-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathQuerySinks.ql
More file actions
24 lines (22 loc) · 851 Bytes
/
QuerySinks.ql
File metadata and controls
24 lines (22 loc) · 851 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
/**
* @name Query Sinks
* @description Lists query sinks that are found in the database. Query sinks are flow sinks that
* are used as possible locations for query results. Cryptographic operations are
* excluded (see `rust/summary/cryptographic-operations` instead), as are certain
* sink types that are ubiquitous in most code.
* @kind problem
* @problem.severity info
* @id rust/summary/query-sinks
* @tags summary
*/
import rust
import codeql.rust.dataflow.DataFlow
import codeql.rust.Concepts
import Stats
import codeql.rust.security.AccessInvalidPointerExtensions
import codeql.rust.security.CleartextLoggingExtensions
from QuerySink s
where
not s instanceof AccessInvalidPointer::Sink and
not s instanceof CleartextLogging::Sink
select s, "Sink for " + concat(s.getSinkType(), ", ") + "."