From ef93b364da64f1bea6753c77153ce3ddab6c4624 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 10 Oct 2025 14:08:48 +0100
Subject: [PATCH 01/14] Rust: Add test cases for the mysql library.

---
 .../query-tests/security/CWE-089/Cargo.lock   | 394 +++++++++++++++++-
 .../query-tests/security/CWE-089/mysql.rs     |  55 +++
 .../query-tests/security/CWE-089/options.yml  |   1 +
 3 files changed, 444 insertions(+), 6 deletions(-)
 create mode 100644 rust/ql/test/query-tests/security/CWE-089/mysql.rs

diff --git a/rust/ql/test/query-tests/security/CWE-089/Cargo.lock b/rust/ql/test/query-tests/security/CWE-089/Cargo.lock
index 2df49df403fc..217f1c4d6eab 100644
--- a/rust/ql/test/query-tests/security/CWE-089/Cargo.lock
+++ b/rust/ql/test/query-tests/security/CWE-089/Cargo.lock
@@ -17,6 +17,15 @@ version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"
 
+[[package]]
+name = "aho-corasick"
+version = "1.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "allocator-api2"
 version = "0.2.21"
@@ -251,6 +260,21 @@ dependencies = [
  "piper",
 ]
 
+[[package]]
+name = "btoi"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9dd6407f73a9b8b6162d8a2ef999fe6afd7cc15902ebf42c5cd296addf17e0ad"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "bufstream"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40e38929add23cdf8a366df9b0e088953150724bcbe5fc330b0d8eb3b328eec8"
+
 [[package]]
 name = "bumpalo"
 version = "3.18.1"
@@ -339,6 +363,15 @@ version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5"
 
+[[package]]
+name = "crc32fast"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511"
+dependencies = [
+ "cfg-if",
+]
+
 [[package]]
 name = "crossbeam-queue"
 version = "0.3.12"
@@ -364,6 +397,41 @@ dependencies = [
  "typenum",
 ]
 
+[[package]]
+name = "darling"
+version = "0.20.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee"
+dependencies = [
+ "darling_core",
+ "darling_macro",
+]
+
+[[package]]
+name = "darling_core"
+version = "0.20.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e"
+dependencies = [
+ "fnv",
+ "ident_case",
+ "proc-macro2",
+ "quote",
+ "strsim",
+ "syn",
+]
+
+[[package]]
+name = "darling_macro"
+version = "0.20.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead"
+dependencies = [
+ "darling_core",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "der"
 version = "0.7.10"
@@ -375,6 +443,17 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "derive_utils"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ccfae181bab5ab6c5478b2ccb69e4c68a02f8c3ec72f6616bfec9dbc599d2ee0"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -491,6 +570,17 @@ version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"
 
+[[package]]
+name = "flate2"
+version = "1.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc5a4e564e38c699f2880d3fda590bedc2e69f3f84cd48b457bd892ce61d0aa9"
+dependencies = [
+ "crc32fast",
+ "libz-sys",
+ "miniz_oxide",
+]
+
 [[package]]
 name = "flume"
 version = "0.11.1"
@@ -1011,6 +1101,12 @@ dependencies = [
  "zerovec",
 ]
 
+[[package]]
+name = "ident_case"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
+
 [[package]]
 name = "idna"
 version = "1.0.3"
@@ -1034,9 +1130,9 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.9.0"
+version = "2.11.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cea70ddb795996207ad57735b50c5982d8844f38ba9ee5f1aedcfb708a2aa11e"
+checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5"
 dependencies = [
  "equivalent",
  "hashbrown",
@@ -1051,6 +1147,15 @@ dependencies = [
  "cfg-if",
 ]
 
+[[package]]
+name = "io-enum"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d197db2f7ebf90507296df3aebaf65d69f5dce8559d8dbd82776a6cadab61bbf"
+dependencies = [
+ "derive_utils",
+]
+
 [[package]]
 name = "io-lifetimes"
 version = "1.0.11"
@@ -1135,6 +1240,17 @@ dependencies = [
  "vcpkg",
 ]
 
+[[package]]
+name = "libz-sys"
+version = "1.1.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d"
+dependencies = [
+ "cc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "linux-raw-sys"
 version = "0.3.8"
@@ -1172,6 +1288,12 @@ dependencies = [
  "value-bag",
 ]
 
+[[package]]
+name = "lru"
+version = "0.12.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38"
+
 [[package]]
 name = "md-5"
 version = "0.10.6"
@@ -1201,6 +1323,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
 dependencies = [
  "adler2",
+ "simd-adler32",
 ]
 
 [[package]]
@@ -1214,6 +1337,83 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
+[[package]]
+name = "mysql"
+version = "26.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ce2510a735f601bab18202b07ea0a197bd1d130d3a5ce2edf4577d225f0c3ee4"
+dependencies = [
+ "bufstream",
+ "bytes",
+ "crossbeam-queue",
+ "crossbeam-utils",
+ "flate2",
+ "io-enum",
+ "libc",
+ "lru",
+ "mysql_common",
+ "named_pipe",
+ "pem",
+ "percent-encoding",
+ "socket2 0.5.10",
+ "twox-hash",
+ "url",
+]
+
+[[package]]
+name = "mysql-common-derive"
+version = "0.32.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "66f62cad7623a9cb6f8f64037f0c4f69c8db8e82914334a83c9788201c2c1bfa"
+dependencies = [
+ "darling",
+ "heck",
+ "num-bigint",
+ "proc-macro-crate",
+ "proc-macro-error2",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "termcolor",
+ "thiserror",
+]
+
+[[package]]
+name = "mysql_common"
+version = "0.35.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fbb9f371618ce723f095c61fbcdc36e8936956d2b62832f9c7648689b338e052"
+dependencies = [
+ "base64",
+ "bitflags 2.9.1",
+ "btoi",
+ "byteorder",
+ "bytes",
+ "crc32fast",
+ "flate2",
+ "getrandom 0.3.3",
+ "mysql-common-derive",
+ "num-bigint",
+ "num-traits",
+ "regex",
+ "saturating",
+ "serde",
+ "serde_json",
+ "sha1",
+ "sha2",
+ "thiserror",
+ "uuid",
+]
+
+[[package]]
+name = "named_pipe"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ad9c443cce91fc3e12f017290db75dde490d685cdaaf508d7159d7cf41f0eb2b"
+dependencies = [
+ "winapi",
+]
+
 [[package]]
 name = "native-tls"
 version = "0.2.14"
@@ -1231,6 +1431,16 @@ dependencies = [
  "tempfile",
 ]
 
+[[package]]
+name = "num-bigint"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
+dependencies = [
+ "num-integer",
+ "num-traits",
+]
+
 [[package]]
 name = "num-bigint-dig"
 version = "0.8.4"
@@ -1366,6 +1576,16 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
 
+[[package]]
+name = "pem"
+version = "3.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38af38e8470ac9dee3ce1bae1af9c1671fffc44ddfd8bd1d0a3445bf349a8ef3"
+dependencies = [
+ "base64",
+ "serde",
+]
+
 [[package]]
 name = "pem-rfc7468"
 version = "0.7.0"
@@ -1480,6 +1700,37 @@ dependencies = [
  "zerocopy",
 ]
 
+[[package]]
+name = "proc-macro-crate"
+version = "3.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "219cb19e96be00ab2e37d6e299658a0cfa83e52429179969b0f0121b4ac46983"
+dependencies = [
+ "toml_edit",
+]
+
+[[package]]
+name = "proc-macro-error-attr2"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+]
+
+[[package]]
+name = "proc-macro-error2"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802"
+dependencies = [
+ "proc-macro-error-attr2",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.95"
@@ -1543,6 +1794,35 @@ dependencies = [
  "bitflags 2.9.1",
 ]
 
+[[package]]
+name = "regex"
+version = "1.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b5288124840bee7b386bc413c487869b360b2b4ec421ea56425128692f2a82c"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-automata",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.4.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001"
+
 [[package]]
 name = "reqwest"
 version = "0.12.20"
@@ -1697,6 +1977,12 @@ version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
 
+[[package]]
+name = "saturating"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ece8e78b2f38ec51c51f5d475df0a7187ba5111b2a28bdc761ee05b075d40a71"
+
 [[package]]
 name = "schannel"
 version = "0.1.27"
@@ -1737,18 +2023,28 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.219"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.219"
+version = "1.0.228"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1817,6 +2113,12 @@ dependencies = [
  "rand_core",
 ]
 
+[[package]]
+name = "simd-adler32"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d66dc143e6b11c1eddc06d5c423cfc97062865baf299914ab64caa38182078fe"
+
 [[package]]
 name = "slab"
 version = "0.4.10"
@@ -2077,6 +2379,12 @@ dependencies = [
  "unicode-properties",
 ]
 
+[[package]]
+name = "strsim"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
+
 [[package]]
 name = "subtle"
 version = "2.6.1"
@@ -2148,11 +2456,21 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
+[[package]]
+name = "termcolor"
+version = "1.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755"
+dependencies = [
+ "winapi-util",
+]
+
 [[package]]
 name = "test"
 version = "0.0.1"
 dependencies = [
  "futures",
+ "mysql",
  "reqwest",
  "sqlx",
 ]
@@ -2250,6 +2568,36 @@ dependencies = [
  "tokio",
 ]
 
+[[package]]
+name = "toml_datetime"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2cdb639ebbc97961c51720f858597f7f24c4fc295327923af55b74c3c724533"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "toml_edit"
+version = "0.23.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6485ef6d0d9b5d0ec17244ff7eb05310113c3f316f2d14200d4de56b3cb98f8d"
+dependencies = [
+ "indexmap",
+ "toml_datetime",
+ "toml_parser",
+ "winnow",
+]
+
+[[package]]
+name = "toml_parser"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0cbe268d35bdb4bb5a56a2de88d0ad0eb70af5384a99d648cd4b3d04039800e"
+dependencies = [
+ "winnow",
+]
+
 [[package]]
 name = "tower"
 version = "0.5.2"
@@ -2333,6 +2681,12 @@ version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
 
+[[package]]
+name = "twox-hash"
+version = "2.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ea3136b675547379c4bd395ca6b938e5ad3c3d20fad76e7fe85f9e0d011419c"
+
 [[package]]
 name = "typenum"
 version = "1.18.0"
@@ -2389,6 +2743,16 @@ version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
 
+[[package]]
+name = "uuid"
+version = "1.18.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2f87b8aa10b915a06587d0dec516c282ff295b475d94abf425d62b57710070a2"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
 [[package]]
 name = "value-bag"
 version = "1.11.1"
@@ -2550,6 +2914,15 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 
+[[package]]
+name = "winapi-util"
+version = "0.1.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "winapi-x86_64-pc-windows-gnu"
 version = "0.4.0"
@@ -2739,6 +3112,15 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
+[[package]]
+name = "winnow"
+version = "0.7.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "21a0236b59786fed61e2a80582dd500fe61f18b5dca67a4a067d0bc9039339cf"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "wit-bindgen-rt"
 version = "0.39.0"
diff --git a/rust/ql/test/query-tests/security/CWE-089/mysql.rs b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
new file mode 100644
index 000000000000..711fe2be54b3
--- /dev/null
+++ b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
@@ -0,0 +1,55 @@
+use mysql::*;
+use mysql::prelude::*;
+
+async fn test_mysql(url: &str) -> Result<(), Box<dyn std::error::Error>> {
+    // connect through a MySQL connection pool
+    let mut pool = Pool::new("")?; // (this test is not runnable)
+    let mut conn: PooledConn = pool.get_conn()?;
+    let mut conn2: Conn = pool.get_conn()?.unwrap();
+
+    // construct queries
+    let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ MISSING: Source=remote10
+    let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
+    let unsafe_query = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
+    let prepared_query = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
+
+    // direct execution (safe)
+    let _ : Vec<i64> = conn.query(safe_query.as_str())?;
+
+    // direct execution (unsafe)
+    let _ : Vec<i64> = conn.query(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ : Vec<Result<i64, FromRowError>> = conn.query_opt(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    conn.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ : i64 = conn.query_first(unsafe_query.as_str())?.unwrap(); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ : Result<i64, FromRowError>= conn.query_first_opt(unsafe_query.as_str())?.unwrap(); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ = conn.query_fold_opt(unsafe_query.as_str(), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ = conn.query_iter(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {})?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ = conn.query_map_opt(unsafe_query.as_str(), |_: Result<i64, FromRowError>| -> () {})?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+    let _ : Vec<i64> = conn2.query(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+
+    // prepared queries (safe)
+    let stmt = conn.prep(prepared_query.as_str())?;
+    let _ : Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),))?;
+    let _ : Vec<Result<i64, FromRowError>> = conn.exec_opt(&stmt, (remote_string.as_str(),))?;
+    let _ = conn.exec_batch(&stmt, vec![(remote_string.as_str(),)])?;
+    conn.exec_drop(&stmt, (&remote_string.as_str(),));
+    let _ : i64 = conn.exec_first(&stmt, (remote_string.as_str(),))?.unwrap();
+    let _ : Result<i64, FromRowError> = conn.exec_first_opt(&stmt, (remote_string.as_str(),))?.unwrap();
+    let _ = conn.exec_fold(&stmt, (remote_string.as_str(),), 0, |_: i64, _: i64| -> i64 { 0 })?;
+    let _ = conn.exec_fold_opt(&stmt, (remote_string.as_str(),), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?;
+    let _ = conn.exec_iter(&stmt, (remote_string.as_str(),))?;
+    let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {})?;
+    let _ = conn.exec_map_opt(&stmt, (remote_string.as_str(),), |_: Result<i64, FromRowError>| -> () {})?;
+
+    Ok(())
+}
+
+fn main() {
+    println!("test_mysql...");
+    match futures::executor::block_on(test_mysql("")) {
+        Ok(_) => println!("  successful!"),
+        Err(e) => println!("  error: {}", e),
+    }
+}
diff --git a/rust/ql/test/query-tests/security/CWE-089/options.yml b/rust/ql/test/query-tests/security/CWE-089/options.yml
index 24744b7dfb45..776696a56a62 100644
--- a/rust/ql/test/query-tests/security/CWE-089/options.yml
+++ b/rust/ql/test/query-tests/security/CWE-089/options.yml
@@ -3,3 +3,4 @@ qltest_dependencies:
     - reqwest = { version = "0.12.9", features = ["blocking"] }
     - sqlx = { version = "0.8", features = ["mysql", "sqlite", "postgres", "runtime-async-std", "tls-native-tls"] }
     - futures = { version = "0.3" }
+    - mysql = { version = "26.0.1" }

From 883e00558af2df4eca2e00e8ec05489b6597124a Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 10 Oct 2025 15:35:20 +0100
Subject: [PATCH 02/14] Rust: Add test cases for the mysql_async library.

---
 .../query-tests/security/CWE-089/Cargo.lock   |  94 +++++++++--
 .../query-tests/security/CWE-089/mysql.rs     | 146 ++++++++++++------
 .../query-tests/security/CWE-089/options.yml  |   1 +
 3 files changed, 185 insertions(+), 56 deletions(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/Cargo.lock b/rust/ql/test/query-tests/security/CWE-089/Cargo.lock
index 217f1c4d6eab..cd8ef4b13810 100644
--- a/rust/ql/test/query-tests/security/CWE-089/Cargo.lock
+++ b/rust/ql/test/query-tests/security/CWE-089/Cargo.lock
@@ -1199,6 +1199,15 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "keyed_priority_queue"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ee7893dab2e44ae5f9d0173f26ff4aa327c10b01b06a72b52dd9405b628640d"
+dependencies = [
+ "indexmap",
+]
+
 [[package]]
 name = "kv-log-macro"
 version = "1.0.7"
@@ -1294,6 +1303,15 @@ version = "0.12.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38"
 
+[[package]]
+name = "lru"
+version = "0.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f8cc7106155f10bdf99a6f379688f543ad6596a415375b36a59a054ceda1198"
+dependencies = [
+ "hashbrown",
+]
+
 [[package]]
 name = "md-5"
 version = "0.10.6"
@@ -1350,7 +1368,7 @@ dependencies = [
  "flate2",
  "io-enum",
  "libc",
- "lru",
+ "lru 0.12.5",
  "mysql_common",
  "named_pipe",
  "pem",
@@ -1378,6 +1396,34 @@ dependencies = [
  "thiserror",
 ]
 
+[[package]]
+name = "mysql_async"
+version = "0.36.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "277ce2f2459b2af4cc6d0a0b7892381f80800832f57c533f03e2845f4ea331ea"
+dependencies = [
+ "bytes",
+ "crossbeam-queue",
+ "flate2",
+ "futures-core",
+ "futures-sink",
+ "futures-util",
+ "keyed_priority_queue",
+ "lru 0.14.0",
+ "mysql_common",
+ "pem",
+ "percent-encoding",
+ "rand 0.9.2",
+ "serde",
+ "serde_json",
+ "socket2 0.5.10",
+ "thiserror",
+ "tokio",
+ "tokio-util",
+ "twox-hash",
+ "url",
+]
+
 [[package]]
 name = "mysql_common"
 version = "0.35.5"
@@ -1453,7 +1499,7 @@ dependencies = [
  "num-integer",
  "num-iter",
  "num-traits",
- "rand",
+ "rand 0.8.5",
  "smallvec",
  "zeroize",
 ]
@@ -1762,8 +1808,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
  "libc",
- "rand_chacha",
- "rand_core",
+ "rand_chacha 0.3.1",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
+dependencies = [
+ "rand_chacha 0.9.0",
+ "rand_core 0.9.3",
 ]
 
 [[package]]
@@ -1773,7 +1829,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
 dependencies = [
  "ppv-lite86",
- "rand_core",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.9.3",
 ]
 
 [[package]]
@@ -1785,6 +1851,15 @@ dependencies = [
  "getrandom 0.2.16",
 ]
 
+[[package]]
+name = "rand_core"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38"
+dependencies = [
+ "getrandom 0.3.3",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.5.13"
@@ -1892,7 +1967,7 @@ dependencies = [
  "num-traits",
  "pkcs1",
  "pkcs8",
- "rand_core",
+ "rand_core 0.6.4",
  "signature",
  "spki",
  "subtle",
@@ -2110,7 +2185,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
 dependencies = [
  "digest",
- "rand_core",
+ "rand_core 0.6.4",
 ]
 
 [[package]]
@@ -2288,7 +2363,7 @@ dependencies = [
  "memchr",
  "once_cell",
  "percent-encoding",
- "rand",
+ "rand 0.8.5",
  "rsa",
  "serde",
  "sha1",
@@ -2326,7 +2401,7 @@ dependencies = [
  "md-5",
  "memchr",
  "once_cell",
- "rand",
+ "rand 0.8.5",
  "serde",
  "serde_json",
  "sha2",
@@ -2471,6 +2546,7 @@ version = "0.0.1"
 dependencies = [
  "futures",
  "mysql",
+ "mysql_async",
  "reqwest",
  "sqlx",
 ]
diff --git a/rust/ql/test/query-tests/security/CWE-089/mysql.rs b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
index 711fe2be54b3..33e5c83c8bf8 100644
--- a/rust/ql/test/query-tests/security/CWE-089/mysql.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
@@ -1,54 +1,106 @@
-use mysql::*;
-use mysql::prelude::*;
-
-async fn test_mysql(url: &str) -> Result<(), Box<dyn std::error::Error>> {
-    // connect through a MySQL connection pool
-    let mut pool = Pool::new("")?; // (this test is not runnable)
-    let mut conn: PooledConn = pool.get_conn()?;
-    let mut conn2: Conn = pool.get_conn()?.unwrap();
-
-    // construct queries
-    let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ MISSING: Source=remote10
-    let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
-    let unsafe_query = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
-    let prepared_query = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
-
-    // direct execution (safe)
-    let _ : Vec<i64> = conn.query(safe_query.as_str())?;
-
-    // direct execution (unsafe)
-    let _ : Vec<i64> = conn.query(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ : Vec<Result<i64, FromRowError>> = conn.query_opt(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    conn.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ : i64 = conn.query_first(unsafe_query.as_str())?.unwrap(); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ : Result<i64, FromRowError>= conn.query_first_opt(unsafe_query.as_str())?.unwrap(); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ = conn.query_fold_opt(unsafe_query.as_str(), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ = conn.query_iter(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {})?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ = conn.query_map_opt(unsafe_query.as_str(), |_: Result<i64, FromRowError>| -> () {})?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-    let _ : Vec<i64> = conn2.query(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-
-    // prepared queries (safe)
-    let stmt = conn.prep(prepared_query.as_str())?;
-    let _ : Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),))?;
-    let _ : Vec<Result<i64, FromRowError>> = conn.exec_opt(&stmt, (remote_string.as_str(),))?;
-    let _ = conn.exec_batch(&stmt, vec![(remote_string.as_str(),)])?;
-    conn.exec_drop(&stmt, (&remote_string.as_str(),));
-    let _ : i64 = conn.exec_first(&stmt, (remote_string.as_str(),))?.unwrap();
-    let _ : Result<i64, FromRowError> = conn.exec_first_opt(&stmt, (remote_string.as_str(),))?.unwrap();
-    let _ = conn.exec_fold(&stmt, (remote_string.as_str(),), 0, |_: i64, _: i64| -> i64 { 0 })?;
-    let _ = conn.exec_fold_opt(&stmt, (remote_string.as_str(),), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?;
-    let _ = conn.exec_iter(&stmt, (remote_string.as_str(),))?;
-    let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {})?;
-    let _ = conn.exec_map_opt(&stmt, (remote_string.as_str(),), |_: Result<i64, FromRowError>| -> () {})?;
-
-    Ok(())
+mod sync_test
+{
+    use mysql::*;
+    use mysql::prelude::*;
+
+    pub fn test_mysql(url: &str) -> Result<(), Box<dyn std::error::Error>> {
+        // connect through a MySQL connection pool
+        let mut pool = Pool::new("")?; // (this test is not runnable)
+        let mut conn: PooledConn = pool.get_conn()?;
+        let mut conn2: Conn = pool.get_conn()?.unwrap();
+
+        // construct queries
+        let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ MISSING: Source=remote10
+        let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
+        let unsafe_query = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
+        let prepared_query = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
+
+        // direct execution (safe)
+        let _ : Vec<i64> = conn.query(safe_query.as_str())?;
+
+        // direct execution (unsafe)
+        let _ : Vec<i64> = conn.query(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ : Vec<Result<i64, FromRowError>> = conn.query_opt(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        conn.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ : i64 = conn.query_first(unsafe_query.as_str())?.unwrap(); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ : Result<i64, FromRowError>= conn.query_first_opt(unsafe_query.as_str())?.unwrap(); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_fold_opt(unsafe_query.as_str(), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_iter(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {})?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_map_opt(unsafe_query.as_str(), |_: Result<i64, FromRowError>| -> () {})?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ : Vec<i64> = conn2.query(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+
+        // prepared queries (safe)
+        let stmt = conn.prep(prepared_query.as_str())?;
+        let _ : Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),))?;
+        let _ : Vec<Result<i64, FromRowError>> = conn.exec_opt(&stmt, (remote_string.as_str(),))?;
+        let _ = conn.exec_batch(&stmt, vec![(remote_string.as_str(),)])?;
+        conn.exec_drop(&stmt, (&remote_string.as_str(),));
+        let _ : i64 = conn.exec_first(&stmt, (remote_string.as_str(),))?.unwrap();
+        let _ : Result<i64, FromRowError> = conn.exec_first_opt(&stmt, (remote_string.as_str(),))?.unwrap();
+        let _ = conn.exec_fold(&stmt, (remote_string.as_str(),), 0, |_: i64, _: i64| -> i64 { 0 })?;
+        let _ = conn.exec_fold_opt(&stmt, (remote_string.as_str(),), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?;
+        let _ = conn.exec_iter(&stmt, (remote_string.as_str(),))?;
+        let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {})?;
+        let _ = conn.exec_map_opt(&stmt, (remote_string.as_str(),), |_: Result<i64, FromRowError>| -> () {})?;
+
+        Ok(())
+    }
+}
+
+mod async_test
+{
+    use mysql_async::*;
+    use mysql_async::prelude::*;
+
+    pub async fn test_mysql_async(url: &str) -> Result<()> {
+        // connect through a MySQL connection pool
+        let mut pool = Pool::new(""); // (this test is not runnable)
+        let mut conn = pool.get_conn().await?;
+
+        // construct queries
+        let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ MISSING: Source=remote11
+        let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
+        let unsafe_query = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
+        let prepared_query = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
+
+        // direct execution (safe)
+        let _ : Vec<i64> = conn.query(safe_query.as_str()).await?;
+
+        // direct execution (unsafe)
+        let _ : Vec<i64> = conn.query(unsafe_query.as_str()).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        conn.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        let _ : Option<i64> = conn.query_first(unsafe_query.as_str()).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 }).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn.query_iter(unsafe_query.as_str()).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn.query_stream::<i64, &str>(unsafe_query.as_str()).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {}).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+
+        // prepared queries (safe)
+        let stmt = conn.prep(prepared_query.as_str()).await?;
+        let _ : Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),)).await?;
+        let _ = conn.exec_batch(&stmt, vec![(remote_string.as_str(),)]).await?;
+        conn.exec_drop(&stmt, (&remote_string.as_str(),));
+        let _ : Option<i64> = conn.exec_first(&stmt, (remote_string.as_str(),)).await?;
+        let _ = conn.exec_fold(&stmt, (remote_string.as_str(),), 0, |_: i64, _: i64| -> i64 { 0 }).await?;
+        let _ = conn.exec_iter(&stmt, (remote_string.as_str(),)).await?;
+        let _ = conn.exec_stream::<i64, &Statement, (&str,)>(&stmt, (remote_string.as_str(),)).await?;
+        let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {}).await?;
+
+        Ok(())
+    }
 }
 
 fn main() {
     println!("test_mysql...");
-    match futures::executor::block_on(test_mysql("")) {
+    match (sync_test::test_mysql("")) {
+        Ok(_) => println!("  successful!"),
+        Err(e) => println!("  error: {}", e),
+    }
+
+    println!("test_mysql_async...");
+    match futures::executor::block_on(async_test::test_mysql_async("")) {
         Ok(_) => println!("  successful!"),
         Err(e) => println!("  error: {}", e),
     }
diff --git a/rust/ql/test/query-tests/security/CWE-089/options.yml b/rust/ql/test/query-tests/security/CWE-089/options.yml
index 776696a56a62..1febc233696a 100644
--- a/rust/ql/test/query-tests/security/CWE-089/options.yml
+++ b/rust/ql/test/query-tests/security/CWE-089/options.yml
@@ -4,3 +4,4 @@ qltest_dependencies:
     - sqlx = { version = "0.8", features = ["mysql", "sqlite", "postgres", "runtime-async-std", "tls-native-tls"] }
     - futures = { version = "0.3" }
     - mysql = { version = "26.0.1" }
+    - mysql_async = { version = "0.36.1" }

From f15a34f361aa9f05153d88e33e2f2c13d51c43f1 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 10 Oct 2025 15:38:25 +0100
Subject: [PATCH 03/14] Rust: Add test cases for transactions as well.

---
 rust/ql/test/query-tests/security/CWE-089/mysql.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/rust/ql/test/query-tests/security/CWE-089/mysql.rs b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
index 33e5c83c8bf8..92377eaa4939 100644
--- a/rust/ql/test/query-tests/security/CWE-089/mysql.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
@@ -45,6 +45,11 @@ mod sync_test
         let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {})?;
         let _ = conn.exec_map_opt(&stmt, (remote_string.as_str(),), |_: Result<i64, FromRowError>| -> () {})?;
 
+        // transactions
+        let mut trans = conn.start_transaction(TxOpts::default())?;
+        trans.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        trans.commit()?;
+
         Ok(())
     }
 }
@@ -88,6 +93,11 @@ mod async_test
         let _ = conn.exec_stream::<i64, &Statement, (&str,)>(&stmt, (remote_string.as_str(),)).await?;
         let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {}).await?;
 
+        // transactions
+        let mut trans = conn.start_transaction(TxOpts::default()).await?;
+        trans.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        trans.commit().await?;
+
         Ok(())
     }
 }

From f16742bf743c1f91a7c6c04763f04d9f81a51c7e Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 10 Oct 2025 16:45:12 +0100
Subject: [PATCH 04/14] Rust: Add models.

---
 .../rust/frameworks/mysql-async.model.yml     |  13 +
 .../codeql/rust/frameworks/mysql.model.yml    |  17 +
 .../security/CWE-089/SqlInjection.expected    | 615 ++++++++++++++----
 .../query-tests/security/CWE-089/mysql.rs     |  52 +-
 4 files changed, 538 insertions(+), 159 deletions(-)
 create mode 100644 rust/ql/lib/codeql/rust/frameworks/mysql-async.model.yml
 create mode 100644 rust/ql/lib/codeql/rust/frameworks/mysql.model.yml

diff --git a/rust/ql/lib/codeql/rust/frameworks/mysql-async.model.yml b/rust/ql/lib/codeql/rust/frameworks/mysql-async.model.yml
new file mode 100644
index 000000000000..fc38ca2baed7
--- /dev/null
+++ b/rust/ql/lib/codeql/rust/frameworks/mysql-async.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sinkModel
+    data:
+      - ["<_ as mysql_async::queryable::Queryable>::query", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql_async::queryable::Queryable>::query_drop", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql_async::queryable::Queryable>::query_first", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql_async::queryable::Queryable>::query_fold", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql_async::queryable::Queryable>::query_stream", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql_async::queryable::Queryable>::query_map", "Argument[0]", "sql-injection", "manual"]
+      - ["<mysql_async::conn::Conn as mysql_async::queryable::Queryable>::query_iter", "Argument[0]", "sql-injection", "manual"]
+      - ["<mysql_async::conn::Conn as mysql_async::queryable::Queryable>::prep", "Argument[0]", "sql-injection", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/mysql.model.yml b/rust/ql/lib/codeql/rust/frameworks/mysql.model.yml
new file mode 100644
index 000000000000..da3ee84a7797
--- /dev/null
+++ b/rust/ql/lib/codeql/rust/frameworks/mysql.model.yml
@@ -0,0 +1,17 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sinkModel
+    data:
+      - ["<_ as mysql::conn::queryable::Queryable>::query", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query_opt", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query_drop", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query_first", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query_first_opt", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query_fold", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query_fold_opt", "Argument[0]", "sql-injection", "manual"]
+      - ["<mysql::conn::pool::PooledConn as mysql::conn::queryable::Queryable>::query_iter", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query_map", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query_map_opt", "Argument[0]", "sql-injection", "manual"]
+      - ["<_ as mysql::conn::queryable::Queryable>::query", "Argument[0]", "sql-injection", "manual"]
+      - ["<mysql::conn::pool::PooledConn as mysql::conn::queryable::Queryable>::prep", "Argument[0]", "sql-injection", "manual"]
diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
index 45ce48f2ef3e..f58ee2343d07 100644
--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -1,4 +1,26 @@
 #select
+| mysql.rs:22:33:22:37 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:22:33:22:37 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:22:33:22:37 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:22:33:22:37 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:23:55:23:63 | query_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:23:55:23:63 | query_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:24:14:24:23 | query_drop | mysql.rs:13:33:13:54 | ...::get | mysql.rs:24:14:24:23 | query_drop | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:25:28:25:38 | query_first | mysql.rs:13:33:13:54 | ...::get | mysql.rs:25:28:25:38 | query_first | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:26:49:26:63 | query_first_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:26:49:26:63 | query_first_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:27:22:27:31 | query_fold | mysql.rs:13:33:13:54 | ...::get | mysql.rs:27:22:27:31 | query_fold | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:28:22:28:35 | query_fold_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:28:22:28:35 | query_fold_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:29:22:29:31 | query_iter | mysql.rs:13:33:13:54 | ...::get | mysql.rs:29:22:29:31 | query_iter | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:30:22:30:30 | query_map | mysql.rs:13:33:13:54 | ...::get | mysql.rs:30:22:30:30 | query_map | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:31:22:31:34 | query_map_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:31:22:31:34 | query_map_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:32:34:32:38 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:32:34:32:38 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:32:34:32:38 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:32:34:32:38 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:50:15:50:24 | query_drop | mysql.rs:13:33:13:54 | ...::get | mysql.rs:50:15:50:24 | query_drop | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:77:33:77:37 | query | mysql.rs:68:33:68:54 | ...::get | mysql.rs:77:33:77:37 | query | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
+| mysql.rs:78:14:78:23 | query_drop | mysql.rs:68:33:68:54 | ...::get | mysql.rs:78:14:78:23 | query_drop | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
+| mysql.rs:79:36:79:46 | query_first | mysql.rs:68:33:68:54 | ...::get | mysql.rs:79:36:79:46 | query_first | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
+| mysql.rs:80:22:80:31 | query_fold | mysql.rs:68:33:68:54 | ...::get | mysql.rs:80:22:80:31 | query_fold | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
+| mysql.rs:81:22:81:31 | query_iter | mysql.rs:68:33:68:54 | ...::get | mysql.rs:81:22:81:31 | query_iter | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
+| mysql.rs:82:22:82:33 | query_stream | mysql.rs:68:33:68:54 | ...::get | mysql.rs:82:22:82:33 | query_stream | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
+| mysql.rs:83:22:83:30 | query_map | mysql.rs:68:33:68:54 | ...::get | mysql.rs:83:22:83:30 | query_map | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
+| mysql.rs:98:15:98:24 | query_drop | mysql.rs:68:33:68:54 | ...::get | mysql.rs:98:15:98:24 | query_drop | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
 | sqlx.rs:77:13:77:23 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:77:13:77:23 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
 | sqlx.rs:78:13:78:23 | ...::query | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:78:13:78:23 | ...::query | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value |
 | sqlx.rs:80:17:80:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:17:80:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
@@ -12,180 +34,507 @@
 | sqlx.rs:153:17:153:27 | ...::query | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:153:17:153:27 | ...::query | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value |
 | sqlx.rs:188:17:188:27 | ...::query | sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:188:17:188:27 | ...::query | This query depends on a $@. | sqlx.rs:173:25:173:46 | ...::get | user-provided value |
 edges
+| mysql.rs:13:13:13:29 | mut remote_string | mysql.rs:15:86:15:98 | remote_string | provenance |  |
+| mysql.rs:13:33:13:54 | ...::get | mysql.rs:13:33:13:77 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
+| mysql.rs:13:33:13:77 | ...::get(...) [Ok] | mysql.rs:13:33:13:86 | ... .unwrap() | provenance | MaD:28 |
+| mysql.rs:13:33:13:86 | ... .unwrap() | mysql.rs:13:33:13:93 | ... .text() [Ok] | provenance | MaD:32 |
+| mysql.rs:13:33:13:93 | ... .text() [Ok] | mysql.rs:13:33:13:121 | ... .unwrap_or(...) | provenance | MaD:29 |
+| mysql.rs:13:33:13:121 | ... .unwrap_or(...) | mysql.rs:13:13:13:29 | mut remote_string | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:50 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:76 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:36 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:51 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:76 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:44 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:48 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:44 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:43 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:47 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:51 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:50:26:50:37 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:28:15:98 | ... + ... | mysql.rs:15:13:15:24 | unsafe_query | provenance |  |
+| mysql.rs:15:28:15:98 | ... + ... | mysql.rs:15:28:15:104 | ... + ... | provenance | MaD:25 |
+| mysql.rs:15:28:15:104 | ... + ... | mysql.rs:15:13:15:24 | unsafe_query | provenance |  |
+| mysql.rs:15:85:15:98 | &remote_string [&ref] | mysql.rs:15:28:15:98 | ... + ... | provenance | MaD:24 |
+| mysql.rs:15:86:15:98 | remote_string | mysql.rs:15:85:15:98 | &remote_string [&ref] | provenance |  |
+| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:22:39:22:59 | unsafe_query.as_str() | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:22:39:22:59 | unsafe_query.as_str() | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:23:65:23:85 | unsafe_query.as_str() | mysql.rs:23:55:23:63 | query_opt | provenance | MaD:9 Sink:MaD:9 |
+| mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | mysql.rs:23:55:23:63 | query_opt | provenance | MaD:9 Sink:MaD:9 |
+| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:24:25:24:45 | unsafe_query.as_str() | mysql.rs:24:14:24:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | mysql.rs:24:14:24:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:25:40:25:60 | unsafe_query.as_str() | mysql.rs:25:28:25:38 | query_first | provenance | MaD:3 Sink:MaD:3 |
+| mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | mysql.rs:25:28:25:38 | query_first | provenance | MaD:3 Sink:MaD:3 |
+| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:26:65:26:85 | unsafe_query.as_str() | mysql.rs:26:49:26:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
+| mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | mysql.rs:26:49:26:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
+| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:27:33:27:53 | unsafe_query.as_str() | mysql.rs:27:22:27:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
+| mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | mysql.rs:27:22:27:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
+| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:28:37:28:57 | unsafe_query.as_str() | mysql.rs:28:22:28:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
+| mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | mysql.rs:28:22:28:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
+| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:29:33:29:53 | unsafe_query.as_str() | mysql.rs:29:22:29:31 | query_iter | provenance | MaD:16 Sink:MaD:16 |
+| mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | mysql.rs:29:22:29:31 | query_iter | provenance | MaD:16 Sink:MaD:16 |
+| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:30:32:30:52 | unsafe_query.as_str() | mysql.rs:30:22:30:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
+| mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | mysql.rs:30:22:30:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
+| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:31:36:31:56 | unsafe_query.as_str() | mysql.rs:31:22:31:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
+| mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | mysql.rs:31:22:31:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
+| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:32:40:32:60 | unsafe_query.as_str() | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:32:40:32:60 | unsafe_query.as_str() | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:50:26:50:37 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:50:26:50:37 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:50:26:50:37 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:50:26:50:46 | unsafe_query.as_str() | mysql.rs:50:15:50:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | mysql.rs:50:15:50:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:68:13:68:29 | mut remote_string | mysql.rs:70:86:70:98 | remote_string | provenance |  |
+| mysql.rs:68:33:68:54 | ...::get | mysql.rs:68:33:68:77 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
+| mysql.rs:68:33:68:77 | ...::get(...) [Ok] | mysql.rs:68:33:68:86 | ... .unwrap() | provenance | MaD:28 |
+| mysql.rs:68:33:68:86 | ... .unwrap() | mysql.rs:68:33:68:93 | ... .text() [Ok] | provenance | MaD:32 |
+| mysql.rs:68:33:68:93 | ... .text() [Ok] | mysql.rs:68:33:68:121 | ... .unwrap_or(...) | provenance | MaD:29 |
+| mysql.rs:68:33:68:121 | ... .unwrap_or(...) | mysql.rs:68:13:68:29 | mut remote_string | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:77:39:77:50 | unsafe_query | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:78:25:78:36 | unsafe_query | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:79:48:79:59 | unsafe_query | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:80:33:80:44 | unsafe_query | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:81:33:81:44 | unsafe_query | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:82:48:82:59 | unsafe_query | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:83:32:83:43 | unsafe_query | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:98:26:98:37 | unsafe_query | provenance |  |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() | provenance | MaD:26 |
+| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:70:28:70:98 | ... + ... | mysql.rs:70:13:70:24 | unsafe_query | provenance |  |
+| mysql.rs:70:28:70:98 | ... + ... | mysql.rs:70:28:70:104 | ... + ... | provenance | MaD:25 |
+| mysql.rs:70:28:70:104 | ... + ... | mysql.rs:70:13:70:24 | unsafe_query | provenance |  |
+| mysql.rs:70:85:70:98 | &remote_string [&ref] | mysql.rs:70:28:70:98 | ... + ... | provenance | MaD:24 |
+| mysql.rs:70:86:70:98 | remote_string | mysql.rs:70:85:70:98 | &remote_string [&ref] | provenance |  |
+| mysql.rs:77:39:77:50 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:77:39:77:50 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:77:39:77:50 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:77:39:77:59 | unsafe_query.as_str() | mysql.rs:77:33:77:37 | query | provenance | MaD:10 Sink:MaD:10 |
+| mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | mysql.rs:77:33:77:37 | query | provenance | MaD:10 Sink:MaD:10 |
+| mysql.rs:78:25:78:36 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:78:25:78:36 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:78:25:78:36 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:78:25:78:45 | unsafe_query.as_str() | mysql.rs:78:14:78:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | mysql.rs:78:14:78:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:79:48:79:59 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:79:48:79:59 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:79:48:79:59 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:79:48:79:68 | unsafe_query.as_str() | mysql.rs:79:36:79:46 | query_first | provenance | MaD:12 Sink:MaD:12 |
+| mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | mysql.rs:79:36:79:46 | query_first | provenance | MaD:12 Sink:MaD:12 |
+| mysql.rs:80:33:80:44 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:80:33:80:44 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:80:33:80:44 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:80:33:80:53 | unsafe_query.as_str() | mysql.rs:80:22:80:31 | query_fold | provenance | MaD:13 Sink:MaD:13 |
+| mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | mysql.rs:80:22:80:31 | query_fold | provenance | MaD:13 Sink:MaD:13 |
+| mysql.rs:81:33:81:44 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:81:33:81:44 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:81:33:81:44 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:81:33:81:53 | unsafe_query.as_str() | mysql.rs:81:22:81:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
+| mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | mysql.rs:81:22:81:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
+| mysql.rs:82:48:82:59 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:82:48:82:59 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:82:48:82:59 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:82:48:82:68 | unsafe_query.as_str() | mysql.rs:82:22:82:33 | query_stream | provenance | MaD:15 Sink:MaD:15 |
+| mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | mysql.rs:82:22:82:33 | query_stream | provenance | MaD:15 Sink:MaD:15 |
+| mysql.rs:83:32:83:43 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:83:32:83:43 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:83:32:83:43 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:83:32:83:52 | unsafe_query.as_str() | mysql.rs:83:22:83:30 | query_map | provenance | MaD:14 Sink:MaD:14 |
+| mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | mysql.rs:83:22:83:30 | query_map | provenance | MaD:14 Sink:MaD:14 |
+| mysql.rs:98:26:98:37 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:98:26:98:37 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
+| mysql.rs:98:26:98:37 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:98:26:98:46 | unsafe_query.as_str() | mysql.rs:98:15:98:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | mysql.rs:98:15:98:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
 | sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance |  |
-| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:5  |
-| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:6 |
-| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:10 |
+| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:22  |
+| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:23 |
+| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:27 |
 | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance |  |
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:14 |
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:14 |
+| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:31 |
+| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:31 |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance |  |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:84:55:96 | remote_string | provenance |  |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance |  |
-| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:4  |
-| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:11 |
-| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:15 |
-| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:12 |
+| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
+| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:28 |
+| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:32 |
+| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:29 |
 | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance |  |
 | sqlx.rs:49:9:49:21 | remote_number | sqlx.rs:52:32:52:87 | MacroExpr | provenance |  |
-| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:12 |
+| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:29 |
 | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | sqlx.rs:49:9:49:21 | remote_number | provenance |  |
 | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:36 | safe_query_3 | provenance |  |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:13 |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:9 |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:13 |
+| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:30 |
+| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:26 |
+| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:30 |
 | sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:32:52:87 | { ... } | provenance |  |
 | sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance |  |
-| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:16 |
-| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:17 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
+| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:33 |
+| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:34 |
+| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
 | sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance |  |
 | sqlx.rs:53:27:53:36 | arg_string | sqlx.rs:53:26:53:36 | &arg_string [&ref] | provenance |  |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:13 |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:30 |
 | sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance |  |
 | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance |  |
 | sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:42 | unsafe_query_3 | provenance |  |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:13 |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:9 |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:13 |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:30 |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:26 |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:30 |
 | sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance |  |
-| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:26:55:102 | ... + ... | provenance | MaD:8 |
+| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:26:55:102 | ... + ... | provenance | MaD:25 |
 | sqlx.rs:55:26:55:102 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance |  |
-| sqlx.rs:55:83:55:96 | &remote_string [&ref] | sqlx.rs:55:26:55:96 | ... + ... | provenance | MaD:7 |
+| sqlx.rs:55:83:55:96 | &remote_string [&ref] | sqlx.rs:55:26:55:96 | ... + ... | provenance | MaD:24 |
 | sqlx.rs:55:84:55:96 | remote_string | sqlx.rs:55:83:55:96 | &remote_string [&ref] | provenance |  |
 | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:42 | unsafe_query_4 | provenance |  |
-| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:13 |
-| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:9 |
-| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:13 |
+| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:30 |
+| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:26 |
+| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:30 |
 | sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:17:59:72 | { ... } | provenance |  |
 | sqlx.rs:59:17:59:72 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance |  |
-| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:16 |
-| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:17 |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | sqlx.rs:78:13:78:23 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | sqlx.rs:80:17:80:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
+| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:33 |
+| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:34 |
+| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | sqlx.rs:78:13:78:23 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | sqlx.rs:80:17:80:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
 | sqlx.rs:100:9:100:21 | remote_string | sqlx.rs:102:84:102:96 | remote_string | provenance |  |
-| sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | provenance | Src:MaD:4  |
-| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | sqlx.rs:100:25:100:78 | ... .unwrap() | provenance | MaD:11 |
-| sqlx.rs:100:25:100:78 | ... .unwrap() | sqlx.rs:100:25:100:85 | ... .text() [Ok] | provenance | MaD:15 |
-| sqlx.rs:100:25:100:85 | ... .text() [Ok] | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | provenance | MaD:12 |
+| sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
+| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | sqlx.rs:100:25:100:78 | ... .unwrap() | provenance | MaD:28 |
+| sqlx.rs:100:25:100:78 | ... .unwrap() | sqlx.rs:100:25:100:85 | ... .text() [Ok] | provenance | MaD:32 |
+| sqlx.rs:100:25:100:85 | ... .text() [Ok] | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | provenance | MaD:29 |
 | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | sqlx.rs:100:9:100:21 | remote_string | provenance |  |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:44 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:13 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:9 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:13 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:26 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:30 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:13 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:9 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:13 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:26 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:13 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:9 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:13 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:26 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:68 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:13 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:9 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:13 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:26 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:30 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:68 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:13 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:9 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:13 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:26 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:30 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:13 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:9 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:13 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:26 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
 | sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:26:102:102 | ... + ... | provenance | MaD:8 |
+| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:26:102:102 | ... + ... | provenance | MaD:25 |
 | sqlx.rs:102:26:102:102 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:83:102:96 | &remote_string [&ref] | sqlx.rs:102:26:102:96 | ... + ... | provenance | MaD:7 |
+| sqlx.rs:102:83:102:96 | &remote_string [&ref] | sqlx.rs:102:26:102:96 | ... + ... | provenance | MaD:24 |
 | sqlx.rs:102:84:102:96 | remote_string | sqlx.rs:102:83:102:96 | &remote_string [&ref] | provenance |  |
-| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:3 Sink:MaD:3 |
-| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:3 Sink:MaD:3 |
-| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 |
-| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 |
-| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 |
-| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 |
-| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
+| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:19 Sink:MaD:19 |
+| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:19 Sink:MaD:19 |
+| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:19 Sink:MaD:19 |
+| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:19 Sink:MaD:19 |
+| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
 | sqlx.rs:173:9:173:21 | remote_string | sqlx.rs:175:84:175:96 | remote_string | provenance |  |
-| sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | provenance | Src:MaD:4  |
-| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | sqlx.rs:173:25:173:78 | ... .unwrap() | provenance | MaD:11 |
-| sqlx.rs:173:25:173:78 | ... .unwrap() | sqlx.rs:173:25:173:85 | ... .text() [Ok] | provenance | MaD:15 |
-| sqlx.rs:173:25:173:85 | ... .text() [Ok] | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | provenance | MaD:12 |
+| sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
+| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | sqlx.rs:173:25:173:78 | ... .unwrap() | provenance | MaD:28 |
+| sqlx.rs:173:25:173:78 | ... .unwrap() | sqlx.rs:173:25:173:85 | ... .text() [Ok] | provenance | MaD:32 |
+| sqlx.rs:173:25:173:85 | ... .text() [Ok] | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | provenance | MaD:29 |
 | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | sqlx.rs:173:9:173:21 | remote_string | provenance |  |
 | sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:13 |
-| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:9 |
-| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:13 |
+| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:26 |
+| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
 | sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:26:175:102 | ... + ... | provenance | MaD:8 |
+| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:26:175:102 | ... + ... | provenance | MaD:25 |
 | sqlx.rs:175:26:175:102 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:175:83:175:96 | &remote_string [&ref] | sqlx.rs:175:26:175:96 | ... + ... | provenance | MaD:7 |
+| sqlx.rs:175:83:175:96 | &remote_string [&ref] | sqlx.rs:175:26:175:96 | ... + ... | provenance | MaD:24 |
 | sqlx.rs:175:84:175:96 | remote_string | sqlx.rs:175:83:175:96 | &remote_string [&ref] | provenance |  |
-| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 |
-| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 |
-| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
-| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:1 Sink:MaD:1 |
+| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
+| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
 models
-| 1 | Sink: sqlx_core::query::query; Argument[0]; sql-injection |
-| 2 | Sink: sqlx_core::query_as::query_as; Argument[0]; sql-injection |
-| 3 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection |
-| 4 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
-| 5 | Source: std::env::args; ReturnValue.Element; commandargs |
-| 6 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
-| 7 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
-| 8 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
-| 9 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
-| 10 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 11 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 12 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 13 | Summary: <core::str>::as_str; Argument[self]; ReturnValue; value |
-| 14 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 15 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 16 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
-| 17 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
+| 1 | Sink: <_ as mysql::conn::queryable::Queryable>::query; Argument[0]; sql-injection |
+| 2 | Sink: <_ as mysql::conn::queryable::Queryable>::query_drop; Argument[0]; sql-injection |
+| 3 | Sink: <_ as mysql::conn::queryable::Queryable>::query_first; Argument[0]; sql-injection |
+| 4 | Sink: <_ as mysql::conn::queryable::Queryable>::query_first_opt; Argument[0]; sql-injection |
+| 5 | Sink: <_ as mysql::conn::queryable::Queryable>::query_fold; Argument[0]; sql-injection |
+| 6 | Sink: <_ as mysql::conn::queryable::Queryable>::query_fold_opt; Argument[0]; sql-injection |
+| 7 | Sink: <_ as mysql::conn::queryable::Queryable>::query_map; Argument[0]; sql-injection |
+| 8 | Sink: <_ as mysql::conn::queryable::Queryable>::query_map_opt; Argument[0]; sql-injection |
+| 9 | Sink: <_ as mysql::conn::queryable::Queryable>::query_opt; Argument[0]; sql-injection |
+| 10 | Sink: <_ as mysql_async::queryable::Queryable>::query; Argument[0]; sql-injection |
+| 11 | Sink: <_ as mysql_async::queryable::Queryable>::query_drop; Argument[0]; sql-injection |
+| 12 | Sink: <_ as mysql_async::queryable::Queryable>::query_first; Argument[0]; sql-injection |
+| 13 | Sink: <_ as mysql_async::queryable::Queryable>::query_fold; Argument[0]; sql-injection |
+| 14 | Sink: <_ as mysql_async::queryable::Queryable>::query_map; Argument[0]; sql-injection |
+| 15 | Sink: <_ as mysql_async::queryable::Queryable>::query_stream; Argument[0]; sql-injection |
+| 16 | Sink: <mysql::conn::pool::PooledConn as mysql::conn::queryable::Queryable>::query_iter; Argument[0]; sql-injection |
+| 17 | Sink: <mysql_async::conn::Conn as mysql_async::queryable::Queryable>::query_iter; Argument[0]; sql-injection |
+| 18 | Sink: sqlx_core::query::query; Argument[0]; sql-injection |
+| 19 | Sink: sqlx_core::query_as::query_as; Argument[0]; sql-injection |
+| 20 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection |
+| 21 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
+| 22 | Source: std::env::args; ReturnValue.Element; commandargs |
+| 23 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
+| 24 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
+| 25 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
+| 26 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
+| 27 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 28 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 29 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 30 | Summary: <core::str>::as_str; Argument[self]; ReturnValue; value |
+| 31 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 32 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 33 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
+| 34 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
 nodes
+| mysql.rs:13:13:13:29 | mut remote_string | semmle.label | mut remote_string |
+| mysql.rs:13:33:13:54 | ...::get | semmle.label | ...::get |
+| mysql.rs:13:33:13:77 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
+| mysql.rs:13:33:13:86 | ... .unwrap() | semmle.label | ... .unwrap() |
+| mysql.rs:13:33:13:93 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
+| mysql.rs:13:33:13:121 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| mysql.rs:15:13:15:24 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:15:28:15:98 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:15:28:15:104 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:15:85:15:98 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
+| mysql.rs:15:86:15:98 | remote_string | semmle.label | remote_string |
+| mysql.rs:22:33:22:37 | query | semmle.label | query |
+| mysql.rs:22:33:22:37 | query | semmle.label | query |
+| mysql.rs:22:39:22:50 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:22:39:22:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:23:55:23:63 | query_opt | semmle.label | query_opt |
+| mysql.rs:23:65:23:76 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:23:65:23:85 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:24:14:24:23 | query_drop | semmle.label | query_drop |
+| mysql.rs:24:25:24:36 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:24:25:24:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:25:28:25:38 | query_first | semmle.label | query_first |
+| mysql.rs:25:40:25:51 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:25:40:25:60 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:26:49:26:63 | query_first_opt | semmle.label | query_first_opt |
+| mysql.rs:26:65:26:76 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:26:65:26:85 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:27:22:27:31 | query_fold | semmle.label | query_fold |
+| mysql.rs:27:33:27:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:27:33:27:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:28:22:28:35 | query_fold_opt | semmle.label | query_fold_opt |
+| mysql.rs:28:37:28:48 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:28:37:28:57 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:29:22:29:31 | query_iter | semmle.label | query_iter |
+| mysql.rs:29:33:29:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:29:33:29:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:30:22:30:30 | query_map | semmle.label | query_map |
+| mysql.rs:30:32:30:43 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:30:32:30:52 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:31:22:31:34 | query_map_opt | semmle.label | query_map_opt |
+| mysql.rs:31:36:31:47 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:31:36:31:56 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:32:34:32:38 | query | semmle.label | query |
+| mysql.rs:32:34:32:38 | query | semmle.label | query |
+| mysql.rs:32:40:32:51 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:32:40:32:60 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:50:15:50:24 | query_drop | semmle.label | query_drop |
+| mysql.rs:50:26:50:37 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:50:26:50:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:68:13:68:29 | mut remote_string | semmle.label | mut remote_string |
+| mysql.rs:68:33:68:54 | ...::get | semmle.label | ...::get |
+| mysql.rs:68:33:68:77 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
+| mysql.rs:68:33:68:86 | ... .unwrap() | semmle.label | ... .unwrap() |
+| mysql.rs:68:33:68:93 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
+| mysql.rs:68:33:68:121 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| mysql.rs:70:13:70:24 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:70:28:70:98 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:70:28:70:104 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:70:85:70:98 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
+| mysql.rs:70:86:70:98 | remote_string | semmle.label | remote_string |
+| mysql.rs:77:33:77:37 | query | semmle.label | query |
+| mysql.rs:77:39:77:50 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:77:39:77:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:78:14:78:23 | query_drop | semmle.label | query_drop |
+| mysql.rs:78:25:78:36 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:78:25:78:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:79:36:79:46 | query_first | semmle.label | query_first |
+| mysql.rs:79:48:79:59 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:79:48:79:68 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:80:22:80:31 | query_fold | semmle.label | query_fold |
+| mysql.rs:80:33:80:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:80:33:80:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:81:22:81:31 | query_iter | semmle.label | query_iter |
+| mysql.rs:81:33:81:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:81:33:81:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:82:22:82:33 | query_stream | semmle.label | query_stream |
+| mysql.rs:82:48:82:59 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:82:48:82:68 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:83:22:83:30 | query_map | semmle.label | query_map |
+| mysql.rs:83:32:83:43 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:83:32:83:52 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:98:15:98:24 | query_drop | semmle.label | query_drop |
+| mysql.rs:98:26:98:37 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:98:26:98:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
 | sqlx.rs:47:9:47:18 | arg_string | semmle.label | arg_string |
 | sqlx.rs:47:22:47:35 | ...::args | semmle.label | ...::args |
 | sqlx.rs:47:22:47:37 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
diff --git a/rust/ql/test/query-tests/security/CWE-089/mysql.rs b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
index 92377eaa4939..30f5d8b022d9 100644
--- a/rust/ql/test/query-tests/security/CWE-089/mysql.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
@@ -10,29 +10,29 @@ mod sync_test
         let mut conn2: Conn = pool.get_conn()?.unwrap();
 
         // construct queries
-        let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ MISSING: Source=remote10
+        let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ Source=remote10
         let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
         let unsafe_query = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
         let prepared_query = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
 
         // direct execution (safe)
-        let _ : Vec<i64> = conn.query(safe_query.as_str())?;
+        let _ : Vec<i64> = conn.query(safe_query.as_str())?; // $ sql-sink
 
         // direct execution (unsafe)
-        let _ : Vec<i64> = conn.query(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ : Vec<Result<i64, FromRowError>> = conn.query_opt(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        conn.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ : i64 = conn.query_first(unsafe_query.as_str())?.unwrap(); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ : Result<i64, FromRowError>= conn.query_first_opt(unsafe_query.as_str())?.unwrap(); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_fold_opt(unsafe_query.as_str(), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_iter(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {})?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_map_opt(unsafe_query.as_str(), |_: Result<i64, FromRowError>| -> () {})?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
-        let _ : Vec<i64> = conn2.query(unsafe_query.as_str())?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote10
+        let _ : Vec<i64> = conn.query(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ : Vec<Result<i64, FromRowError>> = conn.query_opt(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        conn.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ : i64 = conn.query_first(unsafe_query.as_str())?.unwrap(); // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ : Result<i64, FromRowError>= conn.query_first_opt(unsafe_query.as_str())?.unwrap(); // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_fold_opt(unsafe_query.as_str(), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_iter(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {})?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_map_opt(unsafe_query.as_str(), |_: Result<i64, FromRowError>| -> () {})?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ : Vec<i64> = conn2.query(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
 
         // prepared queries (safe)
-        let stmt = conn.prep(prepared_query.as_str())?;
+        let stmt = conn.prep(prepared_query.as_str())?; // $ sql-sink
         let _ : Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),))?;
         let _ : Vec<Result<i64, FromRowError>> = conn.exec_opt(&stmt, (remote_string.as_str(),))?;
         let _ = conn.exec_batch(&stmt, vec![(remote_string.as_str(),)])?;
@@ -47,7 +47,7 @@ mod sync_test
 
         // transactions
         let mut trans = conn.start_transaction(TxOpts::default())?;
-        trans.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        trans.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote10
         trans.commit()?;
 
         Ok(())
@@ -65,25 +65,25 @@ mod async_test
         let mut conn = pool.get_conn().await?;
 
         // construct queries
-        let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ MISSING: Source=remote11
+        let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ Source=remote11
         let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
         let unsafe_query = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
         let prepared_query = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
 
         // direct execution (safe)
-        let _ : Vec<i64> = conn.query(safe_query.as_str()).await?;
+        let _ : Vec<i64> = conn.query(safe_query.as_str()).await?; // $ sql-sink
 
         // direct execution (unsafe)
-        let _ : Vec<i64> = conn.query(unsafe_query.as_str()).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
-        conn.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
-        let _ : Option<i64> = conn.query_first(unsafe_query.as_str()).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
-        let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 }).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
-        let _ = conn.query_iter(unsafe_query.as_str()).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
-        let _ = conn.query_stream::<i64, &str>(unsafe_query.as_str()).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
-        let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {}).await?; // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        let _ : Vec<i64> = conn.query(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        conn.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _ : Option<i64> = conn.query_first(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 }).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn.query_iter(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn.query_stream::<i64, &str>(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {}).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
 
         // prepared queries (safe)
-        let stmt = conn.prep(prepared_query.as_str()).await?;
+        let stmt = conn.prep(prepared_query.as_str()).await?; // $ sql-sink
         let _ : Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),)).await?;
         let _ = conn.exec_batch(&stmt, vec![(remote_string.as_str(),)]).await?;
         conn.exec_drop(&stmt, (&remote_string.as_str(),));
@@ -95,7 +95,7 @@ mod async_test
 
         // transactions
         let mut trans = conn.start_transaction(TxOpts::default()).await?;
-        trans.query_drop(unsafe_query.as_str()); // $ MISSING: sql-sink Alert[rust/sql-injection]=remote11
+        trans.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote11
         trans.commit().await?;
 
         Ok(())

From 859c1ef55d22c366537bfae4b113c326fda23bc3 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 10 Oct 2025 17:11:20 +0100
Subject: [PATCH 05/14] Rust: Change note.

---
 rust/ql/lib/change-notes/2025-10-10-mysql.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 rust/ql/lib/change-notes/2025-10-10-mysql.md

diff --git a/rust/ql/lib/change-notes/2025-10-10-mysql.md b/rust/ql/lib/change-notes/2025-10-10-mysql.md
new file mode 100644
index 000000000000..037f813a8566
--- /dev/null
+++ b/rust/ql/lib/change-notes/2025-10-10-mysql.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added models for the `mysql` and `mysql_async` libraries.

From c102ce41b740ab867b037125be459738b5629581 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 10 Oct 2025 17:12:48 +0100
Subject: [PATCH 06/14] Rust: Claim support for the two libraries.

---
 docs/codeql/reusables/supported-frameworks.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst
index e9981014ef5f..472e463cf79b 100644
--- a/docs/codeql/reusables/supported-frameworks.rst
+++ b/docs/codeql/reusables/supported-frameworks.rst
@@ -336,6 +336,8 @@ and the CodeQL library pack ``codeql/rust-all`` (`changelog <https://github.com/
    `log <https://crates.io/crates/log>`__, Logging library
    `md5 <https://crates.io/crates/md5>`__, Utility library
    `memchr <https://crates.io/crates/memchr>`__, Utility library
+   `mysql <https://crates.io/crates/mysql>`__, Database
+   `mysql_async <https://crates.io/crates/mysql_async>`__, Database
    `once_cell <https://crates.io/crates/once_cell>`__, Utility library
    `poem <https://crates.io/crates/poem>`__, Web framework
    `postgres <https://crates.io/crates/postgres>`__, Database

From 106bad2764a8478dfd30f46e08bac3c5b5cdc771 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 10 Oct 2025 17:17:08 +0100
Subject: [PATCH 07/14] Rust: Add test cases for bad use of prepared statements
 as well.

---
 .../security/CWE-089/SqlInjection.expected    | 744 +++++++++---------
 .../query-tests/security/CWE-089/mysql.rs     |   8 +
 2 files changed, 395 insertions(+), 357 deletions(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
index f58ee2343d07..cf5529c7a99f 100644
--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -12,15 +12,17 @@
 | mysql.rs:31:22:31:34 | query_map_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:31:22:31:34 | query_map_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:32:34:32:38 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:32:34:32:38 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:32:34:32:38 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:32:34:32:38 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:50:15:50:24 | query_drop | mysql.rs:13:33:13:54 | ...::get | mysql.rs:50:15:50:24 | query_drop | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:77:33:77:37 | query | mysql.rs:68:33:68:54 | ...::get | mysql.rs:77:33:77:37 | query | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
-| mysql.rs:78:14:78:23 | query_drop | mysql.rs:68:33:68:54 | ...::get | mysql.rs:78:14:78:23 | query_drop | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
-| mysql.rs:79:36:79:46 | query_first | mysql.rs:68:33:68:54 | ...::get | mysql.rs:79:36:79:46 | query_first | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
-| mysql.rs:80:22:80:31 | query_fold | mysql.rs:68:33:68:54 | ...::get | mysql.rs:80:22:80:31 | query_fold | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
-| mysql.rs:81:22:81:31 | query_iter | mysql.rs:68:33:68:54 | ...::get | mysql.rs:81:22:81:31 | query_iter | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
-| mysql.rs:82:22:82:33 | query_stream | mysql.rs:68:33:68:54 | ...::get | mysql.rs:82:22:82:33 | query_stream | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
-| mysql.rs:83:22:83:30 | query_map | mysql.rs:68:33:68:54 | ...::get | mysql.rs:83:22:83:30 | query_map | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
-| mysql.rs:98:15:98:24 | query_drop | mysql.rs:68:33:68:54 | ...::get | mysql.rs:98:15:98:24 | query_drop | This query depends on a $@. | mysql.rs:68:33:68:54 | ...::get | user-provided value |
+| mysql.rs:49:26:49:29 | prep | mysql.rs:13:33:13:54 | ...::get | mysql.rs:49:26:49:29 | prep | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:54:15:54:24 | query_drop | mysql.rs:13:33:13:54 | ...::get | mysql.rs:54:15:54:24 | query_drop | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
+| mysql.rs:81:33:81:37 | query | mysql.rs:72:33:72:54 | ...::get | mysql.rs:81:33:81:37 | query | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:82:14:82:23 | query_drop | mysql.rs:72:33:72:54 | ...::get | mysql.rs:82:14:82:23 | query_drop | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:83:36:83:46 | query_first | mysql.rs:72:33:72:54 | ...::get | mysql.rs:83:36:83:46 | query_first | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:84:22:84:31 | query_fold | mysql.rs:72:33:72:54 | ...::get | mysql.rs:84:22:84:31 | query_fold | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:85:22:85:31 | query_iter | mysql.rs:72:33:72:54 | ...::get | mysql.rs:85:22:85:31 | query_iter | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:86:22:86:33 | query_stream | mysql.rs:72:33:72:54 | ...::get | mysql.rs:86:22:86:33 | query_stream | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:87:22:87:30 | query_map | mysql.rs:72:33:72:54 | ...::get | mysql.rs:87:22:87:30 | query_map | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:101:26:101:29 | prep | mysql.rs:72:33:72:54 | ...::get | mysql.rs:101:26:101:29 | prep | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:106:15:106:24 | query_drop | mysql.rs:72:33:72:54 | ...::get | mysql.rs:106:15:106:24 | query_drop | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
 | sqlx.rs:77:13:77:23 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:77:13:77:23 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
 | sqlx.rs:78:13:78:23 | ...::query | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:78:13:78:23 | ...::query | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value |
 | sqlx.rs:80:17:80:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:17:80:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
@@ -35,366 +37,384 @@
 | sqlx.rs:188:17:188:27 | ...::query | sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:188:17:188:27 | ...::query | This query depends on a $@. | sqlx.rs:173:25:173:46 | ...::get | user-provided value |
 edges
 | mysql.rs:13:13:13:29 | mut remote_string | mysql.rs:15:86:15:98 | remote_string | provenance |  |
-| mysql.rs:13:33:13:54 | ...::get | mysql.rs:13:33:13:77 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
-| mysql.rs:13:33:13:77 | ...::get(...) [Ok] | mysql.rs:13:33:13:86 | ... .unwrap() | provenance | MaD:28 |
-| mysql.rs:13:33:13:86 | ... .unwrap() | mysql.rs:13:33:13:93 | ... .text() [Ok] | provenance | MaD:32 |
-| mysql.rs:13:33:13:93 | ... .text() [Ok] | mysql.rs:13:33:13:121 | ... .unwrap_or(...) | provenance | MaD:29 |
+| mysql.rs:13:33:13:54 | ...::get | mysql.rs:13:33:13:77 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
+| mysql.rs:13:33:13:77 | ...::get(...) [Ok] | mysql.rs:13:33:13:86 | ... .unwrap() | provenance | MaD:30 |
+| mysql.rs:13:33:13:86 | ... .unwrap() | mysql.rs:13:33:13:93 | ... .text() [Ok] | provenance | MaD:34 |
+| mysql.rs:13:33:13:93 | ... .text() [Ok] | mysql.rs:13:33:13:121 | ... .unwrap_or(...) | provenance | MaD:31 |
 | mysql.rs:13:33:13:121 | ... .unwrap_or(...) | mysql.rs:13:13:13:29 | mut remote_string | provenance |  |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:50 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:76 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:36 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:51 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:76 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:44 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:48 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:44 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:43 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:47 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:51 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:50:26:50:37 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() | provenance | MaD:30 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:49:31:49:42 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:54:26:54:37 | unsafe_query | provenance |  |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() | provenance | MaD:32 |
 | mysql.rs:15:28:15:98 | ... + ... | mysql.rs:15:13:15:24 | unsafe_query | provenance |  |
-| mysql.rs:15:28:15:98 | ... + ... | mysql.rs:15:28:15:104 | ... + ... | provenance | MaD:25 |
+| mysql.rs:15:28:15:98 | ... + ... | mysql.rs:15:28:15:104 | ... + ... | provenance | MaD:27 |
 | mysql.rs:15:28:15:104 | ... + ... | mysql.rs:15:13:15:24 | unsafe_query | provenance |  |
-| mysql.rs:15:85:15:98 | &remote_string [&ref] | mysql.rs:15:28:15:98 | ... + ... | provenance | MaD:24 |
+| mysql.rs:15:85:15:98 | &remote_string [&ref] | mysql.rs:15:28:15:98 | ... + ... | provenance | MaD:26 |
 | mysql.rs:15:86:15:98 | remote_string | mysql.rs:15:85:15:98 | &remote_string [&ref] | provenance |  |
-| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:22:39:22:59 | unsafe_query.as_str() | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:22:39:22:59 | unsafe_query.as_str() | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:23:65:23:85 | unsafe_query.as_str() | mysql.rs:23:55:23:63 | query_opt | provenance | MaD:9 Sink:MaD:9 |
 | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | mysql.rs:23:55:23:63 | query_opt | provenance | MaD:9 Sink:MaD:9 |
-| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:24:25:24:45 | unsafe_query.as_str() | mysql.rs:24:14:24:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
 | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | mysql.rs:24:14:24:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
-| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:25:40:25:60 | unsafe_query.as_str() | mysql.rs:25:28:25:38 | query_first | provenance | MaD:3 Sink:MaD:3 |
 | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | mysql.rs:25:28:25:38 | query_first | provenance | MaD:3 Sink:MaD:3 |
-| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:26:65:26:85 | unsafe_query.as_str() | mysql.rs:26:49:26:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
 | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | mysql.rs:26:49:26:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
-| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:27:33:27:53 | unsafe_query.as_str() | mysql.rs:27:22:27:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
 | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | mysql.rs:27:22:27:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
-| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:28:37:28:57 | unsafe_query.as_str() | mysql.rs:28:22:28:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
 | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | mysql.rs:28:22:28:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
-| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:29:33:29:53 | unsafe_query.as_str() | mysql.rs:29:22:29:31 | query_iter | provenance | MaD:16 Sink:MaD:16 |
-| mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | mysql.rs:29:22:29:31 | query_iter | provenance | MaD:16 Sink:MaD:16 |
-| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:29:33:29:53 | unsafe_query.as_str() | mysql.rs:29:22:29:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
+| mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | mysql.rs:29:22:29:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
+| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:30:32:30:52 | unsafe_query.as_str() | mysql.rs:30:22:30:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
 | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | mysql.rs:30:22:30:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
-| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:31:36:31:56 | unsafe_query.as_str() | mysql.rs:31:22:31:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
 | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | mysql.rs:31:22:31:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
-| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
+| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:50:26:50:37 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:50:26:50:37 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:50:26:50:37 | unsafe_query | mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:50:26:50:46 | unsafe_query.as_str() | mysql.rs:50:15:50:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
-| mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | mysql.rs:50:15:50:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
-| mysql.rs:68:13:68:29 | mut remote_string | mysql.rs:70:86:70:98 | remote_string | provenance |  |
-| mysql.rs:68:33:68:54 | ...::get | mysql.rs:68:33:68:77 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
-| mysql.rs:68:33:68:77 | ...::get(...) [Ok] | mysql.rs:68:33:68:86 | ... .unwrap() | provenance | MaD:28 |
-| mysql.rs:68:33:68:86 | ... .unwrap() | mysql.rs:68:33:68:93 | ... .text() [Ok] | provenance | MaD:32 |
-| mysql.rs:68:33:68:93 | ... .text() [Ok] | mysql.rs:68:33:68:121 | ... .unwrap_or(...) | provenance | MaD:29 |
-| mysql.rs:68:33:68:121 | ... .unwrap_or(...) | mysql.rs:68:13:68:29 | mut remote_string | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:77:39:77:50 | unsafe_query | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:78:25:78:36 | unsafe_query | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:79:48:79:59 | unsafe_query | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:80:33:80:44 | unsafe_query | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:81:33:81:44 | unsafe_query | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:82:48:82:59 | unsafe_query | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:83:32:83:43 | unsafe_query | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:98:26:98:37 | unsafe_query | provenance |  |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() | provenance | MaD:26 |
-| mysql.rs:70:13:70:24 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() | provenance | MaD:30 |
-| mysql.rs:70:28:70:98 | ... + ... | mysql.rs:70:13:70:24 | unsafe_query | provenance |  |
-| mysql.rs:70:28:70:98 | ... + ... | mysql.rs:70:28:70:104 | ... + ... | provenance | MaD:25 |
-| mysql.rs:70:28:70:104 | ... + ... | mysql.rs:70:13:70:24 | unsafe_query | provenance |  |
-| mysql.rs:70:85:70:98 | &remote_string [&ref] | mysql.rs:70:28:70:98 | ... + ... | provenance | MaD:24 |
-| mysql.rs:70:86:70:98 | remote_string | mysql.rs:70:85:70:98 | &remote_string [&ref] | provenance |  |
-| mysql.rs:77:39:77:50 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:77:39:77:50 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:77:39:77:50 | unsafe_query | mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:77:39:77:59 | unsafe_query.as_str() | mysql.rs:77:33:77:37 | query | provenance | MaD:10 Sink:MaD:10 |
-| mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | mysql.rs:77:33:77:37 | query | provenance | MaD:10 Sink:MaD:10 |
-| mysql.rs:78:25:78:36 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:78:25:78:36 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:78:25:78:36 | unsafe_query | mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:78:25:78:45 | unsafe_query.as_str() | mysql.rs:78:14:78:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
-| mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | mysql.rs:78:14:78:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
-| mysql.rs:79:48:79:59 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:79:48:79:59 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:79:48:79:59 | unsafe_query | mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:79:48:79:68 | unsafe_query.as_str() | mysql.rs:79:36:79:46 | query_first | provenance | MaD:12 Sink:MaD:12 |
-| mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | mysql.rs:79:36:79:46 | query_first | provenance | MaD:12 Sink:MaD:12 |
-| mysql.rs:80:33:80:44 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:80:33:80:44 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:80:33:80:44 | unsafe_query | mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:80:33:80:53 | unsafe_query.as_str() | mysql.rs:80:22:80:31 | query_fold | provenance | MaD:13 Sink:MaD:13 |
-| mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | mysql.rs:80:22:80:31 | query_fold | provenance | MaD:13 Sink:MaD:13 |
-| mysql.rs:81:33:81:44 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:81:33:81:44 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:81:33:81:44 | unsafe_query | mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:81:33:81:53 | unsafe_query.as_str() | mysql.rs:81:22:81:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
-| mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | mysql.rs:81:22:81:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
-| mysql.rs:82:48:82:59 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:82:48:82:59 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:82:48:82:59 | unsafe_query | mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:82:48:82:68 | unsafe_query.as_str() | mysql.rs:82:22:82:33 | query_stream | provenance | MaD:15 Sink:MaD:15 |
-| mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | mysql.rs:82:22:82:33 | query_stream | provenance | MaD:15 Sink:MaD:15 |
-| mysql.rs:83:32:83:43 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:83:32:83:43 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:83:32:83:43 | unsafe_query | mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:83:32:83:52 | unsafe_query.as_str() | mysql.rs:83:22:83:30 | query_map | provenance | MaD:14 Sink:MaD:14 |
-| mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | mysql.rs:83:22:83:30 | query_map | provenance | MaD:14 Sink:MaD:14 |
-| mysql.rs:98:26:98:37 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:98:26:98:37 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | provenance | MaD:26 |
-| mysql.rs:98:26:98:37 | unsafe_query | mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | provenance | MaD:30 |
-| mysql.rs:98:26:98:46 | unsafe_query.as_str() | mysql.rs:98:15:98:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
-| mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | mysql.rs:98:15:98:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:49:31:49:42 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:49:31:49:42 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:49:31:49:42 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:49:31:49:51 | unsafe_query.as_str() | mysql.rs:49:26:49:29 | prep | provenance | MaD:16 Sink:MaD:16 |
+| mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | mysql.rs:49:26:49:29 | prep | provenance | MaD:16 Sink:MaD:16 |
+| mysql.rs:54:26:54:37 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:54:26:54:37 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:54:26:54:37 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:54:26:54:46 | unsafe_query.as_str() | mysql.rs:54:15:54:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | mysql.rs:54:15:54:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:72:13:72:29 | mut remote_string | mysql.rs:74:86:74:98 | remote_string | provenance |  |
+| mysql.rs:72:33:72:54 | ...::get | mysql.rs:72:33:72:77 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
+| mysql.rs:72:33:72:77 | ...::get(...) [Ok] | mysql.rs:72:33:72:86 | ... .unwrap() | provenance | MaD:30 |
+| mysql.rs:72:33:72:86 | ... .unwrap() | mysql.rs:72:33:72:93 | ... .text() [Ok] | provenance | MaD:34 |
+| mysql.rs:72:33:72:93 | ... .text() [Ok] | mysql.rs:72:33:72:121 | ... .unwrap_or(...) | provenance | MaD:31 |
+| mysql.rs:72:33:72:121 | ... .unwrap_or(...) | mysql.rs:72:13:72:29 | mut remote_string | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:81:39:81:50 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:82:25:82:36 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:83:48:83:59 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:84:33:84:44 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:85:33:85:44 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:86:48:86:59 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:87:32:87:43 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:101:31:101:42 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:106:26:106:37 | unsafe_query | provenance |  |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:74:28:74:98 | ... + ... | mysql.rs:74:13:74:24 | unsafe_query | provenance |  |
+| mysql.rs:74:28:74:98 | ... + ... | mysql.rs:74:28:74:104 | ... + ... | provenance | MaD:27 |
+| mysql.rs:74:28:74:104 | ... + ... | mysql.rs:74:13:74:24 | unsafe_query | provenance |  |
+| mysql.rs:74:85:74:98 | &remote_string [&ref] | mysql.rs:74:28:74:98 | ... + ... | provenance | MaD:26 |
+| mysql.rs:74:86:74:98 | remote_string | mysql.rs:74:85:74:98 | &remote_string [&ref] | provenance |  |
+| mysql.rs:81:39:81:50 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:81:39:81:50 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:81:39:81:50 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:81:39:81:59 | unsafe_query.as_str() | mysql.rs:81:33:81:37 | query | provenance | MaD:10 Sink:MaD:10 |
+| mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | mysql.rs:81:33:81:37 | query | provenance | MaD:10 Sink:MaD:10 |
+| mysql.rs:82:25:82:36 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:82:25:82:36 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:82:25:82:36 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:82:25:82:45 | unsafe_query.as_str() | mysql.rs:82:14:82:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | mysql.rs:82:14:82:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:83:48:83:59 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:83:48:83:59 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:83:48:83:59 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:83:48:83:68 | unsafe_query.as_str() | mysql.rs:83:36:83:46 | query_first | provenance | MaD:12 Sink:MaD:12 |
+| mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | mysql.rs:83:36:83:46 | query_first | provenance | MaD:12 Sink:MaD:12 |
+| mysql.rs:84:33:84:44 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:84:33:84:44 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:84:33:84:44 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:84:33:84:53 | unsafe_query.as_str() | mysql.rs:84:22:84:31 | query_fold | provenance | MaD:13 Sink:MaD:13 |
+| mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | mysql.rs:84:22:84:31 | query_fold | provenance | MaD:13 Sink:MaD:13 |
+| mysql.rs:85:33:85:44 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:85:33:85:44 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:85:33:85:44 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:85:33:85:53 | unsafe_query.as_str() | mysql.rs:85:22:85:31 | query_iter | provenance | MaD:19 Sink:MaD:19 |
+| mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | mysql.rs:85:22:85:31 | query_iter | provenance | MaD:19 Sink:MaD:19 |
+| mysql.rs:86:48:86:59 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:86:48:86:59 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:86:48:86:59 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:86:48:86:68 | unsafe_query.as_str() | mysql.rs:86:22:86:33 | query_stream | provenance | MaD:15 Sink:MaD:15 |
+| mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | mysql.rs:86:22:86:33 | query_stream | provenance | MaD:15 Sink:MaD:15 |
+| mysql.rs:87:32:87:43 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:87:32:87:43 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:87:32:87:43 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:87:32:87:52 | unsafe_query.as_str() | mysql.rs:87:22:87:30 | query_map | provenance | MaD:14 Sink:MaD:14 |
+| mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | mysql.rs:87:22:87:30 | query_map | provenance | MaD:14 Sink:MaD:14 |
+| mysql.rs:101:31:101:42 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:101:31:101:42 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:101:31:101:42 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:101:31:101:51 | unsafe_query.as_str() | mysql.rs:101:26:101:29 | prep | provenance | MaD:18 Sink:MaD:18 |
+| mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | mysql.rs:101:26:101:29 | prep | provenance | MaD:18 Sink:MaD:18 |
+| mysql.rs:106:26:106:37 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:106:26:106:37 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:106:26:106:37 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:106:26:106:46 | unsafe_query.as_str() | mysql.rs:106:15:106:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | mysql.rs:106:15:106:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
 | sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance |  |
-| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:22  |
-| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:23 |
-| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:27 |
+| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:24  |
+| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:25 |
+| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:29 |
 | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance |  |
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:31 |
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:31 |
+| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:33 |
+| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:33 |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance |  |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:84:55:96 | remote_string | provenance |  |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance |  |
-| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
-| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:28 |
-| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:32 |
-| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:29 |
+| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
+| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:30 |
+| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:34 |
+| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:31 |
 | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance |  |
 | sqlx.rs:49:9:49:21 | remote_number | sqlx.rs:52:32:52:87 | MacroExpr | provenance |  |
-| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:29 |
+| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:31 |
 | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | sqlx.rs:49:9:49:21 | remote_number | provenance |  |
 | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:36 | safe_query_3 | provenance |  |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:30 |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:26 |
-| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:30 |
+| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:32 |
+| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:28 |
+| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:32 |
 | sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:32:52:87 | { ... } | provenance |  |
 | sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance |  |
-| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:33 |
-| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:34 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:35 |
+| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:36 |
+| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
 | sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance |  |
 | sqlx.rs:53:27:53:36 | arg_string | sqlx.rs:53:26:53:36 | &arg_string [&ref] | provenance |  |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:30 |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:32 |
 | sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance |  |
 | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance |  |
 | sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:42 | unsafe_query_3 | provenance |  |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:30 |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:26 |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:30 |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:32 |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:28 |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:32 |
 | sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance |  |
-| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:26:55:102 | ... + ... | provenance | MaD:25 |
+| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:26:55:102 | ... + ... | provenance | MaD:27 |
 | sqlx.rs:55:26:55:102 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance |  |
-| sqlx.rs:55:83:55:96 | &remote_string [&ref] | sqlx.rs:55:26:55:96 | ... + ... | provenance | MaD:24 |
+| sqlx.rs:55:83:55:96 | &remote_string [&ref] | sqlx.rs:55:26:55:96 | ... + ... | provenance | MaD:26 |
 | sqlx.rs:55:84:55:96 | remote_string | sqlx.rs:55:83:55:96 | &remote_string [&ref] | provenance |  |
 | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:42 | unsafe_query_4 | provenance |  |
-| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:30 |
-| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:26 |
-| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:30 |
+| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:32 |
+| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:28 |
+| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:32 |
 | sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:17:59:72 | { ... } | provenance |  |
 | sqlx.rs:59:17:59:72 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance |  |
-| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:33 |
-| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:34 |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | sqlx.rs:78:13:78:23 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | sqlx.rs:80:17:80:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:35 |
+| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:36 |
+| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:77:25:77:45 | safe_query_3.as_str() | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | sqlx.rs:78:13:78:23 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | sqlx.rs:80:17:80:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
 | sqlx.rs:100:9:100:21 | remote_string | sqlx.rs:102:84:102:96 | remote_string | provenance |  |
-| sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
-| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | sqlx.rs:100:25:100:78 | ... .unwrap() | provenance | MaD:28 |
-| sqlx.rs:100:25:100:78 | ... .unwrap() | sqlx.rs:100:25:100:85 | ... .text() [Ok] | provenance | MaD:32 |
-| sqlx.rs:100:25:100:85 | ... .text() [Ok] | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | provenance | MaD:29 |
+| sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
+| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | sqlx.rs:100:25:100:78 | ... .unwrap() | provenance | MaD:30 |
+| sqlx.rs:100:25:100:78 | ... .unwrap() | sqlx.rs:100:25:100:85 | ... .text() [Ok] | provenance | MaD:34 |
+| sqlx.rs:100:25:100:85 | ... .text() [Ok] | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | provenance | MaD:31 |
 | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | sqlx.rs:100:9:100:21 | remote_string | provenance |  |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:44 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:30 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:26 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:32 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:28 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:32 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:26 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:32 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:28 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:32 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:26 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:32 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:28 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:32 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:68 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:30 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:26 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:32 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:28 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:32 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:68 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:30 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:26 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:32 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:28 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:32 |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:26 |
-| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:32 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:28 |
+| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:32 |
 | sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:26:102:102 | ... + ... | provenance | MaD:25 |
+| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:26:102:102 | ... + ... | provenance | MaD:27 |
 | sqlx.rs:102:26:102:102 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:102:83:102:96 | &remote_string [&ref] | sqlx.rs:102:26:102:96 | ... + ... | provenance | MaD:24 |
+| sqlx.rs:102:83:102:96 | &remote_string [&ref] | sqlx.rs:102:26:102:96 | ... + ... | provenance | MaD:26 |
 | sqlx.rs:102:84:102:96 | remote_string | sqlx.rs:102:83:102:96 | &remote_string [&ref] | provenance |  |
-| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:20 Sink:MaD:20 |
-| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:20 Sink:MaD:20 |
-| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:19 Sink:MaD:19 |
-| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:19 Sink:MaD:19 |
-| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:19 Sink:MaD:19 |
-| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:19 Sink:MaD:19 |
-| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:22 Sink:MaD:22 |
+| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:22 Sink:MaD:22 |
+| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:21 Sink:MaD:21 |
+| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:21 Sink:MaD:21 |
+| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:21 Sink:MaD:21 |
+| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:21 Sink:MaD:21 |
+| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
 | sqlx.rs:173:9:173:21 | remote_string | sqlx.rs:175:84:175:96 | remote_string | provenance |  |
-| sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | provenance | Src:MaD:21  |
-| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | sqlx.rs:173:25:173:78 | ... .unwrap() | provenance | MaD:28 |
-| sqlx.rs:173:25:173:78 | ... .unwrap() | sqlx.rs:173:25:173:85 | ... .text() [Ok] | provenance | MaD:32 |
-| sqlx.rs:173:25:173:85 | ... .text() [Ok] | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | provenance | MaD:29 |
+| sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
+| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | sqlx.rs:173:25:173:78 | ... .unwrap() | provenance | MaD:30 |
+| sqlx.rs:173:25:173:78 | ... .unwrap() | sqlx.rs:173:25:173:85 | ... .text() [Ok] | provenance | MaD:34 |
+| sqlx.rs:173:25:173:85 | ... .text() [Ok] | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | provenance | MaD:31 |
 | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | sqlx.rs:173:9:173:21 | remote_string | provenance |  |
 | sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
-| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:26 |
-| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:30 |
+| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:32 |
+| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:28 |
+| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:32 |
 | sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:26:175:102 | ... + ... | provenance | MaD:25 |
+| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:26:175:102 | ... + ... | provenance | MaD:27 |
 | sqlx.rs:175:26:175:102 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:175:83:175:96 | &remote_string [&ref] | sqlx.rs:175:26:175:96 | ... + ... | provenance | MaD:24 |
+| sqlx.rs:175:83:175:96 | &remote_string [&ref] | sqlx.rs:175:26:175:96 | ... + ... | provenance | MaD:26 |
 | sqlx.rs:175:84:175:96 | remote_string | sqlx.rs:175:83:175:96 | &remote_string [&ref] | provenance |  |
-| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:26 |
-| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:30 |
-| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
-| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:18 Sink:MaD:18 |
+| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
+| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:32 |
+| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
+| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
 models
 | 1 | Sink: <_ as mysql::conn::queryable::Queryable>::query; Argument[0]; sql-injection |
 | 2 | Sink: <_ as mysql::conn::queryable::Queryable>::query_drop; Argument[0]; sql-injection |
@@ -411,25 +431,27 @@ models
 | 13 | Sink: <_ as mysql_async::queryable::Queryable>::query_fold; Argument[0]; sql-injection |
 | 14 | Sink: <_ as mysql_async::queryable::Queryable>::query_map; Argument[0]; sql-injection |
 | 15 | Sink: <_ as mysql_async::queryable::Queryable>::query_stream; Argument[0]; sql-injection |
-| 16 | Sink: <mysql::conn::pool::PooledConn as mysql::conn::queryable::Queryable>::query_iter; Argument[0]; sql-injection |
-| 17 | Sink: <mysql_async::conn::Conn as mysql_async::queryable::Queryable>::query_iter; Argument[0]; sql-injection |
-| 18 | Sink: sqlx_core::query::query; Argument[0]; sql-injection |
-| 19 | Sink: sqlx_core::query_as::query_as; Argument[0]; sql-injection |
-| 20 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection |
-| 21 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
-| 22 | Source: std::env::args; ReturnValue.Element; commandargs |
-| 23 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
-| 24 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
-| 25 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
-| 26 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
-| 27 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 28 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 29 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 30 | Summary: <core::str>::as_str; Argument[self]; ReturnValue; value |
-| 31 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 32 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 33 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
-| 34 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
+| 16 | Sink: <mysql::conn::pool::PooledConn as mysql::conn::queryable::Queryable>::prep; Argument[0]; sql-injection |
+| 17 | Sink: <mysql::conn::pool::PooledConn as mysql::conn::queryable::Queryable>::query_iter; Argument[0]; sql-injection |
+| 18 | Sink: <mysql_async::conn::Conn as mysql_async::queryable::Queryable>::prep; Argument[0]; sql-injection |
+| 19 | Sink: <mysql_async::conn::Conn as mysql_async::queryable::Queryable>::query_iter; Argument[0]; sql-injection |
+| 20 | Sink: sqlx_core::query::query; Argument[0]; sql-injection |
+| 21 | Sink: sqlx_core::query_as::query_as; Argument[0]; sql-injection |
+| 22 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection |
+| 23 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
+| 24 | Source: std::env::args; ReturnValue.Element; commandargs |
+| 25 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
+| 26 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
+| 27 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
+| 28 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
+| 29 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 30 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 31 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 32 | Summary: <core::str>::as_str; Argument[self]; ReturnValue; value |
+| 33 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 34 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 35 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
+| 36 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
 nodes
 | mysql.rs:13:13:13:29 | mut remote_string | semmle.label | mut remote_string |
 | mysql.rs:13:33:13:54 | ...::get | semmle.label | ...::get |
@@ -488,53 +510,61 @@ nodes
 | mysql.rs:32:40:32:51 | unsafe_query | semmle.label | unsafe_query |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:50:15:50:24 | query_drop | semmle.label | query_drop |
-| mysql.rs:50:26:50:37 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:50:26:50:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:50:26:50:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:68:13:68:29 | mut remote_string | semmle.label | mut remote_string |
-| mysql.rs:68:33:68:54 | ...::get | semmle.label | ...::get |
-| mysql.rs:68:33:68:77 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
-| mysql.rs:68:33:68:86 | ... .unwrap() | semmle.label | ... .unwrap() |
-| mysql.rs:68:33:68:93 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
-| mysql.rs:68:33:68:121 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| mysql.rs:70:13:70:24 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:70:28:70:98 | ... + ... | semmle.label | ... + ... |
-| mysql.rs:70:28:70:104 | ... + ... | semmle.label | ... + ... |
-| mysql.rs:70:85:70:98 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
-| mysql.rs:70:86:70:98 | remote_string | semmle.label | remote_string |
-| mysql.rs:77:33:77:37 | query | semmle.label | query |
-| mysql.rs:77:39:77:50 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:77:39:77:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:77:39:77:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:78:14:78:23 | query_drop | semmle.label | query_drop |
-| mysql.rs:78:25:78:36 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:78:25:78:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:78:25:78:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:79:36:79:46 | query_first | semmle.label | query_first |
-| mysql.rs:79:48:79:59 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:79:48:79:68 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:79:48:79:68 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:80:22:80:31 | query_fold | semmle.label | query_fold |
-| mysql.rs:80:33:80:44 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:80:33:80:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:80:33:80:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:81:22:81:31 | query_iter | semmle.label | query_iter |
-| mysql.rs:81:33:81:44 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:81:33:81:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:81:33:81:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:82:22:82:33 | query_stream | semmle.label | query_stream |
-| mysql.rs:82:48:82:59 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:82:48:82:68 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:82:48:82:68 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:83:22:83:30 | query_map | semmle.label | query_map |
-| mysql.rs:83:32:83:43 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:83:32:83:52 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:83:32:83:52 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:98:15:98:24 | query_drop | semmle.label | query_drop |
-| mysql.rs:98:26:98:37 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:98:26:98:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:98:26:98:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:49:26:49:29 | prep | semmle.label | prep |
+| mysql.rs:49:31:49:42 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:49:31:49:51 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:54:15:54:24 | query_drop | semmle.label | query_drop |
+| mysql.rs:54:26:54:37 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:54:26:54:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:72:13:72:29 | mut remote_string | semmle.label | mut remote_string |
+| mysql.rs:72:33:72:54 | ...::get | semmle.label | ...::get |
+| mysql.rs:72:33:72:77 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
+| mysql.rs:72:33:72:86 | ... .unwrap() | semmle.label | ... .unwrap() |
+| mysql.rs:72:33:72:93 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
+| mysql.rs:72:33:72:121 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| mysql.rs:74:13:74:24 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:74:28:74:98 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:74:28:74:104 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:74:85:74:98 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
+| mysql.rs:74:86:74:98 | remote_string | semmle.label | remote_string |
+| mysql.rs:81:33:81:37 | query | semmle.label | query |
+| mysql.rs:81:39:81:50 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:81:39:81:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:82:14:82:23 | query_drop | semmle.label | query_drop |
+| mysql.rs:82:25:82:36 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:82:25:82:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:83:36:83:46 | query_first | semmle.label | query_first |
+| mysql.rs:83:48:83:59 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:83:48:83:68 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:84:22:84:31 | query_fold | semmle.label | query_fold |
+| mysql.rs:84:33:84:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:84:33:84:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:85:22:85:31 | query_iter | semmle.label | query_iter |
+| mysql.rs:85:33:85:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:85:33:85:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:86:22:86:33 | query_stream | semmle.label | query_stream |
+| mysql.rs:86:48:86:59 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:86:48:86:68 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:87:22:87:30 | query_map | semmle.label | query_map |
+| mysql.rs:87:32:87:43 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:87:32:87:52 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:101:26:101:29 | prep | semmle.label | prep |
+| mysql.rs:101:31:101:42 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:101:31:101:51 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:106:15:106:24 | query_drop | semmle.label | query_drop |
+| mysql.rs:106:26:106:37 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:106:26:106:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
 | sqlx.rs:47:9:47:18 | arg_string | semmle.label | arg_string |
 | sqlx.rs:47:22:47:35 | ...::args | semmle.label | ...::args |
 | sqlx.rs:47:22:47:37 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
diff --git a/rust/ql/test/query-tests/security/CWE-089/mysql.rs b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
index 30f5d8b022d9..142dfc3aa9fb 100644
--- a/rust/ql/test/query-tests/security/CWE-089/mysql.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
@@ -45,6 +45,10 @@ mod sync_test
         let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {})?;
         let _ = conn.exec_map_opt(&stmt, (remote_string.as_str(),), |_: Result<i64, FromRowError>| -> () {})?;
 
+        // prepared queries (unsafe use)
+        let stmt2 = conn.prep(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        // ...
+
         // transactions
         let mut trans = conn.start_transaction(TxOpts::default())?;
         trans.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote10
@@ -93,6 +97,10 @@ mod async_test
         let _ = conn.exec_stream::<i64, &Statement, (&str,)>(&stmt, (remote_string.as_str(),)).await?;
         let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {}).await?;
 
+        // prepared queries (unsafe use)
+        let stmt2 = conn.prep(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        // ...
+
         // transactions
         let mut trans = conn.start_transaction(TxOpts::default()).await?;
         trans.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote11

From 1d7ccb6f2bc56ff97933cfff5de61e0bd9b5cb29 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 13 Oct 2025 16:42:36 +0100
Subject: [PATCH 08/14] Update
 rust/ql/lib/codeql/rust/frameworks/mysql.model.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 rust/ql/lib/codeql/rust/frameworks/mysql.model.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rust/ql/lib/codeql/rust/frameworks/mysql.model.yml b/rust/ql/lib/codeql/rust/frameworks/mysql.model.yml
index da3ee84a7797..55a3cf7ee728 100644
--- a/rust/ql/lib/codeql/rust/frameworks/mysql.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/mysql.model.yml
@@ -13,5 +13,4 @@ extensions:
       - ["<mysql::conn::pool::PooledConn as mysql::conn::queryable::Queryable>::query_iter", "Argument[0]", "sql-injection", "manual"]
       - ["<_ as mysql::conn::queryable::Queryable>::query_map", "Argument[0]", "sql-injection", "manual"]
       - ["<_ as mysql::conn::queryable::Queryable>::query_map_opt", "Argument[0]", "sql-injection", "manual"]
-      - ["<_ as mysql::conn::queryable::Queryable>::query", "Argument[0]", "sql-injection", "manual"]
       - ["<mysql::conn::pool::PooledConn as mysql::conn::queryable::Queryable>::prep", "Argument[0]", "sql-injection", "manual"]

From 35f3fbf357dbee9729739a919f19c76ab30d8bec Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 13 Oct 2025 19:14:12 +0100
Subject: [PATCH 09/14] Rust: Accept consistency regressions.

---
 .../PathResolutionConsistency.expected        | 64 +++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
index fe1822bb82c7..bd49309c55a4 100644
--- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
@@ -1,4 +1,57 @@
 multipleCallTargets
+| mysql.rs:13:105:13:120 | ...::from(...) |
+| mysql.rs:14:26:14:85 | ...::from(...) |
+| mysql.rs:15:28:15:81 | ...::from(...) |
+| mysql.rs:16:30:16:83 | ...::from(...) |
+| mysql.rs:19:39:19:57 | safe_query.as_str() |
+| mysql.rs:22:39:22:59 | unsafe_query.as_str() |
+| mysql.rs:23:65:23:85 | unsafe_query.as_str() |
+| mysql.rs:24:25:24:45 | unsafe_query.as_str() |
+| mysql.rs:25:40:25:60 | unsafe_query.as_str() |
+| mysql.rs:26:65:26:85 | unsafe_query.as_str() |
+| mysql.rs:27:33:27:53 | unsafe_query.as_str() |
+| mysql.rs:28:37:28:57 | unsafe_query.as_str() |
+| mysql.rs:29:33:29:53 | unsafe_query.as_str() |
+| mysql.rs:30:32:30:52 | unsafe_query.as_str() |
+| mysql.rs:31:36:31:56 | unsafe_query.as_str() |
+| mysql.rs:32:40:32:60 | unsafe_query.as_str() |
+| mysql.rs:35:30:35:52 | prepared_query.as_str() |
+| mysql.rs:36:46:36:67 | remote_string.as_str() |
+| mysql.rs:37:72:37:93 | remote_string.as_str() |
+| mysql.rs:38:46:38:67 | remote_string.as_str() |
+| mysql.rs:39:33:39:54 | remote_string.as_str() |
+| mysql.rs:40:47:40:68 | remote_string.as_str() |
+| mysql.rs:41:73:41:94 | remote_string.as_str() |
+| mysql.rs:42:40:42:61 | remote_string.as_str() |
+| mysql.rs:43:44:43:65 | remote_string.as_str() |
+| mysql.rs:44:40:44:61 | remote_string.as_str() |
+| mysql.rs:45:39:45:60 | remote_string.as_str() |
+| mysql.rs:46:43:46:64 | remote_string.as_str() |
+| mysql.rs:49:31:49:51 | unsafe_query.as_str() |
+| mysql.rs:54:26:54:46 | unsafe_query.as_str() |
+| mysql.rs:72:105:72:120 | ...::from(...) |
+| mysql.rs:73:26:73:85 | ...::from(...) |
+| mysql.rs:74:28:74:81 | ...::from(...) |
+| mysql.rs:75:30:75:83 | ...::from(...) |
+| mysql.rs:78:39:78:57 | safe_query.as_str() |
+| mysql.rs:81:39:81:59 | unsafe_query.as_str() |
+| mysql.rs:82:25:82:45 | unsafe_query.as_str() |
+| mysql.rs:83:48:83:68 | unsafe_query.as_str() |
+| mysql.rs:84:33:84:53 | unsafe_query.as_str() |
+| mysql.rs:85:33:85:53 | unsafe_query.as_str() |
+| mysql.rs:86:48:86:68 | unsafe_query.as_str() |
+| mysql.rs:87:32:87:52 | unsafe_query.as_str() |
+| mysql.rs:90:30:90:52 | prepared_query.as_str() |
+| mysql.rs:91:46:91:67 | remote_string.as_str() |
+| mysql.rs:92:46:92:67 | remote_string.as_str() |
+| mysql.rs:93:33:93:54 | remote_string.as_str() |
+| mysql.rs:94:55:94:76 | remote_string.as_str() |
+| mysql.rs:95:40:95:61 | remote_string.as_str() |
+| mysql.rs:96:40:96:61 | remote_string.as_str() |
+| mysql.rs:97:70:97:91 | remote_string.as_str() |
+| mysql.rs:98:39:98:60 | remote_string.as_str() |
+| mysql.rs:101:31:101:51 | unsafe_query.as_str() |
+| mysql.rs:106:26:106:46 | unsafe_query.as_str() |
 | sqlx.rs:46:24:46:44 | ...::from(...) |
 | sqlx.rs:47:56:47:76 | ...::from(...) |
 | sqlx.rs:48:97:48:117 | ...::from(...) |
@@ -65,3 +118,14 @@ multipleCallTargets
 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() |
 | sqlx.rs:189:29:189:53 | prepared_query_1.as_str() |
 | sqlx.rs:202:57:202:85 | ...::from(...) |
+multiplePathResolutions
+| mysql.rs:6:37:6:74 | Result::<...> |
+| mysql.rs:23:21:23:45 | Result::<...> |
+| mysql.rs:26:17:26:41 | Result::<...> |
+| mysql.rs:28:75:28:99 | Result::<...> |
+| mysql.rs:31:63:31:87 | Result::<...> |
+| mysql.rs:37:21:37:45 | Result::<...> |
+| mysql.rs:41:17:41:41 | Result::<...> |
+| mysql.rs:43:85:43:109 | Result::<...> |
+| mysql.rs:46:73:46:97 | Result::<...> |
+| mysql.rs:66:49:66:58 | Result::<...> |

From 93eb7ce1af1808a1d6a92d06be51000e70e6cd8a Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 13 Oct 2025 19:28:40 +0100
Subject: [PATCH 10/14] Rust: Accept test changes following suggested edit.

---
 .../query-tests/security/CWE-089/SqlInjection.expected    | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
index cf5529c7a99f..90dcc06d2825 100644
--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -1,6 +1,5 @@
 #select
 | mysql.rs:22:33:22:37 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:22:33:22:37 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:22:33:22:37 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:22:33:22:37 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:23:55:23:63 | query_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:23:55:23:63 | query_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:24:14:24:23 | query_drop | mysql.rs:13:33:13:54 | ...::get | mysql.rs:24:14:24:23 | query_drop | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:25:28:25:38 | query_first | mysql.rs:13:33:13:54 | ...::get | mysql.rs:25:28:25:38 | query_first | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
@@ -11,7 +10,6 @@
 | mysql.rs:30:22:30:30 | query_map | mysql.rs:13:33:13:54 | ...::get | mysql.rs:30:22:30:30 | query_map | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:31:22:31:34 | query_map_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:31:22:31:34 | query_map_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:32:34:32:38 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:32:34:32:38 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:32:34:32:38 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:32:34:32:38 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:49:26:49:29 | prep | mysql.rs:13:33:13:54 | ...::get | mysql.rs:49:26:49:29 | prep | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:54:15:54:24 | query_drop | mysql.rs:13:33:13:54 | ...::get | mysql.rs:54:15:54:24 | query_drop | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
 | mysql.rs:81:33:81:37 | query | mysql.rs:72:33:72:54 | ...::get | mysql.rs:81:33:81:37 | query | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
@@ -103,8 +101,6 @@ edges
 | mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:22:39:22:59 | unsafe_query.as_str() | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:22:39:22:59 | unsafe_query.as_str() | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
@@ -155,8 +151,6 @@ edges
 | mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:32:40:32:60 | unsafe_query.as_str() | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
 | mysql.rs:49:31:49:42 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
 | mysql.rs:49:31:49:42 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
@@ -465,7 +459,6 @@ nodes
 | mysql.rs:15:85:15:98 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
 | mysql.rs:15:86:15:98 | remote_string | semmle.label | remote_string |
 | mysql.rs:22:33:22:37 | query | semmle.label | query |
-| mysql.rs:22:33:22:37 | query | semmle.label | query |
 | mysql.rs:22:39:22:50 | unsafe_query | semmle.label | unsafe_query |
 | mysql.rs:22:39:22:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
 | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
@@ -506,7 +499,6 @@ nodes
 | mysql.rs:31:36:31:56 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
 | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
 | mysql.rs:32:34:32:38 | query | semmle.label | query |
-| mysql.rs:32:34:32:38 | query | semmle.label | query |
 | mysql.rs:32:40:32:51 | unsafe_query | semmle.label | unsafe_query |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
 | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |

From 5544dfff6d4810f41c6a5c6ab634c3af21d55023 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Wed, 15 Oct 2025 14:31:10 +0100
Subject: [PATCH 11/14] Update
 rust/ql/test/query-tests/security/CWE-089/mysql.rs

Co-authored-by: Simon Friis Vindum <paldepind@github.com>
---
 rust/ql/test/query-tests/security/CWE-089/mysql.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/mysql.rs b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
index 142dfc3aa9fb..ccd739eb1baa 100644
--- a/rust/ql/test/query-tests/security/CWE-089/mysql.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
@@ -112,7 +112,7 @@ mod async_test
 
 fn main() {
     println!("test_mysql...");
-    match (sync_test::test_mysql("")) {
+    match sync_test::test_mysql("") {
         Ok(_) => println!("  successful!"),
         Err(e) => println!("  error: {}", e),
     }

From 28c139abfb82a16ca6e71d9869710f6de7d57132 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Wed, 15 Oct 2025 14:41:11 +0100
Subject: [PATCH 12/14] Rust: Format the test.

---
 .../query-tests/security/CWE-089/mysql.rs     | 122 ++++++++++++------
 1 file changed, 85 insertions(+), 37 deletions(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/mysql.rs b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
index ccd739eb1baa..323b8a2ab501 100644
--- a/rust/ql/test/query-tests/security/CWE-089/mysql.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
@@ -1,7 +1,6 @@
-mod sync_test
-{
-    use mysql::*;
+mod sync_test {
     use mysql::prelude::*;
+    use mysql::*;
 
     pub fn test_mysql(url: &str) -> Result<(), Box<dyn std::error::Error>> {
         // connect through a MySQL connection pool
@@ -10,40 +9,67 @@ mod sync_test
         let mut conn2: Conn = pool.get_conn()?.unwrap();
 
         // construct queries
-        let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ Source=remote10
+        let mut remote_string = reqwest::blocking::get("http://example.com/")
+            .unwrap()
+            .text()
+            .unwrap_or(String::from("")); // $ Source=remote10
         let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
-        let unsafe_query = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
+        let unsafe_query =
+            String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
         let prepared_query = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
 
         // direct execution (safe)
-        let _ : Vec<i64> = conn.query(safe_query.as_str())?; // $ sql-sink
+        let _: Vec<i64> = conn.query(safe_query.as_str())?; // $ sql-sink
 
         // direct execution (unsafe)
-        let _ : Vec<i64> = conn.query(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
-        let _ : Vec<Result<i64, FromRowError>> = conn.query_opt(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _: Vec<i64> = conn.query(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _: Vec<Result<i64, FromRowError>> = conn.query_opt(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
         conn.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote10
-        let _ : i64 = conn.query_first(unsafe_query.as_str())?.unwrap(); // $ sql-sink Alert[rust/sql-injection]=remote10
-        let _ : Result<i64, FromRowError>= conn.query_first_opt(unsafe_query.as_str())?.unwrap(); // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _: i64 = conn.query_first(unsafe_query.as_str())?.unwrap(); // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _: Result<i64, FromRowError> = conn.query_first_opt(unsafe_query.as_str())?.unwrap(); // $ sql-sink Alert[rust/sql-injection]=remote10
         let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })?; // $ sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_fold_opt(unsafe_query.as_str(), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_fold_opt(
+            unsafe_query.as_str(),
+            0,
+            |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 },
+        )?; // $ sql-sink Alert[rust/sql-injection]=remote10
         let _ = conn.query_iter(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
         let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {})?; // $ sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_map_opt(unsafe_query.as_str(), |_: Result<i64, FromRowError>| -> () {})?; // $ sql-sink Alert[rust/sql-injection]=remote10
-        let _ : Vec<i64> = conn2.query(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _ = conn.query_map_opt(
+            unsafe_query.as_str(),
+            |_: Result<i64, FromRowError>| -> () {},
+        )?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        let _: Vec<i64> = conn2.query(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
 
         // prepared queries (safe)
         let stmt = conn.prep(prepared_query.as_str())?; // $ sql-sink
-        let _ : Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),))?;
-        let _ : Vec<Result<i64, FromRowError>> = conn.exec_opt(&stmt, (remote_string.as_str(),))?;
+        let _: Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),))?;
+        let _: Vec<Result<i64, FromRowError>> = conn.exec_opt(&stmt, (remote_string.as_str(),))?;
         let _ = conn.exec_batch(&stmt, vec![(remote_string.as_str(),)])?;
         conn.exec_drop(&stmt, (&remote_string.as_str(),));
-        let _ : i64 = conn.exec_first(&stmt, (remote_string.as_str(),))?.unwrap();
-        let _ : Result<i64, FromRowError> = conn.exec_first_opt(&stmt, (remote_string.as_str(),))?.unwrap();
-        let _ = conn.exec_fold(&stmt, (remote_string.as_str(),), 0, |_: i64, _: i64| -> i64 { 0 })?;
-        let _ = conn.exec_fold_opt(&stmt, (remote_string.as_str(),), 0, |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 })?;
+        let _: i64 = conn.exec_first(&stmt, (remote_string.as_str(),))?.unwrap();
+        let _: Result<i64, FromRowError> = conn
+            .exec_first_opt(&stmt, (remote_string.as_str(),))?
+            .unwrap();
+        let _ = conn.exec_fold(
+            &stmt,
+            (remote_string.as_str(),),
+            0,
+            |_: i64, _: i64| -> i64 { 0 },
+        )?;
+        let _ = conn.exec_fold_opt(
+            &stmt,
+            (remote_string.as_str(),),
+            0,
+            |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 },
+        )?;
         let _ = conn.exec_iter(&stmt, (remote_string.as_str(),))?;
         let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {})?;
-        let _ = conn.exec_map_opt(&stmt, (remote_string.as_str(),), |_: Result<i64, FromRowError>| -> () {})?;
+        let _ = conn.exec_map_opt(
+            &stmt,
+            (remote_string.as_str(),),
+            |_: Result<i64, FromRowError>| -> () {},
+        )?;
 
         // prepared queries (unsafe use)
         let stmt2 = conn.prep(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
@@ -58,10 +84,9 @@ mod sync_test
     }
 }
 
-mod async_test
-{
-    use mysql_async::*;
+mod async_test {
     use mysql_async::prelude::*;
+    use mysql_async::*;
 
     pub async fn test_mysql_async(url: &str) -> Result<()> {
         // connect through a MySQL connection pool
@@ -69,33 +94,56 @@ mod async_test
         let mut conn = pool.get_conn().await?;
 
         // construct queries
-        let mut remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("")); // $ Source=remote11
+        let mut remote_string = reqwest::blocking::get("http://example.com/")
+            .unwrap()
+            .text()
+            .unwrap_or(String::from("")); // $ Source=remote11
         let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
-        let unsafe_query = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
+        let unsafe_query =
+            String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
         let prepared_query = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
 
         // direct execution (safe)
-        let _ : Vec<i64> = conn.query(safe_query.as_str()).await?; // $ sql-sink
+        let _: Vec<i64> = conn.query(safe_query.as_str()).await?; // $ sql-sink
 
         // direct execution (unsafe)
-        let _ : Vec<i64> = conn.query(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _: Vec<i64> = conn.query(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
         conn.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote11
-        let _ : Option<i64> = conn.query_first(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
-        let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 }).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _: Option<i64> = conn.query_first(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn
+            .query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })
+            .await?; // $ sql-sink Alert[rust/sql-injection]=remote11
         let _ = conn.query_iter(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
-        let _ = conn.query_stream::<i64, &str>(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
-        let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {}).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn
+            .query_stream::<i64, &str>(unsafe_query.as_str())
+            .await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+        let _ = conn
+            .query_map(unsafe_query.as_str(), |_: i64| -> () {})
+            .await?; // $ sql-sink Alert[rust/sql-injection]=remote11
 
         // prepared queries (safe)
         let stmt = conn.prep(prepared_query.as_str()).await?; // $ sql-sink
-        let _ : Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),)).await?;
-        let _ = conn.exec_batch(&stmt, vec![(remote_string.as_str(),)]).await?;
+        let _: Vec<i64> = conn.exec(&stmt, (remote_string.as_str(),)).await?;
+        let _ = conn
+            .exec_batch(&stmt, vec![(remote_string.as_str(),)])
+            .await?;
         conn.exec_drop(&stmt, (&remote_string.as_str(),));
-        let _ : Option<i64> = conn.exec_first(&stmt, (remote_string.as_str(),)).await?;
-        let _ = conn.exec_fold(&stmt, (remote_string.as_str(),), 0, |_: i64, _: i64| -> i64 { 0 }).await?;
+        let _: Option<i64> = conn.exec_first(&stmt, (remote_string.as_str(),)).await?;
+        let _ = conn
+            .exec_fold(
+                &stmt,
+                (remote_string.as_str(),),
+                0,
+                |_: i64, _: i64| -> i64 { 0 },
+            )
+            .await?;
         let _ = conn.exec_iter(&stmt, (remote_string.as_str(),)).await?;
-        let _ = conn.exec_stream::<i64, &Statement, (&str,)>(&stmt, (remote_string.as_str(),)).await?;
-        let _ = conn.exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {}).await?;
+        let _ = conn
+            .exec_stream::<i64, &Statement, (&str,)>(&stmt, (remote_string.as_str(),))
+            .await?;
+        let _ = conn
+            .exec_map(&stmt, (remote_string.as_str(),), |_: i64| -> () {})
+            .await?;
 
         // prepared queries (unsafe use)
         let stmt2 = conn.prep(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11

From 48ca04bc40b0a26d969e95472d54a7e96046fd46 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Wed, 15 Oct 2025 14:46:43 +0100
Subject: [PATCH 13/14] Rust: Repair test annotations following format and
 accept .expected changes.

---
 .../security/CWE-089/SqlInjection.expected    | 704 +++++++++---------
 .../query-tests/security/CWE-089/mysql.rs     |  28 +-
 2 files changed, 366 insertions(+), 366 deletions(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
index 90dcc06d2825..b5d0af9aa0a9 100644
--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -1,26 +1,26 @@
 #select
-| mysql.rs:22:33:22:37 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:22:33:22:37 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:23:55:23:63 | query_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:23:55:23:63 | query_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:24:14:24:23 | query_drop | mysql.rs:13:33:13:54 | ...::get | mysql.rs:24:14:24:23 | query_drop | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:25:28:25:38 | query_first | mysql.rs:13:33:13:54 | ...::get | mysql.rs:25:28:25:38 | query_first | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:26:49:26:63 | query_first_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:26:49:26:63 | query_first_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:27:22:27:31 | query_fold | mysql.rs:13:33:13:54 | ...::get | mysql.rs:27:22:27:31 | query_fold | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:28:22:28:35 | query_fold_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:28:22:28:35 | query_fold_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:29:22:29:31 | query_iter | mysql.rs:13:33:13:54 | ...::get | mysql.rs:29:22:29:31 | query_iter | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:30:22:30:30 | query_map | mysql.rs:13:33:13:54 | ...::get | mysql.rs:30:22:30:30 | query_map | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:31:22:31:34 | query_map_opt | mysql.rs:13:33:13:54 | ...::get | mysql.rs:31:22:31:34 | query_map_opt | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:32:34:32:38 | query | mysql.rs:13:33:13:54 | ...::get | mysql.rs:32:34:32:38 | query | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:49:26:49:29 | prep | mysql.rs:13:33:13:54 | ...::get | mysql.rs:49:26:49:29 | prep | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:54:15:54:24 | query_drop | mysql.rs:13:33:13:54 | ...::get | mysql.rs:54:15:54:24 | query_drop | This query depends on a $@. | mysql.rs:13:33:13:54 | ...::get | user-provided value |
-| mysql.rs:81:33:81:37 | query | mysql.rs:72:33:72:54 | ...::get | mysql.rs:81:33:81:37 | query | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
-| mysql.rs:82:14:82:23 | query_drop | mysql.rs:72:33:72:54 | ...::get | mysql.rs:82:14:82:23 | query_drop | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
-| mysql.rs:83:36:83:46 | query_first | mysql.rs:72:33:72:54 | ...::get | mysql.rs:83:36:83:46 | query_first | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
-| mysql.rs:84:22:84:31 | query_fold | mysql.rs:72:33:72:54 | ...::get | mysql.rs:84:22:84:31 | query_fold | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
-| mysql.rs:85:22:85:31 | query_iter | mysql.rs:72:33:72:54 | ...::get | mysql.rs:85:22:85:31 | query_iter | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
-| mysql.rs:86:22:86:33 | query_stream | mysql.rs:72:33:72:54 | ...::get | mysql.rs:86:22:86:33 | query_stream | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
-| mysql.rs:87:22:87:30 | query_map | mysql.rs:72:33:72:54 | ...::get | mysql.rs:87:22:87:30 | query_map | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
-| mysql.rs:101:26:101:29 | prep | mysql.rs:72:33:72:54 | ...::get | mysql.rs:101:26:101:29 | prep | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
-| mysql.rs:106:15:106:24 | query_drop | mysql.rs:72:33:72:54 | ...::get | mysql.rs:106:15:106:24 | query_drop | This query depends on a $@. | mysql.rs:72:33:72:54 | ...::get | user-provided value |
+| mysql.rs:25:32:25:36 | query | mysql.rs:12:33:12:54 | ...::get | mysql.rs:25:32:25:36 | query | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:26:54:26:62 | query_opt | mysql.rs:12:33:12:54 | ...::get | mysql.rs:26:54:26:62 | query_opt | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:27:14:27:23 | query_drop | mysql.rs:12:33:12:54 | ...::get | mysql.rs:27:14:27:23 | query_drop | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:28:27:28:37 | query_first | mysql.rs:12:33:12:54 | ...::get | mysql.rs:28:27:28:37 | query_first | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:29:49:29:63 | query_first_opt | mysql.rs:12:33:12:54 | ...::get | mysql.rs:29:49:29:63 | query_first_opt | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:30:22:30:31 | query_fold | mysql.rs:12:33:12:54 | ...::get | mysql.rs:30:22:30:31 | query_fold | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:31:22:31:35 | query_fold_opt | mysql.rs:12:33:12:54 | ...::get | mysql.rs:31:22:31:35 | query_fold_opt | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:36:22:36:31 | query_iter | mysql.rs:12:33:12:54 | ...::get | mysql.rs:36:22:36:31 | query_iter | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:37:22:37:30 | query_map | mysql.rs:12:33:12:54 | ...::get | mysql.rs:37:22:37:30 | query_map | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:38:22:38:34 | query_map_opt | mysql.rs:12:33:12:54 | ...::get | mysql.rs:38:22:38:34 | query_map_opt | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:42:33:42:37 | query | mysql.rs:12:33:12:54 | ...::get | mysql.rs:42:33:42:37 | query | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:75:26:75:29 | prep | mysql.rs:12:33:12:54 | ...::get | mysql.rs:75:26:75:29 | prep | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:80:15:80:24 | query_drop | mysql.rs:12:33:12:54 | ...::get | mysql.rs:80:15:80:24 | query_drop | This query depends on a $@. | mysql.rs:12:33:12:54 | ...::get | user-provided value |
+| mysql.rs:110:32:110:36 | query | mysql.rs:97:33:97:54 | ...::get | mysql.rs:110:32:110:36 | query | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
+| mysql.rs:111:14:111:23 | query_drop | mysql.rs:97:33:97:54 | ...::get | mysql.rs:111:14:111:23 | query_drop | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
+| mysql.rs:112:35:112:45 | query_first | mysql.rs:97:33:97:54 | ...::get | mysql.rs:112:35:112:45 | query_first | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
+| mysql.rs:114:14:114:23 | query_fold | mysql.rs:97:33:97:54 | ...::get | mysql.rs:114:14:114:23 | query_fold | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
+| mysql.rs:116:22:116:31 | query_iter | mysql.rs:97:33:97:54 | ...::get | mysql.rs:116:22:116:31 | query_iter | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
+| mysql.rs:118:14:118:25 | query_stream | mysql.rs:97:33:97:54 | ...::get | mysql.rs:118:14:118:25 | query_stream | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
+| mysql.rs:121:14:121:22 | query_map | mysql.rs:97:33:97:54 | ...::get | mysql.rs:121:14:121:22 | query_map | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
+| mysql.rs:149:26:149:29 | prep | mysql.rs:97:33:97:54 | ...::get | mysql.rs:149:26:149:29 | prep | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
+| mysql.rs:154:15:154:24 | query_drop | mysql.rs:97:33:97:54 | ...::get | mysql.rs:154:15:154:24 | query_drop | This query depends on a $@. | mysql.rs:97:33:97:54 | ...::get | user-provided value |
 | sqlx.rs:77:13:77:23 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:77:13:77:23 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
 | sqlx.rs:78:13:78:23 | ...::query | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:78:13:78:23 | ...::query | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value |
 | sqlx.rs:80:17:80:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:17:80:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
@@ -34,226 +34,226 @@
 | sqlx.rs:153:17:153:27 | ...::query | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:153:17:153:27 | ...::query | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value |
 | sqlx.rs:188:17:188:27 | ...::query | sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:188:17:188:27 | ...::query | This query depends on a $@. | sqlx.rs:173:25:173:46 | ...::get | user-provided value |
 edges
-| mysql.rs:13:13:13:29 | mut remote_string | mysql.rs:15:86:15:98 | remote_string | provenance |  |
-| mysql.rs:13:33:13:54 | ...::get | mysql.rs:13:33:13:77 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
-| mysql.rs:13:33:13:77 | ...::get(...) [Ok] | mysql.rs:13:33:13:86 | ... .unwrap() | provenance | MaD:30 |
-| mysql.rs:13:33:13:86 | ... .unwrap() | mysql.rs:13:33:13:93 | ... .text() [Ok] | provenance | MaD:34 |
-| mysql.rs:13:33:13:93 | ... .text() [Ok] | mysql.rs:13:33:13:121 | ... .unwrap_or(...) | provenance | MaD:31 |
-| mysql.rs:13:33:13:121 | ... .unwrap_or(...) | mysql.rs:13:13:13:29 | mut remote_string | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:50 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:76 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:36 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:51 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:76 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:44 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:48 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:44 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:43 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:47 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:51 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:49:31:49:42 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:54:26:54:37 | unsafe_query | provenance |  |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:15:13:15:24 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:15:28:15:98 | ... + ... | mysql.rs:15:13:15:24 | unsafe_query | provenance |  |
-| mysql.rs:15:28:15:98 | ... + ... | mysql.rs:15:28:15:104 | ... + ... | provenance | MaD:27 |
-| mysql.rs:15:28:15:104 | ... + ... | mysql.rs:15:13:15:24 | unsafe_query | provenance |  |
-| mysql.rs:15:85:15:98 | &remote_string [&ref] | mysql.rs:15:28:15:98 | ... + ... | provenance | MaD:26 |
-| mysql.rs:15:86:15:98 | remote_string | mysql.rs:15:85:15:98 | &remote_string [&ref] | provenance |  |
-| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:22:39:22:50 | unsafe_query | mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:22:39:22:59 | unsafe_query.as_str() | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | mysql.rs:22:33:22:37 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:23:65:23:76 | unsafe_query | mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:23:65:23:85 | unsafe_query.as_str() | mysql.rs:23:55:23:63 | query_opt | provenance | MaD:9 Sink:MaD:9 |
-| mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | mysql.rs:23:55:23:63 | query_opt | provenance | MaD:9 Sink:MaD:9 |
-| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:24:25:24:36 | unsafe_query | mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:24:25:24:45 | unsafe_query.as_str() | mysql.rs:24:14:24:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
-| mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | mysql.rs:24:14:24:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
-| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:25:40:25:51 | unsafe_query | mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:25:40:25:60 | unsafe_query.as_str() | mysql.rs:25:28:25:38 | query_first | provenance | MaD:3 Sink:MaD:3 |
-| mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | mysql.rs:25:28:25:38 | query_first | provenance | MaD:3 Sink:MaD:3 |
-| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:26:65:26:76 | unsafe_query | mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:26:65:26:85 | unsafe_query.as_str() | mysql.rs:26:49:26:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
-| mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | mysql.rs:26:49:26:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
-| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:27:33:27:44 | unsafe_query | mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:27:33:27:53 | unsafe_query.as_str() | mysql.rs:27:22:27:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
-| mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | mysql.rs:27:22:27:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
-| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:28:37:28:48 | unsafe_query | mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:28:37:28:57 | unsafe_query.as_str() | mysql.rs:28:22:28:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
-| mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | mysql.rs:28:22:28:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
-| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:29:33:29:44 | unsafe_query | mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:29:33:29:53 | unsafe_query.as_str() | mysql.rs:29:22:29:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
-| mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | mysql.rs:29:22:29:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
-| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:30:32:30:43 | unsafe_query | mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:30:32:30:52 | unsafe_query.as_str() | mysql.rs:30:22:30:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
-| mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | mysql.rs:30:22:30:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
-| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:31:36:31:47 | unsafe_query | mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:31:36:31:56 | unsafe_query.as_str() | mysql.rs:31:22:31:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
-| mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | mysql.rs:31:22:31:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
-| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:32:40:32:51 | unsafe_query | mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:32:40:32:60 | unsafe_query.as_str() | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | mysql.rs:32:34:32:38 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:49:31:49:42 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:49:31:49:42 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:49:31:49:42 | unsafe_query | mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:49:31:49:51 | unsafe_query.as_str() | mysql.rs:49:26:49:29 | prep | provenance | MaD:16 Sink:MaD:16 |
-| mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | mysql.rs:49:26:49:29 | prep | provenance | MaD:16 Sink:MaD:16 |
-| mysql.rs:54:26:54:37 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:54:26:54:37 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:54:26:54:37 | unsafe_query | mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:54:26:54:46 | unsafe_query.as_str() | mysql.rs:54:15:54:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
-| mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | mysql.rs:54:15:54:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
-| mysql.rs:72:13:72:29 | mut remote_string | mysql.rs:74:86:74:98 | remote_string | provenance |  |
-| mysql.rs:72:33:72:54 | ...::get | mysql.rs:72:33:72:77 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
-| mysql.rs:72:33:72:77 | ...::get(...) [Ok] | mysql.rs:72:33:72:86 | ... .unwrap() | provenance | MaD:30 |
-| mysql.rs:72:33:72:86 | ... .unwrap() | mysql.rs:72:33:72:93 | ... .text() [Ok] | provenance | MaD:34 |
-| mysql.rs:72:33:72:93 | ... .text() [Ok] | mysql.rs:72:33:72:121 | ... .unwrap_or(...) | provenance | MaD:31 |
-| mysql.rs:72:33:72:121 | ... .unwrap_or(...) | mysql.rs:72:13:72:29 | mut remote_string | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:81:39:81:50 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:82:25:82:36 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:83:48:83:59 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:84:33:84:44 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:85:33:85:44 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:86:48:86:59 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:87:32:87:43 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:101:31:101:42 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:106:26:106:37 | unsafe_query | provenance |  |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() | provenance | MaD:28 |
-| mysql.rs:74:13:74:24 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() | provenance | MaD:32 |
-| mysql.rs:74:28:74:98 | ... + ... | mysql.rs:74:13:74:24 | unsafe_query | provenance |  |
-| mysql.rs:74:28:74:98 | ... + ... | mysql.rs:74:28:74:104 | ... + ... | provenance | MaD:27 |
-| mysql.rs:74:28:74:104 | ... + ... | mysql.rs:74:13:74:24 | unsafe_query | provenance |  |
-| mysql.rs:74:85:74:98 | &remote_string [&ref] | mysql.rs:74:28:74:98 | ... + ... | provenance | MaD:26 |
-| mysql.rs:74:86:74:98 | remote_string | mysql.rs:74:85:74:98 | &remote_string [&ref] | provenance |  |
-| mysql.rs:81:39:81:50 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:81:39:81:50 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:81:39:81:50 | unsafe_query | mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:81:39:81:59 | unsafe_query.as_str() | mysql.rs:81:33:81:37 | query | provenance | MaD:10 Sink:MaD:10 |
-| mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | mysql.rs:81:33:81:37 | query | provenance | MaD:10 Sink:MaD:10 |
-| mysql.rs:82:25:82:36 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:82:25:82:36 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:82:25:82:36 | unsafe_query | mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:82:25:82:45 | unsafe_query.as_str() | mysql.rs:82:14:82:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
-| mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | mysql.rs:82:14:82:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
-| mysql.rs:83:48:83:59 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:83:48:83:59 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:83:48:83:59 | unsafe_query | mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:83:48:83:68 | unsafe_query.as_str() | mysql.rs:83:36:83:46 | query_first | provenance | MaD:12 Sink:MaD:12 |
-| mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | mysql.rs:83:36:83:46 | query_first | provenance | MaD:12 Sink:MaD:12 |
-| mysql.rs:84:33:84:44 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:84:33:84:44 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:84:33:84:44 | unsafe_query | mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:84:33:84:53 | unsafe_query.as_str() | mysql.rs:84:22:84:31 | query_fold | provenance | MaD:13 Sink:MaD:13 |
-| mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | mysql.rs:84:22:84:31 | query_fold | provenance | MaD:13 Sink:MaD:13 |
-| mysql.rs:85:33:85:44 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:85:33:85:44 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:85:33:85:44 | unsafe_query | mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:85:33:85:53 | unsafe_query.as_str() | mysql.rs:85:22:85:31 | query_iter | provenance | MaD:19 Sink:MaD:19 |
-| mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | mysql.rs:85:22:85:31 | query_iter | provenance | MaD:19 Sink:MaD:19 |
-| mysql.rs:86:48:86:59 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:86:48:86:59 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:86:48:86:59 | unsafe_query | mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:86:48:86:68 | unsafe_query.as_str() | mysql.rs:86:22:86:33 | query_stream | provenance | MaD:15 Sink:MaD:15 |
-| mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | mysql.rs:86:22:86:33 | query_stream | provenance | MaD:15 Sink:MaD:15 |
-| mysql.rs:87:32:87:43 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:87:32:87:43 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:87:32:87:43 | unsafe_query | mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:87:32:87:52 | unsafe_query.as_str() | mysql.rs:87:22:87:30 | query_map | provenance | MaD:14 Sink:MaD:14 |
-| mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | mysql.rs:87:22:87:30 | query_map | provenance | MaD:14 Sink:MaD:14 |
-| mysql.rs:101:31:101:42 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:101:31:101:42 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:101:31:101:42 | unsafe_query | mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:101:31:101:51 | unsafe_query.as_str() | mysql.rs:101:26:101:29 | prep | provenance | MaD:18 Sink:MaD:18 |
-| mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | mysql.rs:101:26:101:29 | prep | provenance | MaD:18 Sink:MaD:18 |
-| mysql.rs:106:26:106:37 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:106:26:106:37 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
-| mysql.rs:106:26:106:37 | unsafe_query | mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
-| mysql.rs:106:26:106:46 | unsafe_query.as_str() | mysql.rs:106:15:106:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
-| mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | mysql.rs:106:15:106:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:12:13:12:29 | mut remote_string | mysql.rs:18:71:18:83 | remote_string | provenance |  |
+| mysql.rs:12:33:12:54 | ...::get | mysql.rs:12:33:12:77 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
+| mysql.rs:12:33:12:77 | ...::get(...) [Ok] | mysql.rs:12:33:13:21 | ... .unwrap() | provenance | MaD:30 |
+| mysql.rs:12:33:13:21 | ... .unwrap() | mysql.rs:12:33:14:19 | ... .text() [Ok] | provenance | MaD:34 |
+| mysql.rs:12:33:14:19 | ... .text() [Ok] | mysql.rs:12:33:15:40 | ... .unwrap_or(...) | provenance | MaD:31 |
+| mysql.rs:12:33:15:40 | ... .unwrap_or(...) | mysql.rs:12:13:12:29 | mut remote_string | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:25:38:25:49 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:25:38:25:58 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:25:38:25:58 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:25:38:25:58 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:26:64:26:75 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:26:64:26:84 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:26:64:26:84 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:26:64:26:84 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:27:25:27:36 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:27:25:27:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:27:25:27:45 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:27:25:27:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:28:39:28:50 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:28:39:28:59 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:28:39:28:59 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:28:39:28:59 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:29:65:29:76 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:29:65:29:85 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:29:65:29:85 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:29:65:29:85 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:30:33:30:44 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:30:33:30:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:30:33:30:53 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:30:33:30:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:32:13:32:24 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:32:13:32:33 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:32:13:32:33 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:32:13:32:33 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:36:33:36:44 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:36:33:36:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:36:33:36:53 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:36:33:36:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:37:32:37:43 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:37:32:37:52 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:37:32:37:52 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:37:32:37:52 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:39:13:39:24 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:39:13:39:33 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:39:13:39:33 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:39:13:39:33 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:42:39:42:50 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:42:39:42:59 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:42:39:42:59 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:42:39:42:59 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:75:31:75:42 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:75:31:75:51 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:75:31:75:51 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:75:31:75:51 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:80:26:80:37 | unsafe_query | provenance |  |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:80:26:80:46 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:80:26:80:46 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:80:26:80:46 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:18:13:18:83 | ... + ... | mysql.rs:17:13:17:24 | unsafe_query | provenance |  |
+| mysql.rs:18:13:18:83 | ... + ... | mysql.rs:18:13:18:89 | ... + ... | provenance | MaD:27 |
+| mysql.rs:18:13:18:89 | ... + ... | mysql.rs:17:13:17:24 | unsafe_query | provenance |  |
+| mysql.rs:18:70:18:83 | &remote_string [&ref] | mysql.rs:18:13:18:83 | ... + ... | provenance | MaD:26 |
+| mysql.rs:18:71:18:83 | remote_string | mysql.rs:18:70:18:83 | &remote_string [&ref] | provenance |  |
+| mysql.rs:25:38:25:49 | unsafe_query | mysql.rs:25:38:25:58 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:25:38:25:49 | unsafe_query | mysql.rs:25:38:25:58 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:25:38:25:49 | unsafe_query | mysql.rs:25:38:25:58 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:25:38:25:58 | unsafe_query.as_str() | mysql.rs:25:32:25:36 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:25:38:25:58 | unsafe_query.as_str() [&ref] | mysql.rs:25:32:25:36 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:26:64:26:75 | unsafe_query | mysql.rs:26:64:26:84 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:26:64:26:75 | unsafe_query | mysql.rs:26:64:26:84 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:26:64:26:75 | unsafe_query | mysql.rs:26:64:26:84 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:26:64:26:84 | unsafe_query.as_str() | mysql.rs:26:54:26:62 | query_opt | provenance | MaD:9 Sink:MaD:9 |
+| mysql.rs:26:64:26:84 | unsafe_query.as_str() [&ref] | mysql.rs:26:54:26:62 | query_opt | provenance | MaD:9 Sink:MaD:9 |
+| mysql.rs:27:25:27:36 | unsafe_query | mysql.rs:27:25:27:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:27:25:27:36 | unsafe_query | mysql.rs:27:25:27:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:27:25:27:36 | unsafe_query | mysql.rs:27:25:27:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:27:25:27:45 | unsafe_query.as_str() | mysql.rs:27:14:27:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:27:25:27:45 | unsafe_query.as_str() [&ref] | mysql.rs:27:14:27:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:28:39:28:50 | unsafe_query | mysql.rs:28:39:28:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:28:39:28:50 | unsafe_query | mysql.rs:28:39:28:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:28:39:28:50 | unsafe_query | mysql.rs:28:39:28:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:28:39:28:59 | unsafe_query.as_str() | mysql.rs:28:27:28:37 | query_first | provenance | MaD:3 Sink:MaD:3 |
+| mysql.rs:28:39:28:59 | unsafe_query.as_str() [&ref] | mysql.rs:28:27:28:37 | query_first | provenance | MaD:3 Sink:MaD:3 |
+| mysql.rs:29:65:29:76 | unsafe_query | mysql.rs:29:65:29:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:29:65:29:76 | unsafe_query | mysql.rs:29:65:29:85 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:29:65:29:76 | unsafe_query | mysql.rs:29:65:29:85 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:29:65:29:85 | unsafe_query.as_str() | mysql.rs:29:49:29:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
+| mysql.rs:29:65:29:85 | unsafe_query.as_str() [&ref] | mysql.rs:29:49:29:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
+| mysql.rs:30:33:30:44 | unsafe_query | mysql.rs:30:33:30:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:30:33:30:44 | unsafe_query | mysql.rs:30:33:30:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:30:33:30:44 | unsafe_query | mysql.rs:30:33:30:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:30:33:30:53 | unsafe_query.as_str() | mysql.rs:30:22:30:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
+| mysql.rs:30:33:30:53 | unsafe_query.as_str() [&ref] | mysql.rs:30:22:30:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
+| mysql.rs:32:13:32:24 | unsafe_query | mysql.rs:32:13:32:33 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:32:13:32:24 | unsafe_query | mysql.rs:32:13:32:33 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:32:13:32:24 | unsafe_query | mysql.rs:32:13:32:33 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:32:13:32:33 | unsafe_query.as_str() | mysql.rs:31:22:31:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
+| mysql.rs:32:13:32:33 | unsafe_query.as_str() [&ref] | mysql.rs:31:22:31:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
+| mysql.rs:36:33:36:44 | unsafe_query | mysql.rs:36:33:36:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:36:33:36:44 | unsafe_query | mysql.rs:36:33:36:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:36:33:36:44 | unsafe_query | mysql.rs:36:33:36:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:36:33:36:53 | unsafe_query.as_str() | mysql.rs:36:22:36:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
+| mysql.rs:36:33:36:53 | unsafe_query.as_str() [&ref] | mysql.rs:36:22:36:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
+| mysql.rs:37:32:37:43 | unsafe_query | mysql.rs:37:32:37:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:37:32:37:43 | unsafe_query | mysql.rs:37:32:37:52 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:37:32:37:43 | unsafe_query | mysql.rs:37:32:37:52 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:37:32:37:52 | unsafe_query.as_str() | mysql.rs:37:22:37:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
+| mysql.rs:37:32:37:52 | unsafe_query.as_str() [&ref] | mysql.rs:37:22:37:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
+| mysql.rs:39:13:39:24 | unsafe_query | mysql.rs:39:13:39:33 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:39:13:39:24 | unsafe_query | mysql.rs:39:13:39:33 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:39:13:39:24 | unsafe_query | mysql.rs:39:13:39:33 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:39:13:39:33 | unsafe_query.as_str() | mysql.rs:38:22:38:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
+| mysql.rs:39:13:39:33 | unsafe_query.as_str() [&ref] | mysql.rs:38:22:38:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
+| mysql.rs:42:39:42:50 | unsafe_query | mysql.rs:42:39:42:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:42:39:42:50 | unsafe_query | mysql.rs:42:39:42:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:42:39:42:50 | unsafe_query | mysql.rs:42:39:42:59 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:42:39:42:59 | unsafe_query.as_str() | mysql.rs:42:33:42:37 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:42:39:42:59 | unsafe_query.as_str() [&ref] | mysql.rs:42:33:42:37 | query | provenance | MaD:1 Sink:MaD:1 |
+| mysql.rs:75:31:75:42 | unsafe_query | mysql.rs:75:31:75:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:75:31:75:42 | unsafe_query | mysql.rs:75:31:75:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:75:31:75:42 | unsafe_query | mysql.rs:75:31:75:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:75:31:75:51 | unsafe_query.as_str() | mysql.rs:75:26:75:29 | prep | provenance | MaD:16 Sink:MaD:16 |
+| mysql.rs:75:31:75:51 | unsafe_query.as_str() [&ref] | mysql.rs:75:26:75:29 | prep | provenance | MaD:16 Sink:MaD:16 |
+| mysql.rs:80:26:80:37 | unsafe_query | mysql.rs:80:26:80:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:80:26:80:37 | unsafe_query | mysql.rs:80:26:80:46 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:80:26:80:37 | unsafe_query | mysql.rs:80:26:80:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:80:26:80:46 | unsafe_query.as_str() | mysql.rs:80:15:80:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:80:26:80:46 | unsafe_query.as_str() [&ref] | mysql.rs:80:15:80:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
+| mysql.rs:97:13:97:29 | mut remote_string | mysql.rs:103:71:103:83 | remote_string | provenance |  |
+| mysql.rs:97:33:97:54 | ...::get | mysql.rs:97:33:97:77 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
+| mysql.rs:97:33:97:77 | ...::get(...) [Ok] | mysql.rs:97:33:98:21 | ... .unwrap() | provenance | MaD:30 |
+| mysql.rs:97:33:98:21 | ... .unwrap() | mysql.rs:97:33:99:19 | ... .text() [Ok] | provenance | MaD:34 |
+| mysql.rs:97:33:99:19 | ... .text() [Ok] | mysql.rs:97:33:100:40 | ... .unwrap_or(...) | provenance | MaD:31 |
+| mysql.rs:97:33:100:40 | ... .unwrap_or(...) | mysql.rs:97:13:97:29 | mut remote_string | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:110:38:110:49 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:110:38:110:58 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:110:38:110:58 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:110:38:110:58 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:111:25:111:36 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:111:25:111:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:111:25:111:45 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:111:25:111:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:112:47:112:58 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:112:47:112:67 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:112:47:112:67 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:112:47:112:67 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:114:25:114:36 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:114:25:114:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:114:25:114:45 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:114:25:114:45 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:116:33:116:44 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:116:33:116:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:116:33:116:53 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:116:33:116:53 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:118:40:118:51 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:118:40:118:60 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:118:40:118:60 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:118:40:118:60 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:121:24:121:35 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:121:24:121:44 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:121:24:121:44 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:121:24:121:44 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:149:31:149:42 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:149:31:149:51 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:149:31:149:51 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:149:31:149:51 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:154:26:154:37 | unsafe_query | provenance |  |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:154:26:154:46 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:154:26:154:46 | unsafe_query.as_str() | provenance | MaD:28 |
+| mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:154:26:154:46 | unsafe_query.as_str() | provenance | MaD:32 |
+| mysql.rs:103:13:103:83 | ... + ... | mysql.rs:102:13:102:24 | unsafe_query | provenance |  |
+| mysql.rs:103:13:103:83 | ... + ... | mysql.rs:103:13:103:89 | ... + ... | provenance | MaD:27 |
+| mysql.rs:103:13:103:89 | ... + ... | mysql.rs:102:13:102:24 | unsafe_query | provenance |  |
+| mysql.rs:103:70:103:83 | &remote_string [&ref] | mysql.rs:103:13:103:83 | ... + ... | provenance | MaD:26 |
+| mysql.rs:103:71:103:83 | remote_string | mysql.rs:103:70:103:83 | &remote_string [&ref] | provenance |  |
+| mysql.rs:110:38:110:49 | unsafe_query | mysql.rs:110:38:110:58 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:110:38:110:49 | unsafe_query | mysql.rs:110:38:110:58 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:110:38:110:49 | unsafe_query | mysql.rs:110:38:110:58 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:110:38:110:58 | unsafe_query.as_str() | mysql.rs:110:32:110:36 | query | provenance | MaD:10 Sink:MaD:10 |
+| mysql.rs:110:38:110:58 | unsafe_query.as_str() [&ref] | mysql.rs:110:32:110:36 | query | provenance | MaD:10 Sink:MaD:10 |
+| mysql.rs:111:25:111:36 | unsafe_query | mysql.rs:111:25:111:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:111:25:111:36 | unsafe_query | mysql.rs:111:25:111:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:111:25:111:36 | unsafe_query | mysql.rs:111:25:111:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:111:25:111:45 | unsafe_query.as_str() | mysql.rs:111:14:111:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:111:25:111:45 | unsafe_query.as_str() [&ref] | mysql.rs:111:14:111:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:112:47:112:58 | unsafe_query | mysql.rs:112:47:112:67 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:112:47:112:58 | unsafe_query | mysql.rs:112:47:112:67 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:112:47:112:58 | unsafe_query | mysql.rs:112:47:112:67 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:112:47:112:67 | unsafe_query.as_str() | mysql.rs:112:35:112:45 | query_first | provenance | MaD:12 Sink:MaD:12 |
+| mysql.rs:112:47:112:67 | unsafe_query.as_str() [&ref] | mysql.rs:112:35:112:45 | query_first | provenance | MaD:12 Sink:MaD:12 |
+| mysql.rs:114:25:114:36 | unsafe_query | mysql.rs:114:25:114:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:114:25:114:36 | unsafe_query | mysql.rs:114:25:114:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:114:25:114:36 | unsafe_query | mysql.rs:114:25:114:45 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:114:25:114:45 | unsafe_query.as_str() | mysql.rs:114:14:114:23 | query_fold | provenance | MaD:13 Sink:MaD:13 |
+| mysql.rs:114:25:114:45 | unsafe_query.as_str() [&ref] | mysql.rs:114:14:114:23 | query_fold | provenance | MaD:13 Sink:MaD:13 |
+| mysql.rs:116:33:116:44 | unsafe_query | mysql.rs:116:33:116:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:116:33:116:44 | unsafe_query | mysql.rs:116:33:116:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:116:33:116:44 | unsafe_query | mysql.rs:116:33:116:53 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:116:33:116:53 | unsafe_query.as_str() | mysql.rs:116:22:116:31 | query_iter | provenance | MaD:19 Sink:MaD:19 |
+| mysql.rs:116:33:116:53 | unsafe_query.as_str() [&ref] | mysql.rs:116:22:116:31 | query_iter | provenance | MaD:19 Sink:MaD:19 |
+| mysql.rs:118:40:118:51 | unsafe_query | mysql.rs:118:40:118:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:118:40:118:51 | unsafe_query | mysql.rs:118:40:118:60 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:118:40:118:51 | unsafe_query | mysql.rs:118:40:118:60 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:118:40:118:60 | unsafe_query.as_str() | mysql.rs:118:14:118:25 | query_stream | provenance | MaD:15 Sink:MaD:15 |
+| mysql.rs:118:40:118:60 | unsafe_query.as_str() [&ref] | mysql.rs:118:14:118:25 | query_stream | provenance | MaD:15 Sink:MaD:15 |
+| mysql.rs:121:24:121:35 | unsafe_query | mysql.rs:121:24:121:44 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:121:24:121:35 | unsafe_query | mysql.rs:121:24:121:44 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:121:24:121:35 | unsafe_query | mysql.rs:121:24:121:44 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:121:24:121:44 | unsafe_query.as_str() | mysql.rs:121:14:121:22 | query_map | provenance | MaD:14 Sink:MaD:14 |
+| mysql.rs:121:24:121:44 | unsafe_query.as_str() [&ref] | mysql.rs:121:14:121:22 | query_map | provenance | MaD:14 Sink:MaD:14 |
+| mysql.rs:149:31:149:42 | unsafe_query | mysql.rs:149:31:149:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:149:31:149:42 | unsafe_query | mysql.rs:149:31:149:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:149:31:149:42 | unsafe_query | mysql.rs:149:31:149:51 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:149:31:149:51 | unsafe_query.as_str() | mysql.rs:149:26:149:29 | prep | provenance | MaD:18 Sink:MaD:18 |
+| mysql.rs:149:31:149:51 | unsafe_query.as_str() [&ref] | mysql.rs:149:26:149:29 | prep | provenance | MaD:18 Sink:MaD:18 |
+| mysql.rs:154:26:154:37 | unsafe_query | mysql.rs:154:26:154:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:154:26:154:37 | unsafe_query | mysql.rs:154:26:154:46 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
+| mysql.rs:154:26:154:37 | unsafe_query | mysql.rs:154:26:154:46 | unsafe_query.as_str() [&ref] | provenance | MaD:32 |
+| mysql.rs:154:26:154:46 | unsafe_query.as_str() | mysql.rs:154:15:154:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
+| mysql.rs:154:26:154:46 | unsafe_query.as_str() [&ref] | mysql.rs:154:15:154:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
 | sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance |  |
 | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:24  |
 | sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:25 |
@@ -447,116 +447,116 @@ models
 | 35 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
 | 36 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
 nodes
-| mysql.rs:13:13:13:29 | mut remote_string | semmle.label | mut remote_string |
-| mysql.rs:13:33:13:54 | ...::get | semmle.label | ...::get |
-| mysql.rs:13:33:13:77 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
-| mysql.rs:13:33:13:86 | ... .unwrap() | semmle.label | ... .unwrap() |
-| mysql.rs:13:33:13:93 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
-| mysql.rs:13:33:13:121 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| mysql.rs:15:13:15:24 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:15:28:15:98 | ... + ... | semmle.label | ... + ... |
-| mysql.rs:15:28:15:104 | ... + ... | semmle.label | ... + ... |
-| mysql.rs:15:85:15:98 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
-| mysql.rs:15:86:15:98 | remote_string | semmle.label | remote_string |
-| mysql.rs:22:33:22:37 | query | semmle.label | query |
-| mysql.rs:22:39:22:50 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:22:39:22:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:22:39:22:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:23:55:23:63 | query_opt | semmle.label | query_opt |
-| mysql.rs:23:65:23:76 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:23:65:23:85 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:23:65:23:85 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:24:14:24:23 | query_drop | semmle.label | query_drop |
-| mysql.rs:24:25:24:36 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:24:25:24:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:24:25:24:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:25:28:25:38 | query_first | semmle.label | query_first |
-| mysql.rs:25:40:25:51 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:25:40:25:60 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:25:40:25:60 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:26:49:26:63 | query_first_opt | semmle.label | query_first_opt |
-| mysql.rs:26:65:26:76 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:26:65:26:85 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:26:65:26:85 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:27:22:27:31 | query_fold | semmle.label | query_fold |
-| mysql.rs:27:33:27:44 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:27:33:27:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:27:33:27:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:28:22:28:35 | query_fold_opt | semmle.label | query_fold_opt |
-| mysql.rs:28:37:28:48 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:28:37:28:57 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:28:37:28:57 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:29:22:29:31 | query_iter | semmle.label | query_iter |
-| mysql.rs:29:33:29:44 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:29:33:29:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:29:33:29:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:30:22:30:30 | query_map | semmle.label | query_map |
-| mysql.rs:30:32:30:43 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:30:32:30:52 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:30:32:30:52 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:31:22:31:34 | query_map_opt | semmle.label | query_map_opt |
-| mysql.rs:31:36:31:47 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:31:36:31:56 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:31:36:31:56 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:32:34:32:38 | query | semmle.label | query |
-| mysql.rs:32:40:32:51 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:32:40:32:60 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:32:40:32:60 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:49:26:49:29 | prep | semmle.label | prep |
-| mysql.rs:49:31:49:42 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:49:31:49:51 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:49:31:49:51 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:54:15:54:24 | query_drop | semmle.label | query_drop |
-| mysql.rs:54:26:54:37 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:54:26:54:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:54:26:54:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:72:13:72:29 | mut remote_string | semmle.label | mut remote_string |
-| mysql.rs:72:33:72:54 | ...::get | semmle.label | ...::get |
-| mysql.rs:72:33:72:77 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
-| mysql.rs:72:33:72:86 | ... .unwrap() | semmle.label | ... .unwrap() |
-| mysql.rs:72:33:72:93 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
-| mysql.rs:72:33:72:121 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| mysql.rs:74:13:74:24 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:74:28:74:98 | ... + ... | semmle.label | ... + ... |
-| mysql.rs:74:28:74:104 | ... + ... | semmle.label | ... + ... |
-| mysql.rs:74:85:74:98 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
-| mysql.rs:74:86:74:98 | remote_string | semmle.label | remote_string |
-| mysql.rs:81:33:81:37 | query | semmle.label | query |
-| mysql.rs:81:39:81:50 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:81:39:81:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:81:39:81:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:82:14:82:23 | query_drop | semmle.label | query_drop |
-| mysql.rs:82:25:82:36 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:82:25:82:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:82:25:82:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:83:36:83:46 | query_first | semmle.label | query_first |
-| mysql.rs:83:48:83:59 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:83:48:83:68 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:83:48:83:68 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:84:22:84:31 | query_fold | semmle.label | query_fold |
-| mysql.rs:84:33:84:44 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:84:33:84:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:84:33:84:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:85:22:85:31 | query_iter | semmle.label | query_iter |
-| mysql.rs:85:33:85:44 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:85:33:85:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:85:33:85:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:86:22:86:33 | query_stream | semmle.label | query_stream |
-| mysql.rs:86:48:86:59 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:86:48:86:68 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:86:48:86:68 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:87:22:87:30 | query_map | semmle.label | query_map |
-| mysql.rs:87:32:87:43 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:87:32:87:52 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:87:32:87:52 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:101:26:101:29 | prep | semmle.label | prep |
-| mysql.rs:101:31:101:42 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:101:31:101:51 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:101:31:101:51 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
-| mysql.rs:106:15:106:24 | query_drop | semmle.label | query_drop |
-| mysql.rs:106:26:106:37 | unsafe_query | semmle.label | unsafe_query |
-| mysql.rs:106:26:106:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
-| mysql.rs:106:26:106:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:12:13:12:29 | mut remote_string | semmle.label | mut remote_string |
+| mysql.rs:12:33:12:54 | ...::get | semmle.label | ...::get |
+| mysql.rs:12:33:12:77 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
+| mysql.rs:12:33:13:21 | ... .unwrap() | semmle.label | ... .unwrap() |
+| mysql.rs:12:33:14:19 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
+| mysql.rs:12:33:15:40 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| mysql.rs:17:13:17:24 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:18:13:18:83 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:18:13:18:89 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:18:70:18:83 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
+| mysql.rs:18:71:18:83 | remote_string | semmle.label | remote_string |
+| mysql.rs:25:32:25:36 | query | semmle.label | query |
+| mysql.rs:25:38:25:49 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:25:38:25:58 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:25:38:25:58 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:26:54:26:62 | query_opt | semmle.label | query_opt |
+| mysql.rs:26:64:26:75 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:26:64:26:84 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:26:64:26:84 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:27:14:27:23 | query_drop | semmle.label | query_drop |
+| mysql.rs:27:25:27:36 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:27:25:27:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:27:25:27:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:28:27:28:37 | query_first | semmle.label | query_first |
+| mysql.rs:28:39:28:50 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:28:39:28:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:28:39:28:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:29:49:29:63 | query_first_opt | semmle.label | query_first_opt |
+| mysql.rs:29:65:29:76 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:29:65:29:85 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:29:65:29:85 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:30:22:30:31 | query_fold | semmle.label | query_fold |
+| mysql.rs:30:33:30:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:30:33:30:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:30:33:30:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:31:22:31:35 | query_fold_opt | semmle.label | query_fold_opt |
+| mysql.rs:32:13:32:24 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:32:13:32:33 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:32:13:32:33 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:36:22:36:31 | query_iter | semmle.label | query_iter |
+| mysql.rs:36:33:36:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:36:33:36:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:36:33:36:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:37:22:37:30 | query_map | semmle.label | query_map |
+| mysql.rs:37:32:37:43 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:37:32:37:52 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:37:32:37:52 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:38:22:38:34 | query_map_opt | semmle.label | query_map_opt |
+| mysql.rs:39:13:39:24 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:39:13:39:33 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:39:13:39:33 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:42:33:42:37 | query | semmle.label | query |
+| mysql.rs:42:39:42:50 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:42:39:42:59 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:42:39:42:59 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:75:26:75:29 | prep | semmle.label | prep |
+| mysql.rs:75:31:75:42 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:75:31:75:51 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:75:31:75:51 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:80:15:80:24 | query_drop | semmle.label | query_drop |
+| mysql.rs:80:26:80:37 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:80:26:80:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:80:26:80:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:97:13:97:29 | mut remote_string | semmle.label | mut remote_string |
+| mysql.rs:97:33:97:54 | ...::get | semmle.label | ...::get |
+| mysql.rs:97:33:97:77 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] |
+| mysql.rs:97:33:98:21 | ... .unwrap() | semmle.label | ... .unwrap() |
+| mysql.rs:97:33:99:19 | ... .text() [Ok] | semmle.label | ... .text() [Ok] |
+| mysql.rs:97:33:100:40 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| mysql.rs:102:13:102:24 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:103:13:103:83 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:103:13:103:89 | ... + ... | semmle.label | ... + ... |
+| mysql.rs:103:70:103:83 | &remote_string [&ref] | semmle.label | &remote_string [&ref] |
+| mysql.rs:103:71:103:83 | remote_string | semmle.label | remote_string |
+| mysql.rs:110:32:110:36 | query | semmle.label | query |
+| mysql.rs:110:38:110:49 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:110:38:110:58 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:110:38:110:58 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:111:14:111:23 | query_drop | semmle.label | query_drop |
+| mysql.rs:111:25:111:36 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:111:25:111:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:111:25:111:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:112:35:112:45 | query_first | semmle.label | query_first |
+| mysql.rs:112:47:112:58 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:112:47:112:67 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:112:47:112:67 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:114:14:114:23 | query_fold | semmle.label | query_fold |
+| mysql.rs:114:25:114:36 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:114:25:114:45 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:114:25:114:45 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:116:22:116:31 | query_iter | semmle.label | query_iter |
+| mysql.rs:116:33:116:44 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:116:33:116:53 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:116:33:116:53 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:118:14:118:25 | query_stream | semmle.label | query_stream |
+| mysql.rs:118:40:118:51 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:118:40:118:60 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:118:40:118:60 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:121:14:121:22 | query_map | semmle.label | query_map |
+| mysql.rs:121:24:121:35 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:121:24:121:44 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:121:24:121:44 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:149:26:149:29 | prep | semmle.label | prep |
+| mysql.rs:149:31:149:42 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:149:31:149:51 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:149:31:149:51 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
+| mysql.rs:154:15:154:24 | query_drop | semmle.label | query_drop |
+| mysql.rs:154:26:154:37 | unsafe_query | semmle.label | unsafe_query |
+| mysql.rs:154:26:154:46 | unsafe_query.as_str() | semmle.label | unsafe_query.as_str() |
+| mysql.rs:154:26:154:46 | unsafe_query.as_str() [&ref] | semmle.label | unsafe_query.as_str() [&ref] |
 | sqlx.rs:47:9:47:18 | arg_string | semmle.label | arg_string |
 | sqlx.rs:47:22:47:35 | ...::args | semmle.label | ...::args |
 | sqlx.rs:47:22:47:37 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
diff --git a/rust/ql/test/query-tests/security/CWE-089/mysql.rs b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
index 323b8a2ab501..71ee265e8bab 100644
--- a/rust/ql/test/query-tests/security/CWE-089/mysql.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/mysql.rs
@@ -9,10 +9,10 @@ mod sync_test {
         let mut conn2: Conn = pool.get_conn()?.unwrap();
 
         // construct queries
-        let mut remote_string = reqwest::blocking::get("http://example.com/")
+        let mut remote_string = reqwest::blocking::get("http://example.com/") // $ Source=remote10
             .unwrap()
             .text()
-            .unwrap_or(String::from("")); // $ Source=remote10
+            .unwrap_or(String::from(""));
         let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
         let unsafe_query =
             String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
@@ -28,17 +28,17 @@ mod sync_test {
         let _: i64 = conn.query_first(unsafe_query.as_str())?.unwrap(); // $ sql-sink Alert[rust/sql-injection]=remote10
         let _: Result<i64, FromRowError> = conn.query_first_opt(unsafe_query.as_str())?.unwrap(); // $ sql-sink Alert[rust/sql-injection]=remote10
         let _ = conn.query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })?; // $ sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_fold_opt(
+        let _ = conn.query_fold_opt( // $ sql-sink Alert[rust/sql-injection]=remote10
             unsafe_query.as_str(),
             0,
             |_: i64, _: Result<i64, FromRowError>| -> i64 { 0 },
-        )?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        )?;
         let _ = conn.query_iter(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
         let _ = conn.query_map(unsafe_query.as_str(), |_: i64| -> () {})?; // $ sql-sink Alert[rust/sql-injection]=remote10
-        let _ = conn.query_map_opt(
+        let _ = conn.query_map_opt( // $ sql-sink Alert[rust/sql-injection]=remote10
             unsafe_query.as_str(),
             |_: Result<i64, FromRowError>| -> () {},
-        )?; // $ sql-sink Alert[rust/sql-injection]=remote10
+        )?;
         let _: Vec<i64> = conn2.query(unsafe_query.as_str())?; // $ sql-sink Alert[rust/sql-injection]=remote10
 
         // prepared queries (safe)
@@ -94,10 +94,10 @@ mod async_test {
         let mut conn = pool.get_conn().await?;
 
         // construct queries
-        let mut remote_string = reqwest::blocking::get("http://example.com/")
+        let mut remote_string = reqwest::blocking::get("http://example.com/") // $ Source=remote11
             .unwrap()
             .text()
-            .unwrap_or(String::from("")); // $ Source=remote11
+            .unwrap_or(String::from(""));
         let safe_query = String::from("SELECT * FROM people WHERE firstname='Alice'");
         let unsafe_query =
             String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
@@ -111,15 +111,15 @@ mod async_test {
         conn.query_drop(unsafe_query.as_str()); // $ sql-sink Alert[rust/sql-injection]=remote11
         let _: Option<i64> = conn.query_first(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
         let _ = conn
-            .query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 })
-            .await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+            .query_fold(unsafe_query.as_str(), 0, |_: i64, _: i64| -> i64 { 0 }) // $ sql-sink Alert[rust/sql-injection]=remote11
+            .await?;
         let _ = conn.query_iter(unsafe_query.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote11
         let _ = conn
-            .query_stream::<i64, &str>(unsafe_query.as_str())
-            .await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+            .query_stream::<i64, &str>(unsafe_query.as_str()) // $ sql-sink Alert[rust/sql-injection]=remote11
+            .await?;
         let _ = conn
-            .query_map(unsafe_query.as_str(), |_: i64| -> () {})
-            .await?; // $ sql-sink Alert[rust/sql-injection]=remote11
+            .query_map(unsafe_query.as_str(), |_: i64| -> () {}) // $ sql-sink Alert[rust/sql-injection]=remote11
+            .await?;
 
         // prepared queries (safe)
         let stmt = conn.prep(prepared_query.as_str()).await?; // $ sql-sink

From 072eca233d2d589e6721554ad21637e43eee8e28 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Wed, 15 Oct 2025 16:50:47 +0100
Subject: [PATCH 14/14] Rust: Update consistency check .expected.

---
 .../PathResolutionConsistency.expected        | 126 +++++++++---------
 1 file changed, 63 insertions(+), 63 deletions(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
index bd49309c55a4..b59acd0ca8e0 100644
--- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
@@ -1,57 +1,57 @@
 multipleCallTargets
-| mysql.rs:13:105:13:120 | ...::from(...) |
-| mysql.rs:14:26:14:85 | ...::from(...) |
-| mysql.rs:15:28:15:81 | ...::from(...) |
-| mysql.rs:16:30:16:83 | ...::from(...) |
-| mysql.rs:19:39:19:57 | safe_query.as_str() |
-| mysql.rs:22:39:22:59 | unsafe_query.as_str() |
-| mysql.rs:23:65:23:85 | unsafe_query.as_str() |
-| mysql.rs:24:25:24:45 | unsafe_query.as_str() |
-| mysql.rs:25:40:25:60 | unsafe_query.as_str() |
-| mysql.rs:26:65:26:85 | unsafe_query.as_str() |
-| mysql.rs:27:33:27:53 | unsafe_query.as_str() |
-| mysql.rs:28:37:28:57 | unsafe_query.as_str() |
-| mysql.rs:29:33:29:53 | unsafe_query.as_str() |
-| mysql.rs:30:32:30:52 | unsafe_query.as_str() |
-| mysql.rs:31:36:31:56 | unsafe_query.as_str() |
-| mysql.rs:32:40:32:60 | unsafe_query.as_str() |
-| mysql.rs:35:30:35:52 | prepared_query.as_str() |
-| mysql.rs:36:46:36:67 | remote_string.as_str() |
-| mysql.rs:37:72:37:93 | remote_string.as_str() |
-| mysql.rs:38:46:38:67 | remote_string.as_str() |
-| mysql.rs:39:33:39:54 | remote_string.as_str() |
-| mysql.rs:40:47:40:68 | remote_string.as_str() |
-| mysql.rs:41:73:41:94 | remote_string.as_str() |
-| mysql.rs:42:40:42:61 | remote_string.as_str() |
-| mysql.rs:43:44:43:65 | remote_string.as_str() |
-| mysql.rs:44:40:44:61 | remote_string.as_str() |
-| mysql.rs:45:39:45:60 | remote_string.as_str() |
-| mysql.rs:46:43:46:64 | remote_string.as_str() |
-| mysql.rs:49:31:49:51 | unsafe_query.as_str() |
-| mysql.rs:54:26:54:46 | unsafe_query.as_str() |
-| mysql.rs:72:105:72:120 | ...::from(...) |
-| mysql.rs:73:26:73:85 | ...::from(...) |
-| mysql.rs:74:28:74:81 | ...::from(...) |
-| mysql.rs:75:30:75:83 | ...::from(...) |
-| mysql.rs:78:39:78:57 | safe_query.as_str() |
-| mysql.rs:81:39:81:59 | unsafe_query.as_str() |
-| mysql.rs:82:25:82:45 | unsafe_query.as_str() |
-| mysql.rs:83:48:83:68 | unsafe_query.as_str() |
-| mysql.rs:84:33:84:53 | unsafe_query.as_str() |
-| mysql.rs:85:33:85:53 | unsafe_query.as_str() |
-| mysql.rs:86:48:86:68 | unsafe_query.as_str() |
-| mysql.rs:87:32:87:52 | unsafe_query.as_str() |
-| mysql.rs:90:30:90:52 | prepared_query.as_str() |
-| mysql.rs:91:46:91:67 | remote_string.as_str() |
-| mysql.rs:92:46:92:67 | remote_string.as_str() |
-| mysql.rs:93:33:93:54 | remote_string.as_str() |
-| mysql.rs:94:55:94:76 | remote_string.as_str() |
-| mysql.rs:95:40:95:61 | remote_string.as_str() |
-| mysql.rs:96:40:96:61 | remote_string.as_str() |
-| mysql.rs:97:70:97:91 | remote_string.as_str() |
-| mysql.rs:98:39:98:60 | remote_string.as_str() |
-| mysql.rs:101:31:101:51 | unsafe_query.as_str() |
-| mysql.rs:106:26:106:46 | unsafe_query.as_str() |
+| mysql.rs:15:24:15:39 | ...::from(...) |
+| mysql.rs:16:26:16:85 | ...::from(...) |
+| mysql.rs:18:13:18:66 | ...::from(...) |
+| mysql.rs:19:30:19:83 | ...::from(...) |
+| mysql.rs:22:38:22:56 | safe_query.as_str() |
+| mysql.rs:25:38:25:58 | unsafe_query.as_str() |
+| mysql.rs:26:64:26:84 | unsafe_query.as_str() |
+| mysql.rs:27:25:27:45 | unsafe_query.as_str() |
+| mysql.rs:28:39:28:59 | unsafe_query.as_str() |
+| mysql.rs:29:65:29:85 | unsafe_query.as_str() |
+| mysql.rs:30:33:30:53 | unsafe_query.as_str() |
+| mysql.rs:32:13:32:33 | unsafe_query.as_str() |
+| mysql.rs:36:33:36:53 | unsafe_query.as_str() |
+| mysql.rs:37:32:37:52 | unsafe_query.as_str() |
+| mysql.rs:39:13:39:33 | unsafe_query.as_str() |
+| mysql.rs:42:39:42:59 | unsafe_query.as_str() |
+| mysql.rs:45:30:45:52 | prepared_query.as_str() |
+| mysql.rs:46:45:46:66 | remote_string.as_str() |
+| mysql.rs:47:71:47:92 | remote_string.as_str() |
+| mysql.rs:48:46:48:67 | remote_string.as_str() |
+| mysql.rs:49:33:49:54 | remote_string.as_str() |
+| mysql.rs:50:46:50:67 | remote_string.as_str() |
+| mysql.rs:52:37:52:58 | remote_string.as_str() |
+| mysql.rs:56:14:56:35 | remote_string.as_str() |
+| mysql.rs:62:14:62:35 | remote_string.as_str() |
+| mysql.rs:66:40:66:61 | remote_string.as_str() |
+| mysql.rs:67:39:67:60 | remote_string.as_str() |
+| mysql.rs:70:14:70:35 | remote_string.as_str() |
+| mysql.rs:75:31:75:51 | unsafe_query.as_str() |
+| mysql.rs:80:26:80:46 | unsafe_query.as_str() |
+| mysql.rs:100:24:100:39 | ...::from(...) |
+| mysql.rs:101:26:101:85 | ...::from(...) |
+| mysql.rs:103:13:103:66 | ...::from(...) |
+| mysql.rs:104:30:104:83 | ...::from(...) |
+| mysql.rs:107:38:107:56 | safe_query.as_str() |
+| mysql.rs:110:38:110:58 | unsafe_query.as_str() |
+| mysql.rs:111:25:111:45 | unsafe_query.as_str() |
+| mysql.rs:112:47:112:67 | unsafe_query.as_str() |
+| mysql.rs:114:25:114:45 | unsafe_query.as_str() |
+| mysql.rs:116:33:116:53 | unsafe_query.as_str() |
+| mysql.rs:118:40:118:60 | unsafe_query.as_str() |
+| mysql.rs:121:24:121:44 | unsafe_query.as_str() |
+| mysql.rs:125:30:125:52 | prepared_query.as_str() |
+| mysql.rs:126:45:126:66 | remote_string.as_str() |
+| mysql.rs:128:38:128:59 | remote_string.as_str() |
+| mysql.rs:130:33:130:54 | remote_string.as_str() |
+| mysql.rs:131:54:131:75 | remote_string.as_str() |
+| mysql.rs:135:18:135:39 | remote_string.as_str() |
+| mysql.rs:140:40:140:61 | remote_string.as_str() |
+| mysql.rs:142:62:142:83 | remote_string.as_str() |
+| mysql.rs:145:31:145:52 | remote_string.as_str() |
+| mysql.rs:149:31:149:51 | unsafe_query.as_str() |
+| mysql.rs:154:26:154:46 | unsafe_query.as_str() |
 | sqlx.rs:46:24:46:44 | ...::from(...) |
 | sqlx.rs:47:56:47:76 | ...::from(...) |
 | sqlx.rs:48:97:48:117 | ...::from(...) |
@@ -119,13 +119,13 @@ multipleCallTargets
 | sqlx.rs:189:29:189:53 | prepared_query_1.as_str() |
 | sqlx.rs:202:57:202:85 | ...::from(...) |
 multiplePathResolutions
-| mysql.rs:6:37:6:74 | Result::<...> |
-| mysql.rs:23:21:23:45 | Result::<...> |
-| mysql.rs:26:17:26:41 | Result::<...> |
-| mysql.rs:28:75:28:99 | Result::<...> |
-| mysql.rs:31:63:31:87 | Result::<...> |
-| mysql.rs:37:21:37:45 | Result::<...> |
-| mysql.rs:41:17:41:41 | Result::<...> |
-| mysql.rs:43:85:43:109 | Result::<...> |
-| mysql.rs:46:73:46:97 | Result::<...> |
-| mysql.rs:66:49:66:58 | Result::<...> |
+| mysql.rs:5:37:5:74 | Result::<...> |
+| mysql.rs:26:20:26:44 | Result::<...> |
+| mysql.rs:29:16:29:40 | Result::<...> |
+| mysql.rs:34:25:34:49 | Result::<...> |
+| mysql.rs:40:17:40:41 | Result::<...> |
+| mysql.rs:47:20:47:44 | Result::<...> |
+| mysql.rs:51:16:51:40 | Result::<...> |
+| mysql.rs:64:25:64:49 | Result::<...> |
+| mysql.rs:71:17:71:41 | Result::<...> |
+| mysql.rs:91:49:91:58 | Result::<...> |