Rust: Path resolution for extern crates

2025-12-17 01:03:14 +01:00 · 2025-05-28 17:14:23 +02:00
parent 4fb4bfd6cf
commit 721ffb11cf
16 changed files with 1040 additions and 529 deletions
--- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll
+++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll
@@ -127,12 +127,25 @@ abstract class ItemNode extends Locatable {
    or
    crateDependencyEdge(this, name, result)
    or
+    externCrateEdge(this, name, result)
+    or
    // items made available through `use` are available to nodes that contain the `use`
    exists(UseItemNode use |
      use = this.getASuccessorRec(_) and
      result = use.(ItemNode).getASuccessorRec(name)
    )
    or
+    exists(ExternCrateItemNode ec | result = ec.(ItemNode).getASuccessorRec(name) |
+      ec = this.getASuccessorRec(_)
+      or
+      // if the extern crate appears in the crate root, then the crate name is also added
+      // to the 'extern prelude', see https://doc.rust-lang.org/reference/items/extern-crates.html
+      exists(Crate c |
+        ec = c.getSourceFile().(ItemNode).getASuccessorRec(_) and
+        this = c.getASourceFile()
+      )
+    )
+    or
    // items made available through macro calls are available to nodes that contain the macro call
    exists(MacroCallItemNode call |
      call = this.getASuccessorRec(_) and
@@ -353,16 +366,30 @@ class CrateItemNode extends ItemNode instanceof Crate {

  override predicate providesCanonicalPathPrefixFor(Crate c, ItemNode child) {
    this.hasCanonicalPath(c) and
-    exists(ModuleLikeNode m |
-      child.getImmediateParent() = m and
-      not m = child.(SourceFileItemNode).getSuper() and
-      m = super.getSourceFile()
+    exists(SourceFileItemNode file |
+      child.getImmediateParent() = file and
+      not file = child.(SourceFileItemNode).getSuper() and
+      file = super.getSourceFile()
    )
  }

  override string getCanonicalPath(Crate c) { c = this and result = Crate.super.getName() }
 }

+class ExternCrateItemNode extends ItemNode instanceof ExternCrate {
+  override string getName() { result = super.getRename().getName().getText() }
+
+  override Namespace getNamespace() { none() }
+
+  override Visibility getVisibility() { none() }
+
+  override TypeParam getTypeParam(int i) { none() }
+
+  override predicate hasCanonicalPath(Crate c) { none() }
+
+  override string getCanonicalPath(Crate c) { none() }
+}
+
 /** An item that can occur in a trait or an `impl` block. */
 abstract private class AssocItemNode extends ItemNode, AssocItem {
  /** Holds if this associated item has an implementation. */
@@ -793,6 +820,10 @@ class TypeAliasItemNode extends AssocItemNode instanceof TypeAlias {
  override Visibility getVisibility() { result = TypeAlias.super.getVisibility() }

  override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) }
+
+  override predicate hasCanonicalPath(Crate c) { none() }
+
+  override string getCanonicalPath(Crate c) { none() }
 }

 private class UnionItemNode extends ItemNode instanceof Union {
@@ -1063,12 +1094,12 @@ private predicate crateDefEdge(CrateItemNode c, string name, ItemNode i) {
 }

 /**
- * Holds if `m` depends on crate `dep` named `name`.
+ * Holds if `file` depends on crate `dep` named `name`.
 */
-private predicate crateDependencyEdge(ModuleLikeNode m, string name, CrateItemNode dep) {
+private predicate crateDependencyEdge(SourceFileItemNode file, string name, CrateItemNode dep) {
  exists(CrateItemNode c |
    dep = c.(Crate).getDependency(name) and
-    m = c.getASourceFile()
+    file = c.getASourceFile()
  )
 }

@@ -1404,6 +1435,22 @@ private predicate useImportEdge(Use use, string name, ItemNode item) {
  )
 }

+/** Holds if `ec` imports `crate` as `name`. */
+pragma[nomagic]
+private predicate externCrateEdge(ExternCrateItemNode ec, string name, CrateItemNode crate) {
+  name = ec.getName() and
+  exists(SourceFile f, string s |
+    ec.getFile() = f.getFile() and
+    s = ec.(ExternCrate).getIdentifier().getText()
+  |
+    crateDependencyEdge(f, s, crate)
+    or
+    // `extern crate` is used to import the current crate
+    s = "self" and
+    ec.getFile() = crate.getASourceFile().getFile()
+  )
+}
+
 /**
 * Holds if `i` is available inside `f` because it is reexported in
 * [the `core` prelude][1] or [the `std` prelude][2].
--- a/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected
@@ -1,3 +1,64 @@
+multiplePathResolutions
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:112:62:112:73 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:119:58:119:69 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
+| test.rs:775:50:775:61 | ...::from | file://:0:0:0:0 | fn from |
 multipleCanonicalPaths
 | file://:0:0:0:0 | fn to_ordering | file://:0:0:0:0 | Crate(typenum@1.18.0) | <typenum::Equal as core::cmp::Ord>::to_ordering |
 | file://:0:0:0:0 | fn to_ordering | file://:0:0:0:0 | Crate(typenum@1.18.0) | <typenum::Equal as typenum::marker_traits::Ord>::to_ordering |
--- a/rust/ql/test/library-tests/dataflow/strings/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/library-tests/dataflow/strings/CONSISTENCY/PathResolutionConsistency.expected
@@ -0,0 +1,7 @@
+multiplePathResolutions
+| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:52:11:52:22 | ...::from | file://:0:0:0:0 | fn from |
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -22,8 +22,10 @@ edges
 | main.rs:57:11:57:26 | source_slice(...) | main.rs:57:6:57:7 | s1 | provenance |  |
 | main.rs:58:6:58:7 | s2 | main.rs:59:7:59:8 | s2 | provenance |  |
 | main.rs:58:11:58:24 | s1.to_string() | main.rs:58:6:58:7 | s2 | provenance |  |
+| main.rs:63:9:63:9 | s | main.rs:64:16:64:16 | s | provenance |  |
 | main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:3 |
 | main.rs:63:13:63:22 | source(...) | main.rs:63:9:63:9 | s | provenance |  |
+| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:3 |
 | main.rs:68:9:68:9 | s | main.rs:70:34:70:61 | MacroExpr | provenance |  |
 | main.rs:68:9:68:9 | s | main.rs:73:34:73:59 | MacroExpr | provenance |  |
 | main.rs:68:13:68:22 | source(...) | main.rs:68:9:68:9 | s | provenance |  |
@@ -75,6 +77,7 @@ nodes
 | main.rs:59:7:59:8 | s2 | semmle.label | s2 |
 | main.rs:63:9:63:9 | s | semmle.label | s |
 | main.rs:63:13:63:22 | source(...) | semmle.label | source(...) |
+| main.rs:64:16:64:16 | s | semmle.label | s |
 | main.rs:64:16:64:25 | s.as_str() | semmle.label | s.as_str() |
 | main.rs:68:9:68:9 | s | semmle.label | s |
 | main.rs:68:13:68:22 | source(...) | semmle.label | source(...) |
--- a/rust/ql/test/library-tests/path-resolution/my.rs
+++ b/rust/ql/test/library-tests/path-resolution/my.rs
@@ -21,7 +21,7 @@ type Result<
    T, // T
 > = ::std::result::Result<
    T, // $ item=T
-    String,> // $ item=Result
+    String,> // $ item=Result $ item=String
 ; // my::Result

 fn int_div(
--- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected
+++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected
@@ -145,6 +145,13 @@ resolvePath
 | main.rs:278:16:278:16 | T | main.rs:272:7:272:7 | T |
 | main.rs:279:14:279:17 | Self | main.rs:270:5:280:5 | trait MyParamTrait |
 | main.rs:279:14:279:33 | ...::AssociatedType | main.rs:274:9:274:28 | type AssociatedType |
+| main.rs:288:13:288:16 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) |
+| main.rs:288:13:288:21 | ...::m13 | main.rs:283:1:296:1 | mod m13 |
+| main.rs:288:13:288:24 | ...::f | main.rs:284:5:284:17 | fn f |
+| main.rs:288:13:288:24 | ...::f | main.rs:284:19:285:19 | struct f |
+| main.rs:291:17:291:17 | f | main.rs:284:19:285:19 | struct f |
+| main.rs:292:21:292:21 | f | main.rs:284:19:285:19 | struct f |
+| main.rs:293:13:293:13 | f | main.rs:284:5:284:17 | fn f |
 | main.rs:307:9:307:14 | Trait1 | main.rs:299:5:303:5 | trait Trait1 |
 | main.rs:310:13:310:16 | Self | main.rs:305:5:313:5 | trait Trait2 |
 | main.rs:310:13:310:19 | ...::g | main.rs:302:9:302:20 | fn g |
@@ -318,6 +325,8 @@ resolvePath
 | main.rs:653:5:653:10 | ...::f | main.rs:547:5:551:5 | fn f |
 | main.rs:654:5:654:7 | m24 | main.rs:554:1:622:1 | mod m24 |
 | main.rs:654:5:654:10 | ...::f | main.rs:608:5:621:5 | fn f |
+| main.rs:655:5:655:8 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) |
+| main.rs:655:5:655:11 | ...::h | main.rs:50:1:69:1 | fn h |
 | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 |
 | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 |
 | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 |
@@ -347,6 +356,7 @@ resolvePath
 | my.rs:22:5:22:17 | ...::result | {EXTERNAL LOCATION} | mod result |
 | my.rs:22:5:24:12 | ...::Result::<...> | {EXTERNAL LOCATION} | enum Result |
 | my.rs:23:5:23:5 | T | my.rs:21:5:21:5 | T |
+| my.rs:24:5:24:10 | String | {EXTERNAL LOCATION} | struct String |
 | my.rs:28:8:28:10 | i32 | {EXTERNAL LOCATION} | struct i32 |
 | my.rs:29:8:29:10 | i32 | {EXTERNAL LOCATION} | struct i32 |
 | my.rs:30:6:30:16 | Result::<...> | my.rs:18:34:25:1 | type Result<...> |
@@ -360,9 +370,3 @@ resolvePath
 | my/nested.rs:21:5:21:20 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 |
 | my/nested.rs:21:5:21:23 | ...::f | my/nested.rs:3:9:5:9 | fn f |
 testFailures
-| main.rs:288:27:288:48 | //... | Missing result: item=I71 |
-| main.rs:288:27:288:48 | //... | Missing result: item=I72 |
-| main.rs:291:22:291:34 | //... | Missing result: item=I72 |
-| main.rs:292:27:292:39 | //... | Missing result: item=I72 |
-| main.rs:293:18:293:30 | //... | Missing result: item=I71 |
-| main.rs:655:16:655:28 | //... | Missing result: item=I25 |
--- a/rust/ql/test/library-tests/variables/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/library-tests/variables/CONSISTENCY/PathResolutionConsistency.expected
@@ -7,3 +7,16 @@ multipleMethodCallTargets
 | main.rs:459:9:459:23 | z.add_assign(...) | file://:0:0:0:0 | fn add_assign |
 | main.rs:459:9:459:23 | z.add_assign(...) | file://:0:0:0:0 | fn add_assign |
 | main.rs:459:9:459:23 | z.add_assign(...) | file://:0:0:0:0 | fn add_assign |
+multiplePathResolutions
+| main.rs:85:19:85:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:85:19:85:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:85:19:85:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:85:19:85:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:85:19:85:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:85:19:85:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:102:19:102:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:102:19:102:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:102:19:102:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:102:19:102:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:102:19:102:30 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:102:19:102:30 | ...::from | file://:0:0:0:0 | fn from |
--- a/rust/ql/test/query-tests/diagnostics/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/query-tests/diagnostics/CONSISTENCY/PathResolutionConsistency.expected
@@ -0,0 +1,7 @@
+multiplePathResolutions
+| my_struct.rs:25:19:25:30 | ...::from | file://:0:0:0:0 | fn from |
+| my_struct.rs:25:19:25:30 | ...::from | file://:0:0:0:0 | fn from |
+| my_struct.rs:25:19:25:30 | ...::from | file://:0:0:0:0 | fn from |
+| my_struct.rs:25:19:25:30 | ...::from | file://:0:0:0:0 | fn from |
+| my_struct.rs:25:19:25:30 | ...::from | file://:0:0:0:0 | fn from |
+| my_struct.rs:25:19:25:30 | ...::from | file://:0:0:0:0 | fn from |
--- a/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected
+++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected
@@ -6,7 +6,7 @@
 | Files extracted - without errors % | 57 |
 | Inconsistencies - AST | 0 |
 | Inconsistencies - CFG | 0 |
-| Inconsistencies - Path resolution | 0 |
+| Inconsistencies - Path resolution | 1 |
 | Inconsistencies - SSA | 0 |
 | Inconsistencies - data flow | 0 |
 | Lines of code extracted | 60 |
--- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected
@@ -1,3 +1,274 @@
+multiplePathResolutions
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:46:24:46:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:47:56:47:67 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:48:97:48:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:50:24:50:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:51:24:51:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:55:26:55:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:61:28:61:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:99:24:99:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:100:97:100:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:101:24:101:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:102:26:102:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:103:28:103:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:172:24:172:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:173:97:173:108 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:174:24:174:35 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:175:26:175:37 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:176:28:176:39 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
+| sqlx.rs:202:57:202:68 | ...::from | file://:0:0:0:0 | fn from |
 multipleCanonicalPaths
 | file://:0:0:0:0 | fn encode | file://:0:0:0:0 | Crate(core@0.0.0) | <core::option::Option as der::encode::Encode>::encode |
 | file://:0:0:0:0 | fn encode | file://:0:0:0:0 | Crate(core@0.0.0) | <core::option::Option as sqlx_core::encode::Encode>::encode |
--- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/TypeInferenceConsistency.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/TypeInferenceConsistency.expected
@@ -1,3 +0,0 @@
-illFormedTypeMention
-| sqlx.rs:158:13:158:81 | ...::BoxDynError |
-| sqlx.rs:160:17:160:86 | ...::BoxDynError |
--- a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected
+++ b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected
--- a/rust/ql/test/query-tests/security/CWE-312/test_logging.rs
+++ b/rust/ql/test/query-tests/security/CWE-312/test_logging.rs
@@ -1,8 +1,7 @@
-
-use log::{debug, error, info, trace, warn, log, Level};
-use std::io::Write as _;
-use std::fmt::Write as _;
+use log::{debug, error, info, log, trace, warn, Level};
 use log_err::{LogErrOption, LogErrResult};
+use std::fmt::Write as _;
+use std::io::Write as _;

 // --- tests ---

@@ -134,14 +133,20 @@ fn test_log(harmless: String, password: String, encrypted_password: String) {
    trace!("message = {:#?}", t1); // $ MISSING: Alert[rust/cleartext-logging]=t1

    // logging from a struct
-    let s1 = MyStruct1 { harmless: "foo".to_string(), password: "123456".to_string() }; // $ MISSING: Source=s1
+    let s1 = MyStruct1 {
+        harmless: "foo".to_string(),
+        password: "123456".to_string(), // $ MISSING: Source=s1
+    };
    warn!("message = {}", s1.harmless);
    warn!("message = {}", s1.password); // $ Alert[rust/cleartext-logging]
    warn!("message = {}", s1); // $ MISSING: Alert[rust/cleartext-logging]=s1
    warn!("message = {:?}", s1); // $ MISSING: Alert[rust/cleartext-logging]=s1
    warn!("message = {:#?}", s1); // $ MISSING: Alert[rust/cleartext-logging]=s1

-    let s2 = MyStruct2 { harmless: "foo".to_string(), password: "123456".to_string() }; // $ MISSING: Source=s2
+    let s2 = MyStruct2 {
+        harmless: "foo".to_string(),
+        password: "123456".to_string(), // $ MISSING: Source=s2
+    };
    warn!("message = {}", s2.harmless);
    warn!("message = {}", s2.password); // $ Alert[rust/cleartext-logging]
    warn!("message = {}", s2); // (this implementation does not output the password field)
@@ -175,8 +180,8 @@ fn test_log(harmless: String, password: String, encrypted_password: String) {
    let _ = err_result.log_expect(&format!("Failed with password: {}", password2)); // $ Alert[rust/cleartext-logging]

    // test `log_expect` with sensitive `Result.Err`
-    let err_result2: Result<String, String> = Err(password2.clone());
-    let _ = err_result2.log_expect(""); // $ MISSING: Alert[rust/cleartext-logging]
+    let err_result2: Result<String, String> = Err(password2.clone()); // $ Source=s3
+    let _ = err_result2.log_expect(""); // $ Alert[rust/cleartext-logging]=s3

    // test `log_unwrap` with sensitive `Result.Err`
    let err_result3: Result<String, String> = Err(password2); // $ Source=err_result3
@@ -190,24 +195,54 @@ fn test_std(password: String, i: i32, opt_i: Option<i32>) {
    eprintln!("message = {}", password); // $ Alert[rust/cleartext-logging]

    match i {
-        1 => { panic!("message = {}", password); } // $ Alert[rust/cleartext-logging]
-        2 => { todo!("message = {}", password); } // $ Alert[rust/cleartext-logging]
-        3 => { unimplemented!("message = {}", password); } // $ Alert[rust/cleartext-logging]
-        4 => { unreachable!("message = {}", password); } // $ Alert[rust/cleartext-logging]
-        5 => { assert!(false, "message = {}", password); } // $ Alert[rust/cleartext-logging]
-        6 => { assert_eq!(1, 2, "message = {}", password); } // $ Alert[rust/cleartext-logging]
-        7 => { assert_ne!(1, 1, "message = {}", password); } // $ Alert[rust/cleartext-logging]
-        8 => { debug_assert!(false, "message = {}", password); } // $ Alert[rust/cleartext-logging]
-        9 => { debug_assert_eq!(1, 2, "message = {}", password); } // $ Alert[rust/cleartext-logging]
-        10 => { debug_assert_ne!(1, 1, "message = {}", password); } // $ Alert[rust/cleartext-logging]
-        11 => { _ = opt_i.expect(format!("message = {}", password).as_str()); } // $ Alert[rust/cleartext-logging]
+        1 => {
+            panic!("message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        2 => {
+            todo!("message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        3 => {
+            unimplemented!("message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        4 => {
+            unreachable!("message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        5 => {
+            assert!(false, "message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        6 => {
+            assert_eq!(1, 2, "message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        7 => {
+            assert_ne!(1, 1, "message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        8 => {
+            debug_assert!(false, "message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        9 => {
+            debug_assert_eq!(1, 2, "message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        10 => {
+            debug_assert_ne!(1, 1, "message = {}", password); // $ Alert[rust/cleartext-logging]
+        }
+        11 => {
+            _ = opt_i.expect(format!("message = {}", password).as_str()); // $ Alert[rust/cleartext-logging]
+        }
        _ => {}
    }

-    std::io::stdout().lock().write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
-    std::io::stderr().lock().write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
-    std::io::stdout().lock().write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
-    std::io::stdout().lock().write_all(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
+    std::io::stdout()
+        .lock()
+        .write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
+    std::io::stderr()
+        .lock()
+        .write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
+    std::io::stdout()
+        .lock()
+        .write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
+    std::io::stdout()
+        .lock()
+        .write_all(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]

    let mut out = std::io::stdout().lock();
    out.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
@@ -219,6 +254,10 @@ fn test_std(password: String, i: i32, opt_i: Option<i32>) {
 fn main() {
    simple_logger::SimpleLogger::new().init().unwrap();

-    test_log("harmless".to_string(), "123456".to_string(), "[encrypted]".to_string());
+    test_log(
+        "harmless".to_string(),
+        "123456".to_string(),
+        "[encrypted]".to_string(),
+    );
    test_std("123456".to_string(), 0, None);
 }
--- a/rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected
@@ -13,3 +13,7 @@ multiplePathResolutions
 | main.rs:223:13:223:16 | libc | file://:0:0:0:0 | Crate(libc@0.2.172) |
 | main.rs:224:13:224:16 | libc | file://:0:0:0:0 | Crate(libc@0.2.172) |
 | main.rs:224:13:224:16 | libc | file://:0:0:0:0 | Crate(libc@0.2.172) |
+| main.rs:229:13:229:37 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |
+| main.rs:229:13:229:37 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |
+| main.rs:233:18:233:42 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |
+| main.rs:233:18:233:42 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |
--- a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/PathResolutionConsistency.expected
@@ -9,3 +9,17 @@ multiplePathResolutions
 | deallocation.rs:112:3:112:12 | ...::free | file://:0:0:0:0 | fn free |
 | deallocation.rs:112:29:112:32 | libc | file://:0:0:0:0 | Crate(libc@0.2.171) |
 | deallocation.rs:112:29:112:32 | libc | file://:0:0:0:0 | Crate(libc@0.2.172) |
+| deallocation.rs:260:11:260:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:260:11:260:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:260:11:260:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:260:11:260:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:260:11:260:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:260:11:260:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:261:11:261:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:261:11:261:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:261:11:261:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:261:11:261:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:261:11:261:22 | ...::from | file://:0:0:0:0 | fn from |
+| deallocation.rs:261:11:261:22 | ...::from | file://:0:0:0:0 | fn from |
+| lifetime.rs:415:32:415:49 | ...::clone | file://:0:0:0:0 | fn clone |
+| lifetime.rs:415:32:415:49 | ...::clone | file://:0:0:0:0 | fn clone |
--- a/rust/ql/test/query-tests/unusedentities/CONSISTENCY/PathResolutionConsistency.expected
+++ b/rust/ql/test/query-tests/unusedentities/CONSISTENCY/PathResolutionConsistency.expected
@@ -0,0 +1,31 @@
+multiplePathResolutions
+| main.rs:13:13:13:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:13:13:13:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:13:13:13:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:13:13:13:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:13:13:13:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:13:13:13:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:14:13:14:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:14:13:14:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:14:13:14:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:14:13:14:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:14:13:14:24 | ...::from | file://:0:0:0:0 | fn from |
+| main.rs:14:13:14:24 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:165:20:165:31 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:165:20:165:31 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:165:20:165:31 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:165:20:165:31 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:165:20:165:31 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:165:20:165:31 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:171:9:171:17 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:171:9:171:17 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:171:9:171:17 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:171:9:171:17 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:171:9:171:17 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:171:9:171:17 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:177:9:177:26 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:177:9:177:26 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:177:9:177:26 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:177:9:177:26 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:177:9:177:26 | ...::from | file://:0:0:0:0 | fn from |
+| unreachable.rs:177:9:177:26 | ...::from | file://:0:0:0:0 | fn from |