Rust: Restrict ReqwestGet by crate origin.

geoffw0 · geoffw0 · commit d8b58f21c77a · 2024-11-22T16:42:24.000Z
diff --git a/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll b/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll
@@ -9,8 +9,11 @@ private import codeql.rust.Concepts
  * A call to `reqwest::get` or `reqwest::blocking::get`.
  */
 private class ReqwestGet extends RemoteSource::Range {
+  CallExpr ce;
+
   ReqwestGet() {
-    this.asExpr().getExpr().(CallExpr).getExpr().(PathExpr).getPath().getResolvedPath() =
-      ["crate::get", "crate::blocking::get"]
+    this.asExpr().getExpr() = ce and
+    ce.getExpr().(PathExpr).getPath().getResolvedCrateOrigin().matches("%reqwest") and
+    ce.getExpr().(PathExpr).getPath().getResolvedPath() = ["crate::get", "crate::blocking::get"]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -9,8 +9,11 @@ private import codeql.rust.Concepts`
`9`	`9`	* A call to `reqwest::get` or `reqwest::blocking::get`.
`10`	`10`	`*/`
`11`	`11`	`private class ReqwestGet extends RemoteSource::Range {`
	`12`	`+ CallExpr ce;`
	`13`	`+`
`12`	`14`	`ReqwestGet() {`
`13`		`- this.asExpr().getExpr().(CallExpr).getExpr().(PathExpr).getPath().getResolvedPath() =`
`14`		`- ["crate::get", "crate::blocking::get"]`
	`15`	`+ this.asExpr().getExpr() = ce and`
	`16`	`+ ce.getExpr().(PathExpr).getPath().getResolvedCrateOrigin().matches("%reqwest") and`
	`17`	`+ ce.getExpr().(PathExpr).getPath().getResolvedPath() = ["crate::get", "crate::blocking::get"]`
`15`	`18`	`}`
`16`	`19`	`}`