Rust: Model some sources in hyper.

geoffw0 · geoffw0 · commit ff53d422cb16 · 2025-02-04T10:28:05.000Z
diff --git a/rust/ql/lib/codeql/rust/frameworks/http.model.yml b/rust/ql/lib/codeql/rust/frameworks/http.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http1::SendRequest>::send_request", "ReturnValue", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http2::SendRequest>::send_request", "ReturnValue", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http1::SendRequest>::try_send_request", "ReturnValue", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http2::SendRequest>::try_send_request", "ReturnValue", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::Client>::get", "ReturnValue", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::Client>::request", "ReturnValue", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper-util:hyper-util", "<crate::client::legacy::Client>::get", "ReturnValue", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper-util:hyper-util", "<crate::client::legacy::Client>::request", "ReturnValue", "remote", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
@@ -19,4 +19,5 @@
 | test.rs:72:26:72:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:75:26:75:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:78:24:78:35 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:108:31:108:42 | send_request | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:193:16:193:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -105,7 +105,7 @@ async fn test_hyper_http(case: i64) -> Result<(), Box<dyn std::error::Error>> {
     // make the request
     println!("sending request...");
     let request = http::Request::builder().uri(url).body(String::from(""))?;
-    let mut response = sender.send_request(request).await?; // $ MISSING: Alert[rust/summary/taint-sources]
+    let mut response = sender.send_request(request).await?; // $ Alert[rust/summary/taint-sources]
     sink(&response); // $ MISSING: hasTaintFlow
 
     if !response.status().is_success() {
