Rust: Refactor MaD provanance-based filtering

2026-02-12 05:01:06 +01:00 · 2025-12-19 13:53:51 +01:00
parent 27874caf14
commit f23351afca
11 changed files with 156 additions and 145 deletions
--- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -47,7 +47,7 @@ final class DataFlowCallable extends TDataFlowCallable {

  /** Gets a textual representation of this callable. */
  string toString() {
-    result = [this.asCfgScope().toString(), this.asSummarizedCallable().toString()]
+    result = [this.asCfgScope().toString(), "[summarized] " + this.asSummarizedCallable()]
  }

  /** Gets the location of this callable. */
@@ -443,25 +443,7 @@ module RustDataFlow implements InputSig<Location> {
    exists(Call c | c = call.asCall() |
      result.asCfgScope() = c.getARuntimeTarget()
      or
-      exists(SummarizedCallable sc, Function staticTarget |
-        staticTarget = getStaticTargetExt(c) and
-        sc = result.asSummarizedCallable() and
-        // Only use summarized callables with generated summaries in case
-        // the static call target is not in the source code.
-        // Note that if `applyGeneratedModel` holds it implies that there doesn't
-        // exist a manual model.
-        not (
-          staticTarget.fromSource() and
-          sc.applyGeneratedModel()
-        )
-      |
-        sc = staticTarget
-        or
-        // only apply trait models to concrete implementations when they are not
-        // defined in source code
-        staticTarget.implements(sc) and
-        not staticTarget.fromSource()
-      )
+      result.asSummarizedCallable() = getStaticTargetExt(c)
    )
  }

--- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
@@ -111,27 +111,61 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
  )
 }

-private class SummarizedCallableFromModel extends SummarizedCallable::Range {
-  private string path;
+private predicate summaryModel(
+  Function f, string input, string output, string kind, Provenance provenance, boolean isExact,
+  QlBuiltins::ExtensionId madId
+) {
+  exists(string path, Function f0 |
+    summaryModel(path, input, output, kind, provenance, madId) and
+    f0.getCanonicalPath() = path
+  |
+    f = f0 and
+    isExact = true
+    or
+    f.implements(f0) and
+    isExact = false
+  )
+}

-  SummarizedCallableFromModel() {
-    summaryModel(path, _, _, _, _, _) and
-    this.getCanonicalPath() = path
-  }
+private predicate summaryModelRelevant(
+  Function f, string input, string output, string kind, Provenance provenance,
+  QlBuiltins::ExtensionId madId
+) {
+  exists(boolean isExact | summaryModel(f, input, output, kind, provenance, isExact, madId) |
+    (
+      provenance.isManual()
+      or
+      // only apply generated models to functions not defined in source code, and
+      // when there are no exact manual models for the functions
+      provenance.isGenerated() and
+      not any(Provenance manual | summaryModel(f, _, _, _, manual, true, _)).isManual() and
+      not f.fromSource()
+    ) and
+    (
+      isExact = true
+      or
+      // only apply trait models to concrete implementations when they are not
+      // defined in source code, and when there are no exact model for the functions
+      isExact = false and
+      not summaryModel(f, _, _, _, provenance, true, _) and
+      not f.fromSource()
+    )
+  )
+}
+
+private class SummarizedCallableFromModel extends SummarizedCallable::Range {
+  SummarizedCallableFromModel() { summaryModelRelevant(this, _, _, _, _, _) }

  override predicate hasProvenance(Provenance provenance) {
-    summaryModel(path, _, _, _, provenance, _)
+    summaryModelRelevant(this, _, _, _, provenance, _)
  }

-  private predicate hasManualModel() { summaryModel(path, _, _, _, "manual", _) }
-
  override predicate propagatesFlow(
    string input, string output, boolean preservesValue, string model
  ) {
-    exists(string kind, string provenance, QlBuiltins::ExtensionId madId |
-      summaryModel(path, input, output, kind, provenance, madId) and
-      model = "MaD:" + madId.toString() and
-      (provenance = "manual" or not this.hasManualModel())
+    exists(string kind, QlBuiltins::ExtensionId madId |
+      summaryModelRelevant(this, input, output, kind, _, madId) and
+      model = "MaD:" + madId.toString()
    |
      kind = "value" and
      preservesValue = true
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml
@@ -50,5 +50,8 @@ extensions:
      - ["<alloc::string::String>::as_str", "Argument[self]", "ReturnValue", "value", "manual"]
      - ["<alloc::string::String>::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"]
      - ["<_ as alloc::string::ToString>::to_string", "Argument[self].Reference", "ReturnValue", "taint", "manual"]
+        # Overwrite generated model
+      - ["<alloc::string::String as core::ops::arith::Add>::add", "Argument[self,0]", "ReturnValue", "taint", "manual"]
+      - ["<alloc::string::String as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"]
      # Vec
      - ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"]
--- a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected
+++ b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected
@@ -1,4 +1,4 @@
-| main.rs:2:5:2:12 | ... + ... | {EXTERNAL LOCATION} | fn add |
+| main.rs:2:5:2:12 | ... + ... | {EXTERNAL LOCATION} | [summarized] fn add |
 | main.rs:13:5:13:13 | source(...) | main.rs:1:1:3:1 | fn source |
 | main.rs:17:13:17:23 | get_data(...) | main.rs:12:1:14:1 | fn get_data |
 | main.rs:18:5:18:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
@@ -60,7 +60,7 @@
 | main.rs:228:13:228:34 | ...::new(...) | main.rs:221:5:224:5 | fn new |
 | main.rs:228:24:228:33 | source(...) | main.rs:1:1:3:1 | fn source |
 | main.rs:230:5:230:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:252:11:252:15 | * ... | {EXTERNAL LOCATION} | fn deref |
+| main.rs:252:11:252:15 | * ... | {EXTERNAL LOCATION} | [summarized] fn deref |
 | main.rs:258:28:258:36 | source(...) | main.rs:1:1:3:1 | fn source |
 | main.rs:260:13:260:17 | ... + ... | main.rs:236:5:239:5 | fn add |
 | main.rs:261:5:261:17 | sink(...) | main.rs:5:1:7:1 | fn sink |
@@ -77,7 +77,7 @@
 | main.rs:282:5:282:10 | ... *= ... | main.rs:243:5:245:5 | fn mul_assign |
 | main.rs:283:5:283:17 | sink(...) | main.rs:5:1:7:1 | fn sink |
 | main.rs:286:28:286:37 | source(...) | main.rs:1:1:3:1 | fn source |
-| main.rs:288:13:288:29 | * ... | {EXTERNAL LOCATION} | fn deref |
+| main.rs:288:13:288:29 | * ... | {EXTERNAL LOCATION} | [summarized] fn deref |
 | main.rs:288:14:288:29 | ...::deref(...) | main.rs:251:5:253:5 | fn deref |
 | main.rs:289:5:289:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
 | main.rs:291:28:291:37 | source(...) | main.rs:1:1:3:1 | fn source |
@@ -101,14 +101,14 @@
 | main.rs:346:17:346:25 | source(...) | main.rs:1:1:3:1 | fn source |
 | main.rs:347:9:347:15 | sink(...) | main.rs:5:1:7:1 | fn sink |
 | main.rs:350:5:350:17 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:354:13:354:55 | ...::block_on(...) | {EXTERNAL LOCATION} | fn block_on |
+| main.rs:354:13:354:55 | ...::block_on(...) | {EXTERNAL LOCATION} | [summarized] fn block_on |
 | main.rs:354:41:354:54 | async_source(...) | main.rs:335:1:339:1 | fn async_source |
 | main.rs:355:5:355:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:357:5:357:62 | ...::block_on(...) | {EXTERNAL LOCATION} | fn block_on |
+| main.rs:357:5:357:62 | ...::block_on(...) | {EXTERNAL LOCATION} | [summarized] fn block_on |
 | main.rs:357:33:357:61 | test_async_await_async_part(...) | main.rs:341:1:351:1 | fn test_async_await_async_part |
 | main.rs:367:13:367:29 | self.get_number() | main.rs:378:9:380:9 | fn get_number |
 | main.rs:367:13:367:29 | self.get_number() | main.rs:386:9:388:9 | fn get_number |
-| main.rs:367:13:367:33 | ... * ... | {EXTERNAL LOCATION} | fn mul |
+| main.rs:367:13:367:33 | ... * ... | {EXTERNAL LOCATION} | [summarized] fn mul |
 | main.rs:371:13:371:21 | source(...) | main.rs:1:1:3:1 | fn source |
 | main.rs:379:13:379:21 | source(...) | main.rs:1:1:3:1 | fn source |
 | main.rs:391:13:391:22 | source(...) | main.rs:1:1:3:1 | fn source |
--- a/rust/ql/test/library-tests/dataflow/models/main.rs
+++ b/rust/ql/test/library-tests/dataflow/models/main.rs
@@ -405,6 +405,9 @@ fn test_trait_model<T: Ord>(x: T) {

    let x6 = source(27) < 1;
    sink(x6); // $ hasTaintFlow=27
+
+    let x7 = (source(28) as i32) < 1;
+    sink(x7);
 }

 #[tokio::main]
--- a/rust/ql/test/library-tests/dataflow/models/models.ext.yml
+++ b/rust/ql/test/library-tests/dataflow/models/models.ext.yml
@@ -37,3 +37,5 @@ extensions:
      - ["main::apply", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]
      - ["main::get_async_number", "Argument[0]", "ReturnValue.Future", "value", "manual"]
      - ["<_ as core::cmp::PartialOrd>::lt", "Argument[self].Reference", "ReturnValue", "taint", "manual"]
+      # Overwrites the generic trait model for i32
+      - ["<core::i32 as core::cmp::PartialOrd>::lt", "Argument[0]", "ReturnValue", "taint", "manual"]
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -1,38 +1,36 @@
 models
 | 1 | Summary: <_ as alloc::string::ToString>::to_string; Argument[self].Reference; ReturnValue; taint |
 | 2 | Summary: <_ as core::convert::From>::from; Argument[0]; ReturnValue; taint |
-| 3 | Summary: <_ as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
-| 4 | Summary: <_ as core::ops::arith::Add>::add; Argument[self]; ReturnValue; taint |
-| 5 | Summary: <_ as core::ops::index::Index>::index; Argument[self].Reference.Element; ReturnValue.Reference; value |
-| 6 | Summary: <alloc::string::String as core::convert::From>::from; Argument[0].Reference; ReturnValue; value |
-| 7 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
-| 8 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
-| 9 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
-| 10 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
+| 3 | Summary: <_ as core::ops::index::Index>::index; Argument[self].Reference.Element; ReturnValue.Reference; value |
+| 4 | Summary: <alloc::string::String as core::convert::From>::from; Argument[0].Reference; ReturnValue; value |
+| 5 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
+| 6 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self,0]; ReturnValue; taint |
+| 7 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
+| 8 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
+| 9 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
 edges
 | main.rs:26:9:26:9 | s | main.rs:27:19:27:19 | s | provenance |  |
 | main.rs:26:9:26:9 | s | main.rs:27:19:27:25 | s[...] | provenance |  |
 | main.rs:26:13:26:22 | source(...) | main.rs:26:9:26:9 | s | provenance |  |
 | main.rs:27:9:27:14 | sliced [&ref] | main.rs:28:16:28:21 | sliced | provenance |  |
 | main.rs:27:18:27:25 | &... [&ref] | main.rs:27:9:27:14 | sliced [&ref] | provenance |  |
-| main.rs:27:19:27:19 | s | main.rs:27:19:27:25 | s[...] | provenance | MaD:5 |
+| main.rs:27:19:27:19 | s | main.rs:27:19:27:25 | s[...] | provenance | MaD:3 |
 | main.rs:27:19:27:25 | s[...] | main.rs:27:18:27:25 | &... [&ref] | provenance |  |
 | main.rs:32:9:32:10 | s1 | main.rs:35:14:35:15 | s1 | provenance |  |
 | main.rs:32:14:32:23 | source(...) | main.rs:32:9:32:10 | s1 | provenance |  |
 | main.rs:35:9:35:10 | s4 | main.rs:38:10:38:11 | s4 | provenance |  |
-| main.rs:35:14:35:15 | s1 | main.rs:35:14:35:20 | ... + ... | provenance | MaD:4 |
-| main.rs:35:14:35:15 | s1 | main.rs:35:14:35:20 | ... + ... | provenance | MaD:7 |
+| main.rs:35:14:35:15 | s1 | main.rs:35:14:35:20 | ... + ... | provenance | MaD:6 |
 | main.rs:35:14:35:20 | ... + ... | main.rs:35:9:35:10 | s4 | provenance |  |
 | main.rs:43:9:43:10 | s1 | main.rs:46:34:46:35 | s1 | provenance |  |
 | main.rs:43:14:43:23 | source(...) | main.rs:43:9:43:10 | s1 | provenance |  |
-| main.rs:46:33:46:35 | &s1 [&ref] | main.rs:46:10:46:35 | ... + ... | provenance | MaD:3 |
+| main.rs:46:33:46:35 | &s1 [&ref] | main.rs:46:10:46:35 | ... + ... | provenance | MaD:5 |
 | main.rs:46:34:46:35 | s1 | main.rs:46:33:46:35 | &s1 [&ref] | provenance |  |
 | main.rs:51:9:51:10 | s1 | main.rs:52:27:52:28 | s1 | provenance |  |
 | main.rs:51:14:51:29 | source_slice(...) | main.rs:51:9:51:10 | s1 | provenance |  |
 | main.rs:52:9:52:10 | s2 | main.rs:53:10:53:11 | s2 | provenance |  |
 | main.rs:52:14:52:29 | ...::from(...) | main.rs:52:9:52:10 | s2 | provenance |  |
 | main.rs:52:27:52:28 | s1 | main.rs:52:14:52:29 | ...::from(...) | provenance | MaD:2 |
-| main.rs:52:27:52:28 | s1 | main.rs:52:14:52:29 | ...::from(...) | provenance | MaD:6 |
+| main.rs:52:27:52:28 | s1 | main.rs:52:14:52:29 | ...::from(...) | provenance | MaD:4 |
 | main.rs:57:9:57:10 | s1 | main.rs:58:14:58:15 | s1 | provenance |  |
 | main.rs:57:14:57:29 | source_slice(...) | main.rs:57:9:57:10 | s1 | provenance |  |
 | main.rs:58:9:58:10 | s2 | main.rs:59:10:59:11 | s2 | provenance |  |
@@ -40,32 +38,32 @@ edges
 | main.rs:58:14:58:27 | s1.to_string() | main.rs:58:9:58:10 | s2 | provenance |  |
 | main.rs:63:9:63:9 | s | main.rs:64:16:64:16 | s | provenance |  |
 | main.rs:63:13:63:22 | source(...) | main.rs:63:9:63:9 | s | provenance |  |
-| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:8 |
+| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:7 |
 | main.rs:68:9:68:9 | s | main.rs:70:34:70:61 | MacroExpr | provenance |  |
 | main.rs:68:9:68:9 | s | main.rs:73:34:73:59 | MacroExpr | provenance |  |
 | main.rs:68:13:68:22 | source(...) | main.rs:68:9:68:9 | s | provenance |  |
 | main.rs:70:9:70:18 | formatted1 | main.rs:71:10:71:19 | formatted1 | provenance |  |
 | main.rs:70:22:70:62 | ...::format(...) | main.rs:70:9:70:18 | formatted1 | provenance |  |
-| main.rs:70:34:70:61 | MacroExpr | main.rs:70:22:70:62 | ...::format(...) | provenance | MaD:9 |
+| main.rs:70:34:70:61 | MacroExpr | main.rs:70:22:70:62 | ...::format(...) | provenance | MaD:8 |
 | main.rs:73:9:73:18 | formatted2 | main.rs:74:10:74:19 | formatted2 | provenance |  |
 | main.rs:73:22:73:60 | ...::format(...) | main.rs:73:9:73:18 | formatted2 | provenance |  |
-| main.rs:73:34:73:59 | MacroExpr | main.rs:73:22:73:60 | ...::format(...) | provenance | MaD:9 |
+| main.rs:73:34:73:59 | MacroExpr | main.rs:73:22:73:60 | ...::format(...) | provenance | MaD:8 |
 | main.rs:76:9:76:13 | width | main.rs:77:34:77:74 | MacroExpr | provenance |  |
 | main.rs:76:17:76:32 | source_usize(...) | main.rs:76:9:76:13 | width | provenance |  |
 | main.rs:77:9:77:18 | formatted3 | main.rs:78:10:78:19 | formatted3 | provenance |  |
 | main.rs:77:22:77:75 | ...::format(...) | main.rs:77:9:77:18 | formatted3 | provenance |  |
-| main.rs:77:34:77:74 | MacroExpr | main.rs:77:22:77:75 | ...::format(...) | provenance | MaD:9 |
+| main.rs:77:34:77:74 | MacroExpr | main.rs:77:22:77:75 | ...::format(...) | provenance | MaD:8 |
 | main.rs:82:9:82:10 | s1 | main.rs:86:18:86:25 | MacroExpr | provenance |  |
 | main.rs:82:9:82:10 | s1 | main.rs:87:18:87:32 | MacroExpr | provenance |  |
 | main.rs:82:14:82:23 | source(...) | main.rs:82:9:82:10 | s1 | provenance |  |
 | main.rs:86:18:86:25 | ...::format(...) | main.rs:86:18:86:25 | { ... } | provenance |  |
 | main.rs:86:18:86:25 | ...::must_use(...) | main.rs:86:10:86:26 | MacroExpr | provenance |  |
-| main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:9 |
-| main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:10 |
+| main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:8 |
+| main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:9 |
 | main.rs:87:18:87:32 | ...::format(...) | main.rs:87:18:87:32 | { ... } | provenance |  |
 | main.rs:87:18:87:32 | ...::must_use(...) | main.rs:87:10:87:33 | MacroExpr | provenance |  |
-| main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:9 |
-| main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:10 |
+| main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:8 |
+| main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:9 |
 nodes
 | main.rs:26:9:26:9 | s | semmle.label | s |
 | main.rs:26:13:26:22 | source(...) | semmle.label | source(...) |
--- a/rust/ql/test/library-tests/dataflow/strings/main.rs
+++ b/rust/ql/test/library-tests/dataflow/strings/main.rs
@@ -35,7 +35,7 @@ fn string_add() {
    let s4 = s1 + s3;
    let s5 = s2 + s3;

-    sink(s4); // $ SPURIOUS: hasValueFlow=83 MISSING: hasTaintFlow=83
+    sink(s4); // $ hasTaintFlow=83
    sink(s5);
 }

--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -35,9 +35,9 @@
 edges
 | mysql.rs:12:13:12:29 | mut remote_string | mysql.rs:18:71:18:83 | remote_string | provenance |  |
 | mysql.rs:12:33:12:54 | ...::get | mysql.rs:12:33:12:77 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
-| mysql.rs:12:33:12:77 | ...::get(...) [Ok] | mysql.rs:12:33:13:21 | ... .unwrap() | provenance | MaD:31 |
-| mysql.rs:12:33:13:21 | ... .unwrap() | mysql.rs:12:33:14:19 | ... .text() [Ok] | provenance | MaD:33 |
-| mysql.rs:12:33:14:19 | ... .text() [Ok] | mysql.rs:12:33:15:40 | ... .unwrap_or(...) | provenance | MaD:32 |
+| mysql.rs:12:33:12:77 | ...::get(...) [Ok] | mysql.rs:12:33:13:21 | ... .unwrap() | provenance | MaD:30 |
+| mysql.rs:12:33:13:21 | ... .unwrap() | mysql.rs:12:33:14:19 | ... .text() [Ok] | provenance | MaD:32 |
+| mysql.rs:12:33:14:19 | ... .text() [Ok] | mysql.rs:12:33:15:40 | ... .unwrap_or(...) | provenance | MaD:31 |
 | mysql.rs:12:33:15:40 | ... .unwrap_or(...) | mysql.rs:12:13:12:29 | mut remote_string | provenance |  |
 | mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:25:38:25:49 | unsafe_query | provenance |  |
 | mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:26:64:26:75 | unsafe_query | provenance |  |
@@ -53,41 +53,40 @@ edges
 | mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:75:31:75:42 | unsafe_query | provenance |  |
 | mysql.rs:17:13:17:24 | unsafe_query | mysql.rs:80:26:80:37 | unsafe_query | provenance |  |
 | mysql.rs:18:13:18:83 | ... + ... | mysql.rs:18:13:18:89 | ... + ... | provenance | MaD:27 |
-| mysql.rs:18:13:18:83 | ... + ... | mysql.rs:18:13:18:89 | ... + ... | provenance | MaD:28 |
 | mysql.rs:18:13:18:89 | ... + ... | mysql.rs:17:13:17:24 | unsafe_query | provenance |  |
 | mysql.rs:18:70:18:83 | &remote_string [&ref] | mysql.rs:18:13:18:83 | ... + ... | provenance | MaD:26 |
 | mysql.rs:18:71:18:83 | remote_string | mysql.rs:18:70:18:83 | &remote_string [&ref] | provenance |  |
-| mysql.rs:25:38:25:49 | unsafe_query | mysql.rs:25:38:25:58 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:25:38:25:49 | unsafe_query | mysql.rs:25:38:25:58 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:25:38:25:58 | unsafe_query.as_str() [&ref] | mysql.rs:25:32:25:36 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:26:64:26:75 | unsafe_query | mysql.rs:26:64:26:84 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:26:64:26:75 | unsafe_query | mysql.rs:26:64:26:84 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:26:64:26:84 | unsafe_query.as_str() [&ref] | mysql.rs:26:54:26:62 | query_opt | provenance | MaD:9 Sink:MaD:9 |
-| mysql.rs:27:25:27:36 | unsafe_query | mysql.rs:27:25:27:45 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:27:25:27:36 | unsafe_query | mysql.rs:27:25:27:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:27:25:27:45 | unsafe_query.as_str() [&ref] | mysql.rs:27:14:27:23 | query_drop | provenance | MaD:2 Sink:MaD:2 |
-| mysql.rs:28:39:28:50 | unsafe_query | mysql.rs:28:39:28:59 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:28:39:28:50 | unsafe_query | mysql.rs:28:39:28:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:28:39:28:59 | unsafe_query.as_str() [&ref] | mysql.rs:28:27:28:37 | query_first | provenance | MaD:3 Sink:MaD:3 |
-| mysql.rs:29:65:29:76 | unsafe_query | mysql.rs:29:65:29:85 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:29:65:29:76 | unsafe_query | mysql.rs:29:65:29:85 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:29:65:29:85 | unsafe_query.as_str() [&ref] | mysql.rs:29:49:29:63 | query_first_opt | provenance | MaD:4 Sink:MaD:4 |
-| mysql.rs:30:33:30:44 | unsafe_query | mysql.rs:30:33:30:53 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:30:33:30:44 | unsafe_query | mysql.rs:30:33:30:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:30:33:30:53 | unsafe_query.as_str() [&ref] | mysql.rs:30:22:30:31 | query_fold | provenance | MaD:5 Sink:MaD:5 |
-| mysql.rs:32:13:32:24 | unsafe_query | mysql.rs:32:13:32:33 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:32:13:32:24 | unsafe_query | mysql.rs:32:13:32:33 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:32:13:32:33 | unsafe_query.as_str() [&ref] | mysql.rs:31:22:31:35 | query_fold_opt | provenance | MaD:6 Sink:MaD:6 |
-| mysql.rs:36:33:36:44 | unsafe_query | mysql.rs:36:33:36:53 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:36:33:36:44 | unsafe_query | mysql.rs:36:33:36:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:36:33:36:53 | unsafe_query.as_str() [&ref] | mysql.rs:36:22:36:31 | query_iter | provenance | MaD:17 Sink:MaD:17 |
-| mysql.rs:37:32:37:43 | unsafe_query | mysql.rs:37:32:37:52 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:37:32:37:43 | unsafe_query | mysql.rs:37:32:37:52 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:37:32:37:52 | unsafe_query.as_str() [&ref] | mysql.rs:37:22:37:30 | query_map | provenance | MaD:7 Sink:MaD:7 |
-| mysql.rs:39:13:39:24 | unsafe_query | mysql.rs:39:13:39:33 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:39:13:39:24 | unsafe_query | mysql.rs:39:13:39:33 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:39:13:39:33 | unsafe_query.as_str() [&ref] | mysql.rs:38:22:38:34 | query_map_opt | provenance | MaD:8 Sink:MaD:8 |
-| mysql.rs:42:39:42:50 | unsafe_query | mysql.rs:42:39:42:59 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:42:39:42:50 | unsafe_query | mysql.rs:42:39:42:59 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:42:39:42:59 | unsafe_query.as_str() [&ref] | mysql.rs:42:33:42:37 | query | provenance | MaD:1 Sink:MaD:1 |
-| mysql.rs:75:31:75:42 | unsafe_query | mysql.rs:75:31:75:51 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:75:31:75:42 | unsafe_query | mysql.rs:75:31:75:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:75:31:75:51 | unsafe_query.as_str() [&ref] | mysql.rs:75:26:75:29 | prep | provenance | MaD:16 Sink:MaD:16 |
-| mysql.rs:80:26:80:37 | unsafe_query | mysql.rs:80:26:80:46 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:80:26:80:37 | unsafe_query | mysql.rs:80:26:80:46 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:80:26:80:46 | unsafe_query.as_str() [&ref] | mysql.rs:80:15:80:24 | query_drop | provenance | MaD:2 Sink:MaD:2 |
 | mysql.rs:97:13:97:29 | mut remote_string | mysql.rs:103:71:103:83 | remote_string | provenance |  |
 | mysql.rs:97:33:97:54 | ...::get | mysql.rs:97:33:97:77 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
-| mysql.rs:97:33:97:77 | ...::get(...) [Ok] | mysql.rs:97:33:98:21 | ... .unwrap() | provenance | MaD:31 |
-| mysql.rs:97:33:98:21 | ... .unwrap() | mysql.rs:97:33:99:19 | ... .text() [Ok] | provenance | MaD:33 |
-| mysql.rs:97:33:99:19 | ... .text() [Ok] | mysql.rs:97:33:100:40 | ... .unwrap_or(...) | provenance | MaD:32 |
+| mysql.rs:97:33:97:77 | ...::get(...) [Ok] | mysql.rs:97:33:98:21 | ... .unwrap() | provenance | MaD:30 |
+| mysql.rs:97:33:98:21 | ... .unwrap() | mysql.rs:97:33:99:19 | ... .text() [Ok] | provenance | MaD:32 |
+| mysql.rs:97:33:99:19 | ... .text() [Ok] | mysql.rs:97:33:100:40 | ... .unwrap_or(...) | provenance | MaD:31 |
 | mysql.rs:97:33:100:40 | ... .unwrap_or(...) | mysql.rs:97:13:97:29 | mut remote_string | provenance |  |
 | mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:110:38:110:49 | unsafe_query | provenance |  |
 | mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:111:25:111:36 | unsafe_query | provenance |  |
@@ -99,40 +98,39 @@ edges
 | mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:149:31:149:42 | unsafe_query | provenance |  |
 | mysql.rs:102:13:102:24 | unsafe_query | mysql.rs:154:26:154:37 | unsafe_query | provenance |  |
 | mysql.rs:103:13:103:83 | ... + ... | mysql.rs:103:13:103:89 | ... + ... | provenance | MaD:27 |
-| mysql.rs:103:13:103:83 | ... + ... | mysql.rs:103:13:103:89 | ... + ... | provenance | MaD:28 |
 | mysql.rs:103:13:103:89 | ... + ... | mysql.rs:102:13:102:24 | unsafe_query | provenance |  |
 | mysql.rs:103:70:103:83 | &remote_string [&ref] | mysql.rs:103:13:103:83 | ... + ... | provenance | MaD:26 |
 | mysql.rs:103:71:103:83 | remote_string | mysql.rs:103:70:103:83 | &remote_string [&ref] | provenance |  |
-| mysql.rs:110:38:110:49 | unsafe_query | mysql.rs:110:38:110:58 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:110:38:110:49 | unsafe_query | mysql.rs:110:38:110:58 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:110:38:110:58 | unsafe_query.as_str() [&ref] | mysql.rs:110:32:110:36 | query | provenance | MaD:10 Sink:MaD:10 |
-| mysql.rs:111:25:111:36 | unsafe_query | mysql.rs:111:25:111:45 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:111:25:111:36 | unsafe_query | mysql.rs:111:25:111:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:111:25:111:45 | unsafe_query.as_str() [&ref] | mysql.rs:111:14:111:23 | query_drop | provenance | MaD:11 Sink:MaD:11 |
-| mysql.rs:112:47:112:58 | unsafe_query | mysql.rs:112:47:112:67 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:112:47:112:58 | unsafe_query | mysql.rs:112:47:112:67 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:112:47:112:67 | unsafe_query.as_str() [&ref] | mysql.rs:112:35:112:45 | query_first | provenance | MaD:12 Sink:MaD:12 |
-| mysql.rs:114:25:114:36 | unsafe_query | mysql.rs:114:25:114:45 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:114:25:114:36 | unsafe_query | mysql.rs:114:25:114:45 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:114:25:114:45 | unsafe_query.as_str() [&ref] | mysql.rs:114:14:114:23 | query_fold | provenance | MaD:13 Sink:MaD:13 |
-| mysql.rs:116:33:116:44 | unsafe_query | mysql.rs:116:33:116:53 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:116:33:116:44 | unsafe_query | mysql.rs:116:33:116:53 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:116:33:116:53 | unsafe_query.as_str() [&ref] | mysql.rs:116:22:116:31 | query_iter | provenance | MaD:19 Sink:MaD:19 |
-| mysql.rs:118:40:118:51 | unsafe_query | mysql.rs:118:40:118:60 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:118:40:118:51 | unsafe_query | mysql.rs:118:40:118:60 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:118:40:118:60 | unsafe_query.as_str() [&ref] | mysql.rs:118:14:118:25 | query_stream | provenance | MaD:15 Sink:MaD:15 |
-| mysql.rs:121:24:121:35 | unsafe_query | mysql.rs:121:24:121:44 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:121:24:121:35 | unsafe_query | mysql.rs:121:24:121:44 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:121:24:121:44 | unsafe_query.as_str() [&ref] | mysql.rs:121:14:121:22 | query_map | provenance | MaD:14 Sink:MaD:14 |
-| mysql.rs:149:31:149:42 | unsafe_query | mysql.rs:149:31:149:51 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:149:31:149:42 | unsafe_query | mysql.rs:149:31:149:51 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:149:31:149:51 | unsafe_query.as_str() [&ref] | mysql.rs:149:26:149:29 | prep | provenance | MaD:18 Sink:MaD:18 |
-| mysql.rs:154:26:154:37 | unsafe_query | mysql.rs:154:26:154:46 | unsafe_query.as_str() [&ref] | provenance | MaD:29 |
+| mysql.rs:154:26:154:37 | unsafe_query | mysql.rs:154:26:154:46 | unsafe_query.as_str() [&ref] | provenance | MaD:28 |
 | mysql.rs:154:26:154:46 | unsafe_query.as_str() [&ref] | mysql.rs:154:15:154:24 | query_drop | provenance | MaD:11 Sink:MaD:11 |
 | sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance |  |
 | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:24  |
 | sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:25 |
-| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:30 |
+| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:29 |
 | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance |  |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance |  |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:84:55:96 | remote_string | provenance |  |
 | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance |  |
 | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
-| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:31 |
-| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:33 |
-| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:32 |
+| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:30 |
+| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:32 |
+| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:31 |
 | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance |  |
 | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:38 | unsafe_query_1 [&ref] | provenance |  |
 | sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance |  |
@@ -142,28 +140,27 @@ edges
 | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance |  |
 | sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:42 | unsafe_query_3 | provenance |  |
 | sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:26:55:102 | ... + ... | provenance | MaD:27 |
-| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:26:55:102 | ... + ... | provenance | MaD:28 |
 | sqlx.rs:55:26:55:102 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance |  |
 | sqlx.rs:55:83:55:96 | &remote_string [&ref] | sqlx.rs:55:26:55:96 | ... + ... | provenance | MaD:26 |
 | sqlx.rs:55:84:55:96 | remote_string | sqlx.rs:55:83:55:96 | &remote_string [&ref] | provenance |  |
 | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:42 | unsafe_query_4 | provenance |  |
 | sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:17:59:72 | { ... } | provenance |  |
 | sqlx.rs:59:17:59:72 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance |  |
-| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:34 |
-| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:35 |
-| sqlx.rs:78:25:78:38 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:33 |
+| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:34 |
+| sqlx.rs:78:25:78:38 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | sqlx.rs:78:13:78:23 | ...::query | provenance | MaD:20 Sink:MaD:20 |
-| sqlx.rs:80:29:80:42 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:80:29:80:42 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | sqlx.rs:80:17:80:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
-| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
-| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
 | sqlx.rs:100:9:100:21 | remote_string | sqlx.rs:102:84:102:96 | remote_string | provenance |  |
 | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
-| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | sqlx.rs:100:25:100:78 | ... .unwrap() | provenance | MaD:31 |
-| sqlx.rs:100:25:100:78 | ... .unwrap() | sqlx.rs:100:25:100:85 | ... .text() [Ok] | provenance | MaD:33 |
-| sqlx.rs:100:25:100:85 | ... .text() [Ok] | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | provenance | MaD:32 |
+| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | sqlx.rs:100:25:100:78 | ... .unwrap() | provenance | MaD:30 |
+| sqlx.rs:100:25:100:78 | ... .unwrap() | sqlx.rs:100:25:100:85 | ... .text() [Ok] | provenance | MaD:32 |
+| sqlx.rs:100:25:100:85 | ... .text() [Ok] | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | provenance | MaD:31 |
 | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | sqlx.rs:100:9:100:21 | remote_string | provenance |  |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:44 | unsafe_query_1 | provenance |  |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:42 | unsafe_query_1 | provenance |  |
@@ -172,35 +169,33 @@ edges
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:68 | unsafe_query_1 | provenance |  |
 | sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:42 | unsafe_query_1 | provenance |  |
 | sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:26:102:102 | ... + ... | provenance | MaD:27 |
-| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:26:102:102 | ... + ... | provenance | MaD:28 |
 | sqlx.rs:102:26:102:102 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance |  |
 | sqlx.rs:102:83:102:96 | &remote_string [&ref] | sqlx.rs:102:26:102:96 | ... + ... | provenance | MaD:26 |
 | sqlx.rs:102:84:102:96 | remote_string | sqlx.rs:102:83:102:96 | &remote_string [&ref] | provenance |  |
-| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:22 Sink:MaD:22 |
-| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
-| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
-| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:21 Sink:MaD:21 |
-| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:21 Sink:MaD:21 |
-| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
 | sqlx.rs:173:9:173:21 | remote_string | sqlx.rs:175:84:175:96 | remote_string | provenance |  |
 | sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | provenance | Src:MaD:23  |
-| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | sqlx.rs:173:25:173:78 | ... .unwrap() | provenance | MaD:31 |
-| sqlx.rs:173:25:173:78 | ... .unwrap() | sqlx.rs:173:25:173:85 | ... .text() [Ok] | provenance | MaD:33 |
-| sqlx.rs:173:25:173:85 | ... .text() [Ok] | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | provenance | MaD:32 |
+| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | sqlx.rs:173:25:173:78 | ... .unwrap() | provenance | MaD:30 |
+| sqlx.rs:173:25:173:78 | ... .unwrap() | sqlx.rs:173:25:173:85 | ... .text() [Ok] | provenance | MaD:32 |
+| sqlx.rs:173:25:173:85 | ... .text() [Ok] | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | provenance | MaD:31 |
 | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | sqlx.rs:173:9:173:21 | remote_string | provenance |  |
 | sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:42 | unsafe_query_1 | provenance |  |
 | sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:26:175:102 | ... + ... | provenance | MaD:27 |
-| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:26:175:102 | ... + ... | provenance | MaD:28 |
 | sqlx.rs:175:26:175:102 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance |  |
 | sqlx.rs:175:83:175:96 | &remote_string [&ref] | sqlx.rs:175:26:175:96 | ... + ... | provenance | MaD:26 |
 | sqlx.rs:175:84:175:96 | remote_string | sqlx.rs:175:83:175:96 | &remote_string [&ref] | provenance |  |
-| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 |
+| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:28 |
 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:20 Sink:MaD:20 |
 models
 | 1 | Sink: <_ as mysql::conn::queryable::Queryable>::query; Argument[0]; sql-injection |
@@ -228,16 +223,15 @@ models
 | 23 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote |
 | 24 | Source: std::env::args; ReturnValue.Element; commandargs |
 | 25 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Reference.Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
-| 26 | Summary: <_ as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
-| 27 | Summary: <_ as core::ops::arith::Add>::add; Argument[self]; ReturnValue; taint |
-| 28 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
-| 29 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
-| 30 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 31 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 32 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 33 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 34 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
-| 35 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
+| 26 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
+| 27 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self,0]; ReturnValue; taint |
+| 28 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
+| 29 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 30 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 31 | Summary: <core::result::Result>::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 32 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 33 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
+| 34 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value |
 nodes
 | mysql.rs:12:13:12:29 | mut remote_string | semmle.label | mut remote_string |
 | mysql.rs:12:33:12:54 | ...::get | semmle.label | ...::get |
--- a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected
+++ b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected
@@ -271,8 +271,8 @@ models
 | 13 | Sink: std::io::stdio::_eprint; Argument[0]; log-injection |
 | 14 | Sink: std::io::stdio::_print; Argument[0]; log-injection |
 | 15 | Summary: <_ as core::clone::Clone>::clone; Argument[self].Reference; ReturnValue; value |
-| 16 | Summary: <_ as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
-| 17 | Summary: <_ as core::ops::arith::Add>::add; Argument[0]; ReturnValue; taint |
+| 16 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
+| 17 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self,0]; ReturnValue; taint |
 | 18 | Summary: <alloc::string::String>::as_bytes; Argument[self]; ReturnValue; value |
 | 19 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
 | 20 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint |
--- a/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected
+++ b/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected
@@ -13,27 +13,25 @@ edges
 | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:37 | insert_query2 | provenance |  |
 | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:37 | insert_query2 | provenance |  |
 | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:37 | insert_query2 | provenance |  |
-| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:8 |
-| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:9 |
+| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:7 |
 | test_storage.rs:71:25:71:121 | ... + ... | test_storage.rs:71:9:71:21 | insert_query2 | provenance |  |
 | test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:25:71:114 | ... + ... | provenance | MaD:7 |
 | test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:25:71:114 | ... + ... | provenance | MaD:6 |
 | test_storage.rs:71:96:71:114 | &... [&ref] | test_storage.rs:71:25:71:114 | ... + ... | provenance | MaD:6 |
 | test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:71:96:71:114 | &... | provenance | Config |
 | test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:71:96:71:114 | &... [&ref] | provenance |  |
-| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:10 |
+| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
-| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:10 |
+| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:5 Sink:MaD:5 |
-| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:10 |
+| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
-| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:10 |
+| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
-| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:10 |
+| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 |
 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:4 Sink:MaD:4 |
 | test_storage.rs:189:9:189:24 | insert_query_bad | test_storage.rs:194:25:194:40 | insert_query_bad | provenance |  |
-| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:28:189:124 | ... + ... | provenance | MaD:8 |
-| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:28:189:124 | ... + ... | provenance | MaD:9 |
+| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:28:189:124 | ... + ... | provenance | MaD:7 |
 | test_storage.rs:189:28:189:124 | ... + ... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance |  |
 | test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:28:189:117 | ... + ... | provenance | MaD:7 |
 | test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:28:189:117 | ... + ... | provenance | MaD:6 |
@@ -41,8 +39,7 @@ edges
 | test_storage.rs:189:100:189:117 | get_phone_number(...) | test_storage.rs:189:99:189:117 | &... | provenance | Config |
 | test_storage.rs:189:100:189:117 | get_phone_number(...) | test_storage.rs:189:99:189:117 | &... [&ref] | provenance |  |
 | test_storage.rs:190:9:190:24 | select_query_bad | test_storage.rs:196:35:196:50 | select_query_bad | provenance |  |
-| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:28:190:109 | ... + ... | provenance | MaD:8 |
-| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:28:190:109 | ... + ... | provenance | MaD:9 |
+| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:28:190:109 | ... + ... | provenance | MaD:7 |
 | test_storage.rs:190:28:190:109 | ... + ... | test_storage.rs:190:9:190:24 | select_query_bad | provenance |  |
 | test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:28:190:103 | ... + ... | provenance | MaD:7 |
 | test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:28:190:103 | ... + ... | provenance | MaD:6 |
@@ -68,11 +65,9 @@ models
 | 3 | Sink: <rusqlite::Connection>::query_row; Argument[0]; sql-injection |
 | 4 | Sink: sqlx_core::query::query; Argument[0]; sql-injection |
 | 5 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection |
-| 6 | Summary: <_ as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
-| 7 | Summary: <_ as core::ops::arith::Add>::add; Argument[0]; ReturnValue; taint |
-| 8 | Summary: <_ as core::ops::arith::Add>::add; Argument[self]; ReturnValue; taint |
-| 9 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self]; ReturnValue; value |
-| 10 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
+| 6 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
+| 7 | Summary: <alloc::string::String as core::ops::arith::Add>::add; Argument[self,0]; ReturnValue; taint |
+| 8 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
 nodes
 | test_storage.rs:71:9:71:21 | insert_query2 | semmle.label | insert_query2 |
 | test_storage.rs:71:25:71:114 | ... + ... | semmle.label | ... + ... |