hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into nickrolfe/overlay-deleted-files

Browse Source
This commit is contained in:
Arthur Baars
2025-07-04 16:19:59 +02:00
committed by GitHub
parent d8574a6919 5c9a401806
commit 84e5f2846b
42 changed files with 20852 additions and 2408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cpp/bulk_generation_targets.yml
View File

@@ -2,6 +2,9 @@ language: cpp
strategy: dca
destination: cpp/ql/lib/ext/generated
targets:
- name: glibc
with-sinks: false
with-sources: false
- name: zlib
with-sinks: false
with-sources: false

5494
cpp/ql/lib/ext/generated/glibc/glibc.model.yml Normal file
View File

File diff suppressed because it is too large Load Diff

4
cpp/ql/src/change-notes/2025-07-04-create-thread.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added flow models for the GNU C Library.

11
cpp/ql/test/library-tests/dataflow/asExpr/test.cpp
View File

@@ -37,4 +37,13 @@ void test_aggregate_literal() {
int xs[] = {1, 2, 3}; // $ asExpr=1 asExpr=2 asExpr=3 asExpr={...}
const int ys[] = {[0] = 4, [1] = 5, [0] = 6}; // $ asExpr=4 asExpr=5 asExpr=6 asExpr={...}
}
}
void test_postfix_crement(int *p, int q) {
p++; // $ asExpr="... ++" asIndirectExpr="... ++" asExpr=p asIndirectExpr=p
q++; // $ asExpr="... ++" asExpr=q
(void)(p++); // $ numberOfNodes="... ++: 2" asExpr="... ++" numberOfIndirectNodes="... ++: 2" asIndirectExpr="... ++" MISSING: asExpr=p asIndirectExpr=p
(void)(q++); // $ numberOfNodes="... ++: 2" asExpr="... ++" MISSING: asExpr=q
int *p1 = p++; // $ asExpr="... ++" asIndirectExpr="... ++" asExpr="p(... ++)" asIndirectExpr="p(*... ++)"
int q1 = q++; // $ asExpr="... ++" asExpr="q(... ++)"
}

918
cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
View File

File diff suppressed because it is too large Load Diff

11529
cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
View File

File diff suppressed because it is too large Load Diff

202
docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.1.rst Normal file
View File

@@ -0,0 +1,202 @@
.. _codeql-cli-2.22.1:
==========================
CodeQL 2.22.1 (2025-06-26)
==========================
.. contents:: Contents
:depth: 2
:local:
:backlinks: none
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
Security Coverage
-----------------
CodeQL 2.22.1 runs a total of 449 security queries when configured with the Default suite (covering 165 CWE). The Extended suite enables an additional 129 queries (covering 33 more CWE).
CodeQL CLI
----------
New Features
~~~~~~~~~~~~
* Rust language support is now in public preview.
Miscellaneous
~~~~~~~~~~~~~
* The version of :code:`jgit` used by the CodeQL CLI has been updated to :code:`6.10.1.202505221210-r`.
Query Packs
-----------
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
C/C++
"""""
* Added flow model for the following libraries: :code:`madler/zlib`, :code:`google/brotli`, :code:`libidn/libidn2`, :code:`libssh2/libssh2/`, :code:`nghttp2/nghttp2`, :code:`libuv/libuv/`, and :code:`curl/curl`. This may result in more alerts when running queries on codebases that use these libraries.
C#
""
* The queries :code:`cs/dereferenced-value-is-always-null` and :code:`cs/dereferenced-value-may-be-null` have been improved to reduce false positives. The queries no longer assume that expressions are dereferenced when passed as the receiver (:code:`this` parameter) to extension methods where that parameter is a nullable type.
JavaScript/TypeScript
"""""""""""""""""""""
* The :code:`js/loop-iteration-skipped-due-to-shifting` query now has the :code:`reliability` tag.
* Fixed false positives in the :code:`js/loop-iteration-skipped-due-to-shifting` query when the return value of :code:`splice` is used to decide whether to adjust the loop counter.
* Fixed false positives in the :code:`js/template-syntax-in-string-literal` query where template syntax in string concatenation and "manual string interpolation" patterns were incorrectly flagged.
* The :code:`js/useless-expression` query now correctly flags only the innermost expressions with no effect, avoiding duplicate alerts on compound expressions.
Python
""""""
* The :code:`py/iter-returns-non-self` query has been modernized, and no longer alerts for certain cases where an equivalent iterator is returned.
New Queries
~~~~~~~~~~~
Rust
""""
* Initial public preview release.
Query Metadata Changes
~~~~~~~~~~~~~~~~~~~~~~
C#
""
* Query metadata tags have been systematically updated for many C# queries. Primary categorization as either :code:`reliability` or :code:`maintainability`, and relevant sub-category tags such as :code:`readability`, :code:`useless-code`, :code:`complexity`, :code:`performance`, :code:`correctness`, :code:`error-handling`, and :code:`concurrency`. Aligns with the established `Query file metadata and alert message style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags>`__.
* Adjusts the :code:`@security-severity` from 9.3 to 7.3 for :code:`cs/uncontrolled-format-string` to align :code:`CWE-134` severity for memory safe languages to better reflect their impact.
Golang
""""""
* The tag :code:`quality` has been added to multiple Go quality queries for consistency. They have all been given a tag for one of the two top-level categories :code:`reliability` or :code:`maintainability`, and a tag for a sub-category. See `Query file metadata and alert message style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags>`__ for more information about these categories.
* The tag :code:`external/cwe/cwe-129` has been added to :code:`go/constant-length-comparison`.
* The tag :code:`external/cwe/cwe-193` has been added to :code:`go/index-out-of-bounds`.
* The tag :code:`external/cwe/cwe-197` has been added to :code:`go/shift-out-of-range`.
* The tag :code:`external/cwe/cwe-248` has been added to :code:`go/redundant-recover`.
* The tag :code:`external/cwe/cwe-252` has been added to :code:`go/missing-error-check` and :code:`go/unhandled-writable-file-close`.
* The tag :code:`external/cwe/cwe-480` has been added to :code:`go/mistyped-exponentiation`.
* The tag :code:`external/cwe/cwe-570` has been added to :code:`go/impossible-interface-nil-check` and :code:`go/comparison-of-identical-expressions`.
* The tag :code:`external/cwe/cwe-571` has been added to :code:`go/negative-length-check` and :code:`go/comparison-of-identical-expressions`.
* The tag :code:`external/cwe/cwe-783` has been added to :code:`go/whitespace-contradicts-precedence`.
* The tag :code:`external/cwe/cwe-835` has been added to :code:`go/inconsistent-loop-direction`.
* The tag :code:`error-handling` has been added to :code:`go/missing-error-check`, :code:`go/unhandled-writable-file-close`, and :code:`go/unexpected-nil-value`.
* The tag :code:`useless-code` has been added to :code:`go/useless-assignment-to-field`, :code:`go/useless-assignment-to-local`, :code:`go/useless-expression`, and :code:`go/unreachable-statement`.
* The tag :code:`logic` has been removed from :code:`go/index-out-of-bounds` and :code:`go/unexpected-nil-value`.
* The tags :code:`call` and :code:`defer` have been removed from :code:`go/unhandled-writable-file-close`.
* The tags :code:`correctness` and :code:`quality` have been reordered in :code:`go/missing-error-check` and :code:`go/unhandled-writable-file-close`.
* The tag :code:`maintainability` has been changed to :code:`reliability` for :code:`go/unhandled-writable-file-close`.
* The tag order has been standardized to have :code:`quality` first, followed by the top-level category (:code:`reliability` or :code:`maintainability`), then sub-category tags, and finally CWE tags.
* The description text has been updated in :code:`go/whitespace-contradicts-precedence` to change "may even indicate" to "may indicate".
Java/Kotlin
"""""""""""
* The tag :code:`quality` has been added to multiple Java quality queries for consistency. They have all been given a tag for one of the two top-level categories :code:`reliability` or :code:`maintainability`, and a tag for a sub-category. See `Query file metadata and alert message style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags>`__ for more information about these categories.
* The tag :code:`external/cwe/cwe-571` has been added to :code:`java/equals-on-unrelated-types`.
* The tag :code:`readability` has been added to :code:`java/missing-override-annotation`, :code:`java/deprecated-call`, :code:`java/inconsistent-javadoc-throws`, :code:`java/unknown-javadoc-parameter`, :code:`java/jdk-internal-api-access`, :code:`java/underscore-identifier`, :code:`java/misleading-indentation`, :code:`java/inefficient-empty-string-test`, :code:`java/non-static-nested-class`, :code:`inefficient-string-constructor`, and :code:`java/constants-only-interface`.
* The tag :code:`useless-code` has been added to :code:`java/useless-type-test`, and :code:`java/useless-tostring-call`.
* The tag :code:`complexity` has been added to :code:`java/chained-type-tests`, and :code:`java/abstract-to-concrete-cast`.
* The tag :code:`error-handling` has been added to :code:`java/ignored-error-status-of-call`, and :code:`java/uncaught-number-format-exception`.
* The tag :code:`correctness` has been added to :code:`java/evaluation-to-constant`, :code:`java/whitespace-contradicts-precedence`, :code:`java/empty-container`, :code:`java/string-buffer-char-init`, :code:`java/call-to-object-tostring`, :code:`java/print-array` and :code:`java/internal-representation-exposure`.
* The tag :code:`performance` has been added to :code:`java/input-resource-leak`, :code:`java/database-resource-leak`, :code:`java/output-resource-leak`, :code:`java/inefficient-key-set-iterator`, :code:`java/inefficient-output-stream`, and :code:`java/inefficient-boxed-constructor`.
* The tag :code:`correctness` has been removed from :code:`java/call-to-thread-run`, :code:`java/unsafe-double-checked-locking`, :code:`java/unsafe-double-checked-locking-init-order`, :code:`java/non-sync-override`, :code:`java/sync-on-boxed-types`, :code:`java/unsynchronized-getter`, :code:`java/input-resource-leak`, :code:`java/output-resource-leak`, :code:`java/database-resource-leak`, and :code:`java/ignored-error-status-of-call`.
* The tags :code:`maintainability` has been removed from :code:`java/string-buffer-char-init`, :code:`java/inefficient-key-set-iterator`, :code:`java/inefficient-boxed-constructor`, and :code:`java/internal-representation-exposure`.
* The tags :code:`reliability` has been removed from :code:`java/subtle-inherited-call`, :code:`java/print-array`, and :code:`java/call-to-object-tostring`.
* The tags :code:`maintainability` and :code:`useless-code` have been removed from :code:`java/evaluation-to-constant`.
* The tags :code:`maintainability` and :code:`readability` have been removed from :code:`java/whitespace-contradicts-precedence`.
* The tags :code:`maintainability` and :code:`useless-code` have been removed from :code:`java/empty-container`.
* Adjusts the :code:`@precision` from high to medium for :code:`java/concatenated-command-line` because it is producing false positive alerts when the concatenated strings are hard-coded.
* Adjusts the :code:`@security-severity` from 9.3 to 7.3 for :code:`java/tainted-format-string` to align :code:`CWE-134` severity for memory safe languages to better reflect their impact.
JavaScript/TypeScript
"""""""""""""""""""""
* The :code:`quality` tag has been added to multiple JavaScript quality queries, with tags for :code:`reliability` or :code:`maintainability` categories and their sub-categories. See `Query file metadata and alert message style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags>`__ for more information about these categories.
* Added :code:`reliability` tag to the :code:`js/suspicious-method-name-declaration` query.
* Added :code:`reliability` and :code:`language-features` tags to the :code:`js/template-syntax-in-string-literal` query.
Python
""""""
* The tag :code:`quality` has been added to multiple Python quality queries for consistency. They have all been given a tag for one of the two top-level categories :code:`reliability` or :code:`maintainability`, and a tag for a sub-category. See `Query file metadata and alert message style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags>`__ for more information about these categories.
Ruby
""""
* Update query metadata tags for :code:`rb/database-query-in-loop` and :code:`rb/useless-assignment-to-local` to align with the established
\ `Query file metadata and alert message style guide <https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags>`__.
Swift
"""""
* Adjusts the :code:`@security-severity` from 9.3 to 7.3 for :code:`swift/uncontrolled-format-string` to align :code:`CWE-134` severity for memory safe languages to better reflect their impact.
Language Libraries
------------------
Bug Fixes
~~~~~~~~~
C/C++
"""""
* :code:`resolveTypedefs` now properly resolves typedefs for :code:`ArrayType`\ s.
Minor Analysis Improvements
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Java/Kotlin
"""""""""""
* Java :code:`assert` statements are now assumed to be executed for the purpose of analysing control flow. This improves precision for a number of queries.
JavaScript/TypeScript
"""""""""""""""""""""
* Calls to :code:`sinon.match()` are no longer incorrectly identified as regular expression operations.
* Improved data flow tracking through middleware to handle default value and similar patterns.
* Added :code:`req._parsedUrl` as a remote input source.
* Improved taint tracking through calls to :code:`serialize-javascript`.
* Removed :code:`encodeURI` and :code:`escape` functions from the sanitizer list for request forgery.
* The JavaScript extractor now skips generated JavaScript files if the original TypeScript files are already present. It also skips any files in the output directory specified in the :code:`compilerOptions` part of the :code:`tsconfig.json` file.
* Added support for Axios instances in the :code:`axios` module.
GitHub Actions
""""""""""""""
* Fixed performance issues in the parsing of Bash scripts in workflow files,
which led to out-of-disk errors when analysing certain workflow files with complex interpolations of shell commands or quoted strings.
Deprecated APIs
~~~~~~~~~~~~~~~
C/C++
"""""
* The :code:`ThrowingFunction` class (:code:`semmle.code.cpp.models.interfaces.Throwing`) has been deprecated. Please use the :code:`AlwaysSehThrowingFunction` class instead.
New Features
~~~~~~~~~~~~
C/C++
"""""
* Added a predicate :code:`getAnAttribute` to :code:`Namespace` to retrieve a namespace attribute.
* The Microsoft-specific :code:`__leave` statement is now supported.
* A new class :code:`LeaveStmt` extending :code:`JumpStmt` was added to represent :code:`__leave` statements.
* Added a predicate :code:`hasParameterList` to :code:`LambdaExpression` to capture whether a lambda has an explicitly specified parameter list.
Rust
""""
* Initial public preview release.

1
docs/codeql/codeql-overview/codeql-changelog/index.rst
View File

@@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here <https://docs.g
.. toctree::
:maxdepth: 1
codeql-cli-2.22.1
codeql-cli-2.22.0
codeql-cli-2.21.4
codeql-cli-2.21.3

1
java/ql/lib/semmle/code/java/Type.qll
View File

@@ -422,6 +422,7 @@ class RefType extends Type, Annotatable, Modifiable, @reftype {
* This does not include itself, unless this type is part of a cycle
* in the type hierarchy.
*/
overlay[caller?]
RefType getAStrictAncestor() { result = this.getASupertype().getAnAncestor() }
/**

3
java/ql/lib/semmle/code/java/security/TempDirLocalInformationDisclosureQuery.qll
View File

@@ -203,6 +203,7 @@ module TempDirSystemGetPropertyDirectlyToMkdir =
/**
* A `MethodCall` against a method that creates a temporary file or directory in a shared temporary directory.
*/
overlay[local?]
abstract class MethodCallInsecureFileCreation extends MethodCall {
/**
* Gets the type of entity created (e.g. `file`, `directory`, ...).
@@ -218,6 +219,7 @@ abstract class MethodCallInsecureFileCreation extends MethodCall {
/**
* An insecure call to `java.io.File.createTempFile`.
*/
overlay[local?]
class MethodCallInsecureFileCreateTempFile extends MethodCallInsecureFileCreation {
MethodCallInsecureFileCreateTempFile() {
this.getMethod() instanceof MethodFileCreateTempFile and
@@ -246,6 +248,7 @@ class MethodGuavaFilesCreateTempFile extends Method {
/**
* A call to the `com.google.common.io.Files.createTempDir` method.
*/
overlay[local?]
class MethodCallInsecureGuavaFilesCreateTempFile extends MethodCallInsecureFileCreation {
MethodCallInsecureGuavaFilesCreateTempFile() {
this.getMethod() instanceof MethodGuavaFilesCreateTempFile

9
java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
View File

@@ -16,6 +16,7 @@
import java
import semmle.code.java.dataflow.FlowSources
overlay[local?]
abstract private class InsecureNettyObjectCreation extends ClassInstanceExpr {
int vulnerableArgumentIndex;
@@ -27,6 +28,7 @@ abstract private class InsecureNettyObjectCreation extends ClassInstanceExpr {
abstract string splittingType();
}
overlay[local?]
abstract private class RequestOrResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
{
override string splittingType() { result = "Request splitting or response splitting" }
@@ -35,6 +37,7 @@ abstract private class RequestOrResponseSplittingInsecureNettyObjectCreation ext
/**
* Request splitting can allowing an attacker to inject/smuggle an additional HTTP request into the socket connection.
*/
overlay[local?]
abstract private class RequestSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
{
override string splittingType() { result = "Request splitting" }
@@ -43,11 +46,13 @@ abstract private class RequestSplittingInsecureNettyObjectCreation extends Insec
/**
* Response splitting can lead to HTTP vulnerabilities like XSS and cache poisoning.
*/
overlay[local?]
abstract private class ResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
{
override string splittingType() { result = "Response splitting" }
}
overlay[local?]
private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResponseSplittingInsecureNettyObjectCreation
{
InsecureDefaultHttpHeadersClassInstantiation() {
@@ -58,6 +63,7 @@ private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResp
}
}
overlay[local?]
private class InsecureDefaultHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation
{
InsecureDefaultHttpResponseClassInstantiation() {
@@ -66,6 +72,7 @@ private class InsecureDefaultHttpResponseClassInstantiation extends ResponseSpli
}
}
overlay[local?]
private class InsecureDefaultHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation
{
InsecureDefaultHttpRequestClassInstantiation() {
@@ -74,6 +81,7 @@ private class InsecureDefaultHttpRequestClassInstantiation extends RequestSplitt
}
}
overlay[local?]
private class InsecureDefaultFullHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation
{
InsecureDefaultFullHttpResponseClassInstantiation() {
@@ -83,6 +91,7 @@ private class InsecureDefaultFullHttpResponseClassInstantiation extends Response
}
}
overlay[local?]
private class InsecureDefaultFullHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation
{
InsecureDefaultFullHttpRequestClassInstantiation() {

2
ruby/ql/src/experimental/ldap-improper-auth/ImproperLdapAuth.ql
View File

@@ -16,5 +16,5 @@ import ImproperLdapAuthFlow::PathGraph
from ImproperLdapAuthFlow::PathNode source, ImproperLdapAuthFlow::PathNode sink
where ImproperLdapAuthFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "This LDAP authencation depends on a $@.", source.getNode(),
select sink.getNode(), source, sink, "This LDAP authentication depends on a $@.", source.getNode(),
"user-provided value"

4
ruby/ql/test/query-tests/experimental/ImproperLdapAuth/ImproperLdapAuth.expected
View File

@@ -16,5 +16,5 @@ nodes
| ImproperLdapAuth.rb:31:24:31:27 | pass | semmle.label | pass |
subpaths
#select
| ImproperLdapAuth.rb:15:23:15:26 | pass | ImproperLdapAuth.rb:5:12:5:17 | call to params | ImproperLdapAuth.rb:15:23:15:26 | pass | This LDAP authencation depends on a $@. | ImproperLdapAuth.rb:5:12:5:17 | call to params | user-provided value |
| ImproperLdapAuth.rb:31:24:31:27 | pass | ImproperLdapAuth.rb:24:12:24:17 | call to params | ImproperLdapAuth.rb:31:24:31:27 | pass | This LDAP authencation depends on a $@. | ImproperLdapAuth.rb:24:12:24:17 | call to params | user-provided value |
| ImproperLdapAuth.rb:15:23:15:26 | pass | ImproperLdapAuth.rb:5:12:5:17 | call to params | ImproperLdapAuth.rb:15:23:15:26 | pass | This LDAP authentication depends on a $@. | ImproperLdapAuth.rb:5:12:5:17 | call to params | user-provided value |
| ImproperLdapAuth.rb:31:24:31:27 | pass | ImproperLdapAuth.rb:24:12:24:17 | call to params | ImproperLdapAuth.rb:31:24:31:27 | pass | This LDAP authentication depends on a $@. | ImproperLdapAuth.rb:24:12:24:17 | call to params | user-provided value |

24
rust/ast-generator/src/main.rs
View File

@@ -1,8 +1,8 @@
use std::{fs, path::PathBuf};
pub mod codegen;
mod flags;
mod field_info;
mod flags;
use crate::codegen::grammar::ast_src::{AstEnumSrc, Cardinality};
use crate::field_info::{FieldInfo, FieldType};
@@ -77,16 +77,15 @@ fn has_special_emission(type_name: &str) -> bool {
}
fn should_enum_be_skipped(name: &str) -> bool {
name == "VariantDef" // remove the VariantDef enum, there is no use for it at the moment
name == "VariantDef" // remove the VariantDef enum, there is no use for it at the moment
}
fn should_node_be_skipped(name: &str) -> bool {
name == "TypeAnchor" // we flatten TypeAnchor into PathSegment in the extractor
name == "TypeAnchor" // we flatten TypeAnchor into PathSegment in the extractor
}
fn should_node_be_skipped_in_extractor(name: &str) -> bool {
name == "Adt" // no fields have `Adt` type, so we don't need extraction for it
name == "Adt" // no fields have `Adt` type, so we don't need extraction for it
}
fn should_field_be_skipped(node_name: &str, field_name: &str) -> bool {
@@ -166,9 +165,10 @@ fn get_trait_fields(trait_name: &str) -> Vec<FieldInfo> {
"HasGenericArgs" => vec![FieldInfo::optional("generic_arg_list", "GenericArgList")],
"HasTypeBounds" => vec![FieldInfo::optional("type_bound_list", "TypeBoundList")],
"HasModuleItem" => vec![FieldInfo::list("items", "Item")],
"HasLoopBody" =>
vec![FieldInfo::optional("label", "Label"),
FieldInfo::optional("loop_body", "BlockExpr")],
"HasLoopBody" => vec![
FieldInfo::optional("label", "Label"),
FieldInfo::optional("loop_body", "BlockExpr"),
],
"HasArgList" => vec![FieldInfo::optional("arg_list", "ArgList")],
"HasDocComments" => vec![],
_ => panic!("Unknown trait {}", trait_name),
@@ -316,7 +316,7 @@ fn get_fields(node: &AstNodeSrc) -> Vec<FieldInfo> {
let mut result = Vec::new();
for field in &node.fields {
if let Field::Token(name) = field {
if should_predicate_be_extracted(&name) {
if should_predicate_be_extracted(name) {
result.push(FieldInfo {
name: format!("is_{name}"),
ty: FieldType::Predicate,
@@ -329,7 +329,9 @@ fn get_fields(node: &AstNodeSrc) -> Vec<FieldInfo> {
for field in &node.fields {
let name = field.method_name();
if should_field_be_skipped(&node.name, &name) { continue; }
if should_field_be_skipped(&node.name, &name) {
continue;
}
let ty = match field {
Field::Token(_) => continue,
Field::Node {
@@ -342,7 +344,7 @@ fn get_fields(node: &AstNodeSrc) -> Vec<FieldInfo> {
result.push(FieldInfo { name, ty });
}
for trait_ in &node.traits {
result.extend(get_trait_fields(&trait_));
result.extend(get_trait_fields(trait_));
}
result.sort_by(|x, y| x.name.cmp(&y.name));
result

2
rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll
View File

@@ -78,7 +78,7 @@ module Impl {
}
}
/** Holds if the call expression dispatches to a trait method. */
/** Holds if the call expression dispatches to a method. */
private predicate callIsMethodCall(CallExpr call, Path qualifier, string methodName) {
exists(Path path, Function f |
path = call.getFunction().(PathExpr).getPath() and

38
rust/ql/lib/codeql/rust/frameworks/log.model.yml
View File

@@ -1,23 +1,23 @@
extensions:
- addsTo:
pack: codeql/rust-all
extensible: sinkModelDeprecated
extensible: sinkModel
data:
- ["repo:https://github.com/rust-lang/log:log", "crate::__private_api::log", "Argument[0]", "log-injection", "manual"] # logger / args (pre v0.4.27)
- ["repo:https://github.com/rust-lang/log:log", "crate::__private_api::log", "Argument[1]", "log-injection", "manual"] # args / level (pre v0.4.27)
- ["repo:https://github.com/rust-lang/log:log", "crate::__private_api::log", "Argument[2]", "log-injection", "manual"] # level / target (pre v0.4.27)
- ["repo:https://github.com/rust-lang/log:log", "crate::__private_api::log", "Argument[3]", "log-injection", "manual"] # target / key value (pre v0.4.27)
- ["repo:https://github.com/rust-lang/log:log", "crate::__private_api::log", "Argument[4]", "log-injection", "manual"] # key value
- ["lang:std", "crate::io::stdio::_print", "Argument[0]", "log-injection", "manual"]
- ["lang:std", "crate::io::stdio::_eprint", "Argument[0]", "log-injection", "manual"]
- ["lang:std", "<crate::io::stdio::StdoutLock as crate::io::Write>::write", "Argument[0]", "log-injection", "manual"]
- ["lang:std", "<crate::io::stdio::StdoutLock as crate::io::Write>::write_all", "Argument[0]", "log-injection", "manual"]
- ["lang:std", "<crate::io::stdio::StderrLock as crate::io::Write>::write", "Argument[0]", "log-injection", "manual"]
- ["lang:std", "<crate::io::stdio::StderrLock as crate::io::Write>::write_all", "Argument[0]", "log-injection", "manual"]
- ["lang:core", "crate::panicking::panic_fmt", "Argument[0]", "log-injection", "manual"]
- ["lang:core", "crate::panicking::assert_failed", "Argument[3].Field[core::option::Option::Some(0)]", "log-injection", "manual"]
- ["lang:core", "<crate::option::Option>::expect", "Argument[0]", "log-injection", "manual"]
- ["repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err", "<crate::option::Option as crate::LogErrOption>::log_expect", "Argument[0]", "log-injection", "manual"]
- ["repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err", "<crate::result::Result as crate::LogErrResult>::log_unwrap", "Argument[self].Field[core::result::Result::Err(0)]", "log-injection", "manual"]
- ["repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err", "<crate::result::Result as crate::LogErrResult>::log_expect", "Argument[0]", "log-injection", "manual"]
- ["repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err", "<crate::result::Result as crate::LogErrResult>::log_expect", "Argument[self].Field[core::result::Result::Err(0)]", "log-injection", "manual"]
- ["log::__private_api::log", "Argument[0]", "log-injection", "manual"] # logger / args (pre v0.4.27)
- ["log::__private_api::log", "Argument[1]", "log-injection", "manual"] # args / level (pre v0.4.27)
- ["log::__private_api::log", "Argument[2]", "log-injection", "manual"] # level / target (pre v0.4.27)
- ["log::__private_api::log", "Argument[3]", "log-injection", "manual"] # target / key value (pre v0.4.27)
- ["log::__private_api::log", "Argument[4]", "log-injection", "manual"] # key value
- ["std::io::stdio::_print", "Argument[0]", "log-injection", "manual"]
- ["std::io::stdio::_eprint", "Argument[0]", "log-injection", "manual"]
- ["<std::io::stdio::StdoutLock as std::io::Write>::write", "Argument[0]", "log-injection", "manual"]
- ["<std::io::stdio::StdoutLock as std::io::Write>::write_all", "Argument[0]", "log-injection", "manual"]
- ["<std::io::stdio::StderrLock as std::io::Write>::write", "Argument[0]", "log-injection", "manual"]
- ["<std::io::stdio::StderrLock as std::io::Write>::write_all", "Argument[0]", "log-injection", "manual"]
- ["core::panicking::panic_fmt", "Argument[0]", "log-injection", "manual"]
- ["core::panicking::assert_failed", "Argument[3].Field[core::option::Option::Some(0)]", "log-injection", "manual"]
- ["<core::option::Option>::expect", "Argument[0]", "log-injection", "manual"]
- ["<core::option::Option as log_err::LogErrOption>::log_expect", "Argument[0]", "log-injection", "manual"]
- ["<core::result::Result as log_err::LogErrResult>::log_unwrap", "Argument[self].Field[core::result::Result::Err(0)]", "log-injection", "manual"]
- ["<core::result::Result as log_err::LogErrResult>::log_expect", "Argument[0]", "log-injection", "manual"]
- ["<core::result::Result as log_err::LogErrResult>::log_expect", "Argument[self].Field[core::result::Result::Err(0)]", "log-injection", "manual"]

4
rust/ql/lib/codeql/rust/frameworks/regex.model.yml
View File

@@ -2,6 +2,6 @@
extensions:
- addsTo:
pack: codeql/rust-all
extensible: summaryModelDeprecated
extensible: summaryModel
data:
- ["repo:https://github.com/rust-lang/regex:regex", "crate::escape", "Argument[0].Reference", "ReturnValue", "taint", "manual"]
- ["regex::escape", "Argument[0].Reference", "ReturnValue", "taint", "manual"]

20
rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml
View File

@@ -1,14 +1,14 @@
extensions:
- addsTo:
pack: codeql/rust-all
extensible: sourceModelDeprecated
extensible: sourceModel
data:
- ["lang:std", "crate::env::args", "ReturnValue.Element", "commandargs", "manual"]
- ["lang:std", "crate::env::args_os", "ReturnValue.Element", "commandargs", "manual"]
- ["lang:std", "crate::env::current_dir", "ReturnValue.Field[core::result::Result::Ok(0)]", "commandargs", "manual"]
- ["lang:std", "crate::env::current_exe", "ReturnValue.Field[core::result::Result::Ok(0)]", "commandargs", "manual"]
- ["lang:std", "crate::env::home_dir", "ReturnValue.Field[core::option::Option::Some(0)]", "commandargs", "manual"]
- ["lang:std", "crate::env::var", "ReturnValue.Field[core::result::Result::Ok(0)]", "environment", "manual"]
- ["lang:std", "crate::env::var_os", "ReturnValue.Field[core::option::Option::Some(0)]", "environment", "manual"]
- ["lang:std", "crate::env::vars", "ReturnValue.Element", "environment", "manual"]
- ["lang:std", "crate::env::vars_os", "ReturnValue.Element", "environment", "manual"]
- ["std::env::args", "ReturnValue.Element", "commandargs", "manual"]
- ["std::env::args_os", "ReturnValue.Element", "commandargs", "manual"]
- ["std::env::current_dir", "ReturnValue.Field[core::result::Result::Ok(0)]", "commandargs", "manual"]
- ["std::env::current_exe", "ReturnValue.Field[core::result::Result::Ok(0)]", "commandargs", "manual"]
- ["std::env::home_dir", "ReturnValue.Field[core::option::Option::Some(0)]", "commandargs", "manual"]
- ["std::env::var", "ReturnValue.Field[core::result::Result::Ok(0)]", "environment", "manual"]
- ["std::env::var_os", "ReturnValue.Field[core::option::Option::Some(0)]", "environment", "manual"]
- ["std::env::vars", "ReturnValue.Element", "environment", "manual"]
- ["std::env::vars_os", "ReturnValue.Element", "environment", "manual"]

84
rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml
View File

@@ -1,52 +1,52 @@
extensions:
- addsTo:
pack: codeql/rust-all
extensible: sourceModelDeprecated
extensible: sourceModel
data:
- ["lang:std", "crate::fs::read", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["lang:std", "crate::fs::read_to_string", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["lang:std", "crate::fs::read_link", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["lang:std", "<crate::fs::DirEntry>::path", "ReturnValue", "file", "manual"]
- ["lang:std", "<crate::fs::DirEntry>::file_name", "ReturnValue", "file", "manual"]
- ["lang:std", "<crate::fs::File>::open", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["lang:std", "<crate::fs::File>::open_buffered", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["std::fs::read", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["std::fs::read_to_string", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["std::fs::read_link", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["<std::fs::DirEntry>::path", "ReturnValue", "file", "manual"]
- ["<std::fs::DirEntry>::file_name", "ReturnValue", "file", "manual"]
- ["<std::fs::File>::open", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["<std::fs::File>::open_buffered", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
- addsTo:
pack: codeql/rust-all
extensible: sinkModelDeprecated
extensible: sinkModel
data:
- ["lang:std", "crate::fs::copy", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::copy", "Argument[1]", "path-injection", "manual"]
- ["lang:std", "crate::fs::create_dir", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::create_dir_all", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::hard_link", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::hard_link", "Argument[1]", "path-injection", "manual"]
- ["lang:std", "crate::fs::metadata", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::read", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::read_dir", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::read_link", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::read_to_string", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::remove_dir", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::remove_dir_all", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::remove_file", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::rename", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::rename", "Argument[1]", "path-injection", "manual"]
- ["lang:std", "crate::fs::set_permissions", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::soft_link", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::soft_link", "Argument[1]", "path-injection", "manual"]
- ["lang:std", "crate::fs::symlink_metadata", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "crate::fs::write", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "<crate::fs::DirBuilder>::create", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "<crate::fs::File>::create", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "<crate::fs::File>::create_buffered", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "<crate::fs::File>::create_new", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "<crate::fs::File>::open", "Argument[0]", "path-injection", "manual"]
- ["lang:std", "<crate::fs::File>::open_buffered", "Argument[0]", "path-injection", "manual"]
- ["std::fs::copy", "Argument[0]", "path-injection", "manual"]
- ["std::fs::copy", "Argument[1]", "path-injection", "manual"]
- ["std::fs::create_dir", "Argument[0]", "path-injection", "manual"]
- ["std::fs::create_dir_all", "Argument[0]", "path-injection", "manual"]
- ["std::fs::hard_link", "Argument[0]", "path-injection", "manual"]
- ["std::fs::hard_link", "Argument[1]", "path-injection", "manual"]
- ["std::fs::metadata", "Argument[0]", "path-injection", "manual"]
- ["std::fs::read", "Argument[0]", "path-injection", "manual"]
- ["std::fs::read_dir", "Argument[0]", "path-injection", "manual"]
- ["std::fs::read_link", "Argument[0]", "path-injection", "manual"]
- ["std::fs::read_to_string", "Argument[0]", "path-injection", "manual"]
- ["std::fs::remove_dir", "Argument[0]", "path-injection", "manual"]
- ["std::fs::remove_dir_all", "Argument[0]", "path-injection", "manual"]
- ["std::fs::remove_file", "Argument[0]", "path-injection", "manual"]
- ["std::fs::rename", "Argument[0]", "path-injection", "manual"]
- ["std::fs::rename", "Argument[1]", "path-injection", "manual"]
- ["std::fs::set_permissions", "Argument[0]", "path-injection", "manual"]
- ["std::fs::soft_link", "Argument[0]", "path-injection", "manual"]
- ["std::fs::soft_link", "Argument[1]", "path-injection", "manual"]
- ["std::fs::symlink_metadata", "Argument[0]", "path-injection", "manual"]
- ["std::fs::write", "Argument[0]", "path-injection", "manual"]
- ["<std::fs::DirBuilder>::create", "Argument[0]", "path-injection", "manual"]
- ["<std::fs::File>::create", "Argument[0]", "path-injection", "manual"]
- ["<std::fs::File>::create_buffered", "Argument[0]", "path-injection", "manual"]
- ["<std::fs::File>::create_new", "Argument[0]", "path-injection", "manual"]
- ["<std::fs::File>::open", "Argument[0]", "path-injection", "manual"]
- ["<std::fs::File>::open_buffered", "Argument[0]", "path-injection", "manual"]
- addsTo:
pack: codeql/rust-all
extensible: summaryModelDeprecated
extensible: summaryModel
data:
- ["lang:std", "<crate::path::PathBuf as crate::convert::From>::from", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["lang:std", "<crate::path::Path>::join", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["lang:std", "<crate::path::Path>::join", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["lang:std", "<crate::path::Path>::canonicalize", "Argument[self].OptionalStep[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["lang:std", "<crate::path::Path>::canonicalize", "Argument[self].OptionalBarrier[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<std::path::PathBuf as core::convert::From>::from", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["<std::path::Path>::join", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<std::path::Path>::join", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["<std::path::Path>::canonicalize", "Argument[self].OptionalStep[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<std::path::Path>::canonicalize", "Argument[self].OptionalBarrier[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]

14
rust/ql/lib/codeql/rust/frameworks/tokio/fs.model.yml
View File

@@ -1,11 +1,11 @@
extensions:
- addsTo:
pack: codeql/rust-all
extensible: sourceModelDeprecated
extensible: sourceModel
data:
- ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::fs::read::read", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::fs::read_to_string::read_to_string", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::fs::read_link::read_link", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["repo:https://github.com/tokio-rs/tokio:tokio", "<crate::fs::read_dir::DirEntry>::path", "ReturnValue", "file", "manual"]
- ["repo:https://github.com/tokio-rs/tokio:tokio", "<crate::fs::read_dir::DirEntry>::file_name", "ReturnValue", "file", "manual"]
- ["repo:https://github.com/tokio-rs/tokio:tokio", "<crate::fs::file::File>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["tokio::fs::read::read", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["tokio::fs::read_to_string::read_to_string", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["tokio::fs::read_link::read_link", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
- ["<tokio::fs::read_dir::DirEntry>::path", "ReturnValue", "file", "manual"]
- ["<tokio::fs::read_dir::DirEntry>::file_name", "ReturnValue", "file", "manual"]
- ["<tokio::fs::file::File>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]

14
rust/ql/lib/codeql/rust/frameworks/tokio/net.model.yml
View File

@@ -1,14 +1,14 @@
extensions:
- addsTo:
pack: codeql/rust-all
extensible: sourceModelDeprecated
extensible: sourceModel
data:
- ["repo:https://github.com/tokio-rs/tokio:tokio", "<crate::net::tcp::stream::TcpStream>::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]
- ["<tokio::net::tcp::stream::TcpStream>::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"]
- addsTo:
pack: codeql/rust-all
extensible: summaryModelDeprecated
extensible: summaryModel
data:
- ["repo:https://github.com/tokio-rs/tokio:tokio", "<crate::net::tcp::stream::TcpStream>::peek", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["repo:https://github.com/tokio-rs/tokio:tokio", "crate::io::util::async_read_ext::AsyncReadExt::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["repo:https://github.com/tokio-rs/tokio:tokio", "<crate::net::tcp::stream::TcpStream>::try_read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["repo:https://github.com/tokio-rs/tokio:tokio", "<crate::net::tcp::stream::TcpStream>::try_read_buf", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<tokio::net::tcp::stream::TcpStream>::peek", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<tokio::net::tcp::stream::TcpStream>::try_read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<tokio::net::tcp::stream::TcpStream>::try_read_buf", "Argument[self]", "Argument[0].Reference", "taint", "manual"]

4
rust/ql/lib/codeql/rust/frameworks/url.model.yml
View File

@@ -2,6 +2,6 @@
extensions:
- addsTo:
pack: codeql/rust-all
extensible: summaryModelDeprecated
extensible: summaryModel
data:
- ["repo:https://github.com/servo/rust-url:url", "<crate::Url>::parse", "Argument[0].Reference", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<url::Url>::parse", "Argument[0].Reference", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]

24
rust/ql/lib/codeql/rust/internal/PathResolution.qll
View File

@@ -165,7 +165,8 @@ abstract class ItemNode extends Locatable {
exists(ItemNode node |
this = node.(ImplItemNode).resolveSelfTy() and
result = node.getASuccessorRec(name) and
result instanceof AssocItemNode
result instanceof AssocItemNode and
not result instanceof TypeAlias
)
or
// trait items with default implementations made available in an implementation
@@ -181,6 +182,10 @@ abstract class ItemNode extends Locatable {
result = this.(TypeParamItemNode).resolveABound().getASuccessorRec(name).(AssocItemNode)
or
result = this.(ImplTraitTypeReprItemNode).resolveABound().getASuccessorRec(name).(AssocItemNode)
or
result = this.(TypeAliasItemNode).resolveAlias().getASuccessorRec(name) and
// type parameters defined in the RHS are not available in the LHS
not result instanceof TypeParam
}
/**
@@ -289,6 +294,8 @@ abstract class ItemNode extends Locatable {
Location getLocation() { result = super.getLocation() }
}
abstract class TypeItemNode extends ItemNode { }
/** A module or a source file. */
abstract private class ModuleLikeNode extends ItemNode {
/** Gets an item that may refer directly to items defined in this module. */
@@ -438,7 +445,7 @@ private class ConstItemNode extends AssocItemNode instanceof Const {
override TypeParam getTypeParam(int i) { none() }
}
private class EnumItemNode extends ItemNode instanceof Enum {
private class EnumItemNode extends TypeItemNode instanceof Enum {
override string getName() { result = Enum.super.getName().getText() }
override Namespace getNamespace() { result.isType() }
@@ -746,7 +753,7 @@ private class ModuleItemNode extends ModuleLikeNode instanceof Module {
}
}
private class StructItemNode extends ItemNode instanceof Struct {
private class StructItemNode extends TypeItemNode instanceof Struct {
override string getName() { result = Struct.super.getName().getText() }
override Namespace getNamespace() {
@@ -781,7 +788,7 @@ private class StructItemNode extends ItemNode instanceof Struct {
}
}
class TraitItemNode extends ImplOrTraitItemNode instanceof Trait {
class TraitItemNode extends ImplOrTraitItemNode, TypeItemNode instanceof Trait {
pragma[nomagic]
Path getABoundPath() {
result = super.getTypeBoundList().getABound().getTypeRepr().(PathTypeRepr).getPath()
@@ -838,7 +845,10 @@ class TraitItemNode extends ImplOrTraitItemNode instanceof Trait {
}
}
class TypeAliasItemNode extends AssocItemNode instanceof TypeAlias {
class TypeAliasItemNode extends TypeItemNode, AssocItemNode instanceof TypeAlias {
pragma[nomagic]
ItemNode resolveAlias() { result = resolvePathFull(super.getTypeRepr().(PathTypeRepr).getPath()) }
override string getName() { result = TypeAlias.super.getName().getText() }
override predicate hasImplementation() { super.hasTypeRepr() }
@@ -854,7 +864,7 @@ class TypeAliasItemNode extends AssocItemNode instanceof TypeAlias {
override string getCanonicalPath(Crate c) { none() }
}
private class UnionItemNode extends ItemNode instanceof Union {
private class UnionItemNode extends TypeItemNode instanceof Union {
override string getName() { result = Union.super.getName().getText() }
override Namespace getNamespace() { result.isType() }
@@ -912,7 +922,7 @@ private class BlockExprItemNode extends ItemNode instanceof BlockExpr {
override string getCanonicalPath(Crate c) { none() }
}
class TypeParamItemNode extends ItemNode instanceof TypeParam {
class TypeParamItemNode extends TypeItemNode instanceof TypeParam {
private WherePred getAWherePred() {
exists(ItemNode declaringItem |
this = resolveTypeParamPathTypeRepr(result.getTypeRepr()) and

19
rust/ql/lib/codeql/rust/internal/Type.qll
View File

@@ -139,9 +139,6 @@ class TraitType extends Type, TTrait {
override TypeParameter getTypeParameter(int i) {
result = TTypeParamTypeParameter(trait.getGenericParamList().getTypeParam(i))
or
result =
any(AssociatedTypeTypeParameter param | param.getTrait() = trait and param.getIndex() = i)
}
override TypeMention getTypeParameterDefault(int i) {
@@ -299,20 +296,6 @@ class TypeParamTypeParameter extends TypeParameter, TTypeParamTypeParameter {
override Location getLocation() { result = typeParam.getLocation() }
}
/**
* Gets the type alias that is the `i`th type parameter of `trait`. Type aliases
* are numbered consecutively but in arbitrary order, starting from the index
* following the last ordinary type parameter.
*/
predicate traitAliasIndex(Trait trait, int i, TypeAlias typeAlias) {
typeAlias =
rank[i + 1 - trait.getNumberOfGenericParams()](TypeAlias alias |
trait.(TraitItemNode).getADescendant() = alias
|
alias order by idOfTypeParameterAstNode(alias)
)
}
/**
* A type parameter corresponding to an associated type in a trait.
*
@@ -341,8 +324,6 @@ class AssociatedTypeTypeParameter extends TypeParameter, TAssociatedTypeTypePara
/** Gets the trait that contains this associated type declaration. */
TraitItemNode getTrait() { result.getAnAssocItem() = typeAlias }
int getIndex() { traitAliasIndex(_, result, typeAlias) }
override string toString() { result = typeAlias.getName().getText() }
override Location getLocation() { result = typeAlias.getLocation() }

138
rust/ql/lib/codeql/rust/internal/TypeInference.qll
View File

@@ -10,6 +10,7 @@ private import codeql.typeinference.internal.TypeInference
private import codeql.rust.frameworks.stdlib.Stdlib
private import codeql.rust.frameworks.stdlib.Builtins as Builtins
private import codeql.rust.elements.Call
private import codeql.rust.elements.internal.CallImpl::Impl as CallImpl
class Type = T::Type;
@@ -353,19 +354,6 @@ private Type inferImplicitSelfType(SelfParam self, TypePath path) {
)
}
/**
* Gets any of the types mentioned in `path` that corresponds to the type
* parameter `tp`.
*/
private TypeMention getExplicitTypeArgMention(Path path, TypeParam tp) {
exists(int i |
result = path.getSegment().getGenericArgList().getTypeArg(pragma[only_bind_into](i)) and
tp = resolvePath(path).getTypeParam(pragma[only_bind_into](i))
)
or
result = getExplicitTypeArgMention(path.getQualifier(), tp)
}
/**
* A matching configuration for resolving types of struct expressions
* like `Foo { bar = baz }`.
@@ -452,9 +440,7 @@ private module StructExprMatchingInput implements MatchingInputSig {
class AccessPosition = DeclarationPosition;
class Access extends StructExpr {
Type getTypeArgument(TypeArgumentPosition apos, TypePath path) {
result = getExplicitTypeArgMention(this.getPath(), apos.asTypeParam()).resolveTypeAt(path)
}
Type getTypeArgument(TypeArgumentPosition apos, TypePath path) { none() }
AstNode getNodeAt(AccessPosition apos) {
result = this.getFieldExpr(apos.asFieldPos()).getExpr()
@@ -465,6 +451,16 @@ private module StructExprMatchingInput implements MatchingInputSig {
Type getInferredType(AccessPosition apos, TypePath path) {
result = inferType(this.getNodeAt(apos), path)
or
// The struct type is supplied explicitly as a type qualifier, e.g.
// `Foo<Bar>::Variant { ... }`.
apos.isStructPos() and
exists(Path p, TypeMention tm |
p = this.getPath() and
if resolvePath(p) instanceof Variant then tm = p.getQualifier() else tm = p
|
result = tm.resolveTypeAt(path)
)
}
Declaration getTarget() { result = resolvePath(this.getPath()) }
@@ -537,7 +533,7 @@ private module CallExprBaseMatchingInput implements MatchingInputSig {
abstract Type getReturnType(TypePath path);
final Type getDeclaredType(DeclarationPosition dpos, TypePath path) {
Type getDeclaredType(DeclarationPosition dpos, TypePath path) {
result = this.getParameterType(dpos, path)
or
dpos.isReturn() and
@@ -545,7 +541,16 @@ private module CallExprBaseMatchingInput implements MatchingInputSig {
}
}
private class TupleStructDecl extends Declaration, Struct {
abstract private class TupleDeclaration extends Declaration {
override Type getDeclaredType(DeclarationPosition dpos, TypePath path) {
result = super.getDeclaredType(dpos, path)
or
dpos.isSelf() and
result = this.getReturnType(path)
}
}
private class TupleStructDecl extends TupleDeclaration, Struct {
TupleStructDecl() { this.isTuple() }
override TypeParameter getTypeParameter(TypeParameterPosition ppos) {
@@ -568,7 +573,7 @@ private module CallExprBaseMatchingInput implements MatchingInputSig {
}
}
private class TupleVariantDecl extends Declaration, Variant {
private class TupleVariantDecl extends TupleDeclaration, Variant {
TupleVariantDecl() { this.isTuple() }
override TypeParameter getTypeParameter(TypeParameterPosition ppos) {
@@ -597,13 +602,13 @@ private module CallExprBaseMatchingInput implements MatchingInputSig {
override TypeParameter getTypeParameter(TypeParameterPosition ppos) {
typeParamMatchPosition(this.getGenericParamList().getATypeParam(), result, ppos)
or
exists(TraitItemNode trait | this = trait.getAnAssocItem() |
typeParamMatchPosition(trait.getTypeParam(_), result, ppos)
exists(ImplOrTraitItemNode i | this = i.getAnAssocItem() |
typeParamMatchPosition(i.getTypeParam(_), result, ppos)
or
ppos.isImplicit() and result = TSelfTypeParameter(trait)
ppos.isImplicit() and result = TSelfTypeParameter(i)
or
ppos.isImplicit() and
result.(AssociatedTypeTypeParameter).getTrait() = trait
result.(AssociatedTypeTypeParameter).getTrait() = i
)
or
ppos.isImplicit() and
@@ -625,6 +630,33 @@ private module CallExprBaseMatchingInput implements MatchingInputSig {
or
result = inferImplicitSelfType(self, path) // `self` parameter without type annotation
)
or
// For associated functions, we may also need to match type arguments against
// the `Self` type. For example, in
//
// ```rust
// struct Foo<T>(T);
//
// impl<T : Default> Foo<T> {
// fn default() -> Self {
// Foo(Default::default())
// }
// }
//
// Foo::<i32>::default();
// ```
//
// we need to match `i32` against the type parameter `T` of the `impl` block.
exists(ImplOrTraitItemNode i |
this = i.getAnAssocItem() and
dpos.isSelf() and
not this.getParamList().hasSelfParam()
|
result = TSelfTypeParameter(i) and
path.isEmpty()
or
result = resolveImplSelfType(i, path)
)
}
private Type resolveRetType(TypePath path) {
@@ -670,9 +702,14 @@ private module CallExprBaseMatchingInput implements MatchingInputSig {
private import codeql.rust.elements.internal.CallExprImpl::Impl as CallExprImpl
final class Access extends Call {
pragma[nomagic]
Type getTypeArgument(TypeArgumentPosition apos, TypePath path) {
exists(TypeMention arg | result = arg.resolveTypeAt(path) |
arg = getExplicitTypeArgMention(CallExprImpl::getFunctionPath(this), apos.asTypeParam())
exists(Path p, int i |
p = CallExprImpl::getFunctionPath(this) and
arg = p.getSegment().getGenericArgList().getTypeArg(pragma[only_bind_into](i)) and
apos.asTypeParam() = resolvePath(p).getTypeParam(pragma[only_bind_into](i))
)
or
arg =
this.(MethodCallExpr).getGenericArgList().getTypeArg(apos.asMethodTypeArgumentPosition())
@@ -696,6 +733,14 @@ private module CallExprBaseMatchingInput implements MatchingInputSig {
Type getInferredType(AccessPosition apos, TypePath path) {
result = inferType(this.getNodeAt(apos), path)
or
// The `Self` type is supplied explicitly as a type qualifier, e.g. `Foo::<Bar>::baz()`
apos = TArgumentAccessPosition(CallImpl::TSelfArgumentPosition(), false, false) and
exists(PathExpr pe, TypeMention tm |
pe = this.(CallExpr).getFunction() and
tm = pe.getPath().getQualifier() and
result = tm.resolveTypeAt(path)
)
}
Declaration getTarget() {
@@ -1110,12 +1155,7 @@ private Type inferForLoopExprType(AstNode n, TypePath path) {
}
final class MethodCall extends Call {
MethodCall() {
exists(this.getReceiver()) and
// We want the method calls that don't have a path to a concrete method in
// an impl block. We need to exclude calls like `MyType::my_method(..)`.
(this instanceof CallExpr implies exists(this.getTrait()))
}
MethodCall() { exists(this.getReceiver()) }
/** Gets the type of the receiver of the method call at `path`. */
Type getTypeAt(TypePath path) {
@@ -1582,19 +1622,51 @@ private module Debug {
result = resolveMethodCallTarget(mce)
}
predicate debugInferImplicitSelfType(SelfParam self, TypePath path, Type t) {
self = getRelevantLocatable() and
t = inferImplicitSelfType(self, path)
}
predicate debugInferCallExprBaseType(AstNode n, TypePath path, Type t) {
n = getRelevantLocatable() and
t = inferCallExprBaseType(n, path)
}
predicate debugTypeMention(TypeMention tm, TypePath path, Type type) {
tm = getRelevantLocatable() and
tm.resolveTypeAt(path) = type
}
pragma[nomagic]
private int countTypes(AstNode n, TypePath path, Type t) {
private int countTypesAtPath(AstNode n, TypePath path, Type t) {
t = inferType(n, path) and
result = strictcount(Type t0 | t0 = inferType(n, path))
}
predicate maxTypes(AstNode n, TypePath path, Type t, int c) {
c = countTypes(n, path, t) and
c = max(countTypes(_, _, _))
c = countTypesAtPath(n, path, t) and
c = max(countTypesAtPath(_, _, _))
}
pragma[nomagic]
private predicate typePathLength(AstNode n, TypePath path, Type t, int len) {
t = inferType(n, path) and
len = path.length()
}
predicate maxTypePath(AstNode n, TypePath path, Type t, int len) {
typePathLength(n, path, t, len) and
len = max(int i | typePathLength(_, _, _, i))
}
pragma[nomagic]
private int countTypePaths(AstNode n, TypePath path, Type t) {
t = inferType(n, path) and
result = strictcount(TypePath path0, Type t0 | t0 = inferType(n, path0))
}
predicate maxTypePaths(AstNode n, TypePath path, Type t, int c) {
c = countTypePaths(n, path, t) and
c = max(countTypePaths(_, _, _))
}
}

1
rust/ql/lib/codeql/rust/internal/TypeInferenceConsistency.qll
View File

@@ -9,6 +9,7 @@ import TypeInference::Consistency
query predicate illFormedTypeMention(TypeMention tm) {
Consistency::illFormedTypeMention(tm) and
not tm instanceof PathTypeReprMention and // avoid overlap with `PathTypeMention`
// Only include inconsistencies in the source, as we otherwise get
// inconsistencies from library code in every project.
tm.fromSource()

244
rust/ql/lib/codeql/rust/internal/TypeMention.qll
View File

@@ -7,65 +7,60 @@ private import TypeInference
/** An AST node that may mention a type. */
abstract class TypeMention extends AstNode {
/** Gets the `i`th type argument mention, if any. */
abstract TypeMention getTypeArgument(int i);
/** Gets the type at `path` that this mention resolves to, if any. */
abstract Type resolveTypeAt(TypePath path);
/** Gets the type that this node resolves to, if any. */
abstract Type resolveType();
/** Gets the sub mention at `path`. */
pragma[nomagic]
TypeMention getMentionAt(TypePath path) {
path.isEmpty() and
result = this
or
exists(int i, TypeParameter tp, TypeMention arg, TypePath suffix |
arg = this.getTypeArgument(pragma[only_bind_into](i)) and
result = arg.getMentionAt(suffix) and
path = TypePath::cons(tp, suffix) and
tp = this.resolveType().getTypeParameter(pragma[only_bind_into](i))
)
}
/** Gets the type that the sub mention at `path` resolves to, if any. */
Type resolveTypeAt(TypePath path) { result = this.getMentionAt(path).resolveType() }
final Type resolveType() { result = this.resolveTypeAt(TypePath::nil()) }
}
class ArrayTypeReprMention extends TypeMention instanceof ArrayTypeRepr {
override TypeMention getTypeArgument(int i) { result = super.getElementTypeRepr() and i = 0 }
override Type resolveType() { result = TArrayType() }
override Type resolveTypeAt(TypePath path) {
path.isEmpty() and
result = TArrayType()
or
exists(TypePath suffix |
result = super.getElementTypeRepr().(TypeMention).resolveTypeAt(suffix) and
path = TypePath::cons(TArrayTypeParameter(), suffix)
)
}
}
class RefTypeReprMention extends TypeMention instanceof RefTypeRepr {
override TypeMention getTypeArgument(int i) { result = super.getTypeRepr() and i = 0 }
override Type resolveType() { result = TRefType() }
override Type resolveTypeAt(TypePath path) {
path.isEmpty() and
result = TRefType()
or
exists(TypePath suffix |
result = super.getTypeRepr().(TypeMention).resolveTypeAt(suffix) and
path = TypePath::cons(TRefTypeParameter(), suffix)
)
}
}
class SliceTypeReprMention extends TypeMention instanceof SliceTypeRepr {
override TypeMention getTypeArgument(int i) { result = super.getTypeRepr() and i = 0 }
override Type resolveType() { result = TSliceType() }
override Type resolveTypeAt(TypePath path) {
path.isEmpty() and
result = TSliceType()
or
exists(TypePath suffix |
result = super.getTypeRepr().(TypeMention).resolveTypeAt(suffix) and
path = TypePath::cons(TSliceTypeParameter(), suffix)
)
}
}
class PathTypeReprMention extends TypeMention instanceof PathTypeRepr {
Path path;
ItemNode resolved;
class PathTypeMention extends TypeMention, Path {
TypeItemNode resolved;
PathTypeReprMention() {
path = super.getPath() and
// NOTE: This excludes unresolvable paths which is intentional as these
// don't add value to the type inference anyway.
resolved = resolvePath(path)
}
PathTypeMention() { resolved = resolvePath(this) }
ItemNode getResolved() { result = resolved }
pragma[nomagic]
private TypeAlias getResolvedTraitAlias(string name) {
exists(TraitItemNode trait |
trait = resolvePath(path) and
trait = resolved and
result = trait.getAnAssocItem() and
name = result.getName().getText()
)
@@ -73,7 +68,7 @@ class PathTypeReprMention extends TypeMention instanceof PathTypeRepr {
pragma[nomagic]
private TypeRepr getAssocTypeArg(string name) {
result = path.getSegment().getGenericArgList().getAssocTypeArg(name)
result = this.getSegment().getGenericArgList().getAssocTypeArg(name)
}
/** Gets the type argument for the associated type `alias`, if any. */
@@ -85,13 +80,8 @@ class PathTypeReprMention extends TypeMention instanceof PathTypeRepr {
)
}
override TypeMention getTypeArgument(int i) {
result = path.getSegment().getGenericArgList().getTypeArg(i)
or
// If a type argument is not given in the path, then we use the default for
// the type parameter if one exists for the type.
not exists(path.getSegment().getGenericArgList().getTypeArg(i)) and
result = this.resolveType().getTypeParameterDefault(i)
private TypeMention getPositionalTypeArgument0(int i) {
result = this.getSegment().getGenericArgList().getTypeArg(i)
or
// `Self` paths inside `impl` blocks have implicit type arguments that are
// the type parameters of the `impl` block. For example, in
@@ -106,35 +96,20 @@ class PathTypeReprMention extends TypeMention instanceof PathTypeRepr {
//
// the `Self` return type is shorthand for `Foo<T>`.
exists(ImplItemNode node |
path = node.getASelfPath() and
this = node.getASelfPath() and
result = node.(ImplItemNode).getSelfPath().getSegment().getGenericArgList().getTypeArg(i)
)
}
private TypeMention getPositionalTypeArgument(int i) {
result = this.getPositionalTypeArgument0(i)
or
// If `path` is the trait of an `impl` block then any associated types
// defined in the `impl` block are type arguments to the trait.
//
// For instance, for a trait implementation like this
// ```rust
// impl MyTrait for MyType {
// ^^^^^^^ path
// type AssociatedType = i64
// ^^^ result
// // ...
// }
// ```
// the rhs. of the type alias is a type argument to the trait.
exists(ImplItemNode impl, AssociatedTypeTypeParameter param, TypeAlias alias |
path = impl.getTraitPath() and
param.getTrait() = resolved and
alias = impl.getASuccessor(param.getTypeAlias().getName().getText()) and
result = alias.getTypeRepr() and
param.getIndex() = i
)
or
exists(TypeAlias alias |
result = this.getAnAssocTypeArgument(alias) and
traitAliasIndex(_, i, alias)
)
// If a type argument is not given in the path, then we use the default for
// the type parameter if one exists for the type.
not exists(this.getPositionalTypeArgument0(i)) and
result = this.resolveType().getTypeParameterDefault(i) and
// Defaults only apply to type mentions in type annotations
this = any(PathTypeRepr ptp).getPath().getQualifier*()
}
/**
@@ -142,25 +117,25 @@ class PathTypeReprMention extends TypeMention instanceof PathTypeRepr {
* resulting type at `typePath`.
*/
pragma[nomagic]
Type aliasResolveTypeAt(TypePath typePath) {
private Type aliasResolveTypeAt(TypePath typePath) {
exists(TypeAlias alias, TypeMention rhs | alias = resolved and rhs = alias.getTypeRepr() |
result = rhs.resolveTypeAt(typePath) and
not result = pathGetTypeParameter(alias, _)
or
exists(TypeParameter tp, TypeMention arg, TypePath prefix, TypePath suffix, int i |
tp = rhs.resolveTypeAt(prefix) and
tp = pathGetTypeParameter(alias, i) and
arg = path.getSegment().getGenericArgList().getTypeArg(i) and
tp = pathGetTypeParameter(alias, pragma[only_bind_into](i)) and
arg = this.getSegment().getGenericArgList().getTypeArg(pragma[only_bind_into](i)) and
result = arg.resolveTypeAt(suffix) and
typePath = prefix.append(suffix)
)
)
}
override Type resolveType() {
result = this.aliasResolveTypeAt(TypePath::nil())
override Type resolveTypeAt(TypePath typePath) {
result = this.aliasResolveTypeAt(typePath)
or
not exists(resolved.(TypeAlias).getTypeRepr()) and
typePath.isEmpty() and
(
result = TStruct(resolved)
or
@@ -169,33 +144,72 @@ class PathTypeReprMention extends TypeMention instanceof PathTypeRepr {
exists(TraitItemNode trait | trait = resolved |
// If this is a `Self` path, then it resolves to the implicit `Self`
// type parameter, otherwise it is a trait bound.
if super.getPath() = trait.getASelfPath()
if this = trait.getASelfPath()
then result = TSelfTypeParameter(trait)
else result = TTrait(trait)
)
or
result = TTypeParamTypeParameter(resolved)
or
exists(TypeAlias alias | alias = resolved |
result.(AssociatedTypeTypeParameter).getTypeAlias() = alias
or
result = alias.getTypeRepr().(TypeMention).resolveType()
result = TAssociatedTypeTypeParameter(resolved)
)
or
not exists(resolved.(TypeAlias).getTypeRepr()) and
exists(TypeParameter tp, TypeMention arg, TypePath suffix |
result = arg.resolveTypeAt(suffix) and
typePath = TypePath::cons(tp, suffix)
|
exists(int i |
arg = this.getPositionalTypeArgument(pragma[only_bind_into](i)) and
tp = this.resolveType().getTypeParameter(pragma[only_bind_into](i))
)
or
exists(TypeAlias alias |
arg = this.getAnAssocTypeArgument(alias) and
tp = TAssociatedTypeTypeParameter(alias)
)
or
// If `path` is the trait of an `impl` block then any associated types
// defined in the `impl` block are type arguments to the trait.
//
// For instance, for a trait implementation like this
// ```rust
// impl MyTrait for MyType {
// ^^^^^^^ path
// type AssociatedType = i64
// ^^^ result
// // ...
// }
// ```
// the rhs. of the type alias is a type argument to the trait.
exists(ImplItemNode impl, AssociatedTypeTypeParameter param, TypeAlias alias, string name |
this = impl.getTraitPath() and
param.getTrait() = resolved and
name = param.getTypeAlias().getName().getText() and
alias = impl.getASuccessor(pragma[only_bind_into](name)) and
arg = alias.getTypeRepr() and
tp =
TAssociatedTypeTypeParameter(resolved
.(TraitItemNode)
.getAssocItem(pragma[only_bind_into](name)))
)
)
}
}
override Type resolveTypeAt(TypePath typePath) {
result = this.aliasResolveTypeAt(typePath)
or
not exists(resolved.(TypeAlias).getTypeRepr()) and
result = super.resolveTypeAt(typePath)
}
class PathTypeReprMention extends TypeMention, PathTypeRepr {
private PathTypeMention path;
PathTypeReprMention() { path = this.getPath() }
override Type resolveTypeAt(TypePath typePath) { result = path.resolveTypeAt(typePath) }
}
class ImplTraitTypeReprMention extends TypeMention instanceof ImplTraitTypeRepr {
override TypeMention getTypeArgument(int i) { none() }
override ImplTraitType resolveType() { result.getImplTraitTypeRepr() = this }
override Type resolveTypeAt(TypePath typePath) {
typePath.isEmpty() and
result.(ImplTraitType).getImplTraitTypeRepr() = this
}
}
private TypeParameter pathGetTypeParameter(TypeAlias alias, int i) {
@@ -205,30 +219,29 @@ private TypeParameter pathGetTypeParameter(TypeAlias alias, int i) {
// Used to represent implicit `Self` type arguments in traits and `impl` blocks,
// see `PathMention` for details.
class TypeParamMention extends TypeMention instanceof TypeParam {
override TypeMention getTypeArgument(int i) { none() }
override Type resolveType() { result = TTypeParamTypeParameter(this) }
}
// Used to represent implicit type arguments for associated types in traits.
class TypeAliasMention extends TypeMention instanceof TypeAlias {
private Type t;
TypeAliasMention() { t = TAssociatedTypeTypeParameter(this) }
override TypeMention getTypeArgument(int i) { none() }
override Type resolveType() { result = t }
override Type resolveTypeAt(TypePath typePath) {
typePath.isEmpty() and
result = TTypeParamTypeParameter(this)
}
}
class TraitMention extends TypeMention instanceof TraitItemNode {
override TypeMention getTypeArgument(int i) {
result = super.getTypeParam(i)
override Type resolveTypeAt(TypePath typePath) {
typePath.isEmpty() and
result = TTrait(this)
or
traitAliasIndex(this, i, result)
exists(TypeAlias alias |
alias = super.getAnAssocItem() and
typePath = TypePath::singleton(result) and
result = TAssociatedTypeTypeParameter(alias)
)
or
exists(TypeParam tp |
tp = super.getTypeParam(_) and
typePath = TypePath::singleton(result) and
result = TTypeParamTypeParameter(tp)
)
}
override Type resolveType() { result = TTrait(this) }
}
// NOTE: Since the implicit type parameter for the self type parameter never
@@ -242,7 +255,8 @@ class SelfTypeParameterMention extends TypeMention instanceof Name {
Trait getTrait() { result = trait }
override Type resolveType() { result = TSelfTypeParameter(trait) }
override TypeMention getTypeArgument(int i) { none() }
override Type resolveTypeAt(TypePath typePath) {
typePath.isEmpty() and
result = TSelfTypeParameter(trait)
}
}

10
rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected
View File

@@ -1,7 +1,17 @@
multipleCallTargets
| proc_macro.rs:6:18:6:61 | ...::from(...) |
| proc_macro.rs:7:15:7:58 | ...::from(...) |
| proc_macro.rs:15:5:17:5 | ...::new(...) |
| proc_macro.rs:16:12:16:16 | ...::to_tokens(...) |
| proc_macro.rs:22:15:22:58 | ...::from(...) |
| proc_macro.rs:25:5:28:5 | ...::new(...) |
| proc_macro.rs:26:10:26:12 | ...::to_tokens(...) |
| proc_macro.rs:27:10:27:16 | ...::to_tokens(...) |
| proc_macro.rs:38:15:38:64 | ...::from(...) |
| proc_macro.rs:41:5:49:5 | ...::new(...) |
| proc_macro.rs:41:5:49:5 | ...::new(...) |
| proc_macro.rs:41:5:49:5 | ...::new(...) |
| proc_macro.rs:41:5:49:5 | ...::new(...) |
| proc_macro.rs:42:16:42:26 | ...::to_tokens(...) |
| proc_macro.rs:44:27:44:30 | ...::to_tokens(...) |
| proc_macro.rs:46:18:46:28 | ...::to_tokens(...) |

1
rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
View File

@@ -1,4 +1,5 @@
localStep
| file://:0:0:0:0 | [summary param] self in fn canonicalize | file://:0:0:0:0 | [summary] read: Argument[self].OptionalBarrier[normalize-path] in fn canonicalize |
| main.rs:3:11:3:11 | [SSA] i | main.rs:4:12:4:12 | i |
| main.rs:3:11:3:11 | i | main.rs:3:11:3:11 | [SSA] i |
| main.rs:3:11:3:11 | i | main.rs:3:11:3:11 | i |

4
rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
View File

@@ -55,14 +55,10 @@
| test.rs:412:31:412:38 | ...::read | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:417:22:417:39 | ...::read_to_string | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:417:22:417:39 | ...::read_to_string | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:423:22:423:25 | path | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:424:27:424:35 | file_name | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:430:22:430:34 | ...::read_link | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:439:31:439:45 | ...::read | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:444:31:444:45 | ...::read | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:449:22:449:46 | ...::read_to_string | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:455:26:455:29 | path | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:456:31:456:39 | file_name | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:462:22:462:41 | ...::read_link | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:472:20:472:38 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |
| test.rs:506:21:506:39 | ...::open | Flow source 'FileSource' of type file (DEFAULT). |

16
rust/ql/test/library-tests/dataflow/sources/test.rs
View File

@@ -420,10 +420,10 @@ fn test_fs() -> Result<(), Box<dyn std::error::Error>> {
for entry in fs::read_dir("directory")? {
let e = entry?;
let path = e.path(); // $ Alert[rust/summary/taint-sources]
let file_name = e.file_name(); // $ Alert[rust/summary/taint-sources]
sink(path); // $ hasTaintFlow
sink(file_name); // $ hasTaintFlow
let path = e.path(); // $ MISSING: Alert[rust/summary/taint-sources]
let file_name = e.file_name(); // $ MISSING: Alert[rust/summary/taint-sources]
sink(path); // $ MISSING: hasTaintFlow
sink(file_name); // $ MISSING: hasTaintFlow
}
{
@@ -452,10 +452,10 @@ async fn test_tokio_fs() -> Result<(), Box<dyn std::error::Error>> {
let mut read_dir = tokio::fs::read_dir("directory").await?;
for entry in read_dir.next_entry().await? {
let path = entry.path(); // $ Alert[rust/summary/taint-sources]
let file_name = entry.file_name(); // $ Alert[rust/summary/taint-sources]
sink(path); // $ hasTaintFlow
sink(file_name); // $ hasTaintFlow
let path = entry.path(); // $ MISSING: Alert[rust/summary/taint-sources]
let file_name = entry.file_name(); // $ MISSING: Alert[rust/summary/taint-sources]
sink(path); // $ MISSING: hasTaintFlow
sink(file_name); // $ MISSING: hasTaintFlow
}
{

3
rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected
View File

@@ -1,5 +1,8 @@
multipleCallTargets
| main.rs:118:9:118:11 | f(...) |
| proc_macro.rs:6:16:6:59 | ...::from(...) |
| proc_macro.rs:7:19:7:62 | ...::from(...) |
| proc_macro.rs:9:5:11:5 | ...::new(...) |
| proc_macro.rs:10:10:10:12 | ...::to_tokens(...) |
multiplePathResolutions
| main.rs:626:3:626:12 | proc_macro |

12
rust/ql/test/library-tests/type-inference/CONSISTENCY/PathResolutionConsistency.expected
View File

@@ -1,9 +1,9 @@
multipleCallTargets
| dereference.rs:61:15:61:24 | e1.deref() |
| main.rs:2076:13:2076:31 | ...::from(...) |
| main.rs:2077:13:2077:31 | ...::from(...) |
| main.rs:2078:13:2078:31 | ...::from(...) |
| main.rs:2084:13:2084:31 | ...::from(...) |
| main.rs:2085:13:2085:31 | ...::from(...) |
| main.rs:2086:13:2086:31 | ...::from(...) |
| main.rs:2122:21:2122:43 | ...::from(...) |
| main.rs:2087:13:2087:31 | ...::from(...) |
| main.rs:2088:13:2088:31 | ...::from(...) |
| main.rs:2094:13:2094:31 | ...::from(...) |
| main.rs:2095:13:2095:31 | ...::from(...) |
| main.rs:2096:13:2096:31 | ...::from(...) |
| main.rs:2132:21:2132:43 | ...::from(...) |

69
rust/ql/test/library-tests/type-inference/main.rs
View File

@@ -860,7 +860,7 @@ mod method_supertraits {
if 3 > 2 { // $ method=gt
self.m1() // $ method=MyTrait1::m1
} else {
Self::m1(self)
Self::m1(self) // $ method=MyTrait1::m1
}
}
}
@@ -874,7 +874,7 @@ mod method_supertraits {
if 3 > 2 { // $ method=gt
self.m2().a // $ method=m2 $ fieldof=MyThing
} else {
Self::m2(self).a // $ fieldof=MyThing
Self::m2(self).a // $ method=m2 fieldof=MyThing
}
}
}
@@ -1030,6 +1030,14 @@ mod type_aliases {
println!("{:?}", x);
}
struct S4<T41, T42>(T41, T42);
struct S5<T5>(T5);
type S6<T6> = S4<T6, S5<T6>>;
type S7<T7> = Result<S6<T7>, S1>;
pub fn f() {
// Type can be inferred from the constructor
let p1: MyPair = PairOption::PairBoth(S1, S2);
@@ -1048,6 +1056,8 @@ mod type_aliases {
println!("{:?}", p3);
g(PairOption::PairSnd(PairOption::PairSnd(S3)));
let x: S7<S2>; // $ type=x:Result $ type=x:E.S1 $ type=x:T.S4 $ type=x:T.T41.S2 $ type=x:T.T42.S5 $ type=x:T.T42.T5.S2
}
}
@@ -1091,7 +1101,7 @@ mod option_methods {
struct S;
pub fn f() {
let x1 = MyOption::<S>::new(); // $ MISSING: type=x1:T.S
let x1 = MyOption::<S>::new(); // $ type=x1:T.S
println!("{:?}", x1);
let mut x2 = MyOption::new();
@@ -1110,7 +1120,7 @@ mod option_methods {
println!("{:?}", x5.flatten()); // $ method=flatten
let x6 = MyOption::MySome(MyOption::<S>::MyNone());
println!("{:?}", MyOption::<MyOption<S>>::flatten(x6));
println!("{:?}", MyOption::<MyOption<S>>::flatten(x6)); // $ method=flatten
#[rustfmt::skip]
let from_if = if 3 > 2 { // $ method=gt
@@ -2157,6 +2167,57 @@ mod loops {
mod dereference;
mod explicit_type_args {
struct S1<T>(T);
#[derive(Default)]
struct S2;
impl<T: Default> S1<T> {
fn assoc_fun() -> Option<Self> {
None
}
fn default() -> Self {
S1(T::default())
}
fn method(self) -> Self {
self
}
}
type S3 = S1<S2>;
struct S4<T4 = S2>(T4);
struct S5<T5 = S2> {
field: T5,
}
pub fn f() {
let x1: Option<S1<S2>> = S1::assoc_fun(); // $ type=x1:T.T.S2
let x2 = S1::<S2>::assoc_fun(); // $ type=x2:T.T.S2
let x3 = S3::assoc_fun(); // $ type=x3:T.T.S2
let x4 = S1::<S2>::method(S1::default()); // $ method=method type=x4:T.S2
let x5 = S3::method(S1::default()); // $ method=method type=x5:T.S2
let x6 = S4::<S2>(Default::default()); // $ type=x6:T4.S2
let x7 = S4(S2); // $ type=x7:T4.S2
let x8 = S4(0); // $ type=x8:T4.i32
let x9 = S4(S2::default()); // $ type=x9:T4.S2
let x10 = S5::<S2> // $ type=x10:T5.S2
{
field: Default::default(),
};
let x11 = S5 { field: S2 }; // $ type=x11:T5.S2
let x12 = S5 { field: 0 }; // $ type=x12:T5.i32
let x13 = S5 // $ type=x13:T5.S2
{
field: S2::default(),
};
}
}
fn main() {
field_access::f();
method_impl::f();

4126
rust/ql/test/library-tests/type-inference/type-inference.expected
View File

File diff suppressed because it is too large Load Diff

2
rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected
View File

@@ -13,7 +13,7 @@ edges
| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3 |
| main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | &regex | provenance | |
models
| 1 | Source: lang:std; crate::env::var; ReturnValue.Field[core::result::Result::Ok(0)]; environment |
| 1 | Source: std::env::var; ReturnValue.Field[core::result::Result::Ok(0)]; environment |
| 2 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 3 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
| 4 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |

5
rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected
View File

@@ -4,13 +4,12 @@ edges
| src/main.rs:6:11:6:19 | file_name | src/main.rs:8:35:8:43 | file_name | provenance | |
| src/main.rs:8:9:8:17 | file_path | src/main.rs:10:24:10:32 | file_path | provenance | |
| src/main.rs:8:21:8:44 | ...::from(...) | src/main.rs:8:9:8:17 | file_path | provenance | |
| src/main.rs:8:35:8:43 | file_name | src/main.rs:8:21:8:44 | ...::from(...) | provenance | MaD:3 |
| src/main.rs:8:35:8:43 | file_name | src/main.rs:8:21:8:44 | ...::from(...) | provenance | MaD:2 |
| src/main.rs:8:35:8:43 | file_name | src/main.rs:8:21:8:44 | ...::from(...) | provenance | MaD:2 |
| src/main.rs:10:24:10:32 | file_path | src/main.rs:10:5:10:22 | ...::read_to_string | provenance | MaD:1 Sink:MaD:1 |
models
| 1 | Sink: lang:std; crate::fs::read_to_string; Argument[0]; path-injection |
| 1 | Sink: std::fs::read_to_string; Argument[0]; path-injection |
| 2 | Summary: <std::path::PathBuf as core::convert::From>::from; Argument[0]; ReturnValue; taint |
| 3 | Summary: lang:std; <crate::path::PathBuf as crate::convert::From>::from; Argument[0]; ReturnValue; taint |
nodes
| src/main.rs:6:11:6:19 | file_name | semmle.label | file_name |
| src/main.rs:8:9:8:17 | file_path | semmle.label | file_path |

8
rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
View File

@@ -5,12 +5,12 @@
| sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value |
edges
| sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance | |
| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:1 |
| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:2 |
| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:8 |
| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:3 |
| sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance | |
| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | |
| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:2 |
| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:1 |
| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:4 |
| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:9 |
| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:5 |
@@ -28,8 +28,8 @@ edges
| sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | |
| sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | |
models
| 1 | Source: lang:std; crate::env::args; ReturnValue.Element; commandargs |
| 2 | Source: repo:https://github.com/seanmonstar/reqwest:reqwest; crate::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
| 1 | Source: repo:https://github.com/seanmonstar/reqwest:reqwest; crate::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
| 2 | Source: std::env::args; ReturnValue.Element; commandargs |
| 3 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
| 4 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 5 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |

28
rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected
View File

@@ -9,45 +9,45 @@ edges
| main.rs:6:15:6:58 | res | main.rs:6:23:6:57 | { ... } | provenance | |
| main.rs:6:23:6:57 | ...::format(...) | main.rs:6:15:6:58 | res | provenance | |
| main.rs:6:23:6:57 | ...::must_use(...) | main.rs:6:9:6:11 | url | provenance | |
| main.rs:6:23:6:57 | MacroExpr | main.rs:6:23:6:57 | ...::format(...) | provenance | MaD:7 |
| main.rs:6:23:6:57 | { ... } | main.rs:6:23:6:57 | ...::must_use(...) | provenance | MaD:6 |
| main.rs:6:23:6:57 | MacroExpr | main.rs:6:23:6:57 | ...::format(...) | provenance | MaD:8 |
| main.rs:6:23:6:57 | { ... } | main.rs:6:23:6:57 | ...::must_use(...) | provenance | MaD:7 |
| main.rs:6:50:6:57 | password | main.rs:6:23:6:57 | MacroExpr | provenance | |
| main.rs:7:28:7:30 | url | main.rs:7:5:7:26 | ...::get | provenance | MaD:4 Sink:MaD:4 |
| main.rs:12:9:12:15 | address | main.rs:13:27:13:33 | address | provenance | |
| main.rs:12:19:12:60 | res | main.rs:12:27:12:59 | { ... } | provenance | |
| main.rs:12:27:12:59 | ...::format(...) | main.rs:12:19:12:60 | res | provenance | |
| main.rs:12:27:12:59 | ...::must_use(...) | main.rs:12:9:12:15 | address | provenance | |
| main.rs:12:27:12:59 | MacroExpr | main.rs:12:27:12:59 | ...::format(...) | provenance | MaD:7 |
| main.rs:12:27:12:59 | { ... } | main.rs:12:27:12:59 | ...::must_use(...) | provenance | MaD:6 |
| main.rs:12:27:12:59 | MacroExpr | main.rs:12:27:12:59 | ...::format(...) | provenance | MaD:8 |
| main.rs:12:27:12:59 | { ... } | main.rs:12:27:12:59 | ...::must_use(...) | provenance | MaD:7 |
| main.rs:12:50:12:57 | password | main.rs:12:27:12:59 | MacroExpr | provenance | |
| main.rs:13:9:13:11 | url | main.rs:14:28:14:30 | url | provenance | |
| main.rs:13:15:13:34 | ...::parse(...) [Ok] | main.rs:13:15:13:43 | ... .unwrap() | provenance | MaD:5 |
| main.rs:13:15:13:43 | ... .unwrap() | main.rs:13:9:13:11 | url | provenance | |
| main.rs:13:26:13:33 | &address [&ref] | main.rs:13:15:13:34 | ...::parse(...) [Ok] | provenance | MaD:8 |
| main.rs:13:26:13:33 | &address [&ref] | main.rs:13:15:13:34 | ...::parse(...) [Ok] | provenance | MaD:6 |
| main.rs:13:27:13:33 | address | main.rs:13:26:13:33 | &address [&ref] | provenance | |
| main.rs:14:28:14:30 | url | main.rs:14:5:14:26 | ...::get | provenance | MaD:4 Sink:MaD:4 |
| main.rs:19:9:19:11 | url | main.rs:21:17:21:19 | url | provenance | |
| main.rs:19:15:19:58 | res | main.rs:19:23:19:57 | { ... } | provenance | |
| main.rs:19:23:19:57 | ...::format(...) | main.rs:19:15:19:58 | res | provenance | |
| main.rs:19:23:19:57 | ...::must_use(...) | main.rs:19:9:19:11 | url | provenance | |
| main.rs:19:23:19:57 | MacroExpr | main.rs:19:23:19:57 | ...::format(...) | provenance | MaD:7 |
| main.rs:19:23:19:57 | { ... } | main.rs:19:23:19:57 | ...::must_use(...) | provenance | MaD:6 |
| main.rs:19:23:19:57 | MacroExpr | main.rs:19:23:19:57 | ...::format(...) | provenance | MaD:8 |
| main.rs:19:23:19:57 | { ... } | main.rs:19:23:19:57 | ...::must_use(...) | provenance | MaD:7 |
| main.rs:19:50:19:57 | password | main.rs:19:23:19:57 | MacroExpr | provenance | |
| main.rs:21:17:21:19 | url | main.rs:21:12:21:15 | post | provenance | MaD:1 Sink:MaD:1 |
| main.rs:26:9:26:11 | url | main.rs:28:33:28:35 | url | provenance | |
| main.rs:26:15:26:58 | res | main.rs:26:23:26:57 | { ... } | provenance | |
| main.rs:26:23:26:57 | ...::format(...) | main.rs:26:15:26:58 | res | provenance | |
| main.rs:26:23:26:57 | ...::must_use(...) | main.rs:26:9:26:11 | url | provenance | |
| main.rs:26:23:26:57 | MacroExpr | main.rs:26:23:26:57 | ...::format(...) | provenance | MaD:7 |
| main.rs:26:23:26:57 | { ... } | main.rs:26:23:26:57 | ...::must_use(...) | provenance | MaD:6 |
| main.rs:26:23:26:57 | MacroExpr | main.rs:26:23:26:57 | ...::format(...) | provenance | MaD:8 |
| main.rs:26:23:26:57 | { ... } | main.rs:26:23:26:57 | ...::must_use(...) | provenance | MaD:7 |
| main.rs:26:50:26:57 | password | main.rs:26:23:26:57 | MacroExpr | provenance | |
| main.rs:28:33:28:35 | url | main.rs:28:12:28:18 | request | provenance | MaD:3 Sink:MaD:3 |
| main.rs:33:9:33:11 | url | main.rs:35:33:35:35 | url | provenance | |
| main.rs:33:15:33:58 | res | main.rs:33:23:33:57 | { ... } | provenance | |
| main.rs:33:23:33:57 | ...::format(...) | main.rs:33:15:33:58 | res | provenance | |
| main.rs:33:23:33:57 | ...::must_use(...) | main.rs:33:9:33:11 | url | provenance | |
| main.rs:33:23:33:57 | MacroExpr | main.rs:33:23:33:57 | ...::format(...) | provenance | MaD:7 |
| main.rs:33:23:33:57 | { ... } | main.rs:33:23:33:57 | ...::must_use(...) | provenance | MaD:6 |
| main.rs:33:23:33:57 | MacroExpr | main.rs:33:23:33:57 | ...::format(...) | provenance | MaD:8 |
| main.rs:33:23:33:57 | { ... } | main.rs:33:23:33:57 | ...::must_use(...) | provenance | MaD:7 |
| main.rs:33:50:33:57 | password | main.rs:33:23:33:57 | MacroExpr | provenance | |
| main.rs:35:33:35:35 | url | main.rs:35:12:35:18 | request | provenance | MaD:2 Sink:MaD:2 |
models
@@ -56,9 +56,9 @@ models
| 3 | Sink: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::client::Client>::request; Argument[1]; transmission |
| 4 | Sink: reqwest::blocking::get; Argument[0]; transmission |
| 5 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
| 6 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
| 7 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
| 8 | Summary: repo:https://github.com/servo/rust-url:url; <crate::Url>::parse; Argument[0].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 6 | Summary: <url::Url>::parse; Argument[0].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
| 7 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
| 8 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
nodes
| main.rs:6:9:6:11 | url | semmle.label | url |
| main.rs:6:15:6:58 | res | semmle.label | res |

156
rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected
View File

@@ -49,90 +49,90 @@
| test_logging.rs:223:13:223:60 | ...::assert_failed | test_logging.rs:223:52:223:59 | password | test_logging.rs:223:13:223:60 | ...::assert_failed | This operation writes $@ to a log file. | test_logging.rs:223:52:223:59 | password | password |
| test_logging.rs:226:13:226:60 | ...::assert_failed | test_logging.rs:226:52:226:59 | password | test_logging.rs:226:13:226:60 | ...::assert_failed | This operation writes $@ to a log file. | test_logging.rs:226:52:226:59 | password | password |
edges
| test_logging.rs:42:12:42:35 | MacroExpr | test_logging.rs:42:5:42:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:42:12:42:35 | MacroExpr | test_logging.rs:42:5:42:36 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:42:28:42:35 | password | test_logging.rs:42:12:42:35 | MacroExpr | provenance | |
| test_logging.rs:43:12:43:35 | MacroExpr | test_logging.rs:43:5:43:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:43:12:43:35 | MacroExpr | test_logging.rs:43:5:43:36 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:43:28:43:35 | password | test_logging.rs:43:12:43:35 | MacroExpr | provenance | |
| test_logging.rs:44:11:44:34 | MacroExpr | test_logging.rs:44:5:44:35 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:44:11:44:34 | MacroExpr | test_logging.rs:44:5:44:35 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:44:27:44:34 | password | test_logging.rs:44:11:44:34 | MacroExpr | provenance | |
| test_logging.rs:45:12:45:35 | MacroExpr | test_logging.rs:45:5:45:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:45:12:45:35 | MacroExpr | test_logging.rs:45:5:45:36 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:45:28:45:35 | password | test_logging.rs:45:12:45:35 | MacroExpr | provenance | |
| test_logging.rs:46:11:46:34 | MacroExpr | test_logging.rs:46:5:46:35 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:46:11:46:34 | MacroExpr | test_logging.rs:46:5:46:35 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:46:27:46:34 | password | test_logging.rs:46:11:46:34 | MacroExpr | provenance | |
| test_logging.rs:47:24:47:47 | MacroExpr | test_logging.rs:47:5:47:48 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:47:24:47:47 | MacroExpr | test_logging.rs:47:5:47:48 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:47:40:47:47 | password | test_logging.rs:47:24:47:47 | MacroExpr | provenance | |
| test_logging.rs:52:12:52:35 | MacroExpr | test_logging.rs:52:5:52:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:52:12:52:35 | MacroExpr | test_logging.rs:52:5:52:36 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:52:28:52:35 | password | test_logging.rs:52:12:52:35 | MacroExpr | provenance | |
| test_logging.rs:54:12:54:48 | MacroExpr | test_logging.rs:54:5:54:49 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:54:12:54:48 | MacroExpr | test_logging.rs:54:5:54:49 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:54:41:54:48 | password | test_logging.rs:54:12:54:48 | MacroExpr | provenance | |
| test_logging.rs:56:12:56:46 | MacroExpr | test_logging.rs:56:5:56:47 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:56:12:56:46 | MacroExpr | test_logging.rs:56:5:56:47 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:56:39:56:46 | password | test_logging.rs:56:12:56:46 | MacroExpr | provenance | |
| test_logging.rs:57:12:57:33 | MacroExpr | test_logging.rs:57:5:57:34 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:57:12:57:33 | MacroExpr | test_logging.rs:57:5:57:34 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:57:24:57:31 | password | test_logging.rs:57:12:57:33 | MacroExpr | provenance | |
| test_logging.rs:58:12:58:35 | MacroExpr | test_logging.rs:58:5:58:36 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:58:12:58:35 | MacroExpr | test_logging.rs:58:5:58:36 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:58:24:58:31 | password | test_logging.rs:58:12:58:35 | MacroExpr | provenance | |
| test_logging.rs:60:30:60:53 | MacroExpr | test_logging.rs:60:5:60:54 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:60:30:60:53 | MacroExpr | test_logging.rs:60:5:60:54 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:60:46:60:53 | password | test_logging.rs:60:30:60:53 | MacroExpr | provenance | |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:61:20:61:28 | &... [&ref, tuple.0] | test_logging.rs:61:5:61:55 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:61:20:61:28 | &password | test_logging.rs:61:20:61:28 | TupleExpr [tuple.0] | provenance | |
| test_logging.rs:61:20:61:28 | &password [&ref] | test_logging.rs:61:20:61:28 | TupleExpr [tuple.0, &ref] | provenance | |
| test_logging.rs:61:20:61:28 | TupleExpr [tuple.0, &ref] | test_logging.rs:61:20:61:28 | &... [&ref, tuple.0, &ref] | provenance | |
| test_logging.rs:61:20:61:28 | TupleExpr [tuple.0] | test_logging.rs:61:20:61:28 | &... [&ref, tuple.0] | provenance | |
| test_logging.rs:61:21:61:28 | password | test_logging.rs:61:20:61:28 | &password | provenance | Config |
| test_logging.rs:61:21:61:28 | password | test_logging.rs:61:20:61:28 | &password [&ref] | provenance | |
| test_logging.rs:65:24:65:47 | MacroExpr | test_logging.rs:65:5:65:48 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:65:24:65:47 | MacroExpr | test_logging.rs:65:5:65:48 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:65:40:65:47 | password | test_logging.rs:65:24:65:47 | MacroExpr | provenance | |
| test_logging.rs:67:42:67:65 | MacroExpr | test_logging.rs:67:5:67:66 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:67:42:67:65 | MacroExpr | test_logging.rs:67:5:67:66 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:67:58:67:65 | password | test_logging.rs:67:42:67:65 | MacroExpr | provenance | |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:68:18:68:26 | &... [&ref, tuple.0] | test_logging.rs:68:5:68:67 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:68:18:68:26 | &password | test_logging.rs:68:18:68:26 | TupleExpr [tuple.0] | provenance | |
| test_logging.rs:68:18:68:26 | &password [&ref] | test_logging.rs:68:18:68:26 | TupleExpr [tuple.0, &ref] | provenance | |
| test_logging.rs:68:18:68:26 | TupleExpr [tuple.0, &ref] | test_logging.rs:68:18:68:26 | &... [&ref, tuple.0, &ref] | provenance | |
| test_logging.rs:68:18:68:26 | TupleExpr [tuple.0] | test_logging.rs:68:18:68:26 | &... [&ref, tuple.0] | provenance | |
| test_logging.rs:68:19:68:26 | password | test_logging.rs:68:18:68:26 | &password | provenance | Config |
| test_logging.rs:68:19:68:26 | password | test_logging.rs:68:18:68:26 | &password [&ref] | provenance | |
| test_logging.rs:72:23:72:46 | MacroExpr | test_logging.rs:72:5:72:47 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:72:23:72:46 | MacroExpr | test_logging.rs:72:5:72:47 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:72:39:72:46 | password | test_logging.rs:72:23:72:46 | MacroExpr | provenance | |
| test_logging.rs:74:41:74:64 | MacroExpr | test_logging.rs:74:5:74:65 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:74:41:74:64 | MacroExpr | test_logging.rs:74:5:74:65 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:74:57:74:64 | password | test_logging.rs:74:41:74:64 | MacroExpr | provenance | |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:75:20:75:28 | &... [&ref, tuple.0] | test_logging.rs:75:5:75:51 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:75:20:75:28 | &password | test_logging.rs:75:20:75:28 | TupleExpr [tuple.0] | provenance | |
| test_logging.rs:75:20:75:28 | &password [&ref] | test_logging.rs:75:20:75:28 | TupleExpr [tuple.0, &ref] | provenance | |
| test_logging.rs:75:20:75:28 | TupleExpr [tuple.0, &ref] | test_logging.rs:75:20:75:28 | &... [&ref, tuple.0, &ref] | provenance | |
| test_logging.rs:75:20:75:28 | TupleExpr [tuple.0] | test_logging.rs:75:20:75:28 | &... [&ref, tuple.0] | provenance | |
| test_logging.rs:75:21:75:28 | password | test_logging.rs:75:20:75:28 | &password | provenance | Config |
| test_logging.rs:75:21:75:28 | password | test_logging.rs:75:20:75:28 | &password [&ref] | provenance | |
| test_logging.rs:76:23:76:46 | MacroExpr | test_logging.rs:76:5:76:47 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:76:23:76:46 | MacroExpr | test_logging.rs:76:5:76:47 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:76:39:76:46 | password | test_logging.rs:76:23:76:46 | MacroExpr | provenance | |
| test_logging.rs:82:20:82:43 | MacroExpr | test_logging.rs:82:5:82:44 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:82:20:82:43 | MacroExpr | test_logging.rs:82:5:82:44 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:82:36:82:43 | password | test_logging.rs:82:20:82:43 | MacroExpr | provenance | |
| test_logging.rs:84:38:84:61 | MacroExpr | test_logging.rs:84:5:84:62 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:84:38:84:61 | MacroExpr | test_logging.rs:84:5:84:62 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:84:54:84:61 | password | test_logging.rs:84:38:84:61 | MacroExpr | provenance | |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:11 Sink:MaD:11 Sink:MaD:11 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:85:20:85:28 | &... [&ref, tuple.0] | test_logging.rs:85:5:85:48 | ...::log | provenance | MaD:9 Sink:MaD:9 Sink:MaD:9 |
| test_logging.rs:85:20:85:28 | &password | test_logging.rs:85:20:85:28 | TupleExpr [tuple.0] | provenance | |
| test_logging.rs:85:20:85:28 | &password [&ref] | test_logging.rs:85:20:85:28 | TupleExpr [tuple.0, &ref] | provenance | |
| test_logging.rs:85:20:85:28 | TupleExpr [tuple.0, &ref] | test_logging.rs:85:20:85:28 | &... [&ref, tuple.0, &ref] | provenance | |
| test_logging.rs:85:20:85:28 | TupleExpr [tuple.0] | test_logging.rs:85:20:85:28 | &... [&ref, tuple.0] | provenance | |
| test_logging.rs:85:21:85:28 | password | test_logging.rs:85:20:85:28 | &password | provenance | Config |
| test_logging.rs:85:21:85:28 | password | test_logging.rs:85:20:85:28 | &password [&ref] | provenance | |
| test_logging.rs:86:20:86:43 | MacroExpr | test_logging.rs:86:5:86:44 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:86:20:86:43 | MacroExpr | test_logging.rs:86:5:86:44 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:86:36:86:43 | password | test_logging.rs:86:20:86:43 | MacroExpr | provenance | |
| test_logging.rs:93:9:93:10 | m1 | test_logging.rs:94:11:94:28 | MacroExpr | provenance | |
| test_logging.rs:93:14:93:22 | &password | test_logging.rs:93:9:93:10 | m1 | provenance | |
| test_logging.rs:93:15:93:22 | password | test_logging.rs:93:14:93:22 | &password | provenance | Config |
| test_logging.rs:94:11:94:28 | MacroExpr | test_logging.rs:94:5:94:29 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:94:11:94:28 | MacroExpr | test_logging.rs:94:5:94:29 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:96:9:96:10 | m2 | test_logging.rs:97:11:97:18 | MacroExpr | provenance | |
| test_logging.rs:96:41:96:49 | &password | test_logging.rs:96:9:96:10 | m2 | provenance | |
| test_logging.rs:96:42:96:49 | password | test_logging.rs:96:41:96:49 | &password | provenance | Config |
| test_logging.rs:97:11:97:18 | MacroExpr | test_logging.rs:97:5:97:19 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:97:11:97:18 | MacroExpr | test_logging.rs:97:5:97:19 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:99:9:99:10 | m3 | test_logging.rs:100:11:100:18 | MacroExpr | provenance | |
| test_logging.rs:99:14:99:46 | res | test_logging.rs:99:22:99:45 | { ... } | provenance | |
| test_logging.rs:99:22:99:45 | ...::format(...) | test_logging.rs:99:14:99:46 | res | provenance | |
@@ -140,21 +140,21 @@ edges
| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:13 |
| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:12 |
| test_logging.rs:99:38:99:45 | password | test_logging.rs:99:22:99:45 | MacroExpr | provenance | |
| test_logging.rs:100:11:100:18 | MacroExpr | test_logging.rs:100:5:100:19 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:118:12:118:41 | MacroExpr | test_logging.rs:118:5:118:42 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:100:11:100:18 | MacroExpr | test_logging.rs:100:5:100:19 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:118:12:118:41 | MacroExpr | test_logging.rs:118:5:118:42 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:118:28:118:41 | get_password(...) | test_logging.rs:118:12:118:41 | MacroExpr | provenance | |
| test_logging.rs:129:9:129:10 | t1 [tuple.1] | test_logging.rs:131:28:131:29 | t1 [tuple.1] | provenance | |
| test_logging.rs:129:14:129:33 | TupleExpr [tuple.1] | test_logging.rs:129:9:129:10 | t1 [tuple.1] | provenance | |
| test_logging.rs:129:25:129:32 | password | test_logging.rs:129:14:129:33 | TupleExpr [tuple.1] | provenance | |
| test_logging.rs:131:12:131:31 | MacroExpr | test_logging.rs:131:5:131:32 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:131:12:131:31 | MacroExpr | test_logging.rs:131:5:131:32 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:131:28:131:29 | t1 [tuple.1] | test_logging.rs:131:28:131:31 | t1.1 | provenance | |
| test_logging.rs:131:28:131:31 | t1.1 | test_logging.rs:131:12:131:31 | MacroExpr | provenance | |
| test_logging.rs:141:11:141:37 | MacroExpr | test_logging.rs:141:5:141:38 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:141:11:141:37 | MacroExpr | test_logging.rs:141:5:141:38 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:141:27:141:37 | s1.password | test_logging.rs:141:11:141:37 | MacroExpr | provenance | |
| test_logging.rs:151:11:151:37 | MacroExpr | test_logging.rs:151:5:151:38 | ...::log | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:151:11:151:37 | MacroExpr | test_logging.rs:151:5:151:38 | ...::log | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:151:27:151:37 | s2.password | test_logging.rs:151:11:151:37 | MacroExpr | provenance | |
| test_logging.rs:176:33:176:79 | &... | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:6 Sink:MaD:6 |
| test_logging.rs:176:33:176:79 | &... [&ref] | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:6 Sink:MaD:6 |
| test_logging.rs:176:33:176:79 | &... | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:1 Sink:MaD:1 |
| test_logging.rs:176:33:176:79 | &... [&ref] | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:1 Sink:MaD:1 |
| test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... | provenance | Config |
| test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... [&ref] | provenance | |
| test_logging.rs:176:34:176:79 | res | test_logging.rs:176:42:176:78 | { ... } | provenance | |
@@ -163,8 +163,8 @@ edges
| test_logging.rs:176:42:176:78 | MacroExpr | test_logging.rs:176:42:176:78 | ...::format(...) | provenance | MaD:13 |
| test_logging.rs:176:42:176:78 | { ... } | test_logging.rs:176:42:176:78 | ...::must_use(...) | provenance | MaD:12 |
| test_logging.rs:176:70:176:78 | password2 | test_logging.rs:176:42:176:78 | MacroExpr | provenance | |
| test_logging.rs:180:35:180:81 | &... | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:180:35:180:81 | &... [&ref] | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:180:35:180:81 | &... | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:180:35:180:81 | &... [&ref] | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... | provenance | Config |
| test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... [&ref] | provenance | |
| test_logging.rs:180:36:180:81 | res | test_logging.rs:180:44:180:80 | { ... } | provenance | |
@@ -177,63 +177,63 @@ edges
| test_logging.rs:183:47:183:68 | Err(...) [Err] | test_logging.rs:183:9:183:19 | err_result2 [Err] | provenance | |
| test_logging.rs:183:51:183:59 | password2 | test_logging.rs:183:51:183:67 | password2.clone() | provenance | generated |
| test_logging.rs:183:51:183:67 | password2.clone() | test_logging.rs:183:47:183:68 | Err(...) [Err] | provenance | |
| test_logging.rs:184:13:184:23 | err_result2 [Err] | test_logging.rs:184:25:184:34 | log_expect | provenance | MaD:8 Sink:MaD:8 |
| test_logging.rs:184:13:184:23 | err_result2 [Err] | test_logging.rs:184:25:184:34 | log_expect | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:187:9:187:19 | err_result3 [Err] | test_logging.rs:188:13:188:23 | err_result3 [Err] | provenance | |
| test_logging.rs:187:47:187:60 | Err(...) [Err] | test_logging.rs:187:9:187:19 | err_result3 [Err] | provenance | |
| test_logging.rs:187:51:187:59 | password2 | test_logging.rs:187:47:187:60 | Err(...) [Err] | provenance | |
| test_logging.rs:188:13:188:23 | err_result3 [Err] | test_logging.rs:188:25:188:34 | log_unwrap | provenance | MaD:9 Sink:MaD:9 |
| test_logging.rs:192:12:192:37 | MacroExpr | test_logging.rs:192:5:192:38 | ...::_print | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:188:13:188:23 | err_result3 [Err] | test_logging.rs:188:25:188:34 | log_unwrap | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:192:12:192:37 | MacroExpr | test_logging.rs:192:5:192:38 | ...::_print | provenance | MaD:11 Sink:MaD:11 |
| test_logging.rs:192:30:192:37 | password | test_logging.rs:192:12:192:37 | MacroExpr | provenance | |
| test_logging.rs:193:14:193:37 | MacroExpr | test_logging.rs:193:5:193:38 | ...::_print | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:193:14:193:37 | MacroExpr | test_logging.rs:193:5:193:38 | ...::_print | provenance | MaD:11 Sink:MaD:11 |
| test_logging.rs:193:30:193:37 | password | test_logging.rs:193:14:193:37 | MacroExpr | provenance | |
| test_logging.rs:194:13:194:38 | MacroExpr | test_logging.rs:194:5:194:39 | ...::_eprint | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:194:13:194:38 | MacroExpr | test_logging.rs:194:5:194:39 | ...::_eprint | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:194:31:194:38 | password | test_logging.rs:194:13:194:38 | MacroExpr | provenance | |
| test_logging.rs:195:15:195:38 | MacroExpr | test_logging.rs:195:5:195:39 | ...::_eprint | provenance | MaD:4 Sink:MaD:4 |
| test_logging.rs:195:15:195:38 | MacroExpr | test_logging.rs:195:5:195:39 | ...::_eprint | provenance | MaD:10 Sink:MaD:10 |
| test_logging.rs:195:31:195:38 | password | test_logging.rs:195:15:195:38 | MacroExpr | provenance | |
| test_logging.rs:199:20:199:43 | MacroExpr | test_logging.rs:199:13:199:44 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:199:20:199:43 | MacroExpr | test_logging.rs:199:13:199:44 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:199:36:199:43 | password | test_logging.rs:199:20:199:43 | MacroExpr | provenance | |
| test_logging.rs:202:19:202:42 | MacroExpr | test_logging.rs:202:13:202:43 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:202:19:202:42 | MacroExpr | test_logging.rs:202:13:202:43 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:202:35:202:42 | password | test_logging.rs:202:19:202:42 | MacroExpr | provenance | |
| test_logging.rs:205:28:205:51 | MacroExpr | test_logging.rs:205:13:205:52 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:205:28:205:51 | MacroExpr | test_logging.rs:205:13:205:52 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:205:44:205:51 | password | test_logging.rs:205:28:205:51 | MacroExpr | provenance | |
| test_logging.rs:208:26:208:49 | MacroExpr | test_logging.rs:208:13:208:50 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:208:26:208:49 | MacroExpr | test_logging.rs:208:13:208:50 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:208:42:208:49 | password | test_logging.rs:208:26:208:49 | MacroExpr | provenance | |
| test_logging.rs:211:28:211:51 | MacroExpr | test_logging.rs:211:13:211:52 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:211:28:211:51 | MacroExpr | test_logging.rs:211:13:211:52 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:211:44:211:51 | password | test_logging.rs:211:28:211:51 | MacroExpr | provenance | |
| test_logging.rs:214:13:214:54 | ...::assert_failed [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed | provenance | Sink:MaD:2 |
| test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed [Some] | provenance | MaD:1 |
| test_logging.rs:214:13:214:54 | ...::assert_failed [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed | provenance | Sink:MaD:5 |
| test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | test_logging.rs:214:13:214:54 | ...::assert_failed [Some] | provenance | MaD:6 |
| test_logging.rs:214:30:214:53 | MacroExpr | test_logging.rs:214:30:214:53 | ...::Some(...) [Some] | provenance | |
| test_logging.rs:214:46:214:53 | password | test_logging.rs:214:30:214:53 | MacroExpr | provenance | |
| test_logging.rs:217:13:217:54 | ...::assert_failed [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed | provenance | Sink:MaD:2 |
| test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed [Some] | provenance | MaD:1 |
| test_logging.rs:217:13:217:54 | ...::assert_failed [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed | provenance | Sink:MaD:5 |
| test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | test_logging.rs:217:13:217:54 | ...::assert_failed [Some] | provenance | MaD:6 |
| test_logging.rs:217:30:217:53 | MacroExpr | test_logging.rs:217:30:217:53 | ...::Some(...) [Some] | provenance | |
| test_logging.rs:217:46:217:53 | password | test_logging.rs:217:30:217:53 | MacroExpr | provenance | |
| test_logging.rs:220:34:220:57 | MacroExpr | test_logging.rs:220:13:220:58 | ...::panic_fmt | provenance | MaD:3 Sink:MaD:3 |
| test_logging.rs:220:34:220:57 | MacroExpr | test_logging.rs:220:13:220:58 | ...::panic_fmt | provenance | MaD:7 Sink:MaD:7 |
| test_logging.rs:220:50:220:57 | password | test_logging.rs:220:34:220:57 | MacroExpr | provenance | |
| test_logging.rs:223:13:223:60 | ...::assert_failed [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed | provenance | Sink:MaD:2 |
| test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed [Some] | provenance | MaD:1 |
| test_logging.rs:223:13:223:60 | ...::assert_failed [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed | provenance | Sink:MaD:5 |
| test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | test_logging.rs:223:13:223:60 | ...::assert_failed [Some] | provenance | MaD:6 |
| test_logging.rs:223:36:223:59 | MacroExpr | test_logging.rs:223:36:223:59 | ...::Some(...) [Some] | provenance | |
| test_logging.rs:223:52:223:59 | password | test_logging.rs:223:36:223:59 | MacroExpr | provenance | |
| test_logging.rs:226:13:226:60 | ...::assert_failed [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed | provenance | Sink:MaD:2 |
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed | provenance | MaD:2 Sink:MaD:2 |
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed [Some] | provenance | MaD:1 |
| test_logging.rs:226:13:226:60 | ...::assert_failed [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed | provenance | Sink:MaD:5 |
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed | provenance | MaD:5 Sink:MaD:5 |
| test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:60 | ...::assert_failed [Some] | provenance | MaD:6 |
| test_logging.rs:226:36:226:59 | MacroExpr | test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | provenance | |
| test_logging.rs:226:52:226:59 | password | test_logging.rs:226:36:226:59 | MacroExpr | provenance | |
models
| 1 | Sink: core::panicking::assert_failed; Argument[3]; log-injection |
| 2 | Sink: lang:core; crate::panicking::assert_failed; Argument[3].Field[core::option::Option::Some(0)]; log-injection |
| 3 | Sink: lang:core; crate::panicking::panic_fmt; Argument[0]; log-injection |
| 4 | Sink: lang:std; crate::io::stdio::_eprint; Argument[0]; log-injection |
| 5 | Sink: lang:std; crate::io::stdio::_print; Argument[0]; log-injection |
| 6 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::option::Option as crate::LogErrOption>::log_expect; Argument[0]; log-injection |
| 7 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_expect; Argument[0]; log-injection |
| 8 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_expect; Argument[self].Field[core::result::Result::Err(0)]; log-injection |
| 9 | Sink: repo:https://github.com/DesmondWillowbrook/rs-log_err:log_err; <crate::result::Result as crate::LogErrResult>::log_unwrap; Argument[self].Field[core::result::Result::Err(0)]; log-injection |
| 10 | Sink: repo:https://github.com/rust-lang/log:log; crate::__private_api::log; Argument[1]; log-injection |
| 11 | Sink: repo:https://github.com/rust-lang/log:log; crate::__private_api::log; Argument[3]; log-injection |
| 1 | Sink: <core::option::Option as log_err::LogErrOption>::log_expect; Argument[0]; log-injection |
| 2 | Sink: <core::result::Result as log_err::LogErrResult>::log_expect; Argument[0]; log-injection |
| 3 | Sink: <core::result::Result as log_err::LogErrResult>::log_expect; Argument[self].Field[core::result::Result::Err(0)]; log-injection |
| 4 | Sink: <core::result::Result as log_err::LogErrResult>::log_unwrap; Argument[self].Field[core::result::Result::Err(0)]; log-injection |
| 5 | Sink: core::panicking::assert_failed; Argument[3].Field[core::option::Option::Some(0)]; log-injection |
| 6 | Sink: core::panicking::assert_failed; Argument[3]; log-injection |
| 7 | Sink: core::panicking::panic_fmt; Argument[0]; log-injection |
| 8 | Sink: log::__private_api::log; Argument[1]; log-injection |
| 9 | Sink: log::__private_api::log; Argument[3]; log-injection |
| 10 | Sink: std::io::stdio::_eprint; Argument[0]; log-injection |
| 11 | Sink: std::io::stdio::_print; Argument[0]; log-injection |
| 12 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
| 13 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
nodes

7
rust/ql/test/query-tests/security/CWE-327/CONSISTENCY/PathResolutionConsistency.expected Normal file
View File

@@ -0,0 +1,7 @@
multipleCallTargets
| test_cipher.rs:20:27:20:48 | ...::new(...) |
| test_cipher.rs:26:27:26:48 | ...::new(...) |
| test_cipher.rs:29:27:29:48 | ...::new(...) |
| test_cipher.rs:36:30:36:59 | ...::new(...) |
| test_cipher.rs:39:30:39:63 | ...::new(...) |
| test_cipher.rs:110:23:110:50 | ...::new(...) |

2
rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
View File

@@ -319,7 +319,7 @@ models
| 27 | Sink: repo:https://github.com/rust-lang/libc:libc; ::calloc; Argument[0,1]; alloc-size |
| 28 | Sink: repo:https://github.com/rust-lang/libc:libc; ::malloc; Argument[0]; alloc-size |
| 29 | Sink: repo:https://github.com/rust-lang/libc:libc; ::realloc; Argument[1]; alloc-size |
| 30 | Source: lang:std; crate::env::args; ReturnValue.Element; commandargs |
| 30 | Source: std::env::args; ReturnValue.Element; commandargs |
| 31 | Summary: <core::alloc::layout::Layout>::from_size_align_unchecked; Argument[0]; ReturnValue.Field[core::alloc::layout::Layout::size]; value |
| 32 | Summary: <core::alloc::layout::Layout>::size; Argument[self].Field[core::alloc::layout::Layout::size]; ReturnValue; value |
| 33 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |