hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Fix the false positives.

Browse Source
This commit is contained in:
Geoffrey White
2025-12-04 17:12:38 +00:00
parent 8594c7a29a
commit 32e9fdfe19
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll
View File

@@ -99,11 +99,17 @@ module AccessAfterLifetime {
// `b` is a child of `a` // `b` is a child of `a`
a = b.getEnclosingBlock*() a = b.getEnclosingBlock*()
or or
// propagate through function calls // propagate through function calls (static target)
exists(CallExprBase ce | exists(CallExprBase ce |
mayEncloseOnStack(a, ce.getEnclosingBlock()) and mayEncloseOnStack(a, ce.getEnclosingBlock()) and
ce.getStaticTarget() = b.getEnclosingCallable() ce.getStaticTarget() = b.getEnclosingCallable()
) )
or
// propagate through function calls (runtime target)
exists(Call c |
mayEncloseOnStack(a, c.getEnclosingBlock()) and
c.getARuntimeTarget() = b.getEnclosingCallable()
)
} }
/** /**

1
rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
View File

@@ -22,7 +22,6 @@
| lifetime.rs:667:14:667:17 | ref1 | lifetime.rs:655:11:655:25 | &raw const str2 | lifetime.rs:667:14:667:17 | ref1 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:651:7:651:10 | str2 | str2 | | lifetime.rs:667:14:667:17 | ref1 | lifetime.rs:655:11:655:25 | &raw const str2 | lifetime.rs:667:14:667:17 | ref1 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:651:7:651:10 | str2 | str2 |
| lifetime.rs:789:12:789:13 | p1 | lifetime.rs:781:9:781:19 | &my_local10 | lifetime.rs:789:12:789:13 | p1 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:779:6:779:15 | my_local10 | my_local10 | | lifetime.rs:789:12:789:13 | p1 | lifetime.rs:781:9:781:19 | &my_local10 | lifetime.rs:789:12:789:13 | p1 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:779:6:779:15 | my_local10 | my_local10 |
| lifetime.rs:808:23:808:25 | ptr | lifetime.rs:798:9:798:12 | &val | lifetime.rs:808:23:808:25 | ptr | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:796:6:796:8 | val | val | | lifetime.rs:808:23:808:25 | ptr | lifetime.rs:798:9:798:12 | &val | lifetime.rs:808:23:808:25 | ptr | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:796:6:796:8 | val | val |
| lifetime.rs:843:12:843:14 | ptr | lifetime.rs:851:12:851:23 | &local_value | lifetime.rs:843:12:843:14 | ptr | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:850:6:850:16 | local_value | local_value |
| main.rs:64:23:64:24 | p2 | main.rs:44:26:44:28 | &b2 | main.rs:64:23:64:24 | p2 | Access of a pointer to $@ after its lifetime has ended. | main.rs:43:13:43:14 | b2 | b2 | | main.rs:64:23:64:24 | p2 | main.rs:44:26:44:28 | &b2 | main.rs:64:23:64:24 | p2 | Access of a pointer to $@ after its lifetime has ended. | main.rs:43:13:43:14 | b2 | b2 |
edges edges
| deallocation.rs:242:6:242:7 | p1 | deallocation.rs:245:14:245:15 | p1 | provenance | | | deallocation.rs:242:6:242:7 | p1 | deallocation.rs:245:14:245:15 | p1 | provenance | |

4
rust/ql/test/query-tests/security/CWE-825/lifetime.rs
View File

@@ -840,7 +840,7 @@ struct MyProcessor {
impl Processor for MyProcessor { impl Processor for MyProcessor {
fn process(ptr: *const i64) -> i64 { fn process(ptr: *const i64) -> i64 {
unsafe { unsafe {
return *ptr; // $ SPURIOUS: Alert[rust/access-after-lifetime-ended]=local_value return *ptr; // good
} }
} }
} }
@@ -848,7 +848,7 @@ impl Processor for MyProcessor {
fn generic_caller<T: Processor>() -> i64 fn generic_caller<T: Processor>() -> i64
{ {
let local_value: i64 = 10; let local_value: i64 = 10;
let ptr = &local_value as *const i64; // $ Source[rust/access-after-lifetime-ended]=local_value let ptr = &local_value as *const i64;
return T::process(ptr); return T::process(ptr);
} }