Rust: Add additional barriers to queries

paldepind · paldepind · commit 815af34c6668 · 2025-11-26T14:54:11.000+01:00
diff --git a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll
@@ -8,6 +8,7 @@ private import codeql.rust.dataflow.DataFlow
 private import codeql.rust.dataflow.FlowSink
 private import codeql.rust.security.SensitiveData
 private import codeql.rust.Concepts
+private import codeql.rust.security.Barriers as Barriers
 
 /**
  * Provides default sources, sinks and barriers for detecting cleartext logging
@@ -42,4 +43,9 @@ module CleartextLogging {
   private class ModelsAsDataSink extends Sink {
     ModelsAsDataSink() { sinkNode(this, "log-injection") }
   }
+
+  private class BooleanTypeBarrier extends Barrier instanceof Barriers::BooleanTypeBarrier { }
+
+  private class FieldlessEnumTypeBarrier extends Barrier instanceof Barriers::FieldlessEnumTypeBarrier
+  { }
 }
diff --git a/rust/ql/lib/codeql/rust/security/LogInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/LogInjectionExtensions.qll
@@ -51,4 +51,7 @@ module LogInjection {
   private class NumericTypeBarrier extends Barrier instanceof Barriers::NumericTypeBarrier { }
 
   private class BooleanTypeBarrier extends Barrier instanceof Barriers::BooleanTypeBarrier { }
+
+  private class FieldlessEnumTypeBarrier extends Barrier instanceof Barriers::FieldlessEnumTypeBarrier
+  { }
 }
diff --git a/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll
@@ -66,4 +66,7 @@ module SqlInjection {
   private class NumericTypeBarrier extends Barrier instanceof Barriers::NumericTypeBarrier { }
 
   private class BooleanTypeBarrier extends Barrier instanceof Barriers::BooleanTypeBarrier { }
+
+  private class FieldlessEnumTypeBarrier extends Barrier instanceof Barriers::FieldlessEnumTypeBarrier
+  { }
 }

Original file line number	Diff line number	Diff line change
`@@ -51,4 +51,7 @@ module LogInjection {`
`51`	`51`	`private class NumericTypeBarrier extends Barrier instanceof Barriers::NumericTypeBarrier { }`
`52`	`52`
`53`	`53`	`private class BooleanTypeBarrier extends Barrier instanceof Barriers::BooleanTypeBarrier { }`
	`54`	`+`
	`55`	`+ private class FieldlessEnumTypeBarrier extends Barrier instanceof Barriers::FieldlessEnumTypeBarrier`
	`56`	`+ { }`
`54`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,4 +66,7 @@ module SqlInjection {`
`66`	`66`	`private class NumericTypeBarrier extends Barrier instanceof Barriers::NumericTypeBarrier { }`
`67`	`67`
`68`	`68`	`private class BooleanTypeBarrier extends Barrier instanceof Barriers::BooleanTypeBarrier { }`
	`69`	`+`
	`70`	`+ private class FieldlessEnumTypeBarrier extends Barrier instanceof Barriers::FieldlessEnumTypeBarrier`
	`71`	`+ { }`
`69`	`72`	`}`