Skip to content

Rust: Add Database Sources + tokio-postgres support #18712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
geoffw0 merged 3 commits into from
Feb 10, 2025
Merged

Rust: Add Database Sources + tokio-postgres support #18712

geoffw0 merged 3 commits into from
Feb 10, 2025

Conversation

@GeekMasher
Copy link
Contributor

@GeekMasher GeekMasher commented Feb 7, 2025

Two changes in this PR:

  • Added a new Concept for Database reads
  • Added tokio-postgres support
    • Added database-read sources and SQL Injection sinks

Copilot AI review requested due to automatic review settings February 7, 2025 10:31
@github-actions github-actions bot added the Rust Pull requests that update Rust code label Feb 7, 2025
Copilot AI reviewed Feb 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This pull request adds new database read sources for the tokio-postgres library and models potential SQL injection sinks in CodeQL for Rust. It also updates the test file to use row.try_get for more robust error handling.

  • Adds modeling for tokio-postgres library calls to detect SQL injection
  • Classifies returned values from database rows as data sources
  • Updates test usage of row fields to try_get

Changes

File Description
rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml Adds modeling for tokio-postgres library to detect SQL injection sinks and database read sources
rust/ql/test/library-tests/frameworks/postgres/main.rs Updates usage of row.get to row.try_get for better error handling

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Tip: If you use Visual Studio Code, you can request a review from Copilot before you push from the "Source Control" tab. Learn more

@GeekMasher GeekMasher mentioned this pull request Feb 7, 2025
Merged
geoffw0
geoffw0 reviewed Feb 7, 2025
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question, otherwise LGTM.

@GeekMasher
Copy link
Contributor Author

GeekMasher commented Feb 10, 2025

@geoffw0 If everything looks good can you merge the PR? I am unable to

@geoffw0
Copy link
Contributor

geoffw0 commented Feb 10, 2025

Yep, I just wanted to do a DCA run to see if this change has any effects on there. That's done now, it shows 6 new taint sinks in neondatabase/neon, which LGTM. :)

@geoffw0 geoffw0 merged commit 9eeae71 into github:main Feb 10, 2025
16 checks passed
@geoffw0
Copy link
Contributor

geoffw0 commented Feb 10, 2025

Thanks for contributing this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@geoffw0 geoffw0 geoffw0 approved these changes

Assignees

No one assigned

Labels

Rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GeekMasher @geoffw0