Rust: Regenerate models

2026-04-30 03:05:15 +02:00 · 2026-01-07 10:14:59 +01:00
parent d78491294a
commit da43e8cad8
23 changed files with 9723 additions and 5038 deletions
--- a/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected
+++ b/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected
@@ -21,7 +21,6 @@ edges
 | src/main.rs:9:21:9:44 | ...::from(...) | src/main.rs:9:9:9:17 | file_path | provenance |  |
 | src/main.rs:9:35:9:43 | file_name | src/main.rs:9:21:9:44 | ...::from(...) | provenance | MaD:9 |
 | src/main.rs:9:35:9:43 | file_name | src/main.rs:9:21:9:44 | ...::from(...) | provenance | MaD:16 |
-| src/main.rs:9:35:9:43 | file_name | src/main.rs:9:21:9:44 | ...::from(...) | provenance | MaD:17 |
 | src/main.rs:11:24:11:32 | file_path | src/main.rs:11:5:11:22 | ...::read_to_string | provenance | MaD:6 Sink:MaD:6 |
 | src/main.rs:38:11:38:19 | file_path | src/main.rs:41:52:41:60 | file_path | provenance |  |
 | src/main.rs:41:9:41:17 | file_path | src/main.rs:46:24:46:32 | file_path | provenance |  |
@@ -29,7 +28,6 @@ edges
 | src/main.rs:41:38:41:61 | ...::from(...) | src/main.rs:41:21:41:62 | public_path.join(...) | provenance | MaD:14 |
 | src/main.rs:41:52:41:60 | file_path | src/main.rs:41:38:41:61 | ...::from(...) | provenance | MaD:9 |
 | src/main.rs:41:52:41:60 | file_path | src/main.rs:41:38:41:61 | ...::from(...) | provenance | MaD:16 |
-| src/main.rs:41:52:41:60 | file_path | src/main.rs:41:38:41:61 | ...::from(...) | provenance | MaD:17 |
 | src/main.rs:46:24:46:32 | file_path | src/main.rs:46:5:46:22 | ...::read_to_string | provenance | MaD:6 Sink:MaD:6 |
 | src/main.rs:63:11:63:19 | file_path | src/main.rs:66:32:66:40 | file_path | provenance |  |
 | src/main.rs:66:9:66:17 | file_path [&ref] | src/main.rs:71:24:71:32 | file_path [&ref] | provenance |  |
@@ -43,9 +41,9 @@ edges
 | src/main.rs:79:38:79:61 | ...::from(...) | src/main.rs:79:21:79:62 | public_path.join(...) | provenance | MaD:14 |
 | src/main.rs:79:52:79:60 | file_path | src/main.rs:79:38:79:61 | ...::from(...) | provenance | MaD:9 |
 | src/main.rs:79:52:79:60 | file_path | src/main.rs:79:38:79:61 | ...::from(...) | provenance | MaD:16 |
-| src/main.rs:79:52:79:60 | file_path | src/main.rs:79:38:79:61 | ...::from(...) | provenance | MaD:17 |
 | src/main.rs:80:9:80:17 | file_path | src/main.rs:85:24:85:32 | file_path | provenance |  |
 | src/main.rs:80:21:80:29 | file_path | src/main.rs:80:21:80:44 | file_path.canonicalize() [Ok] | provenance | MaD:11 |
+| src/main.rs:80:21:80:29 | file_path | src/main.rs:80:21:80:44 | file_path.canonicalize() [Ok] | provenance | MaD:17 |
 | src/main.rs:80:21:80:44 | file_path.canonicalize() [Ok] | src/main.rs:80:21:80:53 | ... .unwrap() | provenance | MaD:13 |
 | src/main.rs:80:21:80:53 | ... .unwrap() | src/main.rs:80:9:80:17 | file_path | provenance |  |
 | src/main.rs:85:24:85:32 | file_path | src/main.rs:85:5:85:22 | ...::read_to_string | provenance | MaD:6 Sink:MaD:6 |
@@ -140,7 +138,7 @@ models
 | 14 | Summary: <std::path::Path>::join; Argument[0]; ReturnValue; taint |
 | 15 | Summary: <std::path::Path>::new; Argument[0].Reference; ReturnValue.Reference; value |
 | 16 | Summary: <std::path::PathBuf as core::convert::From>::from; Argument[0].Field[alloc::borrow::Cow::Owned(0)]; ReturnValue; value |
-| 17 | Summary: <std::path::PathBuf as core::convert::From>::from; Argument[0]; ReturnValue; taint |
+| 17 | Summary: <std::path::PathBuf as core::ops::deref::Deref>::deref; Argument[self].Reference.Field[std::path::PathBuf::inner]; ReturnValue.Reference; value |
 nodes
 | src/main.rs:7:11:7:19 | file_name | semmle.label | file_name |
 | src/main.rs:9:9:9:17 | file_path | semmle.label | file_path |
--- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
+++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected
@@ -33,13 +33,11 @@
 | main.rs:177:13:177:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:193:32:193:36 | alloc | main.rs:320:13:320:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:194:32:194:43 | alloc_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
-| main.rs:194:32:194:43 | alloc_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:195:32:195:39 | allocate | main.rs:320:13:320:26 | ...::args | main.rs:195:32:195:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:196:32:196:46 | allocate_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:196:32:196:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:197:32:197:39 | allocate | main.rs:320:13:320:26 | ...::args | main.rs:197:32:197:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:198:32:198:46 | allocate_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:198:32:198:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:202:32:202:38 | realloc | main.rs:320:13:320:26 | ...::args | main.rs:202:32:202:38 | realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
-| main.rs:202:32:202:38 | realloc | main.rs:320:13:320:26 | ...::args | main.rs:202:32:202:38 | realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:208:40:208:43 | grow | main.rs:320:13:320:26 | ...::args | main.rs:208:40:208:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:210:40:210:50 | grow_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:213:36:213:41 | shrink | main.rs:320:13:320:26 | ...::args | main.rs:213:36:213:41 | shrink | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
@@ -48,6 +46,8 @@
 | main.rs:222:13:222:24 | ...::calloc | main.rs:320:13:320:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:223:13:223:24 | ...::calloc | main.rs:320:13:320:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:224:13:224:25 | ...::realloc | main.rs:320:13:320:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
+| main.rs:228:13:228:41 | ...::try_with_capacity | main.rs:320:13:320:26 | ...::args | main.rs:228:13:228:41 | ...::try_with_capacity | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
+| main.rs:229:13:229:37 | ...::with_capacity | main.rs:320:13:320:26 | ...::args | main.rs:229:13:229:37 | ...::with_capacity | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:230:13:230:44 | ...::try_with_capacity_in | main.rs:320:13:320:26 | ...::args | main.rs:230:13:230:44 | ...::try_with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:231:13:231:40 | ...::with_capacity_in | main.rs:320:13:320:26 | ...::args | main.rs:231:13:231:40 | ...::with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value |
 | main.rs:287:22:287:38 | ...::alloc | main.rs:311:25:311:38 | ...::args | main.rs:287:22:287:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:311:25:311:38 | ...::args | user-provided value |
@@ -81,7 +81,6 @@ edges
 | main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance |  |
 | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance |  |
 | main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:27 |
-| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:46 |
 | main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:37 |
 | main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 |
 | main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance |  |
@@ -89,7 +88,6 @@ edges
 | main.rs:35:15:35:49 | ... * ... | main.rs:35:14:35:54 | ... + ... | provenance | MaD:24 |
 | main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:26 |
 | main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:25 |
-| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:45 |
 | main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance |  |
 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance |  |
 | main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:37 |
@@ -200,13 +198,13 @@ edges
 | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:44 |
 | main.rs:151:15:151:78 | ... .unwrap() | main.rs:151:9:151:11 | l10 | provenance |  |
 | main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:31 |
-| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:48 |
+| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:46 |
 | main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 |
 | main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance |  |
 | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:44 |
 | main.rs:154:15:154:78 | ... .unwrap() | main.rs:154:9:154:11 | l11 | provenance |  |
 | main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:31 |
-| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:47 |
+| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:45 |
 | main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 |
 | main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance |  |
 | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:44 |
@@ -222,14 +220,13 @@ edges
 | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:44 |
 | main.rs:192:14:192:56 | ... .unwrap() | main.rs:192:9:192:10 | l2 | provenance |  |
 | main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:31 |
-| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 |
+| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:12 Sink:MaD:12 |
 | main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance |  |
-| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 |
-| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:12 Sink:MaD:12 |
+| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:13 Sink:MaD:13 |
 | main.rs:194:45:194:46 | l2 | main.rs:195:41:195:42 | l2 | provenance |  |
-| main.rs:195:41:195:42 | l2 | main.rs:195:32:195:39 | allocate | provenance | MaD:5 Sink:MaD:5 |
+| main.rs:195:41:195:42 | l2 | main.rs:195:32:195:39 | allocate | provenance | MaD:7 Sink:MaD:7 |
 | main.rs:195:41:195:42 | l2 | main.rs:196:48:196:49 | l2 | provenance |  |
-| main.rs:196:48:196:49 | l2 | main.rs:196:32:196:46 | allocate_zeroed | provenance | MaD:6 Sink:MaD:6 |
+| main.rs:196:48:196:49 | l2 | main.rs:196:32:196:46 | allocate_zeroed | provenance | MaD:8 Sink:MaD:8 |
 | main.rs:196:48:196:49 | l2 | main.rs:197:41:197:42 | l2 | provenance |  |
 | main.rs:197:41:197:42 | l2 | main.rs:197:32:197:39 | allocate | provenance | MaD:1 Sink:MaD:1 |
 | main.rs:197:41:197:42 | l2 | main.rs:198:48:198:49 | l2 | provenance |  |
@@ -237,11 +234,10 @@ edges
 | main.rs:198:48:198:49 | l2 | main.rs:208:53:208:54 | l2 | provenance |  |
 | main.rs:198:48:198:49 | l2 | main.rs:210:60:210:61 | l2 | provenance |  |
 | main.rs:198:48:198:49 | l2 | main.rs:213:51:213:52 | l2 | provenance |  |
-| main.rs:202:48:202:48 | v | main.rs:202:32:202:38 | realloc | provenance | MaD:13 Sink:MaD:13 |
 | main.rs:202:48:202:48 | v | main.rs:202:32:202:38 | realloc | provenance | MaD:14 Sink:MaD:14 |
-| main.rs:208:53:208:54 | l2 | main.rs:208:40:208:43 | grow | provenance | MaD:7 Sink:MaD:7 |
-| main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:8 Sink:MaD:8 |
-| main.rs:213:51:213:52 | l2 | main.rs:213:36:213:41 | shrink | provenance | MaD:9 Sink:MaD:9 |
+| main.rs:208:53:208:54 | l2 | main.rs:208:40:208:43 | grow | provenance | MaD:9 Sink:MaD:9 |
+| main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:10 Sink:MaD:10 |
+| main.rs:213:51:213:52 | l2 | main.rs:213:36:213:41 | shrink | provenance | MaD:11 Sink:MaD:11 |
 | main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance |  |
 | main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:20 Sink:MaD:20 |
 | main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance |  |
@@ -252,17 +248,20 @@ edges
 | main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:19 Sink:MaD:19 |
 | main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance |  |
 | main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:21 Sink:MaD:21 |
-| main.rs:227:24:227:31 | ...: usize | main.rs:230:46:230:46 | v | provenance |  |
-| main.rs:230:46:230:46 | v | main.rs:230:13:230:44 | ...::try_with_capacity_in | provenance | MaD:3 Sink:MaD:3 |
+| main.rs:227:24:227:31 | ...: usize | main.rs:228:43:228:43 | v | provenance |  |
+| main.rs:228:43:228:43 | v | main.rs:228:13:228:41 | ...::try_with_capacity | provenance | MaD:3 Sink:MaD:3 |
+| main.rs:228:43:228:43 | v | main.rs:229:39:229:39 | v | provenance |  |
+| main.rs:229:39:229:39 | v | main.rs:229:13:229:37 | ...::with_capacity | provenance | MaD:5 Sink:MaD:5 |
+| main.rs:229:39:229:39 | v | main.rs:230:46:230:46 | v | provenance |  |
+| main.rs:230:46:230:46 | v | main.rs:230:13:230:44 | ...::try_with_capacity_in | provenance | MaD:4 Sink:MaD:4 |
 | main.rs:230:46:230:46 | v | main.rs:231:42:231:42 | v | provenance |  |
-| main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:4 Sink:MaD:4 |
+| main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:6 Sink:MaD:6 |
 | main.rs:282:24:282:41 | ...: String | main.rs:283:21:283:30 | user_input | provenance |  |
 | main.rs:283:9:283:17 | num_bytes | main.rs:285:54:285:62 | num_bytes | provenance |  |
 | main.rs:283:21:283:30 | user_input | main.rs:283:21:283:47 | user_input.parse() [Ok] | provenance | MaD:28 |
 | main.rs:283:21:283:30 | user_input | main.rs:283:21:283:47 | user_input.parse() [Ok] | provenance | MaD:29 |
 | main.rs:283:21:283:47 | user_input.parse() [Ok] | main.rs:283:21:283:48 | TryExpr | provenance |  |
 | main.rs:283:21:283:48 | TryExpr | main.rs:283:21:283:77 | ... * ... | provenance | MaD:27 |
-| main.rs:283:21:283:48 | TryExpr | main.rs:283:21:283:77 | ... * ... | provenance | MaD:46 |
 | main.rs:283:21:283:77 | ... * ... | main.rs:283:9:283:17 | num_bytes | provenance |  |
 | main.rs:285:9:285:14 | layout | main.rs:287:40:287:45 | layout | provenance |  |
 | main.rs:285:18:285:66 | ...::from_size_align(...) [Ok] | main.rs:285:18:285:75 | ... .unwrap() | provenance | MaD:44 |
@@ -295,17 +294,17 @@ edges
 models
 | 1 | Sink: <alloc::alloc::Global as core::alloc::Allocator>::allocate; Argument[0]; alloc-layout |
 | 2 | Sink: <alloc::alloc::Global as core::alloc::Allocator>::allocate_zeroed; Argument[0]; alloc-layout |
-| 3 | Sink: <alloc::vec::Vec>::try_with_capacity_in; Argument[0]; alloc-layout |
-| 4 | Sink: <alloc::vec::Vec>::with_capacity_in; Argument[0]; alloc-layout |
-| 5 | Sink: <std::alloc::System as core::alloc::Allocator>::allocate; Argument[0]; alloc-layout |
-| 6 | Sink: <std::alloc::System as core::alloc::Allocator>::allocate_zeroed; Argument[0]; alloc-layout |
-| 7 | Sink: <std::alloc::System as core::alloc::Allocator>::grow; Argument[2]; alloc-layout |
-| 8 | Sink: <std::alloc::System as core::alloc::Allocator>::grow_zeroed; Argument[2]; alloc-layout |
-| 9 | Sink: <std::alloc::System as core::alloc::Allocator>::shrink; Argument[2]; alloc-layout |
-| 10 | Sink: <std::alloc::System as core::alloc::global::GlobalAlloc>::alloc; Argument[0]; alloc-size |
-| 11 | Sink: <std::alloc::System as core::alloc::global::GlobalAlloc>::alloc_zeroed; Argument[0]; alloc-layout |
-| 12 | Sink: <std::alloc::System as core::alloc::global::GlobalAlloc>::alloc_zeroed; Argument[0]; alloc-size |
-| 13 | Sink: <std::alloc::System as core::alloc::global::GlobalAlloc>::realloc; Argument[2]; alloc-layout |
+| 3 | Sink: <alloc::vec::Vec>::try_with_capacity; Argument[0]; alloc-layout |
+| 4 | Sink: <alloc::vec::Vec>::try_with_capacity_in; Argument[0]; alloc-layout |
+| 5 | Sink: <alloc::vec::Vec>::with_capacity; Argument[0]; alloc-layout |
+| 6 | Sink: <alloc::vec::Vec>::with_capacity_in; Argument[0]; alloc-layout |
+| 7 | Sink: <std::alloc::System as core::alloc::Allocator>::allocate; Argument[0]; alloc-size |
+| 8 | Sink: <std::alloc::System as core::alloc::Allocator>::allocate_zeroed; Argument[0]; alloc-size |
+| 9 | Sink: <std::alloc::System as core::alloc::Allocator>::grow; Argument[2]; alloc-size |
+| 10 | Sink: <std::alloc::System as core::alloc::Allocator>::grow_zeroed; Argument[2]; alloc-size |
+| 11 | Sink: <std::alloc::System as core::alloc::Allocator>::shrink; Argument[2]; alloc-size |
+| 12 | Sink: <std::alloc::System as core::alloc::global::GlobalAlloc>::alloc; Argument[0]; alloc-size |
+| 13 | Sink: <std::alloc::System as core::alloc::global::GlobalAlloc>::alloc_zeroed; Argument[0]; alloc-size |
 | 14 | Sink: <std::alloc::System as core::alloc::global::GlobalAlloc>::realloc; Argument[2]; alloc-size |
 | 15 | Sink: alloc::alloc::alloc; Argument[0]; alloc-layout |
 | 16 | Sink: alloc::alloc::alloc_zeroed; Argument[0]; alloc-layout |
@@ -337,10 +336,8 @@ models
 | 42 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
 | 43 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
 | 44 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 45 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint |
-| 46 | Summary: <core::usize as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint |
-| 47 | Summary: core::cmp::max; Argument[0]; ReturnValue; value |
-| 48 | Summary: core::cmp::min; Argument[0]; ReturnValue; value |
+| 45 | Summary: core::cmp::max; Argument[0]; ReturnValue; value |
+| 46 | Summary: core::cmp::min; Argument[0]; ReturnValue; value |
 nodes
 | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize |
 | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc |
@@ -511,7 +508,6 @@ nodes
 | main.rs:193:32:193:36 | alloc | semmle.label | alloc |
 | main.rs:193:38:193:39 | l2 | semmle.label | l2 |
 | main.rs:194:32:194:43 | alloc_zeroed | semmle.label | alloc_zeroed |
-| main.rs:194:32:194:43 | alloc_zeroed | semmle.label | alloc_zeroed |
 | main.rs:194:45:194:46 | l2 | semmle.label | l2 |
 | main.rs:195:32:195:39 | allocate | semmle.label | allocate |
 | main.rs:195:41:195:42 | l2 | semmle.label | l2 |
@@ -522,7 +518,6 @@ nodes
 | main.rs:198:32:198:46 | allocate_zeroed | semmle.label | allocate_zeroed |
 | main.rs:198:48:198:49 | l2 | semmle.label | l2 |
 | main.rs:202:32:202:38 | realloc | semmle.label | realloc |
-| main.rs:202:32:202:38 | realloc | semmle.label | realloc |
 | main.rs:202:48:202:48 | v | semmle.label | v |
 | main.rs:208:40:208:43 | grow | semmle.label | grow |
 | main.rs:208:53:208:54 | l2 | semmle.label | l2 |
@@ -542,6 +537,10 @@ nodes
 | main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc |
 | main.rs:224:31:224:31 | v | semmle.label | v |
 | main.rs:227:24:227:31 | ...: usize | semmle.label | ...: usize |
+| main.rs:228:13:228:41 | ...::try_with_capacity | semmle.label | ...::try_with_capacity |
+| main.rs:228:43:228:43 | v | semmle.label | v |
+| main.rs:229:13:229:37 | ...::with_capacity | semmle.label | ...::with_capacity |
+| main.rs:229:39:229:39 | v | semmle.label | v |
 | main.rs:230:13:230:44 | ...::try_with_capacity_in | semmle.label | ...::try_with_capacity_in |
 | main.rs:230:46:230:46 | v | semmle.label | v |
 | main.rs:231:13:231:40 | ...::with_capacity_in | semmle.label | ...::with_capacity_in |
--- a/rust/ql/test/query-tests/security/CWE-770/main.rs
+++ b/rust/ql/test/query-tests/security/CWE-770/main.rs
@@ -225,8 +225,8 @@ unsafe fn test_libc_alloc(v: usize) {
 }

 unsafe fn test_vectors(v: usize) {
-    let _ = Vec::<u64>::try_with_capacity(v).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size]
-    let _ = Vec::<u64>::with_capacity(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]
+    let _ = Vec::<u64>::try_with_capacity(v).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1
+    let _ = Vec::<u64>::with_capacity(v); // $ Alert[rust/uncontrolled-allocation-size]=arg1
    let _ = Vec::<u64>::try_with_capacity_in(v, std::alloc::Global).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1
    let _ = Vec::<u64>::with_capacity_in(v, std::alloc::Global); // $ Alert[rust/uncontrolled-allocation-size]=arg1

--- a/rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected
+++ b/rust/ql/test/query-tests/security/CWE-798/HardcodedCryptographicValue.expected
@@ -23,32 +23,32 @@ edges
 | test_cipher.rs:18:28:18:36 | &... [&ref] | test_cipher.rs:18:9:18:14 | const1 [&ref] | provenance |  |
 | test_cipher.rs:18:29:18:36 | [0u8; 16] | test_cipher.rs:18:28:18:36 | &... [&ref] | provenance |  |
 | test_cipher.rs:19:49:19:79 | ...::from_slice(...) [&ref] | test_cipher.rs:19:30:19:47 | ...::new | provenance | MaD:3 Sink:MaD:3 |
-| test_cipher.rs:19:73:19:78 | const1 [&ref] | test_cipher.rs:19:49:19:79 | ...::from_slice(...) [&ref] | provenance | MaD:24 |
+| test_cipher.rs:19:73:19:78 | const1 [&ref] | test_cipher.rs:19:49:19:79 | ...::from_slice(...) [&ref] | provenance | MaD:23 |
 | test_cipher.rs:25:9:25:14 | const4 [&ref] | test_cipher.rs:26:66:26:71 | const4 [&ref] | provenance |  |
 | test_cipher.rs:25:28:25:36 | &... [&ref] | test_cipher.rs:25:9:25:14 | const4 [&ref] | provenance |  |
 | test_cipher.rs:25:29:25:36 | [0u8; 16] | test_cipher.rs:25:28:25:36 | &... [&ref] | provenance |  |
 | test_cipher.rs:26:42:26:72 | ...::from_slice(...) [&ref] | test_cipher.rs:26:30:26:40 | ...::new | provenance | MaD:4 Sink:MaD:4 |
-| test_cipher.rs:26:66:26:71 | const4 [&ref] | test_cipher.rs:26:42:26:72 | ...::from_slice(...) [&ref] | provenance | MaD:24 |
+| test_cipher.rs:26:66:26:71 | const4 [&ref] | test_cipher.rs:26:42:26:72 | ...::from_slice(...) [&ref] | provenance | MaD:23 |
 | test_cipher.rs:29:9:29:14 | const5 [&ref] | test_cipher.rs:30:95:30:100 | const5 [&ref] | provenance |  |
 | test_cipher.rs:29:28:29:36 | &... [&ref] | test_cipher.rs:29:9:29:14 | const5 [&ref] | provenance |  |
 | test_cipher.rs:29:29:29:36 | [0u8; 16] | test_cipher.rs:29:28:29:36 | &... [&ref] | provenance |  |
 | test_cipher.rs:30:72:30:101 | ...::from_slice(...) [&ref] | test_cipher.rs:30:30:30:40 | ...::new | provenance | MaD:5 Sink:MaD:5 |
-| test_cipher.rs:30:95:30:100 | const5 [&ref] | test_cipher.rs:30:72:30:101 | ...::from_slice(...) [&ref] | provenance | MaD:24 |
+| test_cipher.rs:30:95:30:100 | const5 [&ref] | test_cipher.rs:30:72:30:101 | ...::from_slice(...) [&ref] | provenance | MaD:23 |
 | test_cipher.rs:37:9:37:14 | const7 | test_cipher.rs:38:74:38:79 | const7 | provenance |  |
 | test_cipher.rs:37:27:37:74 | [...] | test_cipher.rs:37:9:37:14 | const7 | provenance |  |
 | test_cipher.rs:38:49:38:80 | ...::from_slice(...) [&ref] | test_cipher.rs:38:30:38:47 | ...::new | provenance | MaD:3 Sink:MaD:3 |
-| test_cipher.rs:38:73:38:79 | &const7 [&ref] | test_cipher.rs:38:49:38:80 | ...::from_slice(...) [&ref] | provenance | MaD:24 |
+| test_cipher.rs:38:73:38:79 | &const7 [&ref] | test_cipher.rs:38:49:38:80 | ...::from_slice(...) [&ref] | provenance | MaD:23 |
 | test_cipher.rs:38:74:38:79 | const7 | test_cipher.rs:38:73:38:79 | &const7 [&ref] | provenance |  |
 | test_cipher.rs:41:9:41:14 | const8 [&ref] | test_cipher.rs:42:73:42:78 | const8 [&ref] | provenance |  |
 | test_cipher.rs:41:28:41:76 | &... [&ref] | test_cipher.rs:41:9:41:14 | const8 [&ref] | provenance |  |
 | test_cipher.rs:41:29:41:76 | [...] | test_cipher.rs:41:28:41:76 | &... [&ref] | provenance |  |
 | test_cipher.rs:42:49:42:79 | ...::from_slice(...) [&ref] | test_cipher.rs:42:30:42:47 | ...::new | provenance | MaD:3 Sink:MaD:3 |
-| test_cipher.rs:42:73:42:78 | const8 [&ref] | test_cipher.rs:42:49:42:79 | ...::from_slice(...) [&ref] | provenance | MaD:24 |
+| test_cipher.rs:42:73:42:78 | const8 [&ref] | test_cipher.rs:42:49:42:79 | ...::from_slice(...) [&ref] | provenance | MaD:23 |
 | test_cipher.rs:50:9:50:15 | const10 [element] | test_cipher.rs:51:75:51:81 | const10 [element] | provenance |  |
 | test_cipher.rs:50:37:50:52 | ...::zeroed | test_cipher.rs:50:37:50:54 | ...::zeroed(...) [element] | provenance | Src:MaD:7  |
 | test_cipher.rs:50:37:50:54 | ...::zeroed(...) [element] | test_cipher.rs:50:9:50:15 | const10 [element] | provenance |  |
 | test_cipher.rs:51:50:51:82 | ...::from_slice(...) [&ref, element] | test_cipher.rs:51:31:51:48 | ...::new | provenance | MaD:3 Sink:MaD:3 Sink:MaD:3 |
-| test_cipher.rs:51:74:51:81 | &const10 [&ref, element] | test_cipher.rs:51:50:51:82 | ...::from_slice(...) [&ref, element] | provenance | MaD:24 |
+| test_cipher.rs:51:74:51:81 | &const10 [&ref, element] | test_cipher.rs:51:50:51:82 | ...::from_slice(...) [&ref, element] | provenance | MaD:23 |
 | test_cipher.rs:51:75:51:81 | const10 [element] | test_cipher.rs:51:74:51:81 | &const10 [&ref, element] | provenance |  |
 | test_cipher.rs:73:9:73:14 | const2 [&ref] | test_cipher.rs:74:46:74:51 | const2 [&ref] | provenance |  |
 | test_cipher.rs:73:18:73:26 | &... [&ref] | test_cipher.rs:73:9:73:14 | const2 [&ref] | provenance |  |
@@ -72,7 +72,7 @@ edges
 | test_cookie.rs:38:28:38:36 | [0u8; 64] | test_cookie.rs:38:18:38:37 | ...::from(...) | provenance | MaD:22 |
 | test_cookie.rs:42:34:42:39 | array2 | test_cookie.rs:42:14:42:32 | ...::from | provenance | MaD:2 Sink:MaD:2 |
 | test_cookie.rs:49:9:49:14 | array3 [element] | test_cookie.rs:53:34:53:39 | array3 [element] | provenance |  |
-| test_cookie.rs:49:23:49:25 | 0u8 | test_cookie.rs:49:23:49:29 | ...::from_elem(...) [element] | provenance | MaD:25 |
+| test_cookie.rs:49:23:49:25 | 0u8 | test_cookie.rs:49:23:49:29 | ...::from_elem(...) [element] | provenance | MaD:24 |
 | test_cookie.rs:49:23:49:29 | ...::from_elem(...) [element] | test_cookie.rs:49:9:49:14 | array3 [element] | provenance |  |
 | test_cookie.rs:53:34:53:39 | array3 [element] | test_cookie.rs:53:14:53:32 | ...::from | provenance | MaD:2 Sink:MaD:2 |
 | test_heuristic.rs:44:9:44:16 | const_iv [&ref] | test_heuristic.rs:45:41:45:48 | const_iv | provenance |  |
@@ -85,7 +85,6 @@ edges
 | test_heuristic.rs:70:23:70:35 | ... << ... | test_heuristic.rs:70:22:70:62 | ... ^ ... | provenance | MaD:15 |
 | test_heuristic.rs:70:34:70:35 | 32 | test_heuristic.rs:70:23:70:35 | ... << ... | provenance | MaD:17 |
 | test_heuristic.rs:70:34:70:35 | 32 | test_heuristic.rs:70:23:70:35 | ... << ... | provenance | MaD:16 |
-| test_heuristic.rs:70:34:70:35 | 32 | test_heuristic.rs:70:23:70:35 | ... << ... | provenance | MaD:23 |
 | test_heuristic.rs:70:41:70:61 | ... & ... | test_heuristic.rs:70:22:70:62 | ... ^ ... | provenance | MaD:14 |
 | test_heuristic.rs:70:41:70:61 | ... & ... | test_heuristic.rs:70:22:70:62 | ... ^ ... | provenance | MaD:13 |
 | test_heuristic.rs:70:52:70:61 | 0xFFFFFFFF | test_heuristic.rs:70:41:70:61 | ... & ... | provenance | MaD:12 |
@@ -108,14 +107,13 @@ models
 | 15 | Summary: <_ as core::ops::bit::BitXor>::bitxor; Argument[self]; ReturnValue; taint |
 | 16 | Summary: <_ as core::ops::bit::Shl>::shl; Argument[0].Reference; ReturnValue; taint |
 | 17 | Summary: <_ as core::ops::bit::Shl>::shl; Argument[0]; ReturnValue; taint |
-| 18 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[0]; ReturnValue; value |
-| 19 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[alloc::borrow::Cow::Owned(0)]; ReturnValue; value |
-| 20 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[alloc::bstr::ByteString(0)]; ReturnValue; value |
-| 21 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[alloc::collections::binary_heap::BinaryHeap::data]; ReturnValue; value |
-| 22 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[alloc::string::String::vec]; ReturnValue; value |
-| 23 | Summary: <core::u64 as core::ops::bit::Shl>::shl; Argument[0]; ReturnValue; taint |
-| 24 | Summary: <generic_array::GenericArray>::from_slice; Argument[0].Reference; ReturnValue.Reference; value |
-| 25 | Summary: alloc::vec::from_elem; Argument[0]; ReturnValue.Element; value |
+| 18 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[alloc::borrow::Cow::Owned(0)]; ReturnValue; value |
+| 19 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[alloc::bstr::ByteString(0)]; ReturnValue; value |
+| 20 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[alloc::collections::binary_heap::BinaryHeap::data]; ReturnValue; value |
+| 21 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0].Field[alloc::string::String::vec]; ReturnValue; value |
+| 22 | Summary: <alloc::vec::Vec as core::convert::From>::from; Argument[0]; ReturnValue; taint |
+| 23 | Summary: <generic_array::GenericArray>::from_slice; Argument[0].Reference; ReturnValue.Reference; value |
+| 24 | Summary: alloc::vec::from_elem; Argument[0]; ReturnValue.Element; value |
 nodes
 | test_cipher.rs:18:9:18:14 | const1 [&ref] | semmle.label | const1 [&ref] |
 | test_cipher.rs:18:28:18:36 | &... [&ref] | semmle.label | &... [&ref] |
--- a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
+++ b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
@@ -137,7 +137,7 @@ edges
 | lifetime.rs:443:6:443:7 | p1 | lifetime.rs:446:13:446:14 | p1 | provenance |  |
 | lifetime.rs:443:6:443:7 | p1 | lifetime.rs:450:2:450:10 | return p1 | provenance |  |
 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | lifetime.rs:443:6:443:7 | p1 | provenance |  |
-| lifetime.rs:443:42:443:43 | r1 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | provenance | MaD:3 |
+| lifetime.rs:443:42:443:43 | r1 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | provenance | MaD:5 |
 | lifetime.rs:450:2:450:10 | return p1 | lifetime.rs:454:11:454:29 | get_ptr_from_ref(...) | provenance |  |
 | lifetime.rs:450:2:450:10 | return p1 | lifetime.rs:460:13:460:31 | get_ptr_from_ref(...) | provenance |  |
 | lifetime.rs:454:6:454:7 | p1 | lifetime.rs:459:13:459:14 | p1 | provenance |  |
@@ -158,18 +158,23 @@ edges
 | main.rs:18:9:18:10 | p1 [&ref] | main.rs:21:19:21:20 | p1 | provenance |  |
 | main.rs:18:9:18:10 | p1 [&ref] | main.rs:29:19:29:20 | p1 | provenance |  |
 | main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | main.rs:18:9:18:10 | p1 [&ref] | provenance |  |
-| main.rs:18:26:18:28 | &b1 | main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | provenance | MaD:2 |
+| main.rs:18:26:18:28 | &b1 | main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | provenance | MaD:3 |
+| main.rs:18:26:18:28 | &b1 | main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | provenance | MaD:4 |
 | main.rs:44:9:44:10 | p2 [&ref] | main.rs:51:23:51:24 | p2 | provenance |  |
 | main.rs:44:9:44:10 | p2 [&ref] | main.rs:64:23:64:24 | p2 | provenance |  |
 | main.rs:44:14:44:29 | ...::as_ptr(...) [&ref] | main.rs:44:9:44:10 | p2 [&ref] | provenance |  |
-| main.rs:44:26:44:28 | &b2 | main.rs:44:14:44:29 | ...::as_ptr(...) [&ref] | provenance | MaD:2 |
+| main.rs:44:26:44:28 | &b2 | main.rs:44:14:44:29 | ...::as_ptr(...) [&ref] | provenance | MaD:3 |
+| main.rs:44:26:44:28 | &b2 | main.rs:44:14:44:29 | ...::as_ptr(...) [&ref] | provenance | MaD:4 |
 | main.rs:47:9:47:10 | p3 [&ref] | main.rs:52:23:52:24 | p3 | provenance |  |
 | main.rs:47:14:47:37 | ...::as_mut_ptr(...) [&ref] | main.rs:47:9:47:10 | p3 [&ref] | provenance |  |
 | main.rs:47:30:47:36 | &mut b3 | main.rs:47:14:47:37 | ...::as_mut_ptr(...) [&ref] | provenance | MaD:1 |
+| main.rs:47:30:47:36 | &mut b3 | main.rs:47:14:47:37 | ...::as_mut_ptr(...) [&ref] | provenance | MaD:2 |
 models
-| 1 | Summary: <alloc::boxed::Box>::as_mut_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value |
-| 2 | Summary: <alloc::boxed::Box>::as_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value |
-| 3 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value |
+| 1 | Summary: <alloc::boxed::Box>::as_mut_ptr; Argument[0].Field[alloc::boxed::Box(0)]; ReturnValue.Reference; value |
+| 2 | Summary: <alloc::boxed::Box>::as_mut_ptr; Argument[0].Reference.Field[alloc::boxed::Box(0)]; ReturnValue.Reference; value |
+| 3 | Summary: <alloc::boxed::Box>::as_ptr; Argument[0].Field[alloc::boxed::Box(0)]; ReturnValue.Reference; value |
+| 4 | Summary: <alloc::boxed::Box>::as_ptr; Argument[0].Reference.Field[alloc::boxed::Box(0)]; ReturnValue.Reference; value |
+| 5 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value |
 nodes
 | deallocation.rs:242:6:242:7 | p1 | semmle.label | p1 |
 | deallocation.rs:242:30:242:38 | &raw const my_buffer | semmle.label | &raw const my_buffer |