/codeql/rust/frameworks/warp.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/warp.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/rust-all extensible: sourceModel data: - - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[0,1,2,3,4,5,6]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[0,1,2,3,4,5,6]", "remote", "manual"] - - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[0,1,2,3,4,5,6]", "remote", "manual"] \ No newline at end of file + - ["<_ as warp::filter::Filter>::then", "Argument[0].Parameter[0..7]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::map", "Argument[0].Parameter[0..7]", "remote", "manual"] + - ["<_ as warp::filter::Filter>::and_then", "Argument[0].Parameter[0..7]", "remote", "manual"] \ No newline at end of file From e80c192cf22f5da075f08e9512c2e71fa4806b11 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Wed, 17 Sep 2025 10:01:51 +0200 Subject: [PATCH 5/6] Rust: Use async closure instead of async block --- .../test/library-tests/dataflow/sources/web_frameworks.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs index 19df053b0b6d..2489ac2ee238 100644 --- a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs +++ b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs @@ -248,7 +248,7 @@ mod warp_test { // A route with parameter and `then` let then_route = warp::path::param().then( // $ Alert[rust/summary/taint-sources] - |a: String| async move { + async move |a: String| { sink(a); // $ MISSING: hasTaintFlow "".to_string() @@ -257,8 +257,8 @@ mod warp_test { // A route with parameter and `and_then` let and_then_route = warp::path::param().and_then( // $ Alert[rust/summary/taint-sources] - | id: u64 | - async move { + async move | id: u64 | + { if id != 0 { sink(id); // $ MISSING: hasTaintFlow Ok("".to_string()) From c1ebe920a1dd140df56696a70a7643ea5478a07f Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Wed, 17 Sep 2025 10:07:44 +0200 Subject: [PATCH 6/6] Rust: Update expected file --- .../dataflow/sources/TaintSources.expected | 34 +++++++++++++++++++ .../dataflow/sources/web_frameworks.rs | 2 +- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index 7182c231ba1b..96b6426baf41 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -110,6 +110,15 @@ | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | @@ -120,6 +129,15 @@ | web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:250:46:250:49 | then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | @@ -130,3 +148,19 @@ | web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:259:50:259:57 | and_then | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:272:75:272:77 | map | Flow source 'RemoteSource' of type remote (DEFAULT). | diff --git a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs index 2489ac2ee238..857fc3b479e8 100644 --- a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs +++ b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs @@ -269,7 +269,7 @@ mod warp_test { ); // A route with path, parameter, and `and_then` - let path_and_map_route = warp::path("1").and(warp::path::param()).map( // $ MISSING: Alert[rust/summary/taint-sources] + let path_and_map_route = warp::path("1").and(warp::path::param()).map( // $ Alert[rust/summary/taint-sources] | a: String | { sink(a); // $ MISSING: hasTaintFlow