Merge pull request #21375 from geoffw0/mapfix

Rust: Add neutral models (map, from)
2026-05-01 19:55:15 +02:00 · 2026-03-06 17:20:14 +00:00
parent a6de855549 370c5157f1
commit fd7093e74d
9 changed files with 358 additions and 139 deletions
--- a/rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md
+++ b/rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results.
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
@@ -102,6 +102,9 @@ extensions:
      - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[self]", "ReturnValue", "taint", "manual"]
      - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["<_ as core::iter::traits::iterator::Iterator>::take", "Argument[self]", "ReturnValue", "taint", "manual"]
+      # Option
+      - ["<core::option::Option>::map", "Argument[self].Field[core::option::Option::Some(0)]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["<core::option::Option>::map", "Argument[0].ReturnValue", "ReturnValue.Field[core::option::Option::Some(0)]", "value", "manual"]
      # Pin
      - ["<core::pin::Pin>::new", "Argument[0]", "ReturnValue.Field[core::pin::Pin::pointer]", "value", "manual"]
      # This model is not precise, but helps in cases where a `Pin` is implicitly dereferenced.
@@ -157,6 +160,16 @@ extensions:
      - ["core::ptr::write_bytes", "Argument[0]", "pointer-access", "manual"]
      - ["core::ptr::write_unaligned", "Argument[0]", "pointer-access", "manual"]
      - ["core::ptr::write_volatile", "Argument[0]", "pointer-access", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: neutralModel
+    data:
+      - ["<core::option::Option>::map", "sink", "manual"]
+      - ["<alloc::vec::Vec as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::collections::vec_deque::VecDeque as core::convert::From>::from", "sink", "manual"]
+      - ["<std::io::error::Error as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::sync::Arc as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::rc::Rc as core::convert::From>::from", "sink", "manual"]
  - addsTo:
      pack: codeql/rust-all
      extensible: excludeFieldTaintStep