Rust: Address review comments.

github · Nov 20, 2024 · d828941 · d828941
1 parent 758092b
commit d828941
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 4 deletions.
diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
@@ -27,9 +27,6 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof SqlInjection::Barrier }
 }
 
-/**
- * Detect taint flow of tainted data that reaches a SQL sink.
- */
 module SqlInjectionFlow = TaintTracking::Global<SqlInjectionConfig>;
 
 from SqlInjectionFlow::PathNode sourceNode, SqlInjectionFlow::PathNode sinkNode

diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjectionBad.rs b/rust/ql/src/queries/security/CWE-089/SqlInjectionBad.rs
@@ -4,4 +4,4 @@ let unsafe_query = format!("SELECT * FROM people WHERE firstname='{remote_contro
 
 let _ = conn.execute(unsafe_query.as_str()).await?; // BAD (arbitrary SQL injection is possible)
 
-let _ = sqlx::query(unsafe_query.as_str()).fetch_all(&mut conn).await?; // $ BAD (arbitrary SQL injection is possible)
+let _ = sqlx::query(unsafe_query.as_str()).fetch_all(&mut conn).await?; // BAD (arbitrary SQL injection is possible)