Rust: Test more variants of postgres usage.

geoffw0 · geoffw0 · commit 31353e7efc3b · 2025-08-11T17:41:24.000+01:00
diff --git a/rust/ql/test/library-tests/frameworks/postgres/main.rs b/rust/ql/test/library-tests/frameworks/postgres/main.rs
@@ -1,5 +1,4 @@
 
-
 fn main() -> Result<(), Box<dyn std::error::Error>> {
     // Get input from CLI
     let args: Vec<String> = std::env::args().collect();
@@ -18,19 +17,22 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     )?;
 
     let query = format!("INSERT INTO person (name, age) VALUES ('{}', '{}')", name, age);
+    let query2 = "INSERT INTO person (id) VALUES ($1)";
 
     conn.execute(query.as_str(), &[])?;     // $ sql-sink
     conn.batch_execute(query.as_str())?;    // $ sql-sink
 
     conn.prepare(query.as_str())?;          // $ sql-sink
-    // conn.prepare_typed(query.as_str(), &[])?;
+    conn.prepare_typed(query2, &[postgres::types::Type::INT4])?; // $ sql-sink
 
     conn.query(query.as_str(), &[])?;       // $ sql-sink
     conn.query_one(query.as_str(), &[])?;   // $ sql-sink
     conn.query_opt(query.as_str(), &[])?;   // $ sql-sink
-    // conn.query_raw(query.as_str(), &[])?;
-    // conn.query_typed(query.as_str(), &[])?;
-    // conn.query_typed_raw(query.as_str(), &[])?;
+    let params: Vec<i32> = vec![0];
+    conn.query_raw(query.as_str(), params)?;        // $ sql-sink
+    conn.query_typed(query.as_str(), &[])?;         // $ sql-sink
+    let params: Vec<(i32, postgres::types::Type)> = vec![(0, postgres::types::Type::INT4)];
+    conn.query_typed_raw(query2, params)?;  // $ sql-sink
 
     for row in &conn.query("SELECT id, name, age FROM person", &[])? {  // $ sql-sink
         let id: i32 = row.get("id"); // $ database-read
@@ -39,5 +41,14 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         println!("found person: {} {} {}", id, name, age);
     }
 
+    for message in &conn.simple_query("SELECT id, name, age FROM person")? {  // $ MISSING: sql-sink
+        if let postgres::SimpleQueryMessage::Row(row) = message {
+            let id: i32 = row.get(0).unwrap().parse().unwrap(); // $ MISSING: database-read
+            let name: &str = row.get(1).unwrap(); // $ MISSING: database-read
+            let age: i32 = row.get(2).unwrap().parse().unwrap(); // $ MISSING: database-read
+            println!("found person: {} {} {}", id, name, age);
+        }
+    }
+
     Ok(())
 }
