Merge branch 'main' into gen1

Author: geoffw0

rust/ql/lib/change-notes/2025-09-29-actix-web-model.md

@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Added basic models for the `actix-web` web framework.

rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml

@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["<actix_web::route::Route>::to", "Argument[0].Parameter[0..7]", "remote", "manual"]
+      # Actix attributes such as `get` expand to this `to` call on the handler.
+      - ["<actix_web::resource::Resource>::to", "Argument[0].Parameter[0..7]", "remote", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: summaryModel
+    data:
+        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue", "taint", "manual"]
+        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[0]", "taint", "manual"]
+        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[1]", "taint", "manual"]
+        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[2]", "taint", "manual"]
+        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[3]", "taint", "manual"]
+        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[4]", "taint", "manual"]

rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml renamed to rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml

@@ -100,6 +100,38 @@
 | web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:68:15:68:15 | a | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:127:5:127:20 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:139:41:139:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:140:45:140:46 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| web_frameworks.rs:141:41:141:42 | to | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | web_frameworks.rs:242:33:242:35 | map | Flow source 'RemoteSource' of type remote (DEFAULT). |

rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml renamed to rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml

@@ -95,50 +95,50 @@ mod actix_test {
     use actix_web::{get, web, App};
 
     async fn my_actix_handler_1(
-        path: web::Path<String>, // $ MISSING: Alert[rust/summary/taint-sources]
+        path: web::Path<String>,
     ) -> String {
         let a = path.into_inner();
-        sink(a.as_str()); // $ MISSING: hasTaintFlow
-        sink(a.as_bytes()); // $ MISSING: hasTaintFlow
-        sink(a); // $ MISSING: hasTaintFlow
+        sink(a.as_str()); // $ hasTaintFlow=my_actix_handler_1
+        sink(a.as_bytes()); // $ hasTaintFlow=my_actix_handler_1
+        sink(a); // $ hasTaintFlow=my_actix_handler_1
 
         "".to_string()
     }
 
     async fn my_actix_handler_2(
-        path: web::Path<(String, String)>, // $ MISSING: Alert[rust/summary/taint-sources]
+        path: web::Path<(String, String)>,
     ) -> String {
         let (a, b) = path.into_inner();
 
-        sink(a); // $ MISSING: hasTaintFlow
-        sink(b); // $ MISSING: hasTaintFlow
+        sink(a); // $ hasTaintFlow=my_actix_handler_2
+        sink(b); // $ hasTaintFlow=my_actix_handler_2
 
         "".to_string()
     }
 
     async fn my_actix_handler_3(
-        web::Query(a): web::Query<String>, // $ MISSING: Alert[rust/summary/taint-sources]
+        web::Query(a): web::Query<String>,
     ) -> String {
         sink(a); // $ MISSING: hasTaintFlow
 
         "".to_string()
     }
 
-    #[get("/4/{a}")]
+    #[get("/4/{a}")] // $ Alert[rust/summary/taint-sources]
     async fn my_actix_handler_4(
-        path: web::Path<String>, // $ MISSING: Alert[rust/summary/taint-sources]
+        path: web::Path<String>,
     ) -> String {
         let a = path.into_inner();
-        sink(a); // $ MISSING: hasTaintFlow
+        sink(a); // $ hasTaintFlow=my_actix_handler_4
 
         "".to_string()
     }
 
     async fn test_actix() {
         let app = App::new()
-            .route("/1/{a}", web::get().to(my_actix_handler_1))
-            .route("/2/{a}/{b}", web::get().to(my_actix_handler_2))
-            .route("/3/{a}", web::get().to(my_actix_handler_3))
+            .route("/1/{a}", web::get().to(my_actix_handler_1)) // $ Alert[rust/summary/taint-sources]
+            .route("/2/{a}/{b}", web::get().to(my_actix_handler_2)) // $ Alert[rust/summary/taint-sources]
+            .route("/3/{a}", web::get().to(my_actix_handler_3)) // $ Alert[rust/summary/taint-sources]
             .service(my_actix_handler_4);
 
         // ...