hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/rules_rust-update

Browse Source
This commit is contained in:
Paolo Tranquilli
2025-02-11 09:10:15 +01:00
parent c0eaff6fa1 e1c810a50c
commit f7ca717375
78 changed files with 633 additions and 789 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rust/ql/integration-tests/hello-project/summary.expected
View File

@@ -14,7 +14,7 @@
| Macro calls - resolved | 2 |
| Macro calls - total | 2 |
| Macro calls - unresolved | 0 |
| Taint edges - number of edges | 3 |
| Taint edges - number of edges | 4 |
| Taint reach - nodes tainted | 0 |
| Taint reach - per million nodes | 0 |
| Taint sinks - cryptographic operations | 0 |

2
rust/ql/integration-tests/hello-workspace/summary.cargo.expected
View File

@@ -14,7 +14,7 @@
| Macro calls - resolved | 2 |
| Macro calls - total | 2 |
| Macro calls - unresolved | 0 |
| Taint edges - number of edges | 3 |
| Taint edges - number of edges | 4 |
| Taint reach - nodes tainted | 0 |
| Taint reach - per million nodes | 0 |
| Taint sinks - cryptographic operations | 0 |

2
rust/ql/integration-tests/hello-workspace/summary.rust-project.expected
View File

@@ -14,7 +14,7 @@
| Macro calls - resolved | 2 |
| Macro calls - total | 2 |
| Macro calls - unresolved | 0 |
| Taint edges - number of edges | 3 |
| Taint edges - number of edges | 4 |
| Taint reach - nodes tainted | 0 |
| Taint reach - per million nodes | 0 |
| Taint sinks - cryptographic operations | 0 |

26
rust/ql/lib/codeql/rust/Concepts.qll
View File

@@ -100,6 +100,32 @@ class ModeledEnvironmentSource extends EnvironmentSource::Range {
ModeledEnvironmentSource() { sourceNode(this, "environment-source") }
}
/**
* A data flow source corresponding to the program's database reads.
*/
final class DatabaseSource = DatabaseSource::Range;
/**
* Provides a class for modeling new sources for the program's database reads.
*/
module DatabaseSource {
/**
* A data flow source corresponding to the program's database reads.
*/
abstract class Range extends ThreatModelSource::Range {
override string getThreatModel() { result = "database" }
override string getSourceType() { result = "DatabaseSource" }
}
}
/**
* An externally modeled source for data from the program's database.
*/
class ModeledDatabaseSource extends DatabaseSource::Range {
ModeledDatabaseSource() { sourceNode(this, "database") }
}
/**
* A data flow source for remote (network) data.
*/

29
rust/ql/lib/codeql/rust/dataflow/Ssa.qll
View File

@@ -82,35 +82,6 @@ module Ssa {
*/
final CfgNode getAFirstRead() { SsaImpl::firstRead(this, result) }
/**
* Gets a last control flow node that reads the value of this SSA definition.
* That is, a read that can reach the end of the enclosing CFG scope, or another
* SSA definition for the source variable, without passing through any other read.
*
* Example:
*
* ```rust
* fn phi(b : bool) { // defines b_0
* let mut x = 1; // defines x_0
* println!("{}", x);
* println!("{}", x + 1); // last read of x_0
*
* if b { // last read of b_0
* x = 2; // defines x_1
* println!("{}", x);
* println!("{}", x + 1); // last read of x_1
* } else {
* x = 3; // defines x_2
* println!("{}", x);
* println!("{}", x + 1); // last read of x_2
* }
* // defines x_3 = phi(x_1, x_2)
* println!("{}", x); // last read of x_3
* }
* ```
*/
final CfgNode getALastRead() { SsaImpl::lastRead(this, result) }
/**
* Holds if `read1` and `read2` are adjacent reads of this SSA definition.
* That is, `read2` can be reached from `read1` without passing through

35
rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
View File

@@ -47,8 +47,6 @@ module SsaInput implements SsaImplCommon::InputSig<Location> {
BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() }
class ExitBasicBlock = BasicBlocks::ExitBasicBlock;
/**
* A variable amenable to SSA construction.
*
@@ -218,25 +216,6 @@ private predicate adjacentDefSkipUncertainReads(
SsaInput::variableRead(bb2, i2, _, true)
}
private predicate adjacentDefReachesUncertainReadExt(
DefinitionExt def, BasicBlock bb1, int i1, BasicBlock bb2, int i2
) {
adjacentDefReachesReadExt(def, bb1, i1, bb2, i2) and
SsaInput::variableRead(bb2, i2, _, false)
}
/** Same as `lastRefRedef`, but skips uncertain reads. */
pragma[nomagic]
private predicate lastRefSkipUncertainReadsExt(DefinitionExt def, BasicBlock bb, int i) {
Impl::lastRef(def, bb, i) and
not SsaInput::variableRead(bb, i, def.getSourceVariable(), false)
or
exists(BasicBlock bb0, int i0 |
Impl::lastRef(def, bb0, i0) and
adjacentDefReachesUncertainReadExt(def, bb, i, bb0, i0)
)
}
private VariableAccess getACapturedVariableAccess(BasicBlock bb, Variable v) {
result = bb.getANode().getAstNode() and
result.isCapture() and
@@ -381,20 +360,6 @@ private module Cached {
)
}
/**
* Holds if the read of `def` at `read` may be a last read. That is, `read`
* can either reach another definition of the underlying source variable or
* the end of the CFG scope, without passing through another non-pseudo read.
*/
cached
predicate lastRead(Definition def, CfgNode read) {
exists(BasicBlock bb, int i |
lastRefSkipUncertainReadsExt(def, bb, i) and
variableReadActual(bb, i, _) and
read = bb.getNode(i)
)
}
cached
Definition uncertainWriteDefinitionInput(UncertainWriteDefinition def) {
Impl::uncertainWriteDefinitionInput(def, result)

8
rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml
View File

@@ -3,12 +3,12 @@ extensions:
pack: codeql/rust-all
extensible: sourceModel
data:
- ["lang:std", "crate::env::args", "ReturnValue", "command-line-source", "manual"]
- ["lang:std", "crate::env::args_os", "ReturnValue", "command-line-source", "manual"]
- ["lang:std", "crate::env::args", "ReturnValue.Element", "command-line-source", "manual"]
- ["lang:std", "crate::env::args_os", "ReturnValue.Element", "command-line-source", "manual"]
- ["lang:std", "crate::env::current_dir", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "command-line-source", "manual"]
- ["lang:std", "crate::env::current_exe", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "command-line-source", "manual"]
- ["lang:std", "crate::env::home_dir", "ReturnValue.Variant[crate::option::Option::Some(0)]", "command-line-source", "manual"]
- ["lang:std", "crate::env::var", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "environment-source", "manual"]
- ["lang:std", "crate::env::var_os", "ReturnValue.Variant[crate::option::Option::Some(0)]", "environment-source", "manual"]
- ["lang:std", "crate::env::vars", "ReturnValue", "environment-source", "manual"]
- ["lang:std", "crate::env::vars_os", "ReturnValue", "environment-source", "manual"]
- ["lang:std", "crate::env::vars", "ReturnValue.Element", "environment-source", "manual"]
- ["lang:std", "crate::env::vars_os", "ReturnValue.Element", "environment-source", "manual"]

3
rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
View File

@@ -7,6 +7,9 @@ extensions:
- ["lang:alloc", "crate::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"]
# Hint
- ["lang:core", "crate::hint::must_use", "Argument[0]", "ReturnValue", "value", "manual"]
# Iterator
- ["lang:core", "crate::iter::traits::iterator::Iterator::nth", "Argument[self].Element", "ReturnValue.Variant[crate::option::Option::Some(0)]", "value", "manual"]
- ["lang:core", "crate::iter::traits::iterator::Iterator::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
# Option
- ["lang:core", "<crate::option::Option>::unwrap", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
- ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]

24
rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml Normal file
View File

@@ -0,0 +1,24 @@
extensions:
- addsTo:
pack: codeql/rust-all
extensible: sinkModel
data:
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::execute", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::batch_execute", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::execute_raw", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::prepare", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::prepare_typed", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::query", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::query_opt", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::query_raw", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::query_typed", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::query_typed_raw", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::simple_query", "Argument[0]", "sql-injection", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::client::Client>::simple_query_raw", "Argument[0]", "sql-injection", "manual"]
- addsTo:
pack: codeql/rust-all
extensible: sourceModel
data:
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::row::Row>::get", "ReturnValue", "database", "manual"]
- ["repo:https://github.com/sfackler/rust-postgres:tokio-postgres", "<crate::row::Row>::try_get", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "database", "manual"]

46
rust/ql/src/queries/telemetry/DatabaseQuality.qll Normal file
View File

@@ -0,0 +1,46 @@
/**
* Provides database quality statistics that are reported by
* `rust/telemetry/extractor-information`
* and perhaps warned about by `rust/diagnostics/database-quality`.
*/
import rust
import codeql.util.ReportStats
module CallTargetStats implements StatsSig {
int getNumberOfOk() { result = count(CallExprBase c | exists(c.getStaticTarget())) }
private predicate isLambdaCall(CallExpr call) {
exists(Expr receiver | receiver = call.getFunction() |
// All calls to complex expressions and local variable accesses are lambda calls
receiver instanceof PathExpr implies receiver = any(Variable v).getAnAccess()
)
}
additional predicate isNotOkCall(CallExprBase c) {
not exists(c.getStaticTarget()) and
not isLambdaCall(c)
}
int getNumberOfNotOk() { result = count(CallExprBase c | isNotOkCall(c)) }
string getOkText() { result = "calls with call target" }
string getNotOkText() { result = "calls with missing call target" }
}
module MacroCallTargetStats implements StatsSig {
int getNumberOfOk() { result = count(MacroCall c | c.hasExpanded()) }
additional predicate isNotOkCall(MacroCall c) { not c.hasExpanded() }
int getNumberOfNotOk() { result = count(MacroCall c | isNotOkCall(c)) }
string getOkText() { result = "macro calls with call target" }
string getNotOkText() { result = "macro calls with missing call target" }
}
module CallTargetStatsReport = ReportStats<CallTargetStats>;
module MacroCallTargetStatsReport = ReportStats<MacroCallTargetStats>;

41
rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql Normal file
View File

@@ -0,0 +1,41 @@
/**
* @name Low Rust analysis quality
* @description Low Rust analysis quality
* @kind diagnostic
* @id rust/diagnostic/database-quality
*/
import rust
import DatabaseQuality
import codeql.util.Unit
class DbQualityDiagnostic extends Unit {
DbQualityDiagnostic() {
exists(float percentageGood |
CallTargetStatsReport::percentageOfOk(_, percentageGood)
or
MacroCallTargetStatsReport::percentageOfOk(_, percentageGood)
|
percentageGood < 95
)
}
string toString() {
result =
"Scanning Rust code completed successfully, but the scan encountered issues. " +
"This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- "
+
"see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. "
+ "Addressing these warnings is advisable to avoid false-positive or missing results."
}
}
query predicate diagnosticAttributes(DbQualityDiagnostic e, string key, string value) {
exists(e) and // Quieten warning about unconstrained 'e'
key = ["visibilityCliSummaryTable", "visibilityTelemetry", "visibilityStatusPage"] and
value = "true"
}
from DbQualityDiagnostic d
select d, d.toString(), 1
/* 1 = Warning severity */

65
rust/ql/src/queries/telemetry/ExtractorInformation.ql Normal file
View File

@@ -0,0 +1,65 @@
/**
* @name Rust extraction information
* @description Information about the extraction for a Rust database
* @kind metric
* @tags summary telemetry
* @id rust/telemetry/extraction-information
*/
import rust
import DatabaseQuality
import codeql.rust.Diagnostics
predicate fileCount(string key, int value) {
key = "Number of files" and
value = strictcount(File f)
}
predicate fileCountByExtension(string key, int value) {
exists(string extension |
key = "Number of files with extension " + extension and
value = strictcount(File f | f.getExtension() = extension)
)
}
predicate numberOfLinesOfCode(string key, int value) {
key = "Number of lines of code" and
value = strictsum(File f | any() | f.getNumberOfLinesOfCode())
}
predicate numberOfLinesOfCodeByExtension(string key, int value) {
exists(string extension |
key = "Number of lines of code with extension " + extension and
value = strictsum(File f | f.getExtension() = extension | f.getNumberOfLinesOfCode())
)
}
predicate extractorDiagnostics(string key, int value) {
exists(int severity |
key = "Number of diagnostics with severity " + severity.toString() and
value = strictcount(Diagnostic d | d.getSeverity() = severity)
)
}
from string key, float value
where
(
fileCount(key, value) or
fileCountByExtension(key, value) or
numberOfLinesOfCode(key, value) or
numberOfLinesOfCodeByExtension(key, value) or
extractorDiagnostics(key, value) or
CallTargetStatsReport::numberOfOk(key, value) or
CallTargetStatsReport::numberOfNotOk(key, value) or
CallTargetStatsReport::percentageOfOk(key, value) or
MacroCallTargetStatsReport::numberOfOk(key, value) or
MacroCallTargetStatsReport::numberOfNotOk(key, value) or
MacroCallTargetStatsReport::percentageOfOk(key, value)
) and
/* Infinity */
value != 1.0 / 0.0 and
/* -Infinity */
value != -1.0 / 0.0 and
/* NaN */
value != 0.0 / 0.0
select key, value

8
rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
View File

@@ -4,6 +4,8 @@ localStep
| file://:0:0:0:0 | [summary param] 0 in lang:core::_::crate::hint::must_use | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::crate::hint::must_use | MaD:21 |
| file://:0:0:0:0 | [summary] read: Argument[0].ReturnValue in lang:core::_::<crate::option::Option>::unwrap_or_else | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap_or_else | MaD:7 |
| file://:0:0:0:0 | [summary] read: Argument[0].ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or_else | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or_else | MaD:18 |
| file://:0:0:0:0 | [summary] read: Argument[self].Element in lang:core::_::crate::iter::traits::iterator::Iterator::collect | file://:0:0:0:0 | [summary] to write: ReturnValue.Element in lang:core::_::crate::iter::traits::iterator::Iterator::collect | MaD:22 |
| file://:0:0:0:0 | [summary] read: Argument[self].Element in lang:core::_::crate::iter::traits::iterator::Iterator::nth | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::option::Option::Some(0)] in lang:core::_::crate::iter::traits::iterator::Iterator::nth | MaD:23 |
| file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::expect | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::expect | MaD:2 |
| file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap | MaD:3 |
| file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap_or | MaD:5 |
@@ -536,7 +538,11 @@ models
| 19 | Summary: lang:core; <crate::result::Result>::unwrap_or_else; Argument[self].Variant[crate::result::Result::Ok(0)]; ReturnValue; value |
| 20 | Summary: lang:core; <crate::result::Result>::unwrap_unchecked; Argument[self].Variant[crate::result::Result::Ok(0)]; ReturnValue; value |
| 21 | Summary: lang:core; crate::hint::must_use; Argument[0]; ReturnValue; value |
| 22 | Summary: lang:core; crate::iter::traits::iterator::Iterator::collect; Argument[self].Element; ReturnValue.Element; value |
| 23 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Variant[crate::option::Option::Some(0)]; value |
storeStep
| file://:0:0:0:0 | [summary] to write: ReturnValue.Element in lang:core::_::crate::iter::traits::iterator::Iterator::collect | element | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::crate::iter::traits::iterator::Iterator::collect |
| file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::option::Option::Some(0)] in lang:core::_::crate::iter::traits::iterator::Iterator::nth | Some | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::crate::iter::traits::iterator::Iterator::nth |
| file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::bytes | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::bytes |
| file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text |
| file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text_with_charset | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text_with_charset |
@@ -639,6 +645,8 @@ readStep
| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or_default | Ok | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::result::Result::Ok(0)] in lang:core::_::<crate::result::Result>::unwrap_or_default |
| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or_else | Ok | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::result::Result::Ok(0)] in lang:core::_::<crate::result::Result>::unwrap_or_else |
| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_unchecked | Ok | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::result::Result::Ok(0)] in lang:core::_::<crate::result::Result>::unwrap_unchecked |
| file://:0:0:0:0 | [summary param] self in lang:core::_::crate::iter::traits::iterator::Iterator::collect | element | file://:0:0:0:0 | [summary] read: Argument[self].Element in lang:core::_::crate::iter::traits::iterator::Iterator::collect |
| file://:0:0:0:0 | [summary param] self in lang:core::_::crate::iter::traits::iterator::Iterator::nth | element | file://:0:0:0:0 | [summary] read: Argument[self].Element in lang:core::_::crate::iter::traits::iterator::Iterator::nth |
| main.rs:33:9:33:15 | Some(...) | Some | main.rs:33:14:33:14 | _ |
| main.rs:87:11:87:11 | i | &ref | main.rs:87:10:87:11 | * ... |
| main.rs:95:10:95:10 | a | tuple.0 | main.rs:95:10:95:12 | a.0 |

8
rust/ql/test/library-tests/dataflow/sources/test.rs
View File

@@ -32,10 +32,10 @@ fn test_env_args() {
let arg2 = std::env::args().nth(2).unwrap(); // $ Alert[rust/summary/taint-sources]
let arg3 = std::env::args_os().nth(3).unwrap(); // $ Alert[rust/summary/taint-sources]
sink(my_path); // $ MISSING: hasTaintFlow
sink(arg1); // $ MISSING: hasTaintFlow
sink(arg2); // $ MISSING: hasTaintFlow
sink(arg3); // $ MISSING: hasTaintFlow
sink(my_path); // $ hasTaintFlow
sink(arg1); // $ hasTaintFlow
sink(arg2); // $ hasTaintFlow
sink(arg3); // $ hasTaintFlow
for arg in std::env::args() { // $ Alert[rust/summary/taint-sources]
sink(arg); // $ hasTaintFlow

2
rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
View File

@@ -2,6 +2,8 @@ additionalTaintStep
| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:3 |
| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_bytes | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_bytes | MaD:1 |
| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:2 |
| file://:0:0:0:0 | [summary param] self in lang:core::_::crate::iter::traits::iterator::Iterator::collect | file://:0:0:0:0 | [summary] read: Argument[self].Element in lang:core::_::crate::iter::traits::iterator::Iterator::collect | |
| file://:0:0:0:0 | [summary param] self in lang:core::_::crate::iter::traits::iterator::Iterator::nth | file://:0:0:0:0 | [summary] read: Argument[self].Element in lang:core::_::crate::iter::traits::iterator::Iterator::nth | |
| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::bytes | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::bytes | MaD:4 |
| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:5 |
| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text_with_charset | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text_with_charset | MaD:6 |

11
rust/ql/test/library-tests/frameworks/postgres/Postgres.ql
View File

@@ -1,9 +1,10 @@
import rust
import codeql.rust.Concepts
import codeql.rust.security.SqlInjectionExtensions
import utils.test.InlineExpectationsTest
module PostgresTest implements TestSig {
string getARelevantTag() { result = "sql-sink" }
string getARelevantTag() { result = ["sql-sink", "database-read"] }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(SqlInjection::Sink sink |
@@ -13,6 +14,14 @@ module PostgresTest implements TestSig {
tag = "sql-sink" and
value = ""
)
or
exists(ModeledDatabaseSource source |
location = source.getLocation() and
location.getFile().getBaseName() != "" and
element = source.toString() and
tag = "database-read" and
value = ""
)
}
}

6
rust/ql/test/library-tests/frameworks/postgres/main.rs
View File

@@ -33,9 +33,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
// conn.query_typed_raw(query.as_str(), &[])?;
for row in &conn.query("SELECT id, name, age FROM person", &[])? { // $ sql-sink
let id: i32 = row.get("id");
let name: &str = row.get("name");
let age: i32 = row.get("age");
let id: i32 = row.get("id"); // $ database-read
let name: &str = row.try_get("name")?; // $ database-read
let age: i32 = row.try_get("age").unwrap(); // $ database-read
println!("found person: {} {} {}", id, name, age);
}

121
rust/ql/test/library-tests/variables/Ssa.expected
View File

@@ -423,127 +423,6 @@ firstRead
| main.rs:594:9:594:25 | var_in_macro | main.rs:594:9:594:25 | var_in_macro | main.rs:594:9:594:25 | var_in_macro |
| main.rs:596:9:596:20 | var_in_macro | main.rs:596:9:596:20 | var_in_macro | main.rs:601:15:601:26 | var_in_macro |
| main.rs:600:15:600:42 | var_in_macro | main.rs:600:15:600:42 | var_in_macro | main.rs:600:30:600:41 | var_in_macro |
lastRead
| main.rs:3:14:3:14 | s | main.rs:3:14:3:14 | s | main.rs:4:20:4:20 | s |
| main.rs:7:14:7:14 | i | main.rs:7:14:7:14 | i | main.rs:8:20:8:20 | i |
| main.rs:11:18:11:18 | i | main.rs:11:18:11:18 | i | main.rs:12:16:12:16 | i |
| main.rs:16:9:16:10 | x1 | main.rs:16:9:16:10 | x1 | main.rs:17:15:17:16 | x1 |
| main.rs:21:9:21:14 | x2 | main.rs:21:13:21:14 | x2 | main.rs:22:15:22:16 | x2 |
| main.rs:23:5:23:6 | x2 | main.rs:21:13:21:14 | x2 | main.rs:24:15:24:16 | x2 |
| main.rs:28:9:28:13 | x | main.rs:28:13:28:13 | x | main.rs:29:20:29:20 | x |
| main.rs:30:5:30:5 | x | main.rs:28:13:28:13 | x | main.rs:31:20:31:20 | x |
| main.rs:35:9:35:10 | x3 | main.rs:35:9:35:10 | x3 | main.rs:38:9:38:10 | x3 |
| main.rs:37:9:37:10 | x3 | main.rs:37:9:37:10 | x3 | main.rs:39:15:39:16 | x3 |
| main.rs:43:9:43:10 | x4 | main.rs:43:9:43:10 | x4 | main.rs:49:15:49:16 | x4 |
| main.rs:46:13:46:14 | x4 | main.rs:46:13:46:14 | x4 | main.rs:47:19:47:20 | x4 |
| main.rs:60:13:60:14 | a1 | main.rs:60:13:60:14 | a1 | main.rs:68:15:68:16 | a1 |
| main.rs:61:13:61:14 | b1 | main.rs:61:13:61:14 | b1 | main.rs:69:15:69:16 | b1 |
| main.rs:64:13:64:13 | x | main.rs:64:13:64:13 | x | main.rs:70:15:70:15 | x |
| main.rs:65:13:65:13 | y | main.rs:65:13:65:13 | y | main.rs:71:15:71:15 | y |
| main.rs:75:9:75:10 | p1 | main.rs:75:9:75:10 | p1 | main.rs:79:9:79:10 | p1 |
| main.rs:77:12:77:13 | a2 | main.rs:77:12:77:13 | a2 | main.rs:80:15:80:16 | a2 |
| main.rs:78:12:78:13 | b2 | main.rs:78:12:78:13 | b2 | main.rs:81:15:81:16 | b2 |
| main.rs:85:9:85:10 | s1 | main.rs:85:9:85:10 | s1 | main.rs:88:11:88:12 | s1 |
| main.rs:87:17:87:22 | s2 | main.rs:87:21:87:22 | s2 | main.rs:89:19:89:20 | s2 |
| main.rs:94:14:94:15 | x5 | main.rs:94:14:94:15 | x5 | main.rs:98:15:98:16 | x5 |
| main.rs:102:9:102:10 | s1 | main.rs:102:9:102:10 | s1 | main.rs:105:11:105:12 | s1 |
| main.rs:104:20:104:25 | s2 | main.rs:104:24:104:25 | s2 | main.rs:106:19:106:20 | s2 |
| main.rs:111:9:111:10 | x6 | main.rs:111:9:111:10 | x6 | main.rs:114:11:114:12 | x6 |
| main.rs:112:9:112:10 | y1 | main.rs:112:9:112:10 | y1 | main.rs:124:15:124:16 | y1 |
| main.rs:116:14:116:15 | y1 | main.rs:116:14:116:15 | y1 | main.rs:119:23:119:24 | y1 |
| main.rs:128:9:128:15 | numbers | main.rs:128:9:128:15 | numbers | main.rs:142:11:142:17 | numbers |
| main.rs:132:13:132:17 | first | main.rs:132:13:132:17 | first | main.rs:136:23:136:27 | first |
| main.rs:133:13:133:17 | third | main.rs:133:13:133:17 | third | main.rs:137:23:137:27 | third |
| main.rs:134:13:134:17 | fifth | main.rs:134:13:134:17 | fifth | main.rs:138:23:138:27 | fifth |
| main.rs:144:13:144:17 | first | main.rs:144:13:144:17 | first | main.rs:148:23:148:27 | first |
| main.rs:146:13:146:16 | last | main.rs:146:13:146:16 | last | main.rs:149:23:149:26 | last |
| main.rs:155:9:155:10 | p2 | main.rs:155:9:155:10 | p2 | main.rs:157:11:157:12 | p2 |
| main.rs:159:16:159:17 | x7 | main.rs:159:16:159:17 | x7 | main.rs:160:24:160:25 | x7 |
| main.rs:169:9:169:11 | msg | main.rs:169:9:169:11 | msg | main.rs:171:11:171:13 | msg |
| main.rs:173:17:173:35 | [match(true)] id_variable | main.rs:173:17:173:27 | id_variable | main.rs:174:24:174:34 | id_variable |
| main.rs:178:26:178:27 | id | main.rs:178:26:178:27 | id | main.rs:179:23:179:24 | id |
| main.rs:189:9:189:14 | either | main.rs:189:9:189:14 | either | main.rs:190:11:190:16 | either |
| main.rs:191:9:191:44 | [match(true)] phi | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 |
| main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:212:11:212:12 | tv |
| main.rs:205:9:205:81 | [match(true)] phi | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 |
| main.rs:209:9:209:83 | [match(true)] phi | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 |
| main.rs:213:9:213:83 | [match(true)] phi | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 |
| main.rs:219:9:219:14 | either | main.rs:219:9:219:14 | either | main.rs:220:11:220:16 | either |
| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 |
| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:223:26:223:27 | a7 |
| main.rs:229:9:229:14 | either | main.rs:229:9:229:14 | either | main.rs:231:11:231:16 | either |
| main.rs:232:9:233:52 | [match(true)] e | main.rs:232:13:232:13 | e | main.rs:237:15:237:15 | e |
| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 |
| main.rs:236:33:236:35 | a12 | main.rs:236:33:236:35 | a12 | main.rs:238:28:238:30 | a12 |
| main.rs:253:9:253:10 | fv | main.rs:253:9:253:10 | fv | main.rs:254:11:254:12 | fv |
| main.rs:255:9:255:109 | [match(true)] phi | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 |
| main.rs:261:5:261:6 | a8 | main.rs:261:5:261:6 | a8 | main.rs:266:15:266:16 | a8 |
| main.rs:263:9:263:10 | b3 | main.rs:263:9:263:10 | b3 | main.rs:267:15:267:16 | b3 |
| main.rs:264:9:264:10 | c1 | main.rs:264:9:264:10 | c1 | main.rs:268:15:268:16 | c1 |
| main.rs:272:6:272:41 | [match(true)] phi | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 |
| main.rs:279:9:279:15 | a10 | main.rs:279:13:279:15 | a10 | main.rs:283:15:283:17 | a10 |
| main.rs:280:9:280:14 | b4 | main.rs:280:13:280:14 | b4 | main.rs:284:15:284:16 | b4 |
| main.rs:281:9:281:14 | c2 | main.rs:281:13:281:14 | c2 | main.rs:285:15:285:16 | c2 |
| main.rs:288:9:288:10 | c2 | main.rs:281:13:281:14 | c2 | main.rs:298:15:298:16 | c2 |
| main.rs:289:9:289:10 | b4 | main.rs:280:13:280:14 | b4 | main.rs:311:15:311:16 | b4 |
| main.rs:290:9:290:11 | a10 | main.rs:279:13:279:15 | a10 | main.rs:310:15:310:17 | a10 |
| main.rs:302:13:302:15 | a10 | main.rs:302:13:302:15 | a10 | main.rs:305:23:305:25 | a10 |
| main.rs:303:13:303:14 | b4 | main.rs:303:13:303:14 | b4 | main.rs:306:23:306:24 | b4 |
| main.rs:315:9:315:23 | example_closure | main.rs:315:9:315:23 | example_closure | main.rs:319:9:319:23 | example_closure |
| main.rs:316:10:316:10 | x | main.rs:316:10:316:10 | x | main.rs:317:9:317:9 | x |
| main.rs:318:9:318:10 | n1 | main.rs:318:9:318:10 | n1 | main.rs:320:15:320:16 | n1 |
| main.rs:323:9:323:26 | immutable_variable | main.rs:323:9:323:26 | immutable_variable | main.rs:327:9:327:26 | immutable_variable |
| main.rs:324:10:324:10 | x | main.rs:324:10:324:10 | x | main.rs:325:9:325:9 | x |
| main.rs:326:9:326:10 | n2 | main.rs:326:9:326:10 | n2 | main.rs:328:15:328:16 | n2 |
| main.rs:333:9:333:9 | f | main.rs:333:9:333:9 | f | main.rs:342:15:342:15 | f |
| main.rs:334:10:334:10 | x | main.rs:334:10:334:10 | x | main.rs:335:9:335:9 | x |
| main.rs:338:10:338:10 | x | main.rs:338:10:338:10 | x | main.rs:339:9:339:9 | x |
| main.rs:346:14:346:14 | x | main.rs:346:14:346:14 | x | main.rs:347:17:347:17 | x |
| main.rs:354:13:354:13 | f | main.rs:354:13:354:13 | f | main.rs:357:19:357:19 | f |
| main.rs:355:14:355:14 | x | main.rs:355:14:355:14 | x | main.rs:356:13:356:13 | x |
| main.rs:362:9:362:9 | v | main.rs:362:9:362:9 | v | main.rs:365:12:365:12 | v |
| main.rs:364:9:364:12 | text | main.rs:364:9:364:12 | text | main.rs:366:19:366:22 | text |
| main.rs:380:9:380:13 | ref_i | main.rs:380:9:380:13 | ref_i | main.rs:382:6:382:10 | ref_i |
| main.rs:386:17:386:17 | x | main.rs:386:17:386:17 | x | main.rs:390:12:390:12 | x |
| main.rs:393:22:393:22 | x | main.rs:393:22:393:22 | x | main.rs:398:9:398:9 | x |
| main.rs:393:39:393:39 | y | main.rs:393:39:393:39 | y | main.rs:397:6:397:6 | y |
| main.rs:403:9:403:9 | y | main.rs:403:9:403:9 | y | main.rs:405:6:405:6 | y |
| main.rs:410:9:410:9 | w | main.rs:410:9:410:9 | w | main.rs:416:7:416:7 | w |
| main.rs:423:9:423:9 | y | main.rs:423:9:423:9 | y | main.rs:425:6:425:6 | y |
| main.rs:430:9:430:9 | x | main.rs:430:9:430:9 | x | main.rs:436:15:436:15 | x |
| main.rs:432:9:432:11 | cap | main.rs:432:9:432:11 | cap | main.rs:435:5:435:7 | cap |
| main.rs:432:15:434:5 | <captured entry> x | main.rs:430:9:430:9 | x | main.rs:433:19:433:19 | x |
| main.rs:440:9:440:13 | x | main.rs:440:13:440:13 | x | main.rs:446:15:446:15 | x |
| main.rs:442:9:442:16 | closure1 | main.rs:442:9:442:16 | closure1 | main.rs:445:5:445:12 | closure1 |
| main.rs:442:20:444:5 | <captured entry> x | main.rs:440:13:440:13 | x | main.rs:443:19:443:19 | x |
| main.rs:450:9:450:20 | closure2 | main.rs:450:13:450:20 | closure2 | main.rs:453:5:453:12 | closure2 |
| main.rs:453:5:453:14 | <captured exit> y | main.rs:448:13:448:13 | y | main.rs:454:15:454:15 | y |
| main.rs:458:9:458:20 | closure3 | main.rs:458:13:458:20 | closure3 | main.rs:461:5:461:12 | closure3 |
| main.rs:467:9:467:13 | block | main.rs:467:9:467:13 | block | main.rs:471:5:471:9 | block |
| main.rs:471:5:471:15 | <captured exit> i | main.rs:466:13:466:13 | i | main.rs:472:15:472:15 | i |
| main.rs:475:8:475:8 | b | main.rs:475:8:475:8 | b | main.rs:479:8:479:8 | b |
| main.rs:476:9:476:13 | x | main.rs:476:13:476:13 | x | main.rs:478:15:478:15 | x |
| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x |
| main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | main.rs:482:19:482:19 | x |
| main.rs:484:9:484:9 | x | main.rs:476:13:476:13 | x | main.rs:486:19:486:19 | x |
| main.rs:491:13:491:14 | b1 | main.rs:491:13:491:14 | b1 | main.rs:493:8:493:9 | b1 |
| main.rs:491:24:491:25 | b2 | main.rs:491:24:491:25 | b2 | main.rs:499:8:499:9 | b2 |
| main.rs:492:9:492:9 | x | main.rs:492:9:492:9 | x | main.rs:500:19:500:19 | x |
| main.rs:492:9:492:9 | x | main.rs:492:9:492:9 | x | main.rs:502:19:502:19 | x |
| main.rs:512:15:512:23 | SelfParam | main.rs:512:20:512:23 | self | main.rs:513:16:513:19 | self |
| main.rs:516:11:516:14 | SelfParam | main.rs:516:11:516:14 | self | main.rs:517:9:517:12 | self |
| main.rs:521:13:521:17 | f | main.rs:521:17:521:17 | f | main.rs:526:9:526:9 | f |
| main.rs:521:21:524:9 | <captured entry> self | main.rs:520:23:520:26 | self | main.rs:523:13:523:16 | self |
| main.rs:521:22:521:22 | n | main.rs:521:22:521:22 | n | main.rs:523:25:523:25 | n |
| main.rs:540:9:540:13 | a | main.rs:540:13:540:13 | a | main.rs:543:15:543:15 | a |
| main.rs:544:5:544:5 | a | main.rs:540:13:540:13 | a | main.rs:545:15:545:15 | a |
| main.rs:549:9:549:9 | x | main.rs:549:9:549:9 | x | main.rs:551:15:551:15 | x |
| main.rs:553:9:553:9 | z | main.rs:553:9:553:9 | z | main.rs:554:20:554:20 | z |
| main.rs:562:10:562:18 | SelfParam | main.rs:562:15:562:18 | self | main.rs:563:6:563:9 | self |
| main.rs:593:9:593:22 | var_from_macro | main.rs:593:9:593:22 | var_from_macro | main.rs:595:15:595:28 | var_from_macro |
| main.rs:594:9:594:25 | var_in_macro | main.rs:594:9:594:25 | var_in_macro | main.rs:594:9:594:25 | var_in_macro |
| main.rs:596:9:596:20 | var_in_macro | main.rs:596:9:596:20 | var_in_macro | main.rs:601:15:601:26 | var_in_macro |
| main.rs:600:15:600:42 | var_in_macro | main.rs:600:15:600:42 | var_in_macro | main.rs:600:30:600:41 | var_in_macro |
adjacentReads
| main.rs:35:9:35:10 | x3 | main.rs:35:9:35:10 | x3 | main.rs:36:15:36:16 | x3 | main.rs:38:9:38:10 | x3 |
| main.rs:43:9:43:10 | x4 | main.rs:43:9:43:10 | x4 | main.rs:44:15:44:16 | x4 | main.rs:49:15:49:16 | x4 |

4
rust/ql/test/library-tests/variables/Ssa.ql
View File

@@ -17,10 +17,6 @@ query predicate firstRead(Ssa::Definition def, Variable v, CfgNode read) {
def.getSourceVariable() = v and read = def.getAFirstRead()
}
query predicate lastRead(Ssa::Definition def, Variable v, CfgNode read) {
def.getSourceVariable() = v and read = def.getALastRead()
}
query predicate adjacentReads(Ssa::Definition def, Variable v, CfgNode read1, CfgNode read2) {
def.getSourceVariable() = v and
def.hasAdjacentReads(read1, read2)

2
rust/ql/test/query-tests/diagnostics/SummaryStats.expected
View File

@@ -14,7 +14,7 @@
| Macro calls - resolved | 8 |
| Macro calls - total | 9 |
| Macro calls - unresolved | 1 |
| Taint edges - number of edges | 3 |
| Taint edges - number of edges | 4 |
| Taint reach - nodes tainted | 0 |
| Taint reach - per million nodes | 0 |
| Taint sinks - cryptographic operations | 0 |