Merge pull request #21376 from geoffw0/splitoff2

Rust: Update split_off models
2026-03-31 04:38:18 +02:00 · 2026-03-09 09:22:36 +00:00
parent 8bbb0ec954 d81b9aa5fd
commit be9c1d074f
3 changed files with 11 additions and 18 deletions
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml
@@ -55,4 +55,14 @@ extensions:
      - ["<alloc::string::String as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"]
      # Vec
      - ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"]
-      - ["<alloc::vec::Vec as core::ops::deref::Deref>::deref", "Argument[self].Reference.Element", "ReturnValue.Reference.Element", "value", "manual"]
+      - ["<alloc::vec::Vec as core::ops::deref::Deref>::deref", "Argument[self].Reference.Element", "ReturnValue.Reference.Element", "value", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: neutralModel
+    data:
+      - ["<alloc::vec::Vec as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::collections::vec_deque::VecDeque as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::sync::Arc as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::rc::Rc as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::string::String>::split_off", "sink", "manual"]
+      - ["<alloc::vec::Vec>::split_off", "sink", "manual"]
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
@@ -165,11 +165,7 @@ extensions:
      extensible: neutralModel
    data:
      - ["<core::option::Option>::map", "sink", "manual"]
-      - ["<alloc::vec::Vec as core::convert::From>::from", "sink", "manual"]
-      - ["<alloc::collections::vec_deque::VecDeque as core::convert::From>::from", "sink", "manual"]
      - ["<std::io::error::Error as core::convert::From>::from", "sink", "manual"]
-      - ["<alloc::sync::Arc as core::convert::From>::from", "sink", "manual"]
-      - ["<alloc::rc::Rc as core::convert::From>::from", "sink", "manual"]
  - addsTo:
      pack: codeql/rust-all
      extensible: excludeFieldTaintStep
--- a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll
@@ -63,17 +63,4 @@ module UncontrolledAllocationSize {
        branch = false
      )
  }
-
-  /**
-   * A barrier for uncontrolled allocation size flow into particular functions.
-   */
-  private class ModeledBarrier extends Barrier {
-    ModeledBarrier() {
-      exists(MethodCall c |
-        c.getStaticTarget().getCanonicalPath() =
-          ["<alloc::string::String>::split_off", "<alloc::vec::Vec>::split_off"] and
-        this.asExpr() = c.getAnArgument()
-      )
-    }
-  }
 }