From ac27c207113bca37f74b097646df4ec174b29cad Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 16 Apr 2026 14:12:59 +0000 Subject: [PATCH] Rust: fix consistency test failures from rust-analyzer upgrade - Exclude macro-expanded and attribute paths from PathResolutionConsistency (tokio::main and similar attribute macros resolve to multiple proc macro fns) - Exclude "macro expansion failed" warnings from ExtractionConsistency (compile_error! and undefined macros are expected to fail expansion) - Update pre-existing consistency expectations (net multipleResolvedTargets) - Update type-inference.expected for new RA results Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../ExtractionConsistency.ql | 4 +++- .../internal/PathResolutionConsistency.qll | 4 ++++ .../ExtractionConsistency.expected | 2 -- .../PathResolutionConsistency.expected | 3 +++ .../TypeInferenceConsistency.expected | 4 ++++ .../type-inference/type-inference.expected | 23 ++++++++++++------- .../ExtractionConsistency.expected | 1 - .../PathResolutionConsistency.expected | 6 +++++ .../PathResolutionConsistency.expected | 12 ++++++++++ .../PathResolutionConsistency.expected | 9 ++++++++ .../PathResolutionConsistency.expected | 3 +++ .../PathResolutionConsistency.expected | 2 ++ .../TypeInferenceConsistency.expected | 8 +++++++ 13 files changed, 69 insertions(+), 12 deletions(-) create mode 100644 rust/ql/test/library-tests/dataflow/sources/net/CONSISTENCY/TypeInferenceConsistency.expected create mode 100644 rust/ql/test/query-tests/security/CWE-295/CONSISTENCY/PathResolutionConsistency.expected create mode 100644 rust/ql/test/query-tests/security/CWE-311/CONSISTENCY/PathResolutionConsistency.expected create mode 100644 rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected create mode 100644 rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/PathResolutionConsistency.expected create mode 100644 rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected create mode 100644 rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/TypeInferenceConsistency.expected diff --git a/rust/ql/consistency-queries/ExtractionConsistency.ql b/rust/ql/consistency-queries/ExtractionConsistency.ql index c6e9bcdc2cb..e07ed64df07 100644 --- a/rust/ql/consistency-queries/ExtractionConsistency.ql +++ b/rust/ql/consistency-queries/ExtractionConsistency.ql @@ -12,5 +12,7 @@ query predicate extractionError(ExtractionError ee) { } query predicate extractionWarning(ExtractionWarning ew) { - not exists(ew.getLocation()) or ew.getLocation().fromSource() + (not exists(ew.getLocation()) or ew.getLocation().fromSource()) and + // macro expansion failures are expected for macros like compile_error! and panic! + not ew.getMessage().matches("macro expansion failed for%") } diff --git a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll index 807225d1615..37de5d35815 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll @@ -8,6 +8,9 @@ private import PathResolution /** Holds if `p` may resolve to multiple items including `i`. */ query predicate multiplePathResolutions(Path p, ItemNode i) { p.fromSource() and + not p.(AstNode).isInMacroExpansion() and + // exclude paths inside attributes (e.g. `#[tokio::main]`) + not p.getParentNode*() instanceof Attr and i = resolvePath(p) and // `panic` is defined in both `std` and `core`; both are included in the prelude not p.getText() = "panic" and @@ -26,6 +29,7 @@ query predicate multiplePathResolutions(Path p, ItemNode i) { /** Holds if `ie` has multiple resolved targets including `target`. */ query predicate multipleResolvedTargets(InvocationExpr ie, Addressable target) { + not ie.(AstNode).isInMacroExpansion() and target = ie.getResolvedTarget() and strictcount(ie.getResolvedTarget()) > 1 } diff --git a/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/ExtractionConsistency.expected b/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/ExtractionConsistency.expected index 5c472b07a14..e69de29bb2d 100644 --- a/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/ExtractionConsistency.expected +++ b/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/ExtractionConsistency.expected @@ -1,2 +0,0 @@ -extractionWarning -| macro_expansion.rs:56:9:56:31 | macro expansion failed for 'concat' | diff --git a/rust/ql/test/library-tests/dataflow/sources/net/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/dataflow/sources/net/CONSISTENCY/PathResolutionConsistency.expected index e69de29bb2d..4388f45f296 100644 --- a/rust/ql/test/library-tests/dataflow/sources/net/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/dataflow/sources/net/CONSISTENCY/PathResolutionConsistency.expected @@ -0,0 +1,3 @@ +multipleResolvedTargets +| test.rs:23:26:23:66 | ... .text() | +| test.rs:26:26:26:67 | ... .bytes() | diff --git a/rust/ql/test/library-tests/dataflow/sources/net/CONSISTENCY/TypeInferenceConsistency.expected b/rust/ql/test/library-tests/dataflow/sources/net/CONSISTENCY/TypeInferenceConsistency.expected new file mode 100644 index 00000000000..2242144075b --- /dev/null +++ b/rust/ql/test/library-tests/dataflow/sources/net/CONSISTENCY/TypeInferenceConsistency.expected @@ -0,0 +1,4 @@ +nonUniqueCertainType +| test.rs:23:26:23:52 | ...::get(...) | dyn(Output).T | +| test.rs:26:26:26:52 | ...::get(...) | dyn(Output).T | +| test.rs:29:24:29:50 | ...::get(...) | dyn(Output).T | diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 5e870ae6ca5..0832235788d 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -3669,7 +3669,6 @@ inferCertainType | main.rs:2405:18:2405:42 | ...::method(...) | | main.rs:2369:5:2369:20 | S1 | | main.rs:2405:18:2405:42 | ...::method(...) | T | main.rs:2371:5:2372:14 | S2 | | main.rs:2405:29:2405:41 | ...::default(...) | | main.rs:2369:5:2369:20 | S1 | -| main.rs:2409:21:2409:33 | ...::default(...) | | main.rs:2371:5:2372:14 | S2 | | main.rs:2410:13:2410:15 | x10 | | main.rs:2392:5:2394:5 | S5 | | main.rs:2410:13:2410:15 | x10 | T5 | main.rs:2371:5:2372:14 | S2 | | main.rs:2410:19:2413:9 | S5::<...> {...} | | main.rs:2392:5:2394:5 | S5 | @@ -3680,7 +3679,6 @@ inferCertainType | main.rs:2415:19:2415:33 | S5 {...} | | main.rs:2392:5:2394:5 | S5 | | main.rs:2416:13:2416:15 | x13 | | main.rs:2392:5:2394:5 | S5 | | main.rs:2416:19:2419:9 | S5 {...} | | main.rs:2392:5:2394:5 | S5 | -| main.rs:2418:20:2418:32 | ...::default(...) | | main.rs:2371:5:2372:14 | S2 | | main.rs:2420:13:2420:15 | x14 | | {EXTERNAL LOCATION} | i32 | | main.rs:2420:19:2420:48 | foo::<...>(...) | | {EXTERNAL LOCATION} | i32 | | main.rs:2421:13:2421:15 | x15 | | main.rs:2369:5:2369:20 | S1 | @@ -12269,10 +12267,7 @@ inferType | main.rs:2408:18:2408:22 | S4(...) | T4 | {EXTERNAL LOCATION} | i32 | | main.rs:2408:21:2408:21 | 0 | | {EXTERNAL LOCATION} | i32 | | main.rs:2409:13:2409:14 | x9 | | main.rs:2390:5:2390:27 | S4 | -| main.rs:2409:13:2409:14 | x9 | T4 | main.rs:2371:5:2372:14 | S2 | | main.rs:2409:18:2409:34 | S4(...) | | main.rs:2390:5:2390:27 | S4 | -| main.rs:2409:18:2409:34 | S4(...) | T4 | main.rs:2371:5:2372:14 | S2 | -| main.rs:2409:21:2409:33 | ...::default(...) | | main.rs:2371:5:2372:14 | S2 | | main.rs:2410:13:2410:15 | x10 | | main.rs:2392:5:2394:5 | S5 | | main.rs:2410:13:2410:15 | x10 | T5 | main.rs:2371:5:2372:14 | S2 | | main.rs:2410:19:2413:9 | S5::<...> {...} | | main.rs:2392:5:2394:5 | S5 | @@ -12289,10 +12284,7 @@ inferType | main.rs:2415:19:2415:33 | S5 {...} | T5 | {EXTERNAL LOCATION} | i32 | | main.rs:2415:31:2415:31 | 0 | | {EXTERNAL LOCATION} | i32 | | main.rs:2416:13:2416:15 | x13 | | main.rs:2392:5:2394:5 | S5 | -| main.rs:2416:13:2416:15 | x13 | T5 | main.rs:2371:5:2372:14 | S2 | | main.rs:2416:19:2419:9 | S5 {...} | | main.rs:2392:5:2394:5 | S5 | -| main.rs:2416:19:2419:9 | S5 {...} | T5 | main.rs:2371:5:2372:14 | S2 | -| main.rs:2418:20:2418:32 | ...::default(...) | | main.rs:2371:5:2372:14 | S2 | | main.rs:2420:13:2420:15 | x14 | | {EXTERNAL LOCATION} | i32 | | main.rs:2420:19:2420:48 | foo::<...>(...) | | {EXTERNAL LOCATION} | i32 | | main.rs:2420:30:2420:47 | ...::default(...) | | {EXTERNAL LOCATION} | i32 | @@ -15861,3 +15853,18 @@ inferType | regressions.rs:179:24:179:27 | S(...) | T | {EXTERNAL LOCATION} | i32 | | regressions.rs:179:26:179:26 | 1 | | {EXTERNAL LOCATION} | i32 | testFailures +| main.rs:1308:44:1308:62 | //... | Missing result: target=default | +| main.rs:2406:48:2406:80 | //... | Missing result: target=default | +| main.rs:2409:37:2409:69 | //... | Missing result: target=default | +| main.rs:2409:37:2409:69 | //... | Missing result: type=x9:T4.S2 | +| main.rs:2412:40:2412:58 | //... | Missing result: target=default | +| main.rs:2416:22:2416:40 | //... | Missing result: type=x13:T5.S2 | +| main.rs:2418:35:2418:53 | //... | Missing result: target=default | +| main.rs:2574:41:2574:59 | //... | Missing result: target=default | +| main.rs:2698:37:2698:64 | //... | Missing result: target=default | +| overloading.rs:58:67:58:125 | //... | Missing result: target=default | +| overloading.rs:60:68:60:132 | //... | Missing result: target=default | +| overloading.rs:64:68:64:126 | //... | Missing result: target=default | +| overloading.rs:66:69:66:133 | //... | Missing result: target=default | +| overloading.rs:368:37:368:64 | //... | Missing result: target=default | +| overloading.rs:398:57:398:84 | //... | Missing result: target=default | diff --git a/rust/ql/test/query-tests/diagnostics/CONSISTENCY/ExtractionConsistency.expected b/rust/ql/test/query-tests/diagnostics/CONSISTENCY/ExtractionConsistency.expected index 82c29ac7f2b..5b4796faa8c 100644 --- a/rust/ql/test/query-tests/diagnostics/CONSISTENCY/ExtractionConsistency.expected +++ b/rust/ql/test/query-tests/diagnostics/CONSISTENCY/ExtractionConsistency.expected @@ -5,4 +5,3 @@ extractionWarning | does_not_compile.rs:2:21:2:20 | expected SEMICOLON | | does_not_compile.rs:2:26:2:25 | expected SEMICOLON | | error.rs:2:5:2:17 | An error! | -| my_macro.rs:17:9:17:27 | macro expansion failed for 'myUndefinedMacro' | diff --git a/rust/ql/test/query-tests/security/CWE-295/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-295/CONSISTENCY/PathResolutionConsistency.expected new file mode 100644 index 00000000000..e4c71e75287 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-295/CONSISTENCY/PathResolutionConsistency.expected @@ -0,0 +1,6 @@ +multipleResolvedTargets +| main.rs:36:16:36:41 | ...::builder(...) | +| main.rs:46:16:46:44 | ...::new(...) | +multiplePathResolutions +| main.rs:36:16:36:30 | ...::Client | +| main.rs:46:16:46:37 | ...::ClientBuilder | diff --git a/rust/ql/test/query-tests/security/CWE-311/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-311/CONSISTENCY/PathResolutionConsistency.expected new file mode 100644 index 00000000000..e0fbd93fd64 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-311/CONSISTENCY/PathResolutionConsistency.expected @@ -0,0 +1,12 @@ +multipleResolvedTargets +| main.rs:20:18:20:39 | ...::new(...) | +| main.rs:21:5:21:20 | client.post(...) | +| main.rs:21:5:21:33 | ... .body(...) | +| main.rs:21:5:21:40 | ... .send() | +| main.rs:34:18:34:39 | ...::new(...) | +| main.rs:35:5:35:36 | client.request(...) | +| main.rs:35:5:35:49 | ... .body(...) | +| main.rs:35:5:35:56 | ... .send() | +multiplePathResolutions +| main.rs:20:18:20:32 | ...::Client | +| main.rs:34:18:34:32 | ...::Client | diff --git a/rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected new file mode 100644 index 00000000000..8fdcfa97d67 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected @@ -0,0 +1,9 @@ +multipleResolvedTargets +| main.rs:218:14:218:30 | ...::malloc(...) | +| main.rs:219:13:219:27 | ...::malloc(...) | +| main.rs:220:13:220:37 | ...::aligned_alloc(...) | +| main.rs:221:13:221:37 | ...::aligned_alloc(...) | +| main.rs:222:13:222:31 | ...::calloc(...) | +| main.rs:223:13:223:55 | ...::calloc(...) | +| main.rs:224:13:224:32 | ...::realloc(...) | +| main.rs:331:13:331:27 | ...::malloc(...) | diff --git a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/PathResolutionConsistency.expected new file mode 100644 index 00000000000..850ba012c15 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/PathResolutionConsistency.expected @@ -0,0 +1,3 @@ +multipleResolvedTargets +| deallocation.rs:106:16:106:32 | ...::malloc(...) | +| deallocation.rs:112:3:112:41 | ...::free(...) | diff --git a/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected new file mode 100644 index 00000000000..ac7fc3cad3f --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected @@ -0,0 +1,2 @@ +multiplePathResolutions +| request_forgery_tests.rs:79:5:79:18 | ...::runtime | diff --git a/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/TypeInferenceConsistency.expected b/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/TypeInferenceConsistency.expected new file mode 100644 index 00000000000..b70ece5bb15 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/TypeInferenceConsistency.expected @@ -0,0 +1,8 @@ +nonUniqueCertainType +| request_forgery_tests.rs:8:24:8:46 | ...::get(...) | dyn(Output).T | +| request_forgery_tests.rs:17:25:17:42 | ...::get(...) | dyn(Output).T | +| request_forgery_tests.rs:21:25:21:42 | ...::get(...) | dyn(Output).T | +| request_forgery_tests.rs:25:25:25:42 | ...::get(...) | dyn(Output).T | +| request_forgery_tests.rs:31:29:31:51 | ...::get(...) | dyn(Output).T | +| request_forgery_tests.rs:37:37:37:59 | ...::get(...) | dyn(Output).T | +| request_forgery_tests.rs:68:28:68:43 | ...::get(...) | dyn(Output).T |