Skip to content

Commit d828941

Browse files
geoffw0geoffw0
committed
Rust: Address review comments.
1 parent 758092b commit d828941

File tree

2 files changed

+1
-4
lines changed

2 files changed

+1
-4
lines changed

rust/ql/src/queries/security/CWE-089/SqlInjection.ql

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,6 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
2727
predicate isBarrier(DataFlow::Node barrier) { barrier instanceof SqlInjection::Barrier }
2828
}
2929

30-
/**
31-
* Detect taint flow of tainted data that reaches a SQL sink.
32-
*/
3330
module SqlInjectionFlow = TaintTracking::Global<SqlInjectionConfig>;
3431

3532
from SqlInjectionFlow::PathNode sourceNode, SqlInjectionFlow::PathNode sinkNode

rust/ql/src/queries/security/CWE-089/SqlInjectionBad.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,4 @@ let unsafe_query = format!("SELECT * FROM people WHERE firstname='{remote_contro
44

55
let _ = conn.execute(unsafe_query.as_str()).await?; // BAD (arbitrary SQL injection is possible)
66

7-
let _ = sqlx::query(unsafe_query.as_str()).fetch_all(&mut conn).await?; // $ BAD (arbitrary SQL injection is possible)
7+
let _ = sqlx::query(unsafe_query.as_str()).fetch_all(&mut conn).await?; // BAD (arbitrary SQL injection is possible)

0 commit comments

Comments
 (0)