1- mod sync_test
2- {
3- use mysql:: * ;
1+ mod sync_test {
42 use mysql:: prelude:: * ;
3+ use mysql:: * ;
54
65 pub fn test_mysql ( url : & str ) -> Result < ( ) , Box < dyn std:: error:: Error > > {
76 // connect through a MySQL connection pool
@@ -10,40 +9,67 @@ mod sync_test
109 let mut conn2: Conn = pool. get_conn ( ) ?. unwrap ( ) ;
1110
1211 // construct queries
13- let mut remote_string = reqwest:: blocking:: get ( "http://example.com/" ) . unwrap ( ) . text ( ) . unwrap_or ( String :: from ( "" ) ) ; // $ Source=remote10
12+ let mut remote_string = reqwest:: blocking:: get ( "http://example.com/" )
13+ . unwrap ( )
14+ . text ( )
15+ . unwrap_or ( String :: from ( "" ) ) ; // $ Source=remote10
1416 let safe_query = String :: from ( "SELECT * FROM people WHERE firstname='Alice'" ) ;
15- let unsafe_query = String :: from ( "SELECT * FROM people WHERE firstname='" ) + & remote_string + "'" ;
17+ let unsafe_query =
18+ String :: from ( "SELECT * FROM people WHERE firstname='" ) + & remote_string + "'" ;
1619 let prepared_query = String :: from ( "SELECT * FROM people WHERE firstname=?" ) ; // (prepared arguments are safe)
1720
1821 // direct execution (safe)
19- let _ : Vec < i64 > = conn. query ( safe_query. as_str ( ) ) ?; // $ sql-sink
22+ let _: Vec < i64 > = conn. query ( safe_query. as_str ( ) ) ?; // $ sql-sink
2023
2124 // direct execution (unsafe)
22- let _ : Vec < i64 > = conn. query ( unsafe_query. as_str ( ) ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
23- let _ : Vec < Result < i64 , FromRowError > > = conn. query_opt ( unsafe_query. as_str ( ) ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
25+ let _: Vec < i64 > = conn. query ( unsafe_query. as_str ( ) ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
26+ let _: Vec < Result < i64 , FromRowError > > = conn. query_opt ( unsafe_query. as_str ( ) ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
2427 conn. query_drop ( unsafe_query. as_str ( ) ) ; // $ sql-sink Alert[rust/sql-injection]=remote10
25- let _ : i64 = conn. query_first ( unsafe_query. as_str ( ) ) ?. unwrap ( ) ; // $ sql-sink Alert[rust/sql-injection]=remote10
26- let _ : Result < i64 , FromRowError > = conn. query_first_opt ( unsafe_query. as_str ( ) ) ?. unwrap ( ) ; // $ sql-sink Alert[rust/sql-injection]=remote10
28+ let _: i64 = conn. query_first ( unsafe_query. as_str ( ) ) ?. unwrap ( ) ; // $ sql-sink Alert[rust/sql-injection]=remote10
29+ let _: Result < i64 , FromRowError > = conn. query_first_opt ( unsafe_query. as_str ( ) ) ?. unwrap ( ) ; // $ sql-sink Alert[rust/sql-injection]=remote10
2730 let _ = conn. query_fold ( unsafe_query. as_str ( ) , 0 , |_: i64 , _: i64 | -> i64 { 0 } ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
28- let _ = conn. query_fold_opt ( unsafe_query. as_str ( ) , 0 , |_: i64 , _: Result < i64 , FromRowError > | -> i64 { 0 } ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
31+ let _ = conn. query_fold_opt (
32+ unsafe_query. as_str ( ) ,
33+ 0 ,
34+ |_: i64 , _: Result < i64 , FromRowError > | -> i64 { 0 } ,
35+ ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
2936 let _ = conn. query_iter ( unsafe_query. as_str ( ) ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
3037 let _ = conn. query_map ( unsafe_query. as_str ( ) , |_: i64 | -> ( ) { } ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
31- let _ = conn. query_map_opt ( unsafe_query. as_str ( ) , |_: Result < i64 , FromRowError > | -> ( ) { } ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
32- let _ : Vec < i64 > = conn2. query ( unsafe_query. as_str ( ) ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
38+ let _ = conn. query_map_opt (
39+ unsafe_query. as_str ( ) ,
40+ |_: Result < i64 , FromRowError > | -> ( ) { } ,
41+ ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
42+ let _: Vec < i64 > = conn2. query ( unsafe_query. as_str ( ) ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
3343
3444 // prepared queries (safe)
3545 let stmt = conn. prep ( prepared_query. as_str ( ) ) ?; // $ sql-sink
36- let _ : Vec < i64 > = conn. exec ( & stmt, ( remote_string. as_str ( ) , ) ) ?;
37- let _ : Vec < Result < i64 , FromRowError > > = conn. exec_opt ( & stmt, ( remote_string. as_str ( ) , ) ) ?;
46+ let _: Vec < i64 > = conn. exec ( & stmt, ( remote_string. as_str ( ) , ) ) ?;
47+ let _: Vec < Result < i64 , FromRowError > > = conn. exec_opt ( & stmt, ( remote_string. as_str ( ) , ) ) ?;
3848 let _ = conn. exec_batch ( & stmt, vec ! [ ( remote_string. as_str( ) , ) ] ) ?;
3949 conn. exec_drop ( & stmt, ( & remote_string. as_str ( ) , ) ) ;
40- let _ : i64 = conn. exec_first ( & stmt, ( remote_string. as_str ( ) , ) ) ?. unwrap ( ) ;
41- let _ : Result < i64 , FromRowError > = conn. exec_first_opt ( & stmt, ( remote_string. as_str ( ) , ) ) ?. unwrap ( ) ;
42- let _ = conn. exec_fold ( & stmt, ( remote_string. as_str ( ) , ) , 0 , |_: i64 , _: i64 | -> i64 { 0 } ) ?;
43- let _ = conn. exec_fold_opt ( & stmt, ( remote_string. as_str ( ) , ) , 0 , |_: i64 , _: Result < i64 , FromRowError > | -> i64 { 0 } ) ?;
50+ let _: i64 = conn. exec_first ( & stmt, ( remote_string. as_str ( ) , ) ) ?. unwrap ( ) ;
51+ let _: Result < i64 , FromRowError > = conn
52+ . exec_first_opt ( & stmt, ( remote_string. as_str ( ) , ) ) ?
53+ . unwrap ( ) ;
54+ let _ = conn. exec_fold (
55+ & stmt,
56+ ( remote_string. as_str ( ) , ) ,
57+ 0 ,
58+ |_: i64 , _: i64 | -> i64 { 0 } ,
59+ ) ?;
60+ let _ = conn. exec_fold_opt (
61+ & stmt,
62+ ( remote_string. as_str ( ) , ) ,
63+ 0 ,
64+ |_: i64 , _: Result < i64 , FromRowError > | -> i64 { 0 } ,
65+ ) ?;
4466 let _ = conn. exec_iter ( & stmt, ( remote_string. as_str ( ) , ) ) ?;
4567 let _ = conn. exec_map ( & stmt, ( remote_string. as_str ( ) , ) , |_: i64 | -> ( ) { } ) ?;
46- let _ = conn. exec_map_opt ( & stmt, ( remote_string. as_str ( ) , ) , |_: Result < i64 , FromRowError > | -> ( ) { } ) ?;
68+ let _ = conn. exec_map_opt (
69+ & stmt,
70+ ( remote_string. as_str ( ) , ) ,
71+ |_: Result < i64 , FromRowError > | -> ( ) { } ,
72+ ) ?;
4773
4874 // prepared queries (unsafe use)
4975 let stmt2 = conn. prep ( unsafe_query. as_str ( ) ) ?; // $ sql-sink Alert[rust/sql-injection]=remote10
@@ -58,44 +84,66 @@ mod sync_test
5884 }
5985}
6086
61- mod async_test
62- {
63- use mysql_async:: * ;
87+ mod async_test {
6488 use mysql_async:: prelude:: * ;
89+ use mysql_async:: * ;
6590
6691 pub async fn test_mysql_async ( url : & str ) -> Result < ( ) > {
6792 // connect through a MySQL connection pool
6893 let mut pool = Pool :: new ( "" ) ; // (this test is not runnable)
6994 let mut conn = pool. get_conn ( ) . await ?;
7095
7196 // construct queries
72- let mut remote_string = reqwest:: blocking:: get ( "http://example.com/" ) . unwrap ( ) . text ( ) . unwrap_or ( String :: from ( "" ) ) ; // $ Source=remote11
97+ let mut remote_string = reqwest:: blocking:: get ( "http://example.com/" )
98+ . unwrap ( )
99+ . text ( )
100+ . unwrap_or ( String :: from ( "" ) ) ; // $ Source=remote11
73101 let safe_query = String :: from ( "SELECT * FROM people WHERE firstname='Alice'" ) ;
74- let unsafe_query = String :: from ( "SELECT * FROM people WHERE firstname='" ) + & remote_string + "'" ;
102+ let unsafe_query =
103+ String :: from ( "SELECT * FROM people WHERE firstname='" ) + & remote_string + "'" ;
75104 let prepared_query = String :: from ( "SELECT * FROM people WHERE firstname=?" ) ; // (prepared arguments are safe)
76105
77106 // direct execution (safe)
78- let _ : Vec < i64 > = conn. query ( safe_query. as_str ( ) ) . await ?; // $ sql-sink
107+ let _: Vec < i64 > = conn. query ( safe_query. as_str ( ) ) . await ?; // $ sql-sink
79108
80109 // direct execution (unsafe)
81- let _ : Vec < i64 > = conn. query ( unsafe_query. as_str ( ) ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
110+ let _: Vec < i64 > = conn. query ( unsafe_query. as_str ( ) ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
82111 conn. query_drop ( unsafe_query. as_str ( ) ) ; // $ sql-sink Alert[rust/sql-injection]=remote11
83- let _ : Option < i64 > = conn. query_first ( unsafe_query. as_str ( ) ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
84- let _ = conn. query_fold ( unsafe_query. as_str ( ) , 0 , |_: i64 , _: i64 | -> i64 { 0 } ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
112+ let _: Option < i64 > = conn. query_first ( unsafe_query. as_str ( ) ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
113+ let _ = conn
114+ . query_fold ( unsafe_query. as_str ( ) , 0 , |_: i64 , _: i64 | -> i64 { 0 } )
115+ . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
85116 let _ = conn. query_iter ( unsafe_query. as_str ( ) ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
86- let _ = conn. query_stream :: < i64 , & str > ( unsafe_query. as_str ( ) ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
87- let _ = conn. query_map ( unsafe_query. as_str ( ) , |_: i64 | -> ( ) { } ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
117+ let _ = conn
118+ . query_stream :: < i64 , & str > ( unsafe_query. as_str ( ) )
119+ . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
120+ let _ = conn
121+ . query_map ( unsafe_query. as_str ( ) , |_: i64 | -> ( ) { } )
122+ . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
88123
89124 // prepared queries (safe)
90125 let stmt = conn. prep ( prepared_query. as_str ( ) ) . await ?; // $ sql-sink
91- let _ : Vec < i64 > = conn. exec ( & stmt, ( remote_string. as_str ( ) , ) ) . await ?;
92- let _ = conn. exec_batch ( & stmt, vec ! [ ( remote_string. as_str( ) , ) ] ) . await ?;
126+ let _: Vec < i64 > = conn. exec ( & stmt, ( remote_string. as_str ( ) , ) ) . await ?;
127+ let _ = conn
128+ . exec_batch ( & stmt, vec ! [ ( remote_string. as_str( ) , ) ] )
129+ . await ?;
93130 conn. exec_drop ( & stmt, ( & remote_string. as_str ( ) , ) ) ;
94- let _ : Option < i64 > = conn. exec_first ( & stmt, ( remote_string. as_str ( ) , ) ) . await ?;
95- let _ = conn. exec_fold ( & stmt, ( remote_string. as_str ( ) , ) , 0 , |_: i64 , _: i64 | -> i64 { 0 } ) . await ?;
131+ let _: Option < i64 > = conn. exec_first ( & stmt, ( remote_string. as_str ( ) , ) ) . await ?;
132+ let _ = conn
133+ . exec_fold (
134+ & stmt,
135+ ( remote_string. as_str ( ) , ) ,
136+ 0 ,
137+ |_: i64 , _: i64 | -> i64 { 0 } ,
138+ )
139+ . await ?;
96140 let _ = conn. exec_iter ( & stmt, ( remote_string. as_str ( ) , ) ) . await ?;
97- let _ = conn. exec_stream :: < i64 , & Statement , ( & str , ) > ( & stmt, ( remote_string. as_str ( ) , ) ) . await ?;
98- let _ = conn. exec_map ( & stmt, ( remote_string. as_str ( ) , ) , |_: i64 | -> ( ) { } ) . await ?;
141+ let _ = conn
142+ . exec_stream :: < i64 , & Statement , ( & str , ) > ( & stmt, ( remote_string. as_str ( ) , ) )
143+ . await ?;
144+ let _ = conn
145+ . exec_map ( & stmt, ( remote_string. as_str ( ) , ) , |_: i64 | -> ( ) { } )
146+ . await ?;
99147
100148 // prepared queries (unsafe use)
101149 let stmt2 = conn. prep ( unsafe_query. as_str ( ) ) . await ?; // $ sql-sink Alert[rust/sql-injection]=remote11
0 commit comments