From dc682606067da21fa2b63f5857c9d083922adea1 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Tue, 17 Dec 2024 16:15:55 +0100 Subject: [PATCH] Rust: Address review comments --- .../rust/dataflow/internal/DataFlowImpl.qll | 2 +- .../codeql/rust/dataflow/internal/SsaImpl.qll | 18 +++---- .../rust/elements/internal/VariableImpl.qll | 1 + .../codeql/rust/frameworks/reqwest.model.yml | 2 +- .../frameworks/stdlib/lang-core.model.yml | 1 - .../dataflow/local/DataFlowStep.expected | 1 + .../dataflow/pointers/inline-flow.expected | 51 ++++++++++++++++--- .../dataflow/pointers/inline-flow.ql | 2 +- .../strings/inline-taint-flow.expected | 50 +++++++++++++++--- .../dataflow/strings/inline-taint-flow.ql | 2 +- .../dataflow/taint/TaintFlowStep.expected | 9 ++-- .../test/library-tests/variables/Ssa.expected | 4 +- .../variables/variables.expected | 10 ---- .../test/library-tests/variables/variables.rs | 20 ++++---- .../security/CWE-089/SqlInjection.expected | 22 ++++---- 15 files changed, 130 insertions(+), 65 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll index f718afa4887d8..39c0c2c4185e3 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll @@ -712,7 +712,7 @@ private class CapturedVariableContent extends Content, TCapturedVariableContent override string toString() { result = "captured " + v } } -/** A value refered to by a reference. */ +/** A value referred to by a reference. */ final class ReferenceContent extends Content, TReferenceContent { override string toString() { result = "&ref" } } diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll index 75b52b16c7070..f2078999e60d7 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll @@ -88,22 +88,16 @@ module SsaInput implements SsaImplCommon::InputSig { | va instanceof VariableReadAccess or + // For immutable variables, we model a read when they are borrowed + // (although the actual read happens later, if at all). + va = any(RefExpr re).getExpr() + or // Although compound assignments, like `x += y`, may in fact not read `x`, // it makes sense to treat them as such va = any(CompoundAssignmentExpr cae).getLhs() ) and certain = true or - // For immutable variables, we model a read when they are borrowed (although the - // actual read happens later, if at all). This only affects the SSA liveness - // analysis. - exists(VariableAccess va | - va = any(RefExpr re).getExpr() and - va = bb.getNode(i).getAstNode() and - v = va.getVariable() and - certain = false - ) - or capturedCallRead(_, bb, i, v) and certain = false or capturedExitRead(bb, i, v) and certain = false @@ -146,7 +140,9 @@ private predicate adjacentDefReadExt( /** Holds if `v` is read at index `i` in basic block `bb`. */ private predicate variableReadActual(BasicBlock bb, int i, Variable v) { - exists(VariableReadAccess read | + exists(VariableAccess read | + read instanceof VariableReadAccess or read = any(RefExpr re).getExpr() + | read.getVariable() = v and read = bb.getNode(i).getAstNode() ) diff --git a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll index 61b81f266ec6c..b21cf924204ed 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll @@ -484,6 +484,7 @@ module Impl { class VariableReadAccess extends VariableAccess { VariableReadAccess() { not this instanceof VariableWriteAccess and + not this = any(RefExpr re).getExpr() and not this = any(CompoundAssignmentExpr cae).getLhs() } } diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml index 48835844e50cc..8b2b9afc79b44 100644 --- a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/rust-all extensible: summaryModel data: - - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "::text", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "::text", "Argument[self]", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index 9fc8d029a428f..30028d756b3d5 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -8,7 +8,6 @@ extensions: - ["lang:core", "::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"] - ["lang:core", "::unwrap_or", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"] - ["lang:core", "::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"] - - ["lang:core", "::unwrap_or", "Argument[self]", "ReturnValue", "taint", "manual"] # Result - ["lang:core", "::unwrap", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"] - ["lang:core", "::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 31798fa0c4880..e77026b7e5c19 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -458,6 +458,7 @@ localStep | main.rs:398:7:398:14 | [SSA] [input] SSA phi read(default_name) | main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) | | main.rs:425:13:425:33 | result_questionmark(...) | main.rs:425:9:425:9 | _ | storeStep +| file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | | main.rs:94:14:94:22 | source(...) | tuple.0 | main.rs:94:13:94:26 | TupleExpr | | main.rs:94:25:94:25 | 2 | tuple.1 | main.rs:94:13:94:26 | TupleExpr | | main.rs:100:14:100:14 | 2 | tuple.0 | main.rs:100:13:100:30 | TupleExpr | diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected index 9c4e671046b7e..4c3442683e76d 100644 --- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected @@ -1,6 +1,45 @@ -ERROR: could not resolve module DefaultFlowTest (inline-flow.ql:7,8-23) -ERROR: could not resolve module ValueFlow (inline-flow.ql:8,8-17) -ERROR: could not resolve module ValueFlow (inline-flow.ql:10,6-15) -ERROR: could not resolve module ValueFlow (inline-flow.ql:10,34-43) -ERROR: could not resolve module ValueFlow (inline-flow.ql:11,7-16) -ERROR: could not resolve module utils.InlineFlowTest (inline-flow.ql:6,8-28) +models +edges +| main.rs:13:9:13:9 | a | main.rs:14:14:14:14 | a | provenance | | +| main.rs:13:13:13:22 | source(...) | main.rs:13:9:13:9 | a | provenance | | +| main.rs:14:9:14:9 | b [&ref] | main.rs:15:14:15:14 | b [&ref] | provenance | | +| main.rs:14:13:14:14 | &a [&ref] | main.rs:14:9:14:9 | b [&ref] | provenance | | +| main.rs:14:14:14:14 | a | main.rs:14:13:14:14 | &a [&ref] | provenance | | +| main.rs:15:9:15:9 | c | main.rs:16:10:16:10 | c | provenance | | +| main.rs:15:13:15:14 | * ... | main.rs:15:9:15:9 | c | provenance | | +| main.rs:15:14:15:14 | b [&ref] | main.rs:15:13:15:14 | * ... | provenance | | +| main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:41:15:41:18 | self [MyNumber] | provenance | | +| main.rs:41:15:41:18 | self [MyNumber] | main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | provenance | | +| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | main.rs:42:32:42:37 | number | provenance | | +| main.rs:42:32:42:37 | number | main.rs:40:31:46:5 | { ... } | provenance | | +| main.rs:58:9:58:17 | my_number [MyNumber] | main.rs:59:10:59:18 | my_number [MyNumber] | provenance | | +| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | main.rs:58:9:58:17 | my_number [MyNumber] | provenance | | +| main.rs:58:40:58:49 | source(...) | main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | provenance | | +| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | provenance | | +| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:59:10:59:30 | my_number.to_number(...) | provenance | | +nodes +| main.rs:13:9:13:9 | a | semmle.label | a | +| main.rs:13:13:13:22 | source(...) | semmle.label | source(...) | +| main.rs:14:9:14:9 | b [&ref] | semmle.label | b [&ref] | +| main.rs:14:13:14:14 | &a [&ref] | semmle.label | &a [&ref] | +| main.rs:14:14:14:14 | a | semmle.label | a | +| main.rs:15:9:15:9 | c | semmle.label | c | +| main.rs:15:13:15:14 | * ... | semmle.label | * ... | +| main.rs:15:14:15:14 | b [&ref] | semmle.label | b [&ref] | +| main.rs:16:10:16:10 | c | semmle.label | c | +| main.rs:40:18:40:21 | SelfParam [MyNumber] | semmle.label | SelfParam [MyNumber] | +| main.rs:40:31:46:5 | { ... } | semmle.label | { ... } | +| main.rs:41:15:41:18 | self [MyNumber] | semmle.label | self [MyNumber] | +| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | +| main.rs:42:32:42:37 | number | semmle.label | number | +| main.rs:58:9:58:17 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | +| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | +| main.rs:58:40:58:49 | source(...) | semmle.label | source(...) | +| main.rs:59:10:59:18 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | +| main.rs:59:10:59:30 | my_number.to_number(...) | semmle.label | my_number.to_number(...) | +subpaths +| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:40:31:46:5 | { ... } | main.rs:59:10:59:30 | my_number.to_number(...) | +testFailures +#select +| main.rs:16:10:16:10 | c | main.rs:13:13:13:22 | source(...) | main.rs:16:10:16:10 | c | $@ | main.rs:13:13:13:22 | source(...) | source(...) | +| main.rs:59:10:59:30 | my_number.to_number(...) | main.rs:58:40:58:49 | source(...) | main.rs:59:10:59:30 | my_number.to_number(...) | $@ | main.rs:58:40:58:49 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql index ad553fe548dc9..e399ea0e5d71d 100644 --- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql +++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql @@ -3,7 +3,7 @@ */ import rust -import utils.InlineFlowTest +import utils.test.InlineFlowTest import DefaultFlowTest import ValueFlow::PathGraph diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected index 16bca2d4d8648..e59994c86ccc0 100644 --- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected +++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected @@ -1,6 +1,44 @@ -ERROR: could not resolve module DefaultFlowTest (inline-taint-flow.ql:7,8-23) -ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:8,8-17) -ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:10,6-15) -ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:10,34-43) -ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:11,7-16) -ERROR: could not resolve module utils.InlineFlowTest (inline-taint-flow.ql:6,8-28) +models +| 1 | Summary: lang:alloc; ::as_str; Argument[self]; ReturnValue; taint | +edges +| main.rs:20:9:20:9 | s | main.rs:21:9:21:14 | sliced | provenance | | +| main.rs:20:9:20:9 | s | main.rs:21:19:21:25 | s[...] | provenance | | +| main.rs:20:13:20:22 | source(...) | main.rs:20:9:20:9 | s | provenance | | +| main.rs:21:9:21:14 | sliced | main.rs:22:16:22:21 | sliced | provenance | | +| main.rs:21:9:21:14 | sliced [&ref] | main.rs:22:16:22:21 | sliced | provenance | | +| main.rs:21:18:21:25 | &... [&ref] | main.rs:21:9:21:14 | sliced [&ref] | provenance | | +| main.rs:21:19:21:25 | s[...] | main.rs:21:18:21:25 | &... [&ref] | provenance | | +| main.rs:26:9:26:10 | s1 | main.rs:29:9:29:10 | s4 | provenance | | +| main.rs:26:14:26:23 | source(...) | main.rs:26:9:26:10 | s1 | provenance | | +| main.rs:29:9:29:10 | s4 | main.rs:32:10:32:11 | s4 | provenance | | +| main.rs:37:9:37:10 | s1 | main.rs:40:10:40:35 | ... + ... | provenance | | +| main.rs:37:14:37:23 | source(...) | main.rs:37:9:37:10 | s1 | provenance | | +| main.rs:57:9:57:9 | s | main.rs:58:16:58:16 | s | provenance | | +| main.rs:57:13:57:22 | source(...) | main.rs:57:9:57:9 | s | provenance | | +| main.rs:58:16:58:16 | s | main.rs:58:16:58:25 | s.as_str(...) | provenance | MaD:1 | +nodes +| main.rs:20:9:20:9 | s | semmle.label | s | +| main.rs:20:13:20:22 | source(...) | semmle.label | source(...) | +| main.rs:21:9:21:14 | sliced | semmle.label | sliced | +| main.rs:21:9:21:14 | sliced [&ref] | semmle.label | sliced [&ref] | +| main.rs:21:18:21:25 | &... [&ref] | semmle.label | &... [&ref] | +| main.rs:21:19:21:25 | s[...] | semmle.label | s[...] | +| main.rs:22:16:22:21 | sliced | semmle.label | sliced | +| main.rs:26:9:26:10 | s1 | semmle.label | s1 | +| main.rs:26:14:26:23 | source(...) | semmle.label | source(...) | +| main.rs:29:9:29:10 | s4 | semmle.label | s4 | +| main.rs:32:10:32:11 | s4 | semmle.label | s4 | +| main.rs:37:9:37:10 | s1 | semmle.label | s1 | +| main.rs:37:14:37:23 | source(...) | semmle.label | source(...) | +| main.rs:40:10:40:35 | ... + ... | semmle.label | ... + ... | +| main.rs:57:9:57:9 | s | semmle.label | s | +| main.rs:57:13:57:22 | source(...) | semmle.label | source(...) | +| main.rs:58:16:58:16 | s | semmle.label | s | +| main.rs:58:16:58:25 | s.as_str(...) | semmle.label | s.as_str(...) | +subpaths +testFailures +#select +| main.rs:22:16:22:21 | sliced | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | $@ | main.rs:20:13:20:22 | source(...) | source(...) | +| main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) | +| main.rs:40:10:40:35 | ... + ... | main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | $@ | main.rs:37:14:37:23 | source(...) | source(...) | +| main.rs:58:16:58:25 | s.as_str(...) | main.rs:57:13:57:22 | source(...) | main.rs:58:16:58:25 | s.as_str(...) | $@ | main.rs:57:13:57:22 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql index 2929ae90964f7..5dcb7ee70a9d2 100644 --- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql +++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql @@ -3,7 +3,7 @@ */ import rust -import utils.InlineFlowTest +import utils.test.InlineFlowTest import DefaultFlowTest import TaintFlow::PathGraph diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected index b044999e57fe7..a5963684d0008 100644 --- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected @@ -1,9 +1,8 @@ -| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:11 | +| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:10 | | file://:0:0:0:0 | [summary param] self in lang:core::_::::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::unwrap | MaD:2 | -| file://:0:0:0:0 | [summary param] self in lang:core::_::::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::unwrap_or | MaD:5 | -| file://:0:0:0:0 | [summary param] self in lang:core::_::::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::unwrap | MaD:7 | -| file://:0:0:0:0 | [summary param] self in lang:core::_::::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::unwrap_or | MaD:10 | -| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:0 | +| file://:0:0:0:0 | [summary param] self in lang:core::_::::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::unwrap | MaD:6 | +| file://:0:0:0:0 | [summary param] self in lang:core::_::::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::unwrap_or | MaD:9 | +| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:0 | | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... | | | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... | | | main.rs:13:10:13:10 | a | main.rs:13:10:13:14 | ... + ... | | diff --git a/rust/ql/test/library-tests/variables/Ssa.expected b/rust/ql/test/library-tests/variables/Ssa.expected index e34b8218db3fa..6736f87d709f8 100644 --- a/rust/ql/test/library-tests/variables/Ssa.expected +++ b/rust/ql/test/library-tests/variables/Ssa.expected @@ -390,7 +390,6 @@ firstRead | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:511:15:511:15 | a | | variables.rs:514:5:514:5 | a | variables.rs:510:13:510:13 | a | variables.rs:515:15:515:15 | a | | variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:520:20:520:20 | x | -| variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:521:15:521:15 | x | | variables.rs:523:9:523:9 | z | variables.rs:523:9:523:9 | z | variables.rs:524:20:524:20 | z | | variables.rs:532:10:532:18 | SelfParam | variables.rs:532:15:532:18 | self | variables.rs:533:6:533:9 | self | lastRead @@ -400,6 +399,8 @@ lastRead | variables.rs:16:9:16:10 | x1 | variables.rs:16:9:16:10 | x1 | variables.rs:17:15:17:16 | x1 | | variables.rs:21:9:21:14 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:22:15:22:16 | x2 | | variables.rs:23:5:23:6 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:24:15:24:16 | x2 | +| variables.rs:28:9:28:13 | x | variables.rs:28:13:28:13 | x | variables.rs:29:20:29:20 | x | +| variables.rs:30:5:30:5 | x | variables.rs:28:13:28:13 | x | variables.rs:31:20:31:20 | x | | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:38:9:38:10 | x3 | | variables.rs:37:9:37:10 | x3 | variables.rs:37:9:37:10 | x3 | variables.rs:39:15:39:16 | x3 | | variables.rs:43:9:43:10 | x4 | variables.rs:43:9:43:10 | x4 | variables.rs:49:15:49:16 | x4 | @@ -500,6 +501,7 @@ lastRead | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:513:15:513:15 | a | | variables.rs:514:5:514:5 | a | variables.rs:510:13:510:13 | a | variables.rs:515:15:515:15 | a | | variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:521:15:521:15 | x | +| variables.rs:523:9:523:9 | z | variables.rs:523:9:523:9 | z | variables.rs:524:20:524:20 | z | | variables.rs:532:10:532:18 | SelfParam | variables.rs:532:15:532:18 | self | variables.rs:533:6:533:9 | self | adjacentReads | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:36:15:36:16 | x3 | variables.rs:38:9:38:10 | x3 | diff --git a/rust/ql/test/library-tests/variables/variables.expected b/rust/ql/test/library-tests/variables/variables.expected index 6a310db8cb0ab..1e3fc90633cec 100644 --- a/rust/ql/test/library-tests/variables/variables.expected +++ b/rust/ql/test/library-tests/variables/variables.expected @@ -293,8 +293,6 @@ variableReadAccess | variables.rs:17:15:17:16 | x1 | variables.rs:16:9:16:10 | x1 | | variables.rs:22:15:22:16 | x2 | variables.rs:21:13:21:14 | x2 | | variables.rs:24:15:24:16 | x2 | variables.rs:21:13:21:14 | x2 | -| variables.rs:29:20:29:20 | x | variables.rs:28:13:28:13 | x | -| variables.rs:31:20:31:20 | x | variables.rs:28:13:28:13 | x | | variables.rs:36:15:36:16 | x3 | variables.rs:35:9:35:10 | x3 | | variables.rs:38:9:38:10 | x3 | variables.rs:35:9:35:10 | x3 | | variables.rs:39:15:39:16 | x3 | variables.rs:37:9:37:10 | x3 | @@ -371,9 +369,7 @@ variableReadAccess | variables.rs:335:12:335:12 | v | variables.rs:332:9:332:9 | v | | variables.rs:336:19:336:22 | text | variables.rs:334:9:334:12 | text | | variables.rs:343:15:343:15 | a | variables.rs:341:13:341:13 | a | -| variables.rs:344:11:344:11 | a | variables.rs:341:13:341:13 | a | | variables.rs:345:15:345:15 | a | variables.rs:341:13:341:13 | a | -| variables.rs:351:14:351:14 | i | variables.rs:349:13:349:13 | i | | variables.rs:352:6:352:10 | ref_i | variables.rs:350:9:350:13 | ref_i | | variables.rs:353:15:353:15 | i | variables.rs:349:13:349:13 | i | | variables.rs:357:6:357:6 | x | variables.rs:356:17:356:17 | x | @@ -385,15 +381,11 @@ variableReadAccess | variables.rs:366:10:366:10 | x | variables.rs:363:22:363:22 | x | | variables.rs:367:6:367:6 | y | variables.rs:363:39:363:39 | y | | variables.rs:368:9:368:9 | x | variables.rs:363:22:363:22 | x | -| variables.rs:374:27:374:27 | x | variables.rs:372:13:372:13 | x | | variables.rs:375:6:375:6 | y | variables.rs:373:9:373:9 | y | | variables.rs:377:15:377:15 | x | variables.rs:372:13:372:13 | x | -| variables.rs:381:19:381:19 | x | variables.rs:372:13:372:13 | x | -| variables.rs:383:14:383:14 | z | variables.rs:379:13:379:13 | z | | variables.rs:384:9:384:9 | w | variables.rs:380:9:380:9 | w | | variables.rs:386:7:386:7 | w | variables.rs:380:9:380:9 | w | | variables.rs:388:15:388:15 | z | variables.rs:379:13:379:13 | z | -| variables.rs:394:14:394:14 | x | variables.rs:392:13:392:13 | x | | variables.rs:395:6:395:6 | y | variables.rs:393:9:393:9 | y | | variables.rs:396:15:396:15 | x | variables.rs:392:13:392:13 | x | | variables.rs:403:19:403:19 | x | variables.rs:400:9:400:9 | x | @@ -437,9 +429,7 @@ variableReadAccess | variables.rs:512:5:512:5 | a | variables.rs:510:13:510:13 | a | | variables.rs:513:15:513:15 | a | variables.rs:510:13:510:13 | a | | variables.rs:515:15:515:15 | a | variables.rs:510:13:510:13 | a | -| variables.rs:520:20:520:20 | x | variables.rs:519:9:519:9 | x | | variables.rs:521:15:521:15 | x | variables.rs:519:9:519:9 | x | -| variables.rs:524:20:524:20 | z | variables.rs:523:9:523:9 | z | | variables.rs:533:6:533:9 | self | variables.rs:532:15:532:18 | self | | variables.rs:539:3:539:3 | a | variables.rs:538:11:538:11 | a | | variables.rs:541:13:541:13 | a | variables.rs:538:11:538:11 | a | diff --git a/rust/ql/test/library-tests/variables/variables.rs b/rust/ql/test/library-tests/variables/variables.rs index 637538695b8d5..155ebaa8584af 100644 --- a/rust/ql/test/library-tests/variables/variables.rs +++ b/rust/ql/test/library-tests/variables/variables.rs @@ -26,9 +26,9 @@ fn mutable_variable() { fn mutable_variable_immutable_borrow() { let mut x = 1; - print_i64_ref(&x); // $ read_access=x + print_i64_ref(&x); // $ access=x x = 2; // $ write_access=x - print_i64_ref(&x); // $ read_access=x + print_i64_ref(&x); // $ access=x } fn variable_shadow1() { @@ -341,14 +341,14 @@ fn add_assign() { let mut a = 0; // a a += 1; // $ access=a print_i64(a); // $ read_access=a - (&mut a).add_assign(10); // $ read_access=a + (&mut a).add_assign(10); // $ access=a print_i64(a); // $ read_access=a } fn mutate() { let mut i = 1; // i let ref_i = // ref_i - &mut i; // $ read_access=i + &mut i; // $ access=i *ref_i = 2; // $ read_access=ref_i print_i64(i); // $ read_access=i } @@ -371,16 +371,16 @@ fn mutate_param2<'a>(x : &'a mut i64, y :&mut &'a mut i64) { fn mutate_arg() { let mut x = 2; // x let y = // y - mutate_param(&mut x); // $ read_access=x + mutate_param(&mut x); // $ access=x *y = 10; // $ read_access=y // prints 10, not 4 print_i64(x); // $ read_access=x let mut z = 4; // z let w = // w - &mut &mut x; // $ read_access=x + &mut &mut x; // $ access=x mutate_param2( - &mut z, // $ read_access=z + &mut z, // $ access=z w // $ read_access=w ); **w = 11; // $ read_access=w @@ -391,7 +391,7 @@ fn mutate_arg() { fn alias() { let mut x = 1; // x let y = // y - &mut x; // $ read_access=x + &mut x; // $ access=x *y = 2; // $ read_access=y print_i64(x); // $ read_access=x } @@ -517,11 +517,11 @@ fn arrays() { fn ref_arg() { let x = 16; // x - print_i64_ref(&x); // $ read_access=x + print_i64_ref(&x); // $ access=x print_i64(x); // $ read_access=x let z = 17; // z - print_i64_ref(&z); // $ read_access=z + print_i64_ref(&z); // $ access=z } trait Bar { diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index e04397c16347e..97649ce9c67e6 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -14,8 +14,8 @@ | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:169:25:169:69 | ...::get(...) | user-provided value | edges | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:48:25:48:78 | ... .unwrap(...) | provenance | MaD:2 | -| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) | provenance | MaD:4 | -| sqlx.rs:48:25:48:85 | ... .text(...) | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:3 | +| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | provenance | MaD:4 | +| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:3 | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:65:30:65:43 | unsafe_query_2 | provenance | | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:66:30:66:43 | unsafe_query_3 | provenance | | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:76:29:76:42 | unsafe_query_2 | provenance | | @@ -25,8 +25,8 @@ edges | sqlx.rs:76:29:76:42 | unsafe_query_2 | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | provenance | MaD:1 | | sqlx.rs:77:29:77:42 | unsafe_query_3 | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | provenance | MaD:1 | | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:96:25:96:78 | ... .unwrap(...) | provenance | MaD:2 | -| sqlx.rs:96:25:96:78 | ... .unwrap(...) | sqlx.rs:96:25:96:85 | ... .text(...) | provenance | MaD:4 | -| sqlx.rs:96:25:96:85 | ... .text(...) | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | provenance | MaD:3 | +| sqlx.rs:96:25:96:78 | ... .unwrap(...) | sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | provenance | MaD:4 | +| sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | provenance | MaD:3 | | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:104:30:104:43 | unsafe_query_1 | provenance | | | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:109:31:109:44 | unsafe_query_1 | provenance | | | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:116:29:116:42 | unsafe_query_1 | provenance | | @@ -42,8 +42,8 @@ edges | sqlx.rs:141:55:141:68 | unsafe_query_1 | sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | provenance | MaD:1 | | sqlx.rs:149:29:149:42 | unsafe_query_1 | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 | | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:169:25:169:78 | ... .unwrap(...) | provenance | MaD:2 | -| sqlx.rs:169:25:169:78 | ... .unwrap(...) | sqlx.rs:169:25:169:85 | ... .text(...) | provenance | MaD:4 | -| sqlx.rs:169:25:169:85 | ... .text(...) | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | provenance | MaD:3 | +| sqlx.rs:169:25:169:78 | ... .unwrap(...) | sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | provenance | MaD:4 | +| sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | provenance | MaD:3 | | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:177:30:177:43 | unsafe_query_1 | provenance | | | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:184:29:184:42 | unsafe_query_1 | provenance | | | sqlx.rs:177:30:177:43 | unsafe_query_1 | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | provenance | MaD:1 | @@ -51,12 +51,12 @@ edges models | 1 | Summary: lang:alloc; ::as_str; Argument[self]; ReturnValue; taint | | 2 | Summary: lang:core; ::unwrap; Argument[self]; ReturnValue; taint | -| 3 | Summary: lang:core; ::unwrap_or; Argument[self]; ReturnValue; taint | -| 4 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; ::text; Argument[self]; ReturnValue; taint | +| 3 | Summary: lang:core; ::unwrap_or; Argument[self].Variant[crate::result::Result::Ok(0)]; ReturnValue; value | +| 4 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; ::text; Argument[self]; ReturnValue.Variant[crate::result::Result::Ok(0)]; taint | nodes | sqlx.rs:48:25:48:69 | ...::get(...) | semmle.label | ...::get(...) | | sqlx.rs:48:25:48:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| sqlx.rs:48:25:48:85 | ... .text(...) | semmle.label | ... .text(...) | +| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:65:30:65:43 | unsafe_query_2 | semmle.label | unsafe_query_2 | | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) | @@ -68,7 +68,7 @@ nodes | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | semmle.label | unsafe_query_3.as_str(...) | | sqlx.rs:96:25:96:69 | ...::get(...) | semmle.label | ...::get(...) | | sqlx.rs:96:25:96:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| sqlx.rs:96:25:96:85 | ... .text(...) | semmle.label | ... .text(...) | +| sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] | | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:104:30:104:43 | unsafe_query_1 | semmle.label | unsafe_query_1 | | sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) | @@ -86,7 +86,7 @@ nodes | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) | | sqlx.rs:169:25:169:69 | ...::get(...) | semmle.label | ...::get(...) | | sqlx.rs:169:25:169:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| sqlx.rs:169:25:169:85 | ... .text(...) | semmle.label | ... .text(...) | +| sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] | | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:177:30:177:43 | unsafe_query_1 | semmle.label | unsafe_query_1 | | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |