Rust: Add web framework tests for Warp

paldepind · paldepind · commit bfe934118d67 · 2025-09-17T09:18:37.000+02:00
diff --git a/rust/ql/test/library-tests/dataflow/sources/Cargo.lock b/rust/ql/test/library-tests/dataflow/sources/Cargo.lock
diff --git a/rust/ql/test/library-tests/dataflow/sources/options.yml b/rust/ql/test/library-tests/dataflow/sources/options.yml
@@ -16,3 +16,4 @@ qltest_dependencies:
     - rustls = { version = "0.23.27" }
     - futures-rustls = { version = "0.26.0" }
     - async-std = { version = "1.13.1" }
+    - warp = { version = "0.4.2", features = ["server"] }
diff --git a/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs b/rust/ql/test/library-tests/dataflow/sources/web_frameworks.rs
@@ -229,3 +229,61 @@ mod axum_test {
         // ...
     }
 }
+
+mod warp_test {
+    use super::sink;
+    use warp::Filter;
+
+    #[tokio::main]
+    #[rustfmt::skip]
+    async fn test_warp() {
+        // A route with parameter and `map`
+        let map_route =
+            warp::path::param().map(|a: String| // $ MISSING: Alert[rust/summary/taint-sources]
+            {
+            sink(a); // $ MISSING: hasTaintFlow
+
+            "".to_string()
+        });
+
+        // A route with parameter and `then`
+        let then_route = warp::path::param().then( // $ MISSING: Alert[rust/summary/taint-sources]
+            |a: String| async move {
+                sink(a); // $ MISSING: hasTaintFlow
+
+                "".to_string()
+            },
+        );
+
+        // A route with parameter and `and_then`
+        let and_then_route = warp::path::param().and_then( // $ MISSING: Alert[rust/summary/taint-sources] 
+            | id: u64 |
+            async move {
+            if id != 0 {
+                sink(id); // $ MISSING: hasTaintFlow
+                Ok("".to_string())
+            } else {
+                Err(warp::reject::not_found())
+            }
+        },
+        );
+
+        // A route with path, parameter, and `and_then`
+        let path_and_map_route = warp::path("1").and(warp::path::param()).map( // $ MISSING: Alert[rust/summary/taint-sources] 
+            | a: String |
+            {
+                sink(a); // $ MISSING: hasTaintFlow
+
+                "".to_string()
+             },
+        );
+
+        let routes = warp::get().and(
+            map_route
+                .or(then_route)
+                .or(and_then_route)
+                .or(path_and_map_route),
+        );
+        warp::serve(routes).run(([127, 0, 0, 1], 3030)).await;
+    }
+}
