hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Use extended canonical paths to resolve calls in data flow

Browse Source
This commit is contained in:
Tom Hvitved
2024-11-22 10:30:33 +01:00
parent faabc9982e
commit 143d7e2084
2 changed files with 49 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
View File

@@ -399,13 +399,55 @@ module RustDataFlow implements InputSig<Location> {
final class ReturnKind = ReturnKindAlias; final class ReturnKind = ReturnKindAlias;
private import codeql.util.Option
private class CrateOrigin extends string {
CrateOrigin() {
this = [any(Item i).getCrateOrigin(), any(Resolvable r).getResolvedCrateOrigin()]
}
}
private class CrateOriginOption = Option<CrateOrigin>::Option;
pragma[nomagic]
private predicate hasExtendedCanonicalPath(
DataFlowCallable c, CrateOriginOption crate, string path
) {
exists(Item i |
i = c.asCfgScope() and
path = i.getExtendedCanonicalPath()
|
crate.asSome() = i.getCrateOrigin()
or
crate.isNone() and
not i.hasCrateOrigin()
)
}
pragma[nomagic]
private predicate resolvesExtendedCanonicalPath(
DataFlowCall c, CrateOriginOption crate, string path
) {
exists(Resolvable r |
path = r.getResolvedPath() and
(
r = c.asMethodCallExprCfgNode().getExpr()
or
r = c.asCallExprCfgNode().getExpr().(PathExprCfgNode).getPath()
)
|
crate.asSome() = r.getResolvedCrateOrigin()
or
crate.isNone() and
not r.hasResolvedCrateOrigin()
)
}
/** Gets a viable implementation of the target of the given `Call`. */ /** Gets a viable implementation of the target of the given `Call`. */
DataFlowCallable viableCallable(DataFlowCall c) { DataFlowCallable viableCallable(DataFlowCall call) {
exists(Function f, string name | result.asCfgScope() = f and name = f.getName().toString() | exists(string path, CrateOriginOption crate |
if f.getParamList().hasSelfParam() hasExtendedCanonicalPath(result, crate, path) and
then name = c.asMethodCallExprCfgNode().getNameRef().getText() resolvesExtendedCanonicalPath(call, crate, path)
else
name = c.asCallExprCfgNode().getExpr().getExpr().(PathExpr).getPath().getPart().toString()
) )
} }

1
shared/util/codeql/util/Option.qll
View File

@@ -2,6 +2,7 @@
/** A type with `toString`. */ /** A type with `toString`. */
private signature class TypeWithToString { private signature class TypeWithToString {
bindingset[this]
string toString(); string toString();
} }