diff --git a/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql b/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql deleted file mode 100644 index ecc7d1eb55a6..000000000000 --- a/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql +++ /dev/null @@ -1,14 +0,0 @@ -/** - * @name Data flow inconsistency counts - * @description Counts the number of data flow inconsistencies of each type. This query is intended for internal use. - * @kind diagnostic - * @id rust/diagnostics/data-flow-consistency-counts - */ - -import codeql.rust.dataflow.internal.DataFlowConsistency as Consistency - -// see also `rust/diagnostics/data-flow-consistency`, which lists the -// individual inconsistency results. -from string type, int num -where num = Consistency::getInconsistencyCounts(type) -select type, num diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql deleted file mode 100644 index ee2a3d144868..000000000000 --- a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql +++ /dev/null @@ -1,35 +0,0 @@ -/** - * @name Database query built from user-controlled sources - * @description Building a database query from user-controlled sources is vulnerable to insertion of malicious code by attackers. - * @kind path-problem - * @problem.severity error - * @security-severity 8.8 - * @precision high - * @id rust/sql-injection - * @tags security - * external/cwe/cwe-089 - */ - -import rust -import codeql.rust.dataflow.DataFlow -import codeql.rust.dataflow.TaintTracking -import codeql.rust.security.SqlInjectionExtensions -import SqlInjectionFlow::PathGraph - -/** - * A taint configuration for tainted data that reaches a SQL sink. - */ -module SqlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof SqlInjection::Source } - - predicate isSink(DataFlow::Node node) { node instanceof SqlInjection::Sink } - - predicate isBarrier(DataFlow::Node barrier) { barrier instanceof SqlInjection::Barrier } -} - -module SqlInjectionFlow = TaintTracking::Global; - -from SqlInjectionFlow::PathNode sourceNode, SqlInjectionFlow::PathNode sinkNode -where SqlInjectionFlow::flowPath(sourceNode, sinkNode) -select sinkNode.getNode(), sourceNode, sinkNode, "This query depends on a $@.", - sourceNode.getNode(), "user-provided value" diff --git a/rust/ql/src/queries/summary/LinesOfCode.ql b/rust/ql/src/queries/summary/LinesOfCode.ql deleted file mode 100644 index 5e38ad33f26c..000000000000 --- a/rust/ql/src/queries/summary/LinesOfCode.ql +++ /dev/null @@ -1,14 +0,0 @@ -/** - * @name Total lines of Rust code in the database - * @description The total number of lines of Rust code across all files, including any libraries and auto-generated files that the extractor sees. This is a useful metric of the size of a database. For all files that were seen during the build, this query counts the lines of code, excluding whitespace or comments. - * @kind metric - * @id rust/summary/lines-of-code - * @tags summary - * lines-of-code - * telemetry - */ - -import rust -import Stats - -select getLinesOfCode() diff --git a/rust/ql/src/queries/summary/LinesOfUserCode.ql b/rust/ql/src/queries/summary/LinesOfUserCode.ql deleted file mode 100644 index 3c81c3caf22d..000000000000 --- a/rust/ql/src/queries/summary/LinesOfUserCode.ql +++ /dev/null @@ -1,14 +0,0 @@ -/** - * @name Total lines of user written Rust code in the database - * @description The total number of lines of Rust code from the source code directory. This query counts the lines of code, excluding whitespace or comments. - * @kind metric - * @id rust/summary/lines-of-user-code - * @tags summary - * lines-of-code - * debug - */ - -import rust -import Stats - -select getLinesOfUserCode() diff --git a/rust/ql/src/queries/summary/SummaryStats.ql b/rust/ql/src/queries/summary/SummaryStats.ql deleted file mode 100644 index ffe7cbf1a8fa..000000000000 --- a/rust/ql/src/queries/summary/SummaryStats.ql +++ /dev/null @@ -1,54 +0,0 @@ -/** - * @name Summary Statistics - * @description A table of summary statistics about a database. - * @kind metric - * @id rust/summary/summary-statistics - * @tags summary - */ - -import rust -import codeql.rust.Concepts -import codeql.rust.Diagnostics -import Stats - -from string key, int value -where - key = "Elements extracted" and value = count(Element e | not e instanceof Unextracted) - or - key = "Elements unextracted" and value = count(Unextracted e) - or - key = "Extraction errors" and value = count(ExtractionError e) - or - key = "Extraction warnings" and value = count(ExtractionWarning w) - or - key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath())) - or - key = "Files extracted - with errors" and - value = - count(ExtractedFile f | - exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile - ) - or - key = "Files extracted - without errors" and - value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) - or - key = "Lines of code extracted" and value = getLinesOfCode() - or - key = "Lines of user code extracted" and value = getLinesOfUserCode() - or - key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() - or - key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() - or - key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() - or - key = "Macro calls - total" and value = count(MacroCall mc) - or - key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) - or - key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) - or - key = "Taint sources - total" and value = count(ThreatModelSource s) - or - key = "Taint sources - active" and value = count(ActiveThreatModelSource s) -select key, value order by key diff --git a/rust/ql/src/queries/summary/TaintSources.ql b/rust/ql/src/queries/summary/TaintSources.ql deleted file mode 100644 index 9ac72b706efb..000000000000 --- a/rust/ql/src/queries/summary/TaintSources.ql +++ /dev/null @@ -1,18 +0,0 @@ -/** - * @name Taint Sources - * @description List all sources of untrusted input that have been idenfitied - * in the database. - * @kind problem - * @problem.severity info - * @id rust/summary/taint-sources - * @tags summary - */ - -import rust -import codeql.rust.Concepts - -from ThreatModelSource s, string defaultString -where - if s instanceof ActiveThreatModelSource then defaultString = " (DEFAULT)" else defaultString = "" -select s, - "Flow source '" + s.getSourceType() + "' of type " + s.getThreatModel() + defaultString + "."