Rust: Make imports consistent and correct.

geoffw0 · geoffw0 · commit 0db551032c21 · 2025-04-04T18:23:53.000+01:00
diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
@@ -7,6 +7,7 @@ private import codeql.util.Unit
 private import rust
 private import codeql.rust.dataflow.DataFlow
 private import codeql.rust.dataflow.FlowSink
+private import codeql.rust.security.SensitiveData
 private import codeql.rust.Concepts
 
 /**
diff --git a/rust/ql/src/queries/security/CWE-022/TaintedPath.ql b/rust/ql/src/queries/security/CWE-022/TaintedPath.ql
@@ -16,11 +16,10 @@
 
 import rust
 import codeql.rust.dataflow.DataFlow
-import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl
 import codeql.rust.dataflow.TaintTracking
+import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl
+import codeql.rust.Concepts
 import codeql.rust.security.TaintedPathExtensions
-import TaintedPathFlow::PathGraph
-private import codeql.rust.Concepts
 
 newtype NormalizationState =
   /** A state signifying that the file path has not been normalized. */
@@ -84,6 +83,8 @@ module TaintedPathConfig implements DataFlow::StateConfigSig {
 
 module TaintedPathFlow = TaintTracking::GlobalWithState<TaintedPathConfig>;
 
+import TaintedPathFlow::PathGraph
+
 from TaintedPathFlow::PathNode source, TaintedPathFlow::PathNode sink
 where TaintedPathFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
@@ -14,7 +14,6 @@ import rust
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.dataflow.TaintTracking
 import codeql.rust.security.SqlInjectionExtensions
-import SqlInjectionFlow::PathGraph
 
 /**
  * A taint configuration for tainted data that reaches a SQL sink.
@@ -31,6 +30,8 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
 
 module SqlInjectionFlow = TaintTracking::Global<SqlInjectionConfig>;
 
+import SqlInjectionFlow::PathGraph
+
 from SqlInjectionFlow::PathNode sourceNode, SqlInjectionFlow::PathNode sinkNode
 where SqlInjectionFlow::flowPath(sourceNode, sinkNode)
 select sinkNode.getNode(), sourceNode, sinkNode, "This query depends on a $@.",
diff --git a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
@@ -13,7 +13,6 @@
 
 import rust
 import codeql.rust.dataflow.DataFlow
-import codeql.rust.security.SensitiveData
 import codeql.rust.dataflow.TaintTracking
 import codeql.rust.security.CleartextTransmissionExtensions
 
diff --git a/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql b/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
@@ -14,9 +14,9 @@
  */
 
 import rust
-import codeql.rust.security.CleartextLoggingExtensions
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.dataflow.TaintTracking
+import codeql.rust.security.CleartextLoggingExtensions
 
 /**
  * A taint-tracking configuration for cleartext logging vulnerabilities.
diff --git a/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql b/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql
@@ -13,9 +13,9 @@
  */
 
 import rust
-import codeql.rust.security.WeakSensitiveDataHashingExtensions
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.dataflow.TaintTracking
+import codeql.rust.security.WeakSensitiveDataHashingExtensions
 
 /**
  * Provides a taint-tracking configuration for detecting use of a broken or weak
