Add a bit of modelling

Author: aibaars

rust/ql/lib/codeql/rust/Frameworks.qll

@@ -3,5 +3,6 @@
  */
 
 private import codeql.rust.frameworks.rustcrypto.RustCrypto
+private import codeql.rust.frameworks.Poem
 private import codeql.rust.frameworks.Sqlx
 private import codeql.rust.frameworks.stdlib.Clone

rust/ql/lib/codeql/rust/frameworks/Poem.qll

@@ -0,0 +1,20 @@
+/**
+ * Provides modeling for the `Poem` library.
+ */
+
+private import rust
+private import codeql.rust.Concepts
+private import codeql.rust.dataflow.DataFlow
+
+/**
+ * Parameters of a handler function
+ */
+private class PoemHandlerParam extends RemoteSource::Range {
+  PoemHandlerParam() {
+    exists(TupleStructPat param |
+      param.getResolvedPath() = ["crate::web::query::Query", "crate::web::path::Path"]
+    |
+      this.asPat().getPat() = param.getAField()
+    )
+  }
+}

rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml

@@ -0,0 +1,45 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data: []
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sinkModel
+    data:
+      - [
+          "lang:std",
+          "crate::fs::read_to_string",
+          "Argument[0]",
+          "path-injection",
+          "manual",
+        ]
+
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: summaryModel
+    data:
+      - [
+          "lang:std",
+          "<crate::path::PathBuf as crate::convert::From>::from",
+          "Argument[0]",
+          "ReturnValue",
+          "taint",
+          "manual",
+        ]
+      - [
+          "lang:std",
+          "<crate::path::Path>::join",
+          "Argument[self]",
+          "ReturnValue",
+          "taint",
+          "manual",
+        ]
+      - [
+          "lang:std",
+          "<crate::path::Path>::join",
+          "Argument[0]",
+          "ReturnValue",
+          "taint",
+          "manual",
+        ]