Rust: Move all summary stats logic into Stats.qll.

2026-04-18 21:44:02 +02:00 · 2025-03-11 17:37:48 +00:00
parent ff2a1ca961
commit 32e2c1912c
2 changed files with 92 additions and 81 deletions
--- a/rust/ql/src/queries/summary/Stats.qll
+++ b/rust/ql/src/queries/summary/Stats.qll
@@ -11,6 +11,9 @@ private import codeql.rust.internal.PathResolutionConsistency as PathResolutionC
 private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency
 private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency
 private import codeql.rust.Concepts
+private import codeql.rust.Diagnostics
+private import codeql.rust.security.SensitiveData
+private import TaintReach
 // import all query extensions files, so that all extensions of `QuerySink` are found
 private import codeql.rust.security.CleartextLoggingExtensions
 private import codeql.rust.security.SqlInjectionExtensions
@@ -72,3 +75,92 @@ int getTaintEdgesCount() {
 * Gets a count of the total number of query sinks in the database.
 */
 int getQuerySinksCount() { result = count(QuerySink s) }
+
+class CrateElement extends Element {
+  CrateElement() {
+    this instanceof Crate or
+    this instanceof NamedCrate or
+    this.(AstNode).getParentNode*() = any(Crate c).getModule()
+  }
+}
+
+/**
+ * Gets summary statistics about individual elements in the database.
+ */
+predicate elementStats(string key, int value) {
+  key = "Elements extracted" and
+  value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement)
+  or
+  key = "Elements unextracted" and value = count(Unextracted e)
+}
+
+/**
+ * Gets summary statistics about extraction.
+ */
+predicate extractionStats(string key, int value) {
+  key = "Extraction errors" and value = count(ExtractionError e)
+  or
+  key = "Extraction warnings" and value = count(ExtractionWarning w)
+  or
+  key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath()))
+  or
+  key = "Files extracted - with errors" and
+  value =
+    count(ExtractedFile f |
+      exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile
+    )
+  or
+  key = "Files extracted - without errors" and
+  value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath()))
+  or
+  key = "Files extracted - without errors %" and
+  value =
+    (count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) * 100) /
+      count(ExtractedFile f | exists(f.getRelativePath()))
+  or
+  key = "Lines of code extracted" and value = getLinesOfCode()
+  or
+  key = "Lines of user code extracted" and value = getLinesOfUserCode()
+  or
+  key = "Macro calls - total" and value = count(MacroCall mc)
+  or
+  key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded())
+  or
+  key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded())
+}
+
+/**
+ * Gets summary statistics about inconsistencies.
+ */
+predicate inconsistencyStats(string key, int value) {
+  key = "Inconsistencies - AST" and value = getTotalAstInconsistencies()
+  or
+  key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies()
+  or
+  key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies()
+  or
+  key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies()
+}
+
+/**
+ * Gets summary statistics about taint.
+ */
+predicate taintStats(string key, int value) {
+  key = "Taint sources - active" and value = count(ActiveThreatModelSource s)
+  or
+  key = "Taint sources - disabled" and
+  value = count(ThreatModelSource s | not s instanceof ActiveThreatModelSource)
+  or
+  key = "Taint sources - sensitive data" and value = count(SensitiveData d)
+  or
+  key = "Taint edges - number of edges" and value = getTaintEdgesCount()
+  or
+  key = "Taint reach - nodes tainted" and value = getTaintedNodesCount()
+  or
+  key = "Taint reach - per million nodes" and value = getTaintReach().floor()
+  or
+  key = "Taint sinks - query sinks" and value = getQuerySinksCount()
+  or
+  key = "Taint sinks - cryptographic operations" and
+  value = count(Cryptography::CryptographicOperation o)
+}
--- a/rust/ql/src/queries/summary/SummaryStats.ql
+++ b/rust/ql/src/queries/summary/SummaryStats.ql
@@ -7,88 +7,7 @@
 */

 import rust
-import codeql.rust.Concepts
-import codeql.rust.security.SensitiveData
-import codeql.rust.Diagnostics
 import Stats
-import TaintReach
-
-class CrateElement extends Element {
-  CrateElement() {
-    this instanceof Crate or
-    this instanceof NamedCrate or
-    this.(AstNode).getParentNode*() = any(Crate c).getModule()
-  }
-}
-
-predicate elementStats(string key, int value) {
-  key = "Elements extracted" and
-  value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement)
-  or
-  key = "Elements unextracted" and value = count(Unextracted e)
-}
-
-predicate extractionStats(string key, int value) {
-  key = "Extraction errors" and value = count(ExtractionError e)
-  or
-  key = "Extraction warnings" and value = count(ExtractionWarning w)
-  or
-  key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath()))
-  or
-  key = "Files extracted - with errors" and
-  value =
-    count(ExtractedFile f |
-      exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile
-    )
-  or
-  key = "Files extracted - without errors" and
-  value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath()))
-  or
-  key = "Files extracted - without errors %" and
-  value =
-    (count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) * 100) /
-      count(ExtractedFile f | exists(f.getRelativePath()))
-  or
-  key = "Lines of code extracted" and value = getLinesOfCode()
-  or
-  key = "Lines of user code extracted" and value = getLinesOfUserCode()
-  or
-  key = "Macro calls - total" and value = count(MacroCall mc)
-  or
-  key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded())
-  or
-  key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded())
-}
-
-predicate inconsistencyStats(string key, int value) {
-  key = "Inconsistencies - AST" and value = getTotalAstInconsistencies()
-  or
-  key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies()
-  or
-  key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies()
-  or
-  key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies()
-}
-
-predicate taintStats(string key, int value) {
-  key = "Taint sources - active" and value = count(ActiveThreatModelSource s)
-  or
-  key = "Taint sources - disabled" and
-  value = count(ThreatModelSource s | not s instanceof ActiveThreatModelSource)
-  or
-  key = "Taint sources - sensitive data" and value = count(SensitiveData d)
-  or
-  key = "Taint edges - number of edges" and value = getTaintEdgesCount()
-  or
-  key = "Taint reach - nodes tainted" and value = getTaintedNodesCount()
-  or
-  key = "Taint reach - per million nodes" and value = getTaintReach().floor()
-  or
-  key = "Taint sinks - query sinks" and value = getQuerySinksCount()
-  or
-  key = "Taint sinks - cryptographic operations" and
-  value = count(Cryptography::CryptographicOperation o)
-}

 from string key, int value
 where