Rust: Restrict ReqwestGet by crate origin.

github · Nov 22, 2024 · d8b58f2 · d8b58f2
1 parent 75a3c93
commit d8b58f2
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll b/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll
@@ -9,8 +9,11 @@ private import codeql.rust.Concepts
  * A call to `reqwest::get` or `reqwest::blocking::get`.
  */
 private class ReqwestGet extends RemoteSource::Range {
+  CallExpr ce;
+
   ReqwestGet() {
-    this.asExpr().getExpr().(CallExpr).getExpr().(PathExpr).getPath().getResolvedPath() =
-      ["crate::get", "crate::blocking::get"]
+    this.asExpr().getExpr() = ce and
+    ce.getExpr().(PathExpr).getPath().getResolvedCrateOrigin().matches("%reqwest") and
+    ce.getExpr().(PathExpr).getPath().getResolvedPath() = ["crate::get", "crate::blocking::get"]
   }
 }