Rust: Fix some shortcomings in our models of Reqwest.

geoffw0 · geoffw0 · commit 3104dba09e1b · 2025-05-01T13:04:17.000+01:00
diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
@@ -3,7 +3,7 @@ extensions:
       pack: codeql/rust-all
       extensible: sourceModel
     data:
-      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::get", "ReturnValue.Field[crate::result::Result::Ok(0)]", "remote", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::get", "ReturnValue.Future.Field[crate::result::Result::Ok(0)]", "remote", "manual"]
       - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::blocking::get", "ReturnValue.Field[crate::result::Result::Ok(0)]", "remote", "manual"]
   - addsTo:
       pack: codeql/rust-all
@@ -15,10 +15,13 @@ extensions:
       pack: codeql/rust-all
       extensible: summaryModel
     data:
-      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::response::Response>::text", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
-      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::response::Response>::text_with_charset", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
-      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::response::Response>::bytes", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
-      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::response::Response>::chunk", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[crate::option::Option::Some(0)]", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::response::Response>::text", "Argument[self]", "ReturnValue.Future.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::response::Response>::text_with_charset", "Argument[self]", "ReturnValue.Future.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::response::Response>::bytes", "Argument[self]", "ReturnValue.Future.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::response::Response>::chunk", "Argument[self]", "ReturnValue.Future.Field[crate::result::Result::Ok(0)].Field[crate::option::Option::Some(0)]", "taint", "manual"]
       - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
       - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text_with_charset", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
       - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::bytes", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::async_impl::response::Response>::text", "Argument[self]", "ReturnValue.Future.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::async_impl::response::Response>::bytes", "Argument[self]", "ReturnValue.Future.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::async_impl::response::Response>::chunk", "Argument[self]", "ReturnValue.Future.Field[crate::result::Result::Ok(0)].Field[crate::option::Option::Some(0)]", "taint", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -72,15 +72,15 @@ async fn test_reqwest() -> Result<(), reqwest::Error> {
     sink(remote_string4); // $ hasTaintFlow="example.com"
 
     let remote_string5 = reqwest::get("example.com").await?.text().await?; // $ Alert[rust/summary/taint-sources]
-    sink(remote_string5); // $ MISSING: hasTaintFlow
+    sink(remote_string5); // $ hasTaintFlow="example.com"
 
     let remote_string6 = reqwest::get("example.com").await?.bytes().await?; // $ Alert[rust/summary/taint-sources]
-    sink(remote_string6); // $ MISSING: hasTaintFlow
+    sink(remote_string6); // $ hasTaintFlow="example.com"
 
     let mut request1 = reqwest::get("example.com").await?; // $ Alert[rust/summary/taint-sources]
-    sink(request1.chunk().await?.unwrap()); // $ MISSING: hasTaintFlow
+    sink(request1.chunk().await?.unwrap()); // $ hasTaintFlow="example.com"
     while let Some(chunk) = request1.chunk().await? {
-        sink(chunk); // $ MISSING: hasTaintFlow
+        sink(chunk); // $ MISSING: hasTaintFlow="example.com"
     }
 
     Ok(())
