From d828941b7c026df222df78f02832b44e9613bad3 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Wed, 20 Nov 2024 22:37:46 +0000
Subject: [PATCH] Rust: Address review comments.

---
 rust/ql/src/queries/security/CWE-089/SqlInjection.ql    | 3 ---
 rust/ql/src/queries/security/CWE-089/SqlInjectionBad.rs | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
index c8db4569e599..cf1ea5534aa6 100644
--- a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
+++ b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
@@ -27,9 +27,6 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof SqlInjection::Barrier }
 }
 
-/**
- * Detect taint flow of tainted data that reaches a SQL sink.
- */
 module SqlInjectionFlow = TaintTracking::Global<SqlInjectionConfig>;
 
 from SqlInjectionFlow::PathNode sourceNode, SqlInjectionFlow::PathNode sinkNode
diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjectionBad.rs b/rust/ql/src/queries/security/CWE-089/SqlInjectionBad.rs
index cd0086b7eb27..4184399a4f18 100644
--- a/rust/ql/src/queries/security/CWE-089/SqlInjectionBad.rs
+++ b/rust/ql/src/queries/security/CWE-089/SqlInjectionBad.rs
@@ -4,4 +4,4 @@ let unsafe_query = format!("SELECT * FROM people WHERE firstname='{remote_contro
 
 let _ = conn.execute(unsafe_query.as_str()).await?; // BAD (arbitrary SQL injection is possible)
 
-let _ = sqlx::query(unsafe_query.as_str()).fetch_all(&mut conn).await?; // $ BAD (arbitrary SQL injection is possible)
+let _ = sqlx::query(unsafe_query.as_str()).fetch_all(&mut conn).await?; // BAD (arbitrary SQL injection is possible)