Rust: Add example queries #20776
Rust: Add example queries #20776
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds three example CodeQL queries for Rust to help developers learn query writing. The examples demonstrate different query patterns, from simple AST matching to more complex taint tracking scenarios.
- Adds three example queries: empty-if, simple-sql-injection, and simple-constant-password
- Creates a new qlpack structure for Rust examples
- Updates documentation to include links to the new example queries
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| rust/ql/src/change-notes/2025-11-07-example-queries.md | Documents the addition of the three new example queries |
| rust/ql/examples/snippets/empty_if.ql | Example query demonstrating basic AST pattern matching for empty if expressions |
| rust/ql/examples/snippets/simple_sql_injection.ql | Example query demonstrating taint tracking from user input to SQL query construction |
| rust/ql/examples/snippets/simple_constant_password.ql | Example query demonstrating taint tracking from string literals to password parameters |
| rust/ql/examples/qlpack.yml | Configuration file for the new rust-examples qlpack |
| rust/ql/examples/qlpack.lock.yml | Lock file for the rust-examples qlpack dependencies |
| docs/codeql/reusables/rust-further-reading.rst | Adds reference link to the new example queries |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
paldepind
left a comment
paldepind
left a comment
There was a problem hiding this comment.
These examples look great!
| @@ -0,0 +1,4 @@ | |||
| --- | |||
| category: newQuery | |||
There was a problem hiding this comment.
I would've thought newQuery meant a new query meant for running by end users. Though I don't know what other category we could pick, so maybe this is the best option?
There was a problem hiding this comment.
That's the conclusion I came to. It felt more appropriate than minorAnalysis. I guess the main impact of this will be which part of the compiled change notes this part will appear in.
I'm not sure though, I'll request a docs review...
There was a problem hiding this comment.
Thanks for the ping. What are the available categories?
Co-authored-by: Simon Friis Vindum <paldepind@github.com>
geoffw0
added
the
ready-for-doc-review
|
Docs team - this doesn't necessarily need a thorough review, the main content being three example queries targeting Rust that we're happy with. And a link to them from the docs in the same way as we do for other languages. However we do have a question above about the change note that we'd appreciate your thoughts on. |
Co-authored-by: Tom Hvitved <hvitved@github.com>
4 participants
Add example CodeQL queries for Rust, and link them from
rust-further-reading.rst- similarly to how we have in other languages. These should help developers who are trying to write their first Rust queries.