From df0375103c0f5cca151a8f36d734b75a86181152 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Mon, 16 Dec 2024 10:26:07 +0100
Subject: [PATCH 1/7] Rust: Add data flow tests

---
 .../CONSISTENCY/DataFlowConsistency.expected  |   2 +-
 .../dataflow/local/DataFlowStep.expected      | 661 +++++++++---------
 .../dataflow/local/inline-flow.expected       | 306 ++++----
 .../test/library-tests/dataflow/local/main.rs |  29 +-
 .../dataflow/pointers/inline-flow.expected    |  23 +
 .../dataflow/pointers/inline-flow.ql          |  12 +
 .../library-tests/dataflow/pointers/main.rs   |  79 +++
 .../strings/inline-taint-flow.expected        |  10 +
 .../dataflow/strings/inline-taint-flow.ql     |  12 +
 .../library-tests/dataflow/strings/main.rs    |  81 +++
 rust/ql/test/utils/InlineFlowTest.qll         |   8 +-
 11 files changed, 714 insertions(+), 509 deletions(-)
 create mode 100644 rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
 create mode 100644 rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
 create mode 100644 rust/ql/test/library-tests/dataflow/pointers/main.rs
 create mode 100644 rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
 create mode 100644 rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
 create mode 100644 rust/ql/test/library-tests/dataflow/strings/main.rs

diff --git a/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected
index 19ff1527e16e..97d13b1e5d04 100644
--- a/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected
+++ b/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected
@@ -1,2 +1,2 @@
 identityLocalStep
-| main.rs:404:7:404:18 | phi(default_name) | Node steps to itself |
+| main.rs:394:7:394:18 | phi(default_name) | Node steps to itself |
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
index 1ec24c96b486..f3286730b2ef 100644
--- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -204,264 +204,257 @@ localStep
 | main.rs:224:9:224:10 | [SSA] s1 | main.rs:225:10:225:11 | s1 |
 | main.rs:224:9:224:10 | s1 | main.rs:224:9:224:10 | [SSA] s1 |
 | main.rs:224:14:224:29 | Some(...) | main.rs:224:9:224:10 | s1 |
-| main.rs:229:9:229:10 | [SSA] s1 | main.rs:231:14:231:15 | s1 |
+| main.rs:229:9:229:10 | [SSA] s1 | main.rs:230:10:230:11 | s1 |
 | main.rs:229:9:229:10 | s1 | main.rs:229:9:229:10 | [SSA] s1 |
 | main.rs:229:14:229:29 | Some(...) | main.rs:229:9:229:10 | s1 |
-| main.rs:230:9:230:10 | [SSA] s2 | main.rs:233:10:233:11 | s2 |
-| main.rs:230:9:230:10 | s2 | main.rs:230:9:230:10 | [SSA] s2 |
-| main.rs:230:14:230:20 | Some(...) | main.rs:230:9:230:10 | s2 |
-| main.rs:231:9:231:10 | [SSA] i1 | main.rs:232:10:232:11 | i1 |
-| main.rs:231:9:231:10 | i1 | main.rs:231:9:231:10 | [SSA] i1 |
-| main.rs:231:14:231:16 | TryExpr | main.rs:231:9:231:10 | i1 |
-| main.rs:234:5:234:11 | Some(...) | main.rs:228:41:235:1 | { ... } |
-| main.rs:238:9:238:10 | [SSA] s1 | main.rs:241:14:241:15 | s1 |
-| main.rs:238:9:238:10 | s1 | main.rs:238:9:238:10 | [SSA] s1 |
-| main.rs:238:32:238:45 | Ok(...) | main.rs:238:9:238:10 | s1 |
-| main.rs:239:9:239:10 | [SSA] s2 | main.rs:242:14:242:15 | s2 |
-| main.rs:239:9:239:10 | s2 | main.rs:239:9:239:10 | [SSA] s2 |
-| main.rs:239:32:239:36 | Ok(...) | main.rs:239:9:239:10 | s2 |
-| main.rs:240:9:240:10 | [SSA] s3 | main.rs:245:14:245:15 | s3 |
-| main.rs:240:9:240:10 | s3 | main.rs:240:9:240:10 | [SSA] s3 |
-| main.rs:240:32:240:46 | Err(...) | main.rs:240:9:240:10 | s3 |
-| main.rs:241:9:241:10 | [SSA] i1 | main.rs:243:10:243:11 | i1 |
-| main.rs:241:9:241:10 | i1 | main.rs:241:9:241:10 | [SSA] i1 |
-| main.rs:241:14:241:16 | TryExpr | main.rs:241:9:241:10 | i1 |
-| main.rs:242:9:242:10 | [SSA] i2 | main.rs:244:10:244:11 | i2 |
-| main.rs:242:9:242:10 | i2 | main.rs:242:9:242:10 | [SSA] i2 |
-| main.rs:242:14:242:16 | TryExpr | main.rs:242:9:242:10 | i2 |
-| main.rs:245:9:245:10 | [SSA] i3 | main.rs:246:10:246:11 | i3 |
-| main.rs:245:9:245:10 | i3 | main.rs:245:9:245:10 | [SSA] i3 |
-| main.rs:245:14:245:16 | TryExpr | main.rs:245:9:245:10 | i3 |
-| main.rs:247:5:247:9 | Ok(...) | main.rs:237:46:248:1 | { ... } |
-| main.rs:256:9:256:10 | [SSA] s1 | main.rs:258:11:258:12 | s1 |
-| main.rs:256:9:256:10 | s1 | main.rs:256:9:256:10 | [SSA] s1 |
-| main.rs:256:14:256:39 | ...::A(...) | main.rs:256:9:256:10 | s1 |
-| main.rs:257:9:257:10 | [SSA] s2 | main.rs:265:11:265:12 | s2 |
-| main.rs:257:9:257:10 | s2 | main.rs:257:9:257:10 | [SSA] s2 |
-| main.rs:257:14:257:30 | ...::B(...) | main.rs:257:9:257:10 | s2 |
-| main.rs:258:11:258:12 | s1 | main.rs:259:9:259:25 | ...::A(...) |
-| main.rs:258:11:258:12 | s1 | main.rs:260:9:260:25 | ...::B(...) |
-| main.rs:258:11:258:12 | s1 | main.rs:262:11:262:12 | s1 |
-| main.rs:259:24:259:24 | [SSA] n | main.rs:259:35:259:35 | n |
-| main.rs:259:24:259:24 | n | main.rs:259:24:259:24 | [SSA] n |
-| main.rs:259:30:259:36 | sink(...) | main.rs:258:5:261:5 | match s1 { ... } |
-| main.rs:260:24:260:24 | [SSA] n | main.rs:260:35:260:35 | n |
-| main.rs:260:24:260:24 | n | main.rs:260:24:260:24 | [SSA] n |
-| main.rs:260:30:260:36 | sink(...) | main.rs:258:5:261:5 | match s1 { ... } |
-| main.rs:262:11:262:12 | s1 | main.rs:263:9:263:45 | ... \| ... |
-| main.rs:263:9:263:45 | ... \| ... | main.rs:263:9:263:25 | ...::A(...) |
-| main.rs:263:9:263:45 | ... \| ... | main.rs:263:29:263:45 | ...::B(...) |
-| main.rs:263:9:263:45 | [SSA] [match(true)] phi | main.rs:263:55:263:55 | n |
-| main.rs:263:24:263:24 | [SSA] [input] [match(true)] phi | main.rs:263:9:263:45 | [SSA] [match(true)] phi |
-| main.rs:263:24:263:24 | [SSA] n | main.rs:263:24:263:24 | [SSA] [input] [match(true)] phi |
-| main.rs:263:24:263:24 | n | main.rs:263:24:263:24 | [SSA] n |
-| main.rs:263:44:263:44 | [SSA] [input] [match(true)] phi | main.rs:263:9:263:45 | [SSA] [match(true)] phi |
-| main.rs:263:44:263:44 | [SSA] n | main.rs:263:44:263:44 | [SSA] [input] [match(true)] phi |
-| main.rs:263:44:263:44 | n | main.rs:263:44:263:44 | [SSA] n |
-| main.rs:263:50:263:56 | sink(...) | main.rs:262:5:264:5 | match s1 { ... } |
-| main.rs:265:5:268:5 | match s2 { ... } | main.rs:255:48:269:1 | { ... } |
-| main.rs:265:11:265:12 | s2 | main.rs:266:9:266:25 | ...::A(...) |
-| main.rs:265:11:265:12 | s2 | main.rs:267:9:267:25 | ...::B(...) |
-| main.rs:266:24:266:24 | [SSA] n | main.rs:266:35:266:35 | n |
-| main.rs:266:24:266:24 | n | main.rs:266:24:266:24 | [SSA] n |
-| main.rs:266:30:266:36 | sink(...) | main.rs:265:5:268:5 | match s2 { ... } |
+| main.rs:232:9:232:10 | [SSA] s2 | main.rs:233:10:233:11 | s2 |
+| main.rs:232:9:232:10 | s2 | main.rs:232:9:232:10 | [SSA] s2 |
+| main.rs:232:14:232:20 | Some(...) | main.rs:232:9:232:10 | s2 |
+| main.rs:237:9:237:10 | [SSA] s1 | main.rs:239:14:239:15 | s1 |
+| main.rs:237:9:237:10 | s1 | main.rs:237:9:237:10 | [SSA] s1 |
+| main.rs:237:14:237:29 | Some(...) | main.rs:237:9:237:10 | s1 |
+| main.rs:238:9:238:10 | [SSA] s2 | main.rs:241:10:241:11 | s2 |
+| main.rs:238:9:238:10 | s2 | main.rs:238:9:238:10 | [SSA] s2 |
+| main.rs:238:14:238:20 | Some(...) | main.rs:238:9:238:10 | s2 |
+| main.rs:239:9:239:10 | [SSA] i1 | main.rs:240:10:240:11 | i1 |
+| main.rs:239:9:239:10 | i1 | main.rs:239:9:239:10 | [SSA] i1 |
+| main.rs:239:14:239:16 | TryExpr | main.rs:239:9:239:10 | i1 |
+| main.rs:242:5:242:11 | Some(...) | main.rs:236:41:243:1 | { ... } |
+| main.rs:246:9:246:10 | [SSA] s1 | main.rs:249:14:249:15 | s1 |
+| main.rs:246:9:246:10 | s1 | main.rs:246:9:246:10 | [SSA] s1 |
+| main.rs:246:32:246:45 | Ok(...) | main.rs:246:9:246:10 | s1 |
+| main.rs:247:9:247:10 | [SSA] s2 | main.rs:250:14:250:15 | s2 |
+| main.rs:247:9:247:10 | s2 | main.rs:247:9:247:10 | [SSA] s2 |
+| main.rs:247:32:247:36 | Ok(...) | main.rs:247:9:247:10 | s2 |
+| main.rs:248:9:248:10 | [SSA] s3 | main.rs:253:14:253:15 | s3 |
+| main.rs:248:9:248:10 | s3 | main.rs:248:9:248:10 | [SSA] s3 |
+| main.rs:248:32:248:46 | Err(...) | main.rs:248:9:248:10 | s3 |
+| main.rs:249:9:249:10 | [SSA] i1 | main.rs:251:10:251:11 | i1 |
+| main.rs:249:9:249:10 | i1 | main.rs:249:9:249:10 | [SSA] i1 |
+| main.rs:249:14:249:16 | TryExpr | main.rs:249:9:249:10 | i1 |
+| main.rs:250:9:250:10 | [SSA] i2 | main.rs:252:10:252:11 | i2 |
+| main.rs:250:9:250:10 | i2 | main.rs:250:9:250:10 | [SSA] i2 |
+| main.rs:250:14:250:16 | TryExpr | main.rs:250:9:250:10 | i2 |
+| main.rs:253:9:253:10 | [SSA] i3 | main.rs:254:10:254:11 | i3 |
+| main.rs:253:9:253:10 | i3 | main.rs:253:9:253:10 | [SSA] i3 |
+| main.rs:253:14:253:16 | TryExpr | main.rs:253:9:253:10 | i3 |
+| main.rs:255:5:255:9 | Ok(...) | main.rs:245:46:256:1 | { ... } |
+| main.rs:264:9:264:10 | [SSA] s1 | main.rs:266:11:266:12 | s1 |
+| main.rs:264:9:264:10 | s1 | main.rs:264:9:264:10 | [SSA] s1 |
+| main.rs:264:14:264:39 | ...::A(...) | main.rs:264:9:264:10 | s1 |
+| main.rs:265:9:265:10 | [SSA] s2 | main.rs:273:11:273:12 | s2 |
+| main.rs:265:9:265:10 | s2 | main.rs:265:9:265:10 | [SSA] s2 |
+| main.rs:265:14:265:30 | ...::B(...) | main.rs:265:9:265:10 | s2 |
+| main.rs:266:11:266:12 | s1 | main.rs:267:9:267:25 | ...::A(...) |
+| main.rs:266:11:266:12 | s1 | main.rs:268:9:268:25 | ...::B(...) |
+| main.rs:266:11:266:12 | s1 | main.rs:270:11:270:12 | s1 |
 | main.rs:267:24:267:24 | [SSA] n | main.rs:267:35:267:35 | n |
 | main.rs:267:24:267:24 | n | main.rs:267:24:267:24 | [SSA] n |
-| main.rs:267:30:267:36 | sink(...) | main.rs:265:5:268:5 | match s2 { ... } |
-| main.rs:274:9:274:10 | [SSA] s1 | main.rs:276:11:276:12 | s1 |
-| main.rs:274:9:274:10 | s1 | main.rs:274:9:274:10 | [SSA] s1 |
-| main.rs:274:14:274:26 | A(...) | main.rs:274:9:274:10 | s1 |
-| main.rs:275:9:275:10 | [SSA] s2 | main.rs:283:11:283:12 | s2 |
-| main.rs:275:9:275:10 | s2 | main.rs:275:9:275:10 | [SSA] s2 |
-| main.rs:275:14:275:17 | B(...) | main.rs:275:9:275:10 | s2 |
-| main.rs:276:11:276:12 | s1 | main.rs:277:9:277:12 | A(...) |
-| main.rs:276:11:276:12 | s1 | main.rs:278:9:278:12 | B(...) |
-| main.rs:276:11:276:12 | s1 | main.rs:280:11:280:12 | s1 |
-| main.rs:277:11:277:11 | [SSA] n | main.rs:277:22:277:22 | n |
-| main.rs:277:11:277:11 | n | main.rs:277:11:277:11 | [SSA] n |
-| main.rs:277:17:277:23 | sink(...) | main.rs:276:5:279:5 | match s1 { ... } |
-| main.rs:278:11:278:11 | [SSA] n | main.rs:278:22:278:22 | n |
-| main.rs:278:11:278:11 | n | main.rs:278:11:278:11 | [SSA] n |
-| main.rs:278:17:278:23 | sink(...) | main.rs:276:5:279:5 | match s1 { ... } |
-| main.rs:280:11:280:12 | s1 | main.rs:281:9:281:19 | ... \| ... |
-| main.rs:281:9:281:19 | ... \| ... | main.rs:281:9:281:12 | A(...) |
-| main.rs:281:9:281:19 | ... \| ... | main.rs:281:16:281:19 | B(...) |
-| main.rs:281:9:281:19 | [SSA] [match(true)] phi | main.rs:281:29:281:29 | n |
-| main.rs:281:11:281:11 | [SSA] [input] [match(true)] phi | main.rs:281:9:281:19 | [SSA] [match(true)] phi |
-| main.rs:281:11:281:11 | [SSA] n | main.rs:281:11:281:11 | [SSA] [input] [match(true)] phi |
-| main.rs:281:11:281:11 | n | main.rs:281:11:281:11 | [SSA] n |
-| main.rs:281:18:281:18 | [SSA] [input] [match(true)] phi | main.rs:281:9:281:19 | [SSA] [match(true)] phi |
-| main.rs:281:18:281:18 | [SSA] n | main.rs:281:18:281:18 | [SSA] [input] [match(true)] phi |
-| main.rs:281:18:281:18 | n | main.rs:281:18:281:18 | [SSA] n |
-| main.rs:281:24:281:30 | sink(...) | main.rs:280:5:282:5 | match s1 { ... } |
-| main.rs:283:5:286:5 | match s2 { ... } | main.rs:273:50:287:1 | { ... } |
-| main.rs:283:11:283:12 | s2 | main.rs:284:9:284:12 | A(...) |
-| main.rs:283:11:283:12 | s2 | main.rs:285:9:285:12 | B(...) |
-| main.rs:284:11:284:11 | [SSA] n | main.rs:284:22:284:22 | n |
-| main.rs:284:11:284:11 | n | main.rs:284:11:284:11 | [SSA] n |
-| main.rs:284:17:284:23 | sink(...) | main.rs:283:5:286:5 | match s2 { ... } |
+| main.rs:267:30:267:36 | sink(...) | main.rs:266:5:269:5 | match s1 { ... } |
+| main.rs:268:24:268:24 | [SSA] n | main.rs:268:35:268:35 | n |
+| main.rs:268:24:268:24 | n | main.rs:268:24:268:24 | [SSA] n |
+| main.rs:268:30:268:36 | sink(...) | main.rs:266:5:269:5 | match s1 { ... } |
+| main.rs:270:11:270:12 | s1 | main.rs:271:9:271:45 | ... \| ... |
+| main.rs:271:9:271:45 | ... \| ... | main.rs:271:9:271:25 | ...::A(...) |
+| main.rs:271:9:271:45 | ... \| ... | main.rs:271:29:271:45 | ...::B(...) |
+| main.rs:271:9:271:45 | [SSA] [match(true)] phi | main.rs:271:55:271:55 | n |
+| main.rs:271:24:271:24 | [SSA] [input] [match(true)] phi | main.rs:271:9:271:45 | [SSA] [match(true)] phi |
+| main.rs:271:24:271:24 | [SSA] n | main.rs:271:24:271:24 | [SSA] [input] [match(true)] phi |
+| main.rs:271:24:271:24 | n | main.rs:271:24:271:24 | [SSA] n |
+| main.rs:271:44:271:44 | [SSA] [input] [match(true)] phi | main.rs:271:9:271:45 | [SSA] [match(true)] phi |
+| main.rs:271:44:271:44 | [SSA] n | main.rs:271:44:271:44 | [SSA] [input] [match(true)] phi |
+| main.rs:271:44:271:44 | n | main.rs:271:44:271:44 | [SSA] n |
+| main.rs:271:50:271:56 | sink(...) | main.rs:270:5:272:5 | match s1 { ... } |
+| main.rs:273:5:276:5 | match s2 { ... } | main.rs:263:48:277:1 | { ... } |
+| main.rs:273:11:273:12 | s2 | main.rs:274:9:274:25 | ...::A(...) |
+| main.rs:273:11:273:12 | s2 | main.rs:275:9:275:25 | ...::B(...) |
+| main.rs:274:24:274:24 | [SSA] n | main.rs:274:35:274:35 | n |
+| main.rs:274:24:274:24 | n | main.rs:274:24:274:24 | [SSA] n |
+| main.rs:274:30:274:36 | sink(...) | main.rs:273:5:276:5 | match s2 { ... } |
+| main.rs:275:24:275:24 | [SSA] n | main.rs:275:35:275:35 | n |
+| main.rs:275:24:275:24 | n | main.rs:275:24:275:24 | [SSA] n |
+| main.rs:275:30:275:36 | sink(...) | main.rs:273:5:276:5 | match s2 { ... } |
+| main.rs:282:9:282:10 | [SSA] s1 | main.rs:284:11:284:12 | s1 |
+| main.rs:282:9:282:10 | s1 | main.rs:282:9:282:10 | [SSA] s1 |
+| main.rs:282:14:282:26 | A(...) | main.rs:282:9:282:10 | s1 |
+| main.rs:283:9:283:10 | [SSA] s2 | main.rs:291:11:291:12 | s2 |
+| main.rs:283:9:283:10 | s2 | main.rs:283:9:283:10 | [SSA] s2 |
+| main.rs:283:14:283:17 | B(...) | main.rs:283:9:283:10 | s2 |
+| main.rs:284:11:284:12 | s1 | main.rs:285:9:285:12 | A(...) |
+| main.rs:284:11:284:12 | s1 | main.rs:286:9:286:12 | B(...) |
+| main.rs:284:11:284:12 | s1 | main.rs:288:11:288:12 | s1 |
 | main.rs:285:11:285:11 | [SSA] n | main.rs:285:22:285:22 | n |
 | main.rs:285:11:285:11 | n | main.rs:285:11:285:11 | [SSA] n |
-| main.rs:285:17:285:23 | sink(...) | main.rs:283:5:286:5 | match s2 { ... } |
-| main.rs:295:9:295:10 | [SSA] s1 | main.rs:299:11:299:12 | s1 |
-| main.rs:295:9:295:10 | s1 | main.rs:295:9:295:10 | [SSA] s1 |
-| main.rs:295:14:297:5 | ...::C {...} | main.rs:295:9:295:10 | s1 |
-| main.rs:298:9:298:10 | [SSA] s2 | main.rs:306:11:306:12 | s2 |
-| main.rs:298:9:298:10 | s2 | main.rs:298:9:298:10 | [SSA] s2 |
-| main.rs:298:14:298:43 | ...::D {...} | main.rs:298:9:298:10 | s2 |
-| main.rs:299:11:299:12 | s1 | main.rs:300:9:300:38 | ...::C {...} |
-| main.rs:299:11:299:12 | s1 | main.rs:301:9:301:38 | ...::D {...} |
-| main.rs:299:11:299:12 | s1 | main.rs:303:11:303:12 | s1 |
-| main.rs:300:36:300:36 | [SSA] n | main.rs:300:48:300:48 | n |
-| main.rs:300:36:300:36 | n | main.rs:300:36:300:36 | [SSA] n |
-| main.rs:300:43:300:49 | sink(...) | main.rs:299:5:302:5 | match s1 { ... } |
-| main.rs:301:36:301:36 | [SSA] n | main.rs:301:48:301:48 | n |
-| main.rs:301:36:301:36 | n | main.rs:301:36:301:36 | [SSA] n |
-| main.rs:301:43:301:49 | sink(...) | main.rs:299:5:302:5 | match s1 { ... } |
-| main.rs:303:11:303:12 | s1 | main.rs:304:9:304:71 | ... \| ... |
-| main.rs:304:9:304:71 | ... \| ... | main.rs:304:9:304:38 | ...::C {...} |
-| main.rs:304:9:304:71 | ... \| ... | main.rs:304:42:304:71 | ...::D {...} |
-| main.rs:304:9:304:71 | [SSA] [match(true)] phi | main.rs:304:81:304:81 | n |
-| main.rs:304:36:304:36 | [SSA] [input] [match(true)] phi | main.rs:304:9:304:71 | [SSA] [match(true)] phi |
-| main.rs:304:36:304:36 | [SSA] n | main.rs:304:36:304:36 | [SSA] [input] [match(true)] phi |
-| main.rs:304:36:304:36 | n | main.rs:304:36:304:36 | [SSA] n |
-| main.rs:304:69:304:69 | [SSA] [input] [match(true)] phi | main.rs:304:9:304:71 | [SSA] [match(true)] phi |
-| main.rs:304:69:304:69 | [SSA] n | main.rs:304:69:304:69 | [SSA] [input] [match(true)] phi |
-| main.rs:304:69:304:69 | n | main.rs:304:69:304:69 | [SSA] n |
-| main.rs:304:76:304:82 | sink(...) | main.rs:303:5:305:5 | match s1 { ... } |
-| main.rs:306:5:309:5 | match s2 { ... } | main.rs:294:49:310:1 | { ... } |
-| main.rs:306:11:306:12 | s2 | main.rs:307:9:307:38 | ...::C {...} |
-| main.rs:306:11:306:12 | s2 | main.rs:308:9:308:38 | ...::D {...} |
-| main.rs:307:36:307:36 | [SSA] n | main.rs:307:48:307:48 | n |
-| main.rs:307:36:307:36 | n | main.rs:307:36:307:36 | [SSA] n |
-| main.rs:307:43:307:49 | sink(...) | main.rs:306:5:309:5 | match s2 { ... } |
+| main.rs:285:17:285:23 | sink(...) | main.rs:284:5:287:5 | match s1 { ... } |
+| main.rs:286:11:286:11 | [SSA] n | main.rs:286:22:286:22 | n |
+| main.rs:286:11:286:11 | n | main.rs:286:11:286:11 | [SSA] n |
+| main.rs:286:17:286:23 | sink(...) | main.rs:284:5:287:5 | match s1 { ... } |
+| main.rs:288:11:288:12 | s1 | main.rs:289:9:289:19 | ... \| ... |
+| main.rs:289:9:289:19 | ... \| ... | main.rs:289:9:289:12 | A(...) |
+| main.rs:289:9:289:19 | ... \| ... | main.rs:289:16:289:19 | B(...) |
+| main.rs:289:9:289:19 | [SSA] [match(true)] phi | main.rs:289:29:289:29 | n |
+| main.rs:289:11:289:11 | [SSA] [input] [match(true)] phi | main.rs:289:9:289:19 | [SSA] [match(true)] phi |
+| main.rs:289:11:289:11 | [SSA] n | main.rs:289:11:289:11 | [SSA] [input] [match(true)] phi |
+| main.rs:289:11:289:11 | n | main.rs:289:11:289:11 | [SSA] n |
+| main.rs:289:18:289:18 | [SSA] [input] [match(true)] phi | main.rs:289:9:289:19 | [SSA] [match(true)] phi |
+| main.rs:289:18:289:18 | [SSA] n | main.rs:289:18:289:18 | [SSA] [input] [match(true)] phi |
+| main.rs:289:18:289:18 | n | main.rs:289:18:289:18 | [SSA] n |
+| main.rs:289:24:289:30 | sink(...) | main.rs:288:5:290:5 | match s1 { ... } |
+| main.rs:291:5:294:5 | match s2 { ... } | main.rs:281:50:295:1 | { ... } |
+| main.rs:291:11:291:12 | s2 | main.rs:292:9:292:12 | A(...) |
+| main.rs:291:11:291:12 | s2 | main.rs:293:9:293:12 | B(...) |
+| main.rs:292:11:292:11 | [SSA] n | main.rs:292:22:292:22 | n |
+| main.rs:292:11:292:11 | n | main.rs:292:11:292:11 | [SSA] n |
+| main.rs:292:17:292:23 | sink(...) | main.rs:291:5:294:5 | match s2 { ... } |
+| main.rs:293:11:293:11 | [SSA] n | main.rs:293:22:293:22 | n |
+| main.rs:293:11:293:11 | n | main.rs:293:11:293:11 | [SSA] n |
+| main.rs:293:17:293:23 | sink(...) | main.rs:291:5:294:5 | match s2 { ... } |
+| main.rs:303:9:303:10 | [SSA] s1 | main.rs:307:11:307:12 | s1 |
+| main.rs:303:9:303:10 | s1 | main.rs:303:9:303:10 | [SSA] s1 |
+| main.rs:303:14:305:5 | ...::C {...} | main.rs:303:9:303:10 | s1 |
+| main.rs:306:9:306:10 | [SSA] s2 | main.rs:314:11:314:12 | s2 |
+| main.rs:306:9:306:10 | s2 | main.rs:306:9:306:10 | [SSA] s2 |
+| main.rs:306:14:306:43 | ...::D {...} | main.rs:306:9:306:10 | s2 |
+| main.rs:307:11:307:12 | s1 | main.rs:308:9:308:38 | ...::C {...} |
+| main.rs:307:11:307:12 | s1 | main.rs:309:9:309:38 | ...::D {...} |
+| main.rs:307:11:307:12 | s1 | main.rs:311:11:311:12 | s1 |
 | main.rs:308:36:308:36 | [SSA] n | main.rs:308:48:308:48 | n |
 | main.rs:308:36:308:36 | n | main.rs:308:36:308:36 | [SSA] n |
-| main.rs:308:43:308:49 | sink(...) | main.rs:306:5:309:5 | match s2 { ... } |
-| main.rs:315:9:315:10 | [SSA] s1 | main.rs:319:11:319:12 | s1 |
-| main.rs:315:9:315:10 | s1 | main.rs:315:9:315:10 | [SSA] s1 |
-| main.rs:315:14:317:5 | C {...} | main.rs:315:9:315:10 | s1 |
-| main.rs:318:9:318:10 | [SSA] s2 | main.rs:326:11:326:12 | s2 |
-| main.rs:318:9:318:10 | s2 | main.rs:318:9:318:10 | [SSA] s2 |
-| main.rs:318:14:318:29 | D {...} | main.rs:318:9:318:10 | s2 |
-| main.rs:319:11:319:12 | s1 | main.rs:320:9:320:24 | C {...} |
-| main.rs:319:11:319:12 | s1 | main.rs:321:9:321:24 | D {...} |
-| main.rs:319:11:319:12 | s1 | main.rs:323:11:323:12 | s1 |
-| main.rs:320:22:320:22 | [SSA] n | main.rs:320:34:320:34 | n |
-| main.rs:320:22:320:22 | n | main.rs:320:22:320:22 | [SSA] n |
-| main.rs:320:29:320:35 | sink(...) | main.rs:319:5:322:5 | match s1 { ... } |
-| main.rs:321:22:321:22 | [SSA] n | main.rs:321:34:321:34 | n |
-| main.rs:321:22:321:22 | n | main.rs:321:22:321:22 | [SSA] n |
-| main.rs:321:29:321:35 | sink(...) | main.rs:319:5:322:5 | match s1 { ... } |
-| main.rs:323:11:323:12 | s1 | main.rs:324:9:324:43 | ... \| ... |
-| main.rs:324:9:324:43 | ... \| ... | main.rs:324:9:324:24 | C {...} |
-| main.rs:324:9:324:43 | ... \| ... | main.rs:324:28:324:43 | D {...} |
-| main.rs:324:9:324:43 | [SSA] [match(true)] phi | main.rs:324:53:324:53 | n |
-| main.rs:324:22:324:22 | [SSA] [input] [match(true)] phi | main.rs:324:9:324:43 | [SSA] [match(true)] phi |
-| main.rs:324:22:324:22 | [SSA] n | main.rs:324:22:324:22 | [SSA] [input] [match(true)] phi |
-| main.rs:324:22:324:22 | n | main.rs:324:22:324:22 | [SSA] n |
-| main.rs:324:41:324:41 | [SSA] [input] [match(true)] phi | main.rs:324:9:324:43 | [SSA] [match(true)] phi |
-| main.rs:324:41:324:41 | [SSA] n | main.rs:324:41:324:41 | [SSA] [input] [match(true)] phi |
-| main.rs:324:41:324:41 | n | main.rs:324:41:324:41 | [SSA] n |
-| main.rs:324:48:324:54 | sink(...) | main.rs:323:5:325:5 | match s1 { ... } |
-| main.rs:326:5:329:5 | match s2 { ... } | main.rs:314:51:330:1 | { ... } |
-| main.rs:326:11:326:12 | s2 | main.rs:327:9:327:24 | C {...} |
-| main.rs:326:11:326:12 | s2 | main.rs:328:9:328:24 | D {...} |
-| main.rs:327:22:327:22 | [SSA] n | main.rs:327:34:327:34 | n |
-| main.rs:327:22:327:22 | n | main.rs:327:22:327:22 | [SSA] n |
-| main.rs:327:29:327:35 | sink(...) | main.rs:326:5:329:5 | match s2 { ... } |
+| main.rs:308:43:308:49 | sink(...) | main.rs:307:5:310:5 | match s1 { ... } |
+| main.rs:309:36:309:36 | [SSA] n | main.rs:309:48:309:48 | n |
+| main.rs:309:36:309:36 | n | main.rs:309:36:309:36 | [SSA] n |
+| main.rs:309:43:309:49 | sink(...) | main.rs:307:5:310:5 | match s1 { ... } |
+| main.rs:311:11:311:12 | s1 | main.rs:312:9:312:71 | ... \| ... |
+| main.rs:312:9:312:71 | ... \| ... | main.rs:312:9:312:38 | ...::C {...} |
+| main.rs:312:9:312:71 | ... \| ... | main.rs:312:42:312:71 | ...::D {...} |
+| main.rs:312:9:312:71 | [SSA] [match(true)] phi | main.rs:312:81:312:81 | n |
+| main.rs:312:36:312:36 | [SSA] [input] [match(true)] phi | main.rs:312:9:312:71 | [SSA] [match(true)] phi |
+| main.rs:312:36:312:36 | [SSA] n | main.rs:312:36:312:36 | [SSA] [input] [match(true)] phi |
+| main.rs:312:36:312:36 | n | main.rs:312:36:312:36 | [SSA] n |
+| main.rs:312:69:312:69 | [SSA] [input] [match(true)] phi | main.rs:312:9:312:71 | [SSA] [match(true)] phi |
+| main.rs:312:69:312:69 | [SSA] n | main.rs:312:69:312:69 | [SSA] [input] [match(true)] phi |
+| main.rs:312:69:312:69 | n | main.rs:312:69:312:69 | [SSA] n |
+| main.rs:312:76:312:82 | sink(...) | main.rs:311:5:313:5 | match s1 { ... } |
+| main.rs:314:5:317:5 | match s2 { ... } | main.rs:302:49:318:1 | { ... } |
+| main.rs:314:11:314:12 | s2 | main.rs:315:9:315:38 | ...::C {...} |
+| main.rs:314:11:314:12 | s2 | main.rs:316:9:316:38 | ...::D {...} |
+| main.rs:315:36:315:36 | [SSA] n | main.rs:315:48:315:48 | n |
+| main.rs:315:36:315:36 | n | main.rs:315:36:315:36 | [SSA] n |
+| main.rs:315:43:315:49 | sink(...) | main.rs:314:5:317:5 | match s2 { ... } |
+| main.rs:316:36:316:36 | [SSA] n | main.rs:316:48:316:48 | n |
+| main.rs:316:36:316:36 | n | main.rs:316:36:316:36 | [SSA] n |
+| main.rs:316:43:316:49 | sink(...) | main.rs:314:5:317:5 | match s2 { ... } |
+| main.rs:323:9:323:10 | [SSA] s1 | main.rs:327:11:327:12 | s1 |
+| main.rs:323:9:323:10 | s1 | main.rs:323:9:323:10 | [SSA] s1 |
+| main.rs:323:14:325:5 | C {...} | main.rs:323:9:323:10 | s1 |
+| main.rs:326:9:326:10 | [SSA] s2 | main.rs:334:11:334:12 | s2 |
+| main.rs:326:9:326:10 | s2 | main.rs:326:9:326:10 | [SSA] s2 |
+| main.rs:326:14:326:29 | D {...} | main.rs:326:9:326:10 | s2 |
+| main.rs:327:11:327:12 | s1 | main.rs:328:9:328:24 | C {...} |
+| main.rs:327:11:327:12 | s1 | main.rs:329:9:329:24 | D {...} |
+| main.rs:327:11:327:12 | s1 | main.rs:331:11:331:12 | s1 |
 | main.rs:328:22:328:22 | [SSA] n | main.rs:328:34:328:34 | n |
 | main.rs:328:22:328:22 | n | main.rs:328:22:328:22 | [SSA] n |
-| main.rs:328:29:328:35 | sink(...) | main.rs:326:5:329:5 | match s2 { ... } |
-| main.rs:336:9:336:12 | [SSA] arr1 | main.rs:337:14:337:17 | arr1 |
-| main.rs:336:9:336:12 | arr1 | main.rs:336:9:336:12 | [SSA] arr1 |
-| main.rs:336:16:336:33 | [...] | main.rs:336:9:336:12 | arr1 |
-| main.rs:337:9:337:10 | [SSA] n1 | main.rs:338:10:338:11 | n1 |
-| main.rs:337:9:337:10 | n1 | main.rs:337:9:337:10 | [SSA] n1 |
-| main.rs:337:14:337:20 | arr1[2] | main.rs:337:9:337:10 | n1 |
-| main.rs:340:9:340:12 | [SSA] arr2 | main.rs:341:14:341:17 | arr2 |
-| main.rs:340:9:340:12 | arr2 | main.rs:340:9:340:12 | [SSA] arr2 |
-| main.rs:340:16:340:31 | [...; 10] | main.rs:340:9:340:12 | arr2 |
-| main.rs:341:9:341:10 | [SSA] n2 | main.rs:342:10:342:11 | n2 |
-| main.rs:341:9:341:10 | n2 | main.rs:341:9:341:10 | [SSA] n2 |
-| main.rs:341:14:341:20 | arr2[4] | main.rs:341:9:341:10 | n2 |
-| main.rs:344:9:344:12 | [SSA] arr3 | main.rs:345:14:345:17 | arr3 |
-| main.rs:344:9:344:12 | arr3 | main.rs:344:9:344:12 | [SSA] arr3 |
-| main.rs:344:16:344:24 | [...] | main.rs:344:9:344:12 | arr3 |
-| main.rs:345:9:345:10 | [SSA] n3 | main.rs:346:10:346:11 | n3 |
-| main.rs:345:9:345:10 | n3 | main.rs:345:9:345:10 | [SSA] n3 |
-| main.rs:345:14:345:20 | arr3[2] | main.rs:345:9:345:10 | n3 |
-| main.rs:350:9:350:12 | [SSA] arr1 | main.rs:351:15:351:18 | arr1 |
-| main.rs:350:9:350:12 | arr1 | main.rs:350:9:350:12 | [SSA] arr1 |
-| main.rs:350:16:350:33 | [...] | main.rs:350:9:350:12 | arr1 |
-| main.rs:351:9:351:10 | [SSA] n1 | main.rs:352:14:352:15 | n1 |
-| main.rs:351:9:351:10 | n1 | main.rs:351:9:351:10 | [SSA] n1 |
-| main.rs:355:9:355:12 | [SSA] arr2 | main.rs:356:15:356:18 | arr2 |
-| main.rs:355:9:355:12 | arr2 | main.rs:355:9:355:12 | [SSA] arr2 |
-| main.rs:355:16:355:24 | [...] | main.rs:355:9:355:12 | arr2 |
-| main.rs:356:5:358:5 | for ... in ... { ... } | main.rs:349:21:359:1 | { ... } |
-| main.rs:356:9:356:10 | [SSA] n2 | main.rs:357:14:357:15 | n2 |
-| main.rs:356:9:356:10 | n2 | main.rs:356:9:356:10 | [SSA] n2 |
-| main.rs:362:9:362:12 | [SSA] arr1 | main.rs:363:11:363:14 | arr1 |
-| main.rs:362:9:362:12 | arr1 | main.rs:362:9:362:12 | [SSA] arr1 |
-| main.rs:362:16:362:33 | [...] | main.rs:362:9:362:12 | arr1 |
-| main.rs:363:5:369:5 | match arr1 { ... } | main.rs:361:26:370:1 | { ... } |
-| main.rs:363:11:363:14 | arr1 | main.rs:364:9:364:17 | SlicePat |
-| main.rs:364:10:364:10 | [SSA] a | main.rs:365:18:365:18 | a |
-| main.rs:364:10:364:10 | a | main.rs:364:10:364:10 | [SSA] a |
-| main.rs:364:13:364:13 | [SSA] b | main.rs:366:18:366:18 | b |
-| main.rs:364:13:364:13 | b | main.rs:364:13:364:13 | [SSA] b |
-| main.rs:364:16:364:16 | [SSA] c | main.rs:367:18:367:18 | c |
-| main.rs:364:16:364:16 | c | main.rs:364:16:364:16 | [SSA] c |
-| main.rs:364:22:368:9 | { ... } | main.rs:363:5:369:5 | match arr1 { ... } |
-| main.rs:373:9:373:19 | [SSA] mut_arr | main.rs:374:10:374:16 | mut_arr |
-| main.rs:373:9:373:19 | mut_arr | main.rs:373:9:373:19 | [SSA] mut_arr |
-| main.rs:373:23:373:31 | [...] | main.rs:373:9:373:19 | mut_arr |
-| main.rs:374:10:374:16 | [post] mut_arr | main.rs:376:5:376:11 | mut_arr |
-| main.rs:374:10:374:16 | mut_arr | main.rs:376:5:376:11 | mut_arr |
-| main.rs:376:5:376:11 | [post] mut_arr | main.rs:377:13:377:19 | mut_arr |
-| main.rs:376:5:376:11 | mut_arr | main.rs:377:13:377:19 | mut_arr |
-| main.rs:376:18:376:27 | source(...) | main.rs:376:5:376:14 | mut_arr[1] |
-| main.rs:377:9:377:9 | [SSA] d | main.rs:378:10:378:10 | d |
-| main.rs:377:9:377:9 | d | main.rs:377:9:377:9 | [SSA] d |
-| main.rs:377:13:377:19 | [post] mut_arr | main.rs:379:10:379:16 | mut_arr |
-| main.rs:377:13:377:19 | mut_arr | main.rs:379:10:379:16 | mut_arr |
-| main.rs:377:13:377:22 | mut_arr[1] | main.rs:377:9:377:9 | d |
-| main.rs:386:9:386:9 | a | main.rs:386:9:386:9 | [SSA] a |
-| main.rs:386:13:386:22 | source(...) | main.rs:386:9:386:9 | a |
-| main.rs:387:9:387:9 | [SSA] b | main.rs:388:14:388:14 | b |
-| main.rs:387:9:387:9 | b | main.rs:387:9:387:9 | [SSA] b |
-| main.rs:387:13:387:14 | &a | main.rs:387:9:387:9 | b |
-| main.rs:388:9:388:9 | [SSA] c | main.rs:389:10:389:10 | c |
-| main.rs:388:9:388:9 | c | main.rs:388:9:388:9 | [SSA] c |
-| main.rs:388:13:388:14 | * ... | main.rs:388:9:388:9 | c |
-| main.rs:393:17:393:17 | 1 | main.rs:393:9:393:13 | a |
-| main.rs:395:9:395:9 | [SSA] b | main.rs:396:6:396:6 | b |
-| main.rs:395:9:395:9 | b | main.rs:395:9:395:9 | [SSA] b |
-| main.rs:395:13:395:18 | &mut a | main.rs:395:9:395:9 | b |
-| main.rs:396:10:396:19 | source(...) | main.rs:396:5:396:6 | * ... |
-| main.rs:402:39:402:43 | [SSA] names | main.rs:404:23:404:27 | names |
-| main.rs:402:39:402:43 | names | main.rs:402:39:402:43 | [SSA] names |
-| main.rs:402:39:402:72 | ...: Vec::<...> | main.rs:402:39:402:43 | names |
-| main.rs:403:7:403:18 | [SSA] default_name | main.rs:404:23:404:27 | [SSA] [input] SSA phi read(default_name) |
-| main.rs:403:7:403:18 | default_name | main.rs:403:7:403:18 | [SSA] default_name |
-| main.rs:403:22:403:43 | ... .to_string(...) | main.rs:403:7:403:18 | default_name |
-| main.rs:404:3:410:3 | for ... in ... { ... } | main.rs:402:75:411:1 | { ... } |
-| main.rs:404:7:404:18 | [SSA] SSA phi read(default_name) | main.rs:404:29:410:3 | [SSA] [input] SSA phi read(default_name) |
-| main.rs:404:7:404:18 | [SSA] SSA phi read(default_name) | main.rs:408:7:408:14 | [SSA] [input] SSA phi read(default_name) |
-| main.rs:404:8:404:11 | [SSA] cond | main.rs:405:8:405:11 | cond |
-| main.rs:404:8:404:11 | cond | main.rs:404:8:404:11 | [SSA] cond |
-| main.rs:404:14:404:17 | [SSA] name | main.rs:406:15:406:18 | name |
-| main.rs:404:14:404:17 | name | main.rs:404:14:404:17 | [SSA] name |
-| main.rs:404:23:404:27 | [SSA] [input] SSA phi read(default_name) | main.rs:404:7:404:18 | [SSA] SSA phi read(default_name) |
-| main.rs:404:29:410:3 | [SSA] [input] SSA phi read(default_name) | main.rs:404:7:404:18 | [SSA] SSA phi read(default_name) |
-| main.rs:405:5:409:5 | if cond {...} | main.rs:404:29:410:3 | { ... } |
-| main.rs:406:11:406:11 | [SSA] n | main.rs:407:12:407:12 | n |
-| main.rs:406:11:406:11 | n | main.rs:406:11:406:11 | [SSA] n |
-| main.rs:406:15:406:62 | name.unwrap_or_else(...) | main.rs:406:11:406:11 | n |
-| main.rs:406:35:406:61 | [SSA] <captured entry> default_name | main.rs:406:38:406:49 | default_name |
-| main.rs:408:7:408:14 | [SSA] [input] SSA phi read(default_name) | main.rs:404:7:404:18 | [SSA] SSA phi read(default_name) |
-| main.rs:434:13:434:33 | result_questionmark(...) | main.rs:434:9:434:9 | _ |
+| main.rs:328:29:328:35 | sink(...) | main.rs:327:5:330:5 | match s1 { ... } |
+| main.rs:329:22:329:22 | [SSA] n | main.rs:329:34:329:34 | n |
+| main.rs:329:22:329:22 | n | main.rs:329:22:329:22 | [SSA] n |
+| main.rs:329:29:329:35 | sink(...) | main.rs:327:5:330:5 | match s1 { ... } |
+| main.rs:331:11:331:12 | s1 | main.rs:332:9:332:43 | ... \| ... |
+| main.rs:332:9:332:43 | ... \| ... | main.rs:332:9:332:24 | C {...} |
+| main.rs:332:9:332:43 | ... \| ... | main.rs:332:28:332:43 | D {...} |
+| main.rs:332:9:332:43 | [SSA] [match(true)] phi | main.rs:332:53:332:53 | n |
+| main.rs:332:22:332:22 | [SSA] [input] [match(true)] phi | main.rs:332:9:332:43 | [SSA] [match(true)] phi |
+| main.rs:332:22:332:22 | [SSA] n | main.rs:332:22:332:22 | [SSA] [input] [match(true)] phi |
+| main.rs:332:22:332:22 | n | main.rs:332:22:332:22 | [SSA] n |
+| main.rs:332:41:332:41 | [SSA] [input] [match(true)] phi | main.rs:332:9:332:43 | [SSA] [match(true)] phi |
+| main.rs:332:41:332:41 | [SSA] n | main.rs:332:41:332:41 | [SSA] [input] [match(true)] phi |
+| main.rs:332:41:332:41 | n | main.rs:332:41:332:41 | [SSA] n |
+| main.rs:332:48:332:54 | sink(...) | main.rs:331:5:333:5 | match s1 { ... } |
+| main.rs:334:5:337:5 | match s2 { ... } | main.rs:322:51:338:1 | { ... } |
+| main.rs:334:11:334:12 | s2 | main.rs:335:9:335:24 | C {...} |
+| main.rs:334:11:334:12 | s2 | main.rs:336:9:336:24 | D {...} |
+| main.rs:335:22:335:22 | [SSA] n | main.rs:335:34:335:34 | n |
+| main.rs:335:22:335:22 | n | main.rs:335:22:335:22 | [SSA] n |
+| main.rs:335:29:335:35 | sink(...) | main.rs:334:5:337:5 | match s2 { ... } |
+| main.rs:336:22:336:22 | [SSA] n | main.rs:336:34:336:34 | n |
+| main.rs:336:22:336:22 | n | main.rs:336:22:336:22 | [SSA] n |
+| main.rs:336:29:336:35 | sink(...) | main.rs:334:5:337:5 | match s2 { ... } |
+| main.rs:344:9:344:12 | [SSA] arr1 | main.rs:345:14:345:17 | arr1 |
+| main.rs:344:9:344:12 | arr1 | main.rs:344:9:344:12 | [SSA] arr1 |
+| main.rs:344:16:344:33 | [...] | main.rs:344:9:344:12 | arr1 |
+| main.rs:345:9:345:10 | [SSA] n1 | main.rs:346:10:346:11 | n1 |
+| main.rs:345:9:345:10 | n1 | main.rs:345:9:345:10 | [SSA] n1 |
+| main.rs:345:14:345:20 | arr1[2] | main.rs:345:9:345:10 | n1 |
+| main.rs:348:9:348:12 | [SSA] arr2 | main.rs:349:14:349:17 | arr2 |
+| main.rs:348:9:348:12 | arr2 | main.rs:348:9:348:12 | [SSA] arr2 |
+| main.rs:348:16:348:31 | [...; 10] | main.rs:348:9:348:12 | arr2 |
+| main.rs:349:9:349:10 | [SSA] n2 | main.rs:350:10:350:11 | n2 |
+| main.rs:349:9:349:10 | n2 | main.rs:349:9:349:10 | [SSA] n2 |
+| main.rs:349:14:349:20 | arr2[4] | main.rs:349:9:349:10 | n2 |
+| main.rs:352:9:352:12 | [SSA] arr3 | main.rs:353:14:353:17 | arr3 |
+| main.rs:352:9:352:12 | arr3 | main.rs:352:9:352:12 | [SSA] arr3 |
+| main.rs:352:16:352:24 | [...] | main.rs:352:9:352:12 | arr3 |
+| main.rs:353:9:353:10 | [SSA] n3 | main.rs:354:10:354:11 | n3 |
+| main.rs:353:9:353:10 | n3 | main.rs:353:9:353:10 | [SSA] n3 |
+| main.rs:353:14:353:20 | arr3[2] | main.rs:353:9:353:10 | n3 |
+| main.rs:358:9:358:12 | [SSA] arr1 | main.rs:359:15:359:18 | arr1 |
+| main.rs:358:9:358:12 | arr1 | main.rs:358:9:358:12 | [SSA] arr1 |
+| main.rs:358:16:358:33 | [...] | main.rs:358:9:358:12 | arr1 |
+| main.rs:359:9:359:10 | [SSA] n1 | main.rs:360:14:360:15 | n1 |
+| main.rs:359:9:359:10 | n1 | main.rs:359:9:359:10 | [SSA] n1 |
+| main.rs:363:9:363:12 | [SSA] arr2 | main.rs:364:15:364:18 | arr2 |
+| main.rs:363:9:363:12 | arr2 | main.rs:363:9:363:12 | [SSA] arr2 |
+| main.rs:363:16:363:24 | [...] | main.rs:363:9:363:12 | arr2 |
+| main.rs:364:5:366:5 | for ... in ... { ... } | main.rs:357:21:367:1 | { ... } |
+| main.rs:364:9:364:10 | [SSA] n2 | main.rs:365:14:365:15 | n2 |
+| main.rs:364:9:364:10 | n2 | main.rs:364:9:364:10 | [SSA] n2 |
+| main.rs:370:9:370:12 | [SSA] arr1 | main.rs:371:11:371:14 | arr1 |
+| main.rs:370:9:370:12 | arr1 | main.rs:370:9:370:12 | [SSA] arr1 |
+| main.rs:370:16:370:33 | [...] | main.rs:370:9:370:12 | arr1 |
+| main.rs:371:5:377:5 | match arr1 { ... } | main.rs:369:26:378:1 | { ... } |
+| main.rs:371:11:371:14 | arr1 | main.rs:372:9:372:17 | SlicePat |
+| main.rs:372:10:372:10 | [SSA] a | main.rs:373:18:373:18 | a |
+| main.rs:372:10:372:10 | a | main.rs:372:10:372:10 | [SSA] a |
+| main.rs:372:13:372:13 | [SSA] b | main.rs:374:18:374:18 | b |
+| main.rs:372:13:372:13 | b | main.rs:372:13:372:13 | [SSA] b |
+| main.rs:372:16:372:16 | [SSA] c | main.rs:375:18:375:18 | c |
+| main.rs:372:16:372:16 | c | main.rs:372:16:372:16 | [SSA] c |
+| main.rs:372:22:376:9 | { ... } | main.rs:371:5:377:5 | match arr1 { ... } |
+| main.rs:381:9:381:19 | [SSA] mut_arr | main.rs:382:10:382:16 | mut_arr |
+| main.rs:381:9:381:19 | mut_arr | main.rs:381:9:381:19 | [SSA] mut_arr |
+| main.rs:381:23:381:31 | [...] | main.rs:381:9:381:19 | mut_arr |
+| main.rs:382:10:382:16 | [post] mut_arr | main.rs:384:5:384:11 | mut_arr |
+| main.rs:382:10:382:16 | mut_arr | main.rs:384:5:384:11 | mut_arr |
+| main.rs:384:5:384:11 | [post] mut_arr | main.rs:385:13:385:19 | mut_arr |
+| main.rs:384:5:384:11 | mut_arr | main.rs:385:13:385:19 | mut_arr |
+| main.rs:384:18:384:27 | source(...) | main.rs:384:5:384:14 | mut_arr[1] |
+| main.rs:385:9:385:9 | [SSA] d | main.rs:386:10:386:10 | d |
+| main.rs:385:9:385:9 | d | main.rs:385:9:385:9 | [SSA] d |
+| main.rs:385:13:385:19 | [post] mut_arr | main.rs:387:10:387:16 | mut_arr |
+| main.rs:385:13:385:19 | mut_arr | main.rs:387:10:387:16 | mut_arr |
+| main.rs:385:13:385:22 | mut_arr[1] | main.rs:385:9:385:9 | d |
+| main.rs:392:39:392:43 | [SSA] names | main.rs:394:23:394:27 | names |
+| main.rs:392:39:392:43 | names | main.rs:392:39:392:43 | [SSA] names |
+| main.rs:392:39:392:72 | ...: Vec::<...> | main.rs:392:39:392:43 | names |
+| main.rs:393:7:393:18 | [SSA] default_name | main.rs:394:23:394:27 | [SSA] [input] SSA phi read(default_name) |
+| main.rs:393:7:393:18 | default_name | main.rs:393:7:393:18 | [SSA] default_name |
+| main.rs:393:22:393:43 | ... .to_string(...) | main.rs:393:7:393:18 | default_name |
+| main.rs:394:3:400:3 | for ... in ... { ... } | main.rs:392:75:401:1 | { ... } |
+| main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) | main.rs:394:29:400:3 | [SSA] [input] SSA phi read(default_name) |
+| main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) | main.rs:398:7:398:14 | [SSA] [input] SSA phi read(default_name) |
+| main.rs:394:8:394:11 | [SSA] cond | main.rs:395:8:395:11 | cond |
+| main.rs:394:8:394:11 | cond | main.rs:394:8:394:11 | [SSA] cond |
+| main.rs:394:14:394:17 | [SSA] name | main.rs:396:15:396:18 | name |
+| main.rs:394:14:394:17 | name | main.rs:394:14:394:17 | [SSA] name |
+| main.rs:394:23:394:27 | [SSA] [input] SSA phi read(default_name) | main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) |
+| main.rs:394:29:400:3 | [SSA] [input] SSA phi read(default_name) | main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) |
+| main.rs:395:5:399:5 | if cond {...} | main.rs:394:29:400:3 | { ... } |
+| main.rs:396:11:396:11 | [SSA] n | main.rs:397:12:397:12 | n |
+| main.rs:396:11:396:11 | n | main.rs:396:11:396:11 | [SSA] n |
+| main.rs:396:15:396:62 | name.unwrap_or_else(...) | main.rs:396:11:396:11 | n |
+| main.rs:396:35:396:61 | [SSA] <captured entry> default_name | main.rs:396:38:396:49 | default_name |
+| main.rs:398:7:398:14 | [SSA] [input] SSA phi read(default_name) | main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) |
+| main.rs:425:13:425:33 | result_questionmark(...) | main.rs:425:9:425:9 | _ |
 storeStep
 | main.rs:94:14:94:22 | source(...) | tuple.0 | main.rs:94:13:94:26 | TupleExpr |
 | main.rs:94:25:94:25 | 2 | tuple.1 | main.rs:94:13:94:26 | TupleExpr |
@@ -496,42 +489,44 @@ storeStep
 | main.rs:212:19:212:19 | 2 | Some | main.rs:212:14:212:20 | Some(...) |
 | main.rs:224:19:224:28 | source(...) | Some | main.rs:224:14:224:29 | Some(...) |
 | main.rs:229:19:229:28 | source(...) | Some | main.rs:229:14:229:29 | Some(...) |
-| main.rs:230:19:230:19 | 2 | Some | main.rs:230:14:230:20 | Some(...) |
-| main.rs:234:10:234:10 | 0 | Some | main.rs:234:5:234:11 | Some(...) |
-| main.rs:238:35:238:44 | source(...) | Ok | main.rs:238:32:238:45 | Ok(...) |
-| main.rs:239:35:239:35 | 2 | Ok | main.rs:239:32:239:36 | Ok(...) |
-| main.rs:240:36:240:45 | source(...) | Err | main.rs:240:32:240:46 | Err(...) |
-| main.rs:247:8:247:8 | 0 | Ok | main.rs:247:5:247:9 | Ok(...) |
-| main.rs:256:29:256:38 | source(...) | A | main.rs:256:14:256:39 | ...::A(...) |
-| main.rs:257:29:257:29 | 2 | B | main.rs:257:14:257:30 | ...::B(...) |
-| main.rs:274:16:274:25 | source(...) | A | main.rs:274:14:274:26 | A(...) |
-| main.rs:275:16:275:16 | 2 | B | main.rs:275:14:275:17 | B(...) |
-| main.rs:296:18:296:27 | source(...) | C | main.rs:295:14:297:5 | ...::C {...} |
-| main.rs:298:41:298:41 | 2 | D | main.rs:298:14:298:43 | ...::D {...} |
-| main.rs:316:18:316:27 | source(...) | C | main.rs:315:14:317:5 | C {...} |
-| main.rs:318:27:318:27 | 2 | D | main.rs:318:14:318:29 | D {...} |
-| main.rs:336:17:336:17 | 1 | array[] | main.rs:336:16:336:33 | [...] |
-| main.rs:336:20:336:20 | 2 | array[] | main.rs:336:16:336:33 | [...] |
-| main.rs:336:23:336:32 | source(...) | array[] | main.rs:336:16:336:33 | [...] |
-| main.rs:340:17:340:26 | source(...) | array[] | main.rs:340:16:340:31 | [...; 10] |
-| main.rs:344:17:344:17 | 1 | array[] | main.rs:344:16:344:24 | [...] |
-| main.rs:344:20:344:20 | 2 | array[] | main.rs:344:16:344:24 | [...] |
-| main.rs:344:23:344:23 | 3 | array[] | main.rs:344:16:344:24 | [...] |
-| main.rs:350:17:350:17 | 1 | array[] | main.rs:350:16:350:33 | [...] |
-| main.rs:350:20:350:20 | 2 | array[] | main.rs:350:16:350:33 | [...] |
-| main.rs:350:23:350:32 | source(...) | array[] | main.rs:350:16:350:33 | [...] |
-| main.rs:355:17:355:17 | 1 | array[] | main.rs:355:16:355:24 | [...] |
-| main.rs:355:20:355:20 | 2 | array[] | main.rs:355:16:355:24 | [...] |
-| main.rs:355:23:355:23 | 3 | array[] | main.rs:355:16:355:24 | [...] |
-| main.rs:362:17:362:17 | 1 | array[] | main.rs:362:16:362:33 | [...] |
-| main.rs:362:20:362:20 | 2 | array[] | main.rs:362:16:362:33 | [...] |
-| main.rs:362:23:362:32 | source(...) | array[] | main.rs:362:16:362:33 | [...] |
-| main.rs:373:24:373:24 | 1 | array[] | main.rs:373:23:373:31 | [...] |
-| main.rs:373:27:373:27 | 2 | array[] | main.rs:373:23:373:31 | [...] |
-| main.rs:373:30:373:30 | 3 | array[] | main.rs:373:23:373:31 | [...] |
-| main.rs:376:18:376:27 | source(...) | array[] | main.rs:376:5:376:11 | [post] mut_arr |
-| main.rs:406:35:406:61 | default_name | captured default_name | main.rs:406:35:406:61 | \|...\| ... |
-| main.rs:417:27:417:27 | 0 | Some | main.rs:417:22:417:28 | Some(...) |
+| main.rs:232:19:232:19 | 0 | Some | main.rs:232:14:232:20 | Some(...) |
+| main.rs:237:19:237:28 | source(...) | Some | main.rs:237:14:237:29 | Some(...) |
+| main.rs:238:19:238:19 | 2 | Some | main.rs:238:14:238:20 | Some(...) |
+| main.rs:242:10:242:10 | 0 | Some | main.rs:242:5:242:11 | Some(...) |
+| main.rs:246:35:246:44 | source(...) | Ok | main.rs:246:32:246:45 | Ok(...) |
+| main.rs:247:35:247:35 | 2 | Ok | main.rs:247:32:247:36 | Ok(...) |
+| main.rs:248:36:248:45 | source(...) | Err | main.rs:248:32:248:46 | Err(...) |
+| main.rs:255:8:255:8 | 0 | Ok | main.rs:255:5:255:9 | Ok(...) |
+| main.rs:264:29:264:38 | source(...) | A | main.rs:264:14:264:39 | ...::A(...) |
+| main.rs:265:29:265:29 | 2 | B | main.rs:265:14:265:30 | ...::B(...) |
+| main.rs:282:16:282:25 | source(...) | A | main.rs:282:14:282:26 | A(...) |
+| main.rs:283:16:283:16 | 2 | B | main.rs:283:14:283:17 | B(...) |
+| main.rs:304:18:304:27 | source(...) | C | main.rs:303:14:305:5 | ...::C {...} |
+| main.rs:306:41:306:41 | 2 | D | main.rs:306:14:306:43 | ...::D {...} |
+| main.rs:324:18:324:27 | source(...) | C | main.rs:323:14:325:5 | C {...} |
+| main.rs:326:27:326:27 | 2 | D | main.rs:326:14:326:29 | D {...} |
+| main.rs:344:17:344:17 | 1 | array[] | main.rs:344:16:344:33 | [...] |
+| main.rs:344:20:344:20 | 2 | array[] | main.rs:344:16:344:33 | [...] |
+| main.rs:344:23:344:32 | source(...) | array[] | main.rs:344:16:344:33 | [...] |
+| main.rs:348:17:348:26 | source(...) | array[] | main.rs:348:16:348:31 | [...; 10] |
+| main.rs:352:17:352:17 | 1 | array[] | main.rs:352:16:352:24 | [...] |
+| main.rs:352:20:352:20 | 2 | array[] | main.rs:352:16:352:24 | [...] |
+| main.rs:352:23:352:23 | 3 | array[] | main.rs:352:16:352:24 | [...] |
+| main.rs:358:17:358:17 | 1 | array[] | main.rs:358:16:358:33 | [...] |
+| main.rs:358:20:358:20 | 2 | array[] | main.rs:358:16:358:33 | [...] |
+| main.rs:358:23:358:32 | source(...) | array[] | main.rs:358:16:358:33 | [...] |
+| main.rs:363:17:363:17 | 1 | array[] | main.rs:363:16:363:24 | [...] |
+| main.rs:363:20:363:20 | 2 | array[] | main.rs:363:16:363:24 | [...] |
+| main.rs:363:23:363:23 | 3 | array[] | main.rs:363:16:363:24 | [...] |
+| main.rs:370:17:370:17 | 1 | array[] | main.rs:370:16:370:33 | [...] |
+| main.rs:370:20:370:20 | 2 | array[] | main.rs:370:16:370:33 | [...] |
+| main.rs:370:23:370:32 | source(...) | array[] | main.rs:370:16:370:33 | [...] |
+| main.rs:381:24:381:24 | 1 | array[] | main.rs:381:23:381:31 | [...] |
+| main.rs:381:27:381:27 | 2 | array[] | main.rs:381:23:381:31 | [...] |
+| main.rs:381:30:381:30 | 3 | array[] | main.rs:381:23:381:31 | [...] |
+| main.rs:384:18:384:27 | source(...) | array[] | main.rs:384:5:384:11 | [post] mut_arr |
+| main.rs:396:35:396:61 | default_name | captured default_name | main.rs:396:35:396:61 | \|...\| ... |
+| main.rs:407:27:407:27 | 0 | Some | main.rs:407:22:407:28 | Some(...) |
 readStep
 | file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | Some | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap |
 | main.rs:33:9:33:15 | Some(...) | Some | main.rs:33:14:33:14 | _ |
@@ -555,52 +550,52 @@ readStep
 | main.rs:205:9:205:23 | ...::Some(...) | Some | main.rs:205:22:205:22 | n |
 | main.rs:214:9:214:15 | Some(...) | Some | main.rs:214:14:214:14 | n |
 | main.rs:218:9:218:15 | Some(...) | Some | main.rs:218:14:218:14 | n |
-| main.rs:231:14:231:15 | s1 | Ok | main.rs:231:14:231:16 | TryExpr |
-| main.rs:231:14:231:15 | s1 | Some | main.rs:231:14:231:16 | TryExpr |
-| main.rs:233:10:233:11 | s2 | Ok | main.rs:233:10:233:12 | TryExpr |
-| main.rs:233:10:233:11 | s2 | Some | main.rs:233:10:233:12 | TryExpr |
-| main.rs:241:14:241:15 | s1 | Ok | main.rs:241:14:241:16 | TryExpr |
-| main.rs:241:14:241:15 | s1 | Some | main.rs:241:14:241:16 | TryExpr |
-| main.rs:242:14:242:15 | s2 | Ok | main.rs:242:14:242:16 | TryExpr |
-| main.rs:242:14:242:15 | s2 | Some | main.rs:242:14:242:16 | TryExpr |
-| main.rs:245:14:245:15 | s3 | Ok | main.rs:245:14:245:16 | TryExpr |
-| main.rs:245:14:245:15 | s3 | Some | main.rs:245:14:245:16 | TryExpr |
-| main.rs:259:9:259:25 | ...::A(...) | A | main.rs:259:24:259:24 | n |
-| main.rs:260:9:260:25 | ...::B(...) | B | main.rs:260:24:260:24 | n |
-| main.rs:263:9:263:25 | ...::A(...) | A | main.rs:263:24:263:24 | n |
-| main.rs:263:29:263:45 | ...::B(...) | B | main.rs:263:44:263:44 | n |
-| main.rs:266:9:266:25 | ...::A(...) | A | main.rs:266:24:266:24 | n |
-| main.rs:267:9:267:25 | ...::B(...) | B | main.rs:267:24:267:24 | n |
-| main.rs:277:9:277:12 | A(...) | A | main.rs:277:11:277:11 | n |
-| main.rs:278:9:278:12 | B(...) | B | main.rs:278:11:278:11 | n |
-| main.rs:281:9:281:12 | A(...) | A | main.rs:281:11:281:11 | n |
-| main.rs:281:16:281:19 | B(...) | B | main.rs:281:18:281:18 | n |
-| main.rs:284:9:284:12 | A(...) | A | main.rs:284:11:284:11 | n |
-| main.rs:285:9:285:12 | B(...) | B | main.rs:285:11:285:11 | n |
-| main.rs:300:9:300:38 | ...::C {...} | C | main.rs:300:36:300:36 | n |
-| main.rs:301:9:301:38 | ...::D {...} | D | main.rs:301:36:301:36 | n |
-| main.rs:304:9:304:38 | ...::C {...} | C | main.rs:304:36:304:36 | n |
-| main.rs:304:42:304:71 | ...::D {...} | D | main.rs:304:69:304:69 | n |
-| main.rs:307:9:307:38 | ...::C {...} | C | main.rs:307:36:307:36 | n |
-| main.rs:308:9:308:38 | ...::D {...} | D | main.rs:308:36:308:36 | n |
-| main.rs:320:9:320:24 | C {...} | C | main.rs:320:22:320:22 | n |
-| main.rs:321:9:321:24 | D {...} | D | main.rs:321:22:321:22 | n |
-| main.rs:324:9:324:24 | C {...} | C | main.rs:324:22:324:22 | n |
-| main.rs:324:28:324:43 | D {...} | D | main.rs:324:41:324:41 | n |
-| main.rs:327:9:327:24 | C {...} | C | main.rs:327:22:327:22 | n |
-| main.rs:328:9:328:24 | D {...} | D | main.rs:328:22:328:22 | n |
-| main.rs:337:14:337:17 | arr1 | array[] | main.rs:337:14:337:20 | arr1[2] |
-| main.rs:341:14:341:17 | arr2 | array[] | main.rs:341:14:341:20 | arr2[4] |
-| main.rs:345:14:345:17 | arr3 | array[] | main.rs:345:14:345:20 | arr3[2] |
-| main.rs:351:15:351:18 | arr1 | array[] | main.rs:351:9:351:10 | n1 |
-| main.rs:356:15:356:18 | arr2 | array[] | main.rs:356:9:356:10 | n2 |
-| main.rs:364:9:364:17 | SlicePat | array[] | main.rs:364:10:364:10 | a |
-| main.rs:364:9:364:17 | SlicePat | array[] | main.rs:364:13:364:13 | b |
-| main.rs:364:9:364:17 | SlicePat | array[] | main.rs:364:16:364:16 | c |
-| main.rs:374:10:374:16 | mut_arr | array[] | main.rs:374:10:374:19 | mut_arr[1] |
-| main.rs:376:5:376:11 | mut_arr | array[] | main.rs:376:5:376:14 | mut_arr[1] |
-| main.rs:377:13:377:19 | mut_arr | array[] | main.rs:377:13:377:22 | mut_arr[1] |
-| main.rs:379:10:379:16 | mut_arr | array[] | main.rs:379:10:379:19 | mut_arr[0] |
-| main.rs:404:23:404:27 | names | array[] | main.rs:404:7:404:18 | TuplePat |
-| main.rs:406:35:406:61 | [post] \|...\| ... | captured default_name | main.rs:406:35:406:61 | [post] default_name |
-| main.rs:406:38:406:49 | this | captured default_name | main.rs:406:38:406:49 | default_name |
+| main.rs:239:14:239:15 | s1 | Ok | main.rs:239:14:239:16 | TryExpr |
+| main.rs:239:14:239:15 | s1 | Some | main.rs:239:14:239:16 | TryExpr |
+| main.rs:241:10:241:11 | s2 | Ok | main.rs:241:10:241:12 | TryExpr |
+| main.rs:241:10:241:11 | s2 | Some | main.rs:241:10:241:12 | TryExpr |
+| main.rs:249:14:249:15 | s1 | Ok | main.rs:249:14:249:16 | TryExpr |
+| main.rs:249:14:249:15 | s1 | Some | main.rs:249:14:249:16 | TryExpr |
+| main.rs:250:14:250:15 | s2 | Ok | main.rs:250:14:250:16 | TryExpr |
+| main.rs:250:14:250:15 | s2 | Some | main.rs:250:14:250:16 | TryExpr |
+| main.rs:253:14:253:15 | s3 | Ok | main.rs:253:14:253:16 | TryExpr |
+| main.rs:253:14:253:15 | s3 | Some | main.rs:253:14:253:16 | TryExpr |
+| main.rs:267:9:267:25 | ...::A(...) | A | main.rs:267:24:267:24 | n |
+| main.rs:268:9:268:25 | ...::B(...) | B | main.rs:268:24:268:24 | n |
+| main.rs:271:9:271:25 | ...::A(...) | A | main.rs:271:24:271:24 | n |
+| main.rs:271:29:271:45 | ...::B(...) | B | main.rs:271:44:271:44 | n |
+| main.rs:274:9:274:25 | ...::A(...) | A | main.rs:274:24:274:24 | n |
+| main.rs:275:9:275:25 | ...::B(...) | B | main.rs:275:24:275:24 | n |
+| main.rs:285:9:285:12 | A(...) | A | main.rs:285:11:285:11 | n |
+| main.rs:286:9:286:12 | B(...) | B | main.rs:286:11:286:11 | n |
+| main.rs:289:9:289:12 | A(...) | A | main.rs:289:11:289:11 | n |
+| main.rs:289:16:289:19 | B(...) | B | main.rs:289:18:289:18 | n |
+| main.rs:292:9:292:12 | A(...) | A | main.rs:292:11:292:11 | n |
+| main.rs:293:9:293:12 | B(...) | B | main.rs:293:11:293:11 | n |
+| main.rs:308:9:308:38 | ...::C {...} | C | main.rs:308:36:308:36 | n |
+| main.rs:309:9:309:38 | ...::D {...} | D | main.rs:309:36:309:36 | n |
+| main.rs:312:9:312:38 | ...::C {...} | C | main.rs:312:36:312:36 | n |
+| main.rs:312:42:312:71 | ...::D {...} | D | main.rs:312:69:312:69 | n |
+| main.rs:315:9:315:38 | ...::C {...} | C | main.rs:315:36:315:36 | n |
+| main.rs:316:9:316:38 | ...::D {...} | D | main.rs:316:36:316:36 | n |
+| main.rs:328:9:328:24 | C {...} | C | main.rs:328:22:328:22 | n |
+| main.rs:329:9:329:24 | D {...} | D | main.rs:329:22:329:22 | n |
+| main.rs:332:9:332:24 | C {...} | C | main.rs:332:22:332:22 | n |
+| main.rs:332:28:332:43 | D {...} | D | main.rs:332:41:332:41 | n |
+| main.rs:335:9:335:24 | C {...} | C | main.rs:335:22:335:22 | n |
+| main.rs:336:9:336:24 | D {...} | D | main.rs:336:22:336:22 | n |
+| main.rs:345:14:345:17 | arr1 | array[] | main.rs:345:14:345:20 | arr1[2] |
+| main.rs:349:14:349:17 | arr2 | array[] | main.rs:349:14:349:20 | arr2[4] |
+| main.rs:353:14:353:17 | arr3 | array[] | main.rs:353:14:353:20 | arr3[2] |
+| main.rs:359:15:359:18 | arr1 | array[] | main.rs:359:9:359:10 | n1 |
+| main.rs:364:15:364:18 | arr2 | array[] | main.rs:364:9:364:10 | n2 |
+| main.rs:372:9:372:17 | SlicePat | array[] | main.rs:372:10:372:10 | a |
+| main.rs:372:9:372:17 | SlicePat | array[] | main.rs:372:13:372:13 | b |
+| main.rs:372:9:372:17 | SlicePat | array[] | main.rs:372:16:372:16 | c |
+| main.rs:382:10:382:16 | mut_arr | array[] | main.rs:382:10:382:19 | mut_arr[1] |
+| main.rs:384:5:384:11 | mut_arr | array[] | main.rs:384:5:384:14 | mut_arr[1] |
+| main.rs:385:13:385:19 | mut_arr | array[] | main.rs:385:13:385:22 | mut_arr[1] |
+| main.rs:387:10:387:16 | mut_arr | array[] | main.rs:387:10:387:19 | mut_arr[0] |
+| main.rs:394:23:394:27 | names | array[] | main.rs:394:7:394:18 | TuplePat |
+| main.rs:396:35:396:61 | [post] \|...\| ... | captured default_name | main.rs:396:35:396:61 | [post] default_name |
+| main.rs:396:38:396:49 | this | captured default_name | main.rs:396:38:396:49 | default_name |
diff --git a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected
index 185bea1394fb..d19b0a5bcb04 100644
--- a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected
@@ -37,68 +37,68 @@ edges
 | main.rs:224:14:224:29 | Some(...) [Some] | main.rs:225:10:225:11 | s1 [Some] | provenance |  |
 | main.rs:224:19:224:28 | source(...) | main.rs:224:14:224:29 | Some(...) [Some] | provenance |  |
 | main.rs:225:10:225:11 | s1 [Some] | main.rs:225:10:225:20 | s1.unwrap(...) | provenance | MaD:1 |
-| main.rs:229:14:229:29 | Some(...) [Some] | main.rs:231:14:231:15 | s1 [Some] | provenance |  |
-| main.rs:229:19:229:28 | source(...) | main.rs:229:14:229:29 | Some(...) [Some] | provenance |  |
-| main.rs:231:14:231:15 | s1 [Some] | main.rs:231:14:231:16 | TryExpr | provenance |  |
-| main.rs:231:14:231:16 | TryExpr | main.rs:232:10:232:11 | i1 | provenance |  |
-| main.rs:238:32:238:45 | Ok(...) [Ok] | main.rs:241:14:241:15 | s1 [Ok] | provenance |  |
-| main.rs:238:35:238:44 | source(...) | main.rs:238:32:238:45 | Ok(...) [Ok] | provenance |  |
-| main.rs:241:14:241:15 | s1 [Ok] | main.rs:241:14:241:16 | TryExpr | provenance |  |
-| main.rs:241:14:241:16 | TryExpr | main.rs:243:10:243:11 | i1 | provenance |  |
-| main.rs:256:14:256:39 | ...::A(...) [A] | main.rs:259:9:259:25 | ...::A(...) [A] | provenance |  |
-| main.rs:256:14:256:39 | ...::A(...) [A] | main.rs:263:9:263:25 | ...::A(...) [A] | provenance |  |
-| main.rs:256:29:256:38 | source(...) | main.rs:256:14:256:39 | ...::A(...) [A] | provenance |  |
-| main.rs:259:9:259:25 | ...::A(...) [A] | main.rs:259:24:259:24 | n | provenance |  |
-| main.rs:259:24:259:24 | n | main.rs:259:35:259:35 | n | provenance |  |
-| main.rs:263:9:263:25 | ...::A(...) [A] | main.rs:263:24:263:24 | n | provenance |  |
-| main.rs:263:24:263:24 | n | main.rs:263:55:263:55 | n | provenance |  |
-| main.rs:274:14:274:26 | A(...) [A] | main.rs:277:9:277:12 | A(...) [A] | provenance |  |
-| main.rs:274:14:274:26 | A(...) [A] | main.rs:281:9:281:12 | A(...) [A] | provenance |  |
-| main.rs:274:16:274:25 | source(...) | main.rs:274:14:274:26 | A(...) [A] | provenance |  |
-| main.rs:277:9:277:12 | A(...) [A] | main.rs:277:11:277:11 | n | provenance |  |
-| main.rs:277:11:277:11 | n | main.rs:277:22:277:22 | n | provenance |  |
-| main.rs:281:9:281:12 | A(...) [A] | main.rs:281:11:281:11 | n | provenance |  |
-| main.rs:281:11:281:11 | n | main.rs:281:29:281:29 | n | provenance |  |
-| main.rs:295:14:297:5 | ...::C {...} [C] | main.rs:300:9:300:38 | ...::C {...} [C] | provenance |  |
-| main.rs:295:14:297:5 | ...::C {...} [C] | main.rs:304:9:304:38 | ...::C {...} [C] | provenance |  |
-| main.rs:296:18:296:27 | source(...) | main.rs:295:14:297:5 | ...::C {...} [C] | provenance |  |
-| main.rs:300:9:300:38 | ...::C {...} [C] | main.rs:300:36:300:36 | n | provenance |  |
-| main.rs:300:36:300:36 | n | main.rs:300:48:300:48 | n | provenance |  |
-| main.rs:304:9:304:38 | ...::C {...} [C] | main.rs:304:36:304:36 | n | provenance |  |
-| main.rs:304:36:304:36 | n | main.rs:304:81:304:81 | n | provenance |  |
-| main.rs:315:14:317:5 | C {...} [C] | main.rs:320:9:320:24 | C {...} [C] | provenance |  |
-| main.rs:315:14:317:5 | C {...} [C] | main.rs:324:9:324:24 | C {...} [C] | provenance |  |
-| main.rs:316:18:316:27 | source(...) | main.rs:315:14:317:5 | C {...} [C] | provenance |  |
-| main.rs:320:9:320:24 | C {...} [C] | main.rs:320:22:320:22 | n | provenance |  |
-| main.rs:320:22:320:22 | n | main.rs:320:34:320:34 | n | provenance |  |
-| main.rs:324:9:324:24 | C {...} [C] | main.rs:324:22:324:22 | n | provenance |  |
-| main.rs:324:22:324:22 | n | main.rs:324:53:324:53 | n | provenance |  |
-| main.rs:336:16:336:33 | [...] [array[]] | main.rs:337:14:337:17 | arr1 [array[]] | provenance |  |
-| main.rs:336:23:336:32 | source(...) | main.rs:336:16:336:33 | [...] [array[]] | provenance |  |
-| main.rs:337:14:337:17 | arr1 [array[]] | main.rs:337:14:337:20 | arr1[2] | provenance |  |
-| main.rs:337:14:337:20 | arr1[2] | main.rs:338:10:338:11 | n1 | provenance |  |
-| main.rs:340:16:340:31 | [...; 10] [array[]] | main.rs:341:14:341:17 | arr2 [array[]] | provenance |  |
-| main.rs:340:17:340:26 | source(...) | main.rs:340:16:340:31 | [...; 10] [array[]] | provenance |  |
-| main.rs:341:14:341:17 | arr2 [array[]] | main.rs:341:14:341:20 | arr2[4] | provenance |  |
-| main.rs:341:14:341:20 | arr2[4] | main.rs:342:10:342:11 | n2 | provenance |  |
-| main.rs:350:16:350:33 | [...] [array[]] | main.rs:351:15:351:18 | arr1 [array[]] | provenance |  |
-| main.rs:350:23:350:32 | source(...) | main.rs:350:16:350:33 | [...] [array[]] | provenance |  |
-| main.rs:351:9:351:10 | n1 | main.rs:352:14:352:15 | n1 | provenance |  |
-| main.rs:351:15:351:18 | arr1 [array[]] | main.rs:351:9:351:10 | n1 | provenance |  |
-| main.rs:362:16:362:33 | [...] [array[]] | main.rs:364:9:364:17 | SlicePat [array[]] | provenance |  |
-| main.rs:362:23:362:32 | source(...) | main.rs:362:16:362:33 | [...] [array[]] | provenance |  |
-| main.rs:364:9:364:17 | SlicePat [array[]] | main.rs:364:10:364:10 | a | provenance |  |
-| main.rs:364:9:364:17 | SlicePat [array[]] | main.rs:364:13:364:13 | b | provenance |  |
-| main.rs:364:9:364:17 | SlicePat [array[]] | main.rs:364:16:364:16 | c | provenance |  |
-| main.rs:364:10:364:10 | a | main.rs:365:18:365:18 | a | provenance |  |
-| main.rs:364:13:364:13 | b | main.rs:366:18:366:18 | b | provenance |  |
-| main.rs:364:16:364:16 | c | main.rs:367:18:367:18 | c | provenance |  |
-| main.rs:376:5:376:11 | [post] mut_arr [array[]] | main.rs:377:13:377:19 | mut_arr [array[]] | provenance |  |
-| main.rs:376:5:376:11 | [post] mut_arr [array[]] | main.rs:379:10:379:16 | mut_arr [array[]] | provenance |  |
-| main.rs:376:18:376:27 | source(...) | main.rs:376:5:376:11 | [post] mut_arr [array[]] | provenance |  |
-| main.rs:377:13:377:19 | mut_arr [array[]] | main.rs:377:13:377:22 | mut_arr[1] | provenance |  |
-| main.rs:377:13:377:22 | mut_arr[1] | main.rs:378:10:378:10 | d | provenance |  |
-| main.rs:379:10:379:16 | mut_arr [array[]] | main.rs:379:10:379:19 | mut_arr[0] | provenance |  |
+| main.rs:237:14:237:29 | Some(...) [Some] | main.rs:239:14:239:15 | s1 [Some] | provenance |  |
+| main.rs:237:19:237:28 | source(...) | main.rs:237:14:237:29 | Some(...) [Some] | provenance |  |
+| main.rs:239:14:239:15 | s1 [Some] | main.rs:239:14:239:16 | TryExpr | provenance |  |
+| main.rs:239:14:239:16 | TryExpr | main.rs:240:10:240:11 | i1 | provenance |  |
+| main.rs:246:32:246:45 | Ok(...) [Ok] | main.rs:249:14:249:15 | s1 [Ok] | provenance |  |
+| main.rs:246:35:246:44 | source(...) | main.rs:246:32:246:45 | Ok(...) [Ok] | provenance |  |
+| main.rs:249:14:249:15 | s1 [Ok] | main.rs:249:14:249:16 | TryExpr | provenance |  |
+| main.rs:249:14:249:16 | TryExpr | main.rs:251:10:251:11 | i1 | provenance |  |
+| main.rs:264:14:264:39 | ...::A(...) [A] | main.rs:267:9:267:25 | ...::A(...) [A] | provenance |  |
+| main.rs:264:14:264:39 | ...::A(...) [A] | main.rs:271:9:271:25 | ...::A(...) [A] | provenance |  |
+| main.rs:264:29:264:38 | source(...) | main.rs:264:14:264:39 | ...::A(...) [A] | provenance |  |
+| main.rs:267:9:267:25 | ...::A(...) [A] | main.rs:267:24:267:24 | n | provenance |  |
+| main.rs:267:24:267:24 | n | main.rs:267:35:267:35 | n | provenance |  |
+| main.rs:271:9:271:25 | ...::A(...) [A] | main.rs:271:24:271:24 | n | provenance |  |
+| main.rs:271:24:271:24 | n | main.rs:271:55:271:55 | n | provenance |  |
+| main.rs:282:14:282:26 | A(...) [A] | main.rs:285:9:285:12 | A(...) [A] | provenance |  |
+| main.rs:282:14:282:26 | A(...) [A] | main.rs:289:9:289:12 | A(...) [A] | provenance |  |
+| main.rs:282:16:282:25 | source(...) | main.rs:282:14:282:26 | A(...) [A] | provenance |  |
+| main.rs:285:9:285:12 | A(...) [A] | main.rs:285:11:285:11 | n | provenance |  |
+| main.rs:285:11:285:11 | n | main.rs:285:22:285:22 | n | provenance |  |
+| main.rs:289:9:289:12 | A(...) [A] | main.rs:289:11:289:11 | n | provenance |  |
+| main.rs:289:11:289:11 | n | main.rs:289:29:289:29 | n | provenance |  |
+| main.rs:303:14:305:5 | ...::C {...} [C] | main.rs:308:9:308:38 | ...::C {...} [C] | provenance |  |
+| main.rs:303:14:305:5 | ...::C {...} [C] | main.rs:312:9:312:38 | ...::C {...} [C] | provenance |  |
+| main.rs:304:18:304:27 | source(...) | main.rs:303:14:305:5 | ...::C {...} [C] | provenance |  |
+| main.rs:308:9:308:38 | ...::C {...} [C] | main.rs:308:36:308:36 | n | provenance |  |
+| main.rs:308:36:308:36 | n | main.rs:308:48:308:48 | n | provenance |  |
+| main.rs:312:9:312:38 | ...::C {...} [C] | main.rs:312:36:312:36 | n | provenance |  |
+| main.rs:312:36:312:36 | n | main.rs:312:81:312:81 | n | provenance |  |
+| main.rs:323:14:325:5 | C {...} [C] | main.rs:328:9:328:24 | C {...} [C] | provenance |  |
+| main.rs:323:14:325:5 | C {...} [C] | main.rs:332:9:332:24 | C {...} [C] | provenance |  |
+| main.rs:324:18:324:27 | source(...) | main.rs:323:14:325:5 | C {...} [C] | provenance |  |
+| main.rs:328:9:328:24 | C {...} [C] | main.rs:328:22:328:22 | n | provenance |  |
+| main.rs:328:22:328:22 | n | main.rs:328:34:328:34 | n | provenance |  |
+| main.rs:332:9:332:24 | C {...} [C] | main.rs:332:22:332:22 | n | provenance |  |
+| main.rs:332:22:332:22 | n | main.rs:332:53:332:53 | n | provenance |  |
+| main.rs:344:16:344:33 | [...] [array[]] | main.rs:345:14:345:17 | arr1 [array[]] | provenance |  |
+| main.rs:344:23:344:32 | source(...) | main.rs:344:16:344:33 | [...] [array[]] | provenance |  |
+| main.rs:345:14:345:17 | arr1 [array[]] | main.rs:345:14:345:20 | arr1[2] | provenance |  |
+| main.rs:345:14:345:20 | arr1[2] | main.rs:346:10:346:11 | n1 | provenance |  |
+| main.rs:348:16:348:31 | [...; 10] [array[]] | main.rs:349:14:349:17 | arr2 [array[]] | provenance |  |
+| main.rs:348:17:348:26 | source(...) | main.rs:348:16:348:31 | [...; 10] [array[]] | provenance |  |
+| main.rs:349:14:349:17 | arr2 [array[]] | main.rs:349:14:349:20 | arr2[4] | provenance |  |
+| main.rs:349:14:349:20 | arr2[4] | main.rs:350:10:350:11 | n2 | provenance |  |
+| main.rs:358:16:358:33 | [...] [array[]] | main.rs:359:15:359:18 | arr1 [array[]] | provenance |  |
+| main.rs:358:23:358:32 | source(...) | main.rs:358:16:358:33 | [...] [array[]] | provenance |  |
+| main.rs:359:9:359:10 | n1 | main.rs:360:14:360:15 | n1 | provenance |  |
+| main.rs:359:15:359:18 | arr1 [array[]] | main.rs:359:9:359:10 | n1 | provenance |  |
+| main.rs:370:16:370:33 | [...] [array[]] | main.rs:372:9:372:17 | SlicePat [array[]] | provenance |  |
+| main.rs:370:23:370:32 | source(...) | main.rs:370:16:370:33 | [...] [array[]] | provenance |  |
+| main.rs:372:9:372:17 | SlicePat [array[]] | main.rs:372:10:372:10 | a | provenance |  |
+| main.rs:372:9:372:17 | SlicePat [array[]] | main.rs:372:13:372:13 | b | provenance |  |
+| main.rs:372:9:372:17 | SlicePat [array[]] | main.rs:372:16:372:16 | c | provenance |  |
+| main.rs:372:10:372:10 | a | main.rs:373:18:373:18 | a | provenance |  |
+| main.rs:372:13:372:13 | b | main.rs:374:18:374:18 | b | provenance |  |
+| main.rs:372:16:372:16 | c | main.rs:375:18:375:18 | c | provenance |  |
+| main.rs:384:5:384:11 | [post] mut_arr [array[]] | main.rs:385:13:385:19 | mut_arr [array[]] | provenance |  |
+| main.rs:384:5:384:11 | [post] mut_arr [array[]] | main.rs:387:10:387:16 | mut_arr [array[]] | provenance |  |
+| main.rs:384:18:384:27 | source(...) | main.rs:384:5:384:11 | [post] mut_arr [array[]] | provenance |  |
+| main.rs:385:13:385:19 | mut_arr [array[]] | main.rs:385:13:385:22 | mut_arr[1] | provenance |  |
+| main.rs:385:13:385:22 | mut_arr[1] | main.rs:386:10:386:10 | d | provenance |  |
+| main.rs:387:10:387:16 | mut_arr [array[]] | main.rs:387:10:387:19 | mut_arr[0] | provenance |  |
 nodes
 | main.rs:15:10:15:18 | source(...) | semmle.label | source(...) |
 | main.rs:19:13:19:21 | source(...) | semmle.label | source(...) |
@@ -150,79 +150,79 @@ nodes
 | main.rs:224:19:224:28 | source(...) | semmle.label | source(...) |
 | main.rs:225:10:225:11 | s1 [Some] | semmle.label | s1 [Some] |
 | main.rs:225:10:225:20 | s1.unwrap(...) | semmle.label | s1.unwrap(...) |
-| main.rs:229:14:229:29 | Some(...) [Some] | semmle.label | Some(...) [Some] |
-| main.rs:229:19:229:28 | source(...) | semmle.label | source(...) |
-| main.rs:231:14:231:15 | s1 [Some] | semmle.label | s1 [Some] |
-| main.rs:231:14:231:16 | TryExpr | semmle.label | TryExpr |
-| main.rs:232:10:232:11 | i1 | semmle.label | i1 |
-| main.rs:238:32:238:45 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] |
-| main.rs:238:35:238:44 | source(...) | semmle.label | source(...) |
-| main.rs:241:14:241:15 | s1 [Ok] | semmle.label | s1 [Ok] |
-| main.rs:241:14:241:16 | TryExpr | semmle.label | TryExpr |
-| main.rs:243:10:243:11 | i1 | semmle.label | i1 |
-| main.rs:256:14:256:39 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
-| main.rs:256:29:256:38 | source(...) | semmle.label | source(...) |
-| main.rs:259:9:259:25 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
-| main.rs:259:24:259:24 | n | semmle.label | n |
-| main.rs:259:35:259:35 | n | semmle.label | n |
-| main.rs:263:9:263:25 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
-| main.rs:263:24:263:24 | n | semmle.label | n |
-| main.rs:263:55:263:55 | n | semmle.label | n |
-| main.rs:274:14:274:26 | A(...) [A] | semmle.label | A(...) [A] |
-| main.rs:274:16:274:25 | source(...) | semmle.label | source(...) |
-| main.rs:277:9:277:12 | A(...) [A] | semmle.label | A(...) [A] |
-| main.rs:277:11:277:11 | n | semmle.label | n |
-| main.rs:277:22:277:22 | n | semmle.label | n |
-| main.rs:281:9:281:12 | A(...) [A] | semmle.label | A(...) [A] |
-| main.rs:281:11:281:11 | n | semmle.label | n |
-| main.rs:281:29:281:29 | n | semmle.label | n |
-| main.rs:295:14:297:5 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
-| main.rs:296:18:296:27 | source(...) | semmle.label | source(...) |
-| main.rs:300:9:300:38 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
-| main.rs:300:36:300:36 | n | semmle.label | n |
-| main.rs:300:48:300:48 | n | semmle.label | n |
-| main.rs:304:9:304:38 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
-| main.rs:304:36:304:36 | n | semmle.label | n |
-| main.rs:304:81:304:81 | n | semmle.label | n |
-| main.rs:315:14:317:5 | C {...} [C] | semmle.label | C {...} [C] |
-| main.rs:316:18:316:27 | source(...) | semmle.label | source(...) |
-| main.rs:320:9:320:24 | C {...} [C] | semmle.label | C {...} [C] |
-| main.rs:320:22:320:22 | n | semmle.label | n |
-| main.rs:320:34:320:34 | n | semmle.label | n |
-| main.rs:324:9:324:24 | C {...} [C] | semmle.label | C {...} [C] |
-| main.rs:324:22:324:22 | n | semmle.label | n |
-| main.rs:324:53:324:53 | n | semmle.label | n |
-| main.rs:336:16:336:33 | [...] [array[]] | semmle.label | [...] [array[]] |
-| main.rs:336:23:336:32 | source(...) | semmle.label | source(...) |
-| main.rs:337:14:337:17 | arr1 [array[]] | semmle.label | arr1 [array[]] |
-| main.rs:337:14:337:20 | arr1[2] | semmle.label | arr1[2] |
-| main.rs:338:10:338:11 | n1 | semmle.label | n1 |
-| main.rs:340:16:340:31 | [...; 10] [array[]] | semmle.label | [...; 10] [array[]] |
-| main.rs:340:17:340:26 | source(...) | semmle.label | source(...) |
-| main.rs:341:14:341:17 | arr2 [array[]] | semmle.label | arr2 [array[]] |
-| main.rs:341:14:341:20 | arr2[4] | semmle.label | arr2[4] |
-| main.rs:342:10:342:11 | n2 | semmle.label | n2 |
-| main.rs:350:16:350:33 | [...] [array[]] | semmle.label | [...] [array[]] |
-| main.rs:350:23:350:32 | source(...) | semmle.label | source(...) |
-| main.rs:351:9:351:10 | n1 | semmle.label | n1 |
-| main.rs:351:15:351:18 | arr1 [array[]] | semmle.label | arr1 [array[]] |
-| main.rs:352:14:352:15 | n1 | semmle.label | n1 |
-| main.rs:362:16:362:33 | [...] [array[]] | semmle.label | [...] [array[]] |
-| main.rs:362:23:362:32 | source(...) | semmle.label | source(...) |
-| main.rs:364:9:364:17 | SlicePat [array[]] | semmle.label | SlicePat [array[]] |
-| main.rs:364:10:364:10 | a | semmle.label | a |
-| main.rs:364:13:364:13 | b | semmle.label | b |
-| main.rs:364:16:364:16 | c | semmle.label | c |
-| main.rs:365:18:365:18 | a | semmle.label | a |
-| main.rs:366:18:366:18 | b | semmle.label | b |
-| main.rs:367:18:367:18 | c | semmle.label | c |
-| main.rs:376:5:376:11 | [post] mut_arr [array[]] | semmle.label | [post] mut_arr [array[]] |
-| main.rs:376:18:376:27 | source(...) | semmle.label | source(...) |
-| main.rs:377:13:377:19 | mut_arr [array[]] | semmle.label | mut_arr [array[]] |
-| main.rs:377:13:377:22 | mut_arr[1] | semmle.label | mut_arr[1] |
-| main.rs:378:10:378:10 | d | semmle.label | d |
-| main.rs:379:10:379:16 | mut_arr [array[]] | semmle.label | mut_arr [array[]] |
-| main.rs:379:10:379:19 | mut_arr[0] | semmle.label | mut_arr[0] |
+| main.rs:237:14:237:29 | Some(...) [Some] | semmle.label | Some(...) [Some] |
+| main.rs:237:19:237:28 | source(...) | semmle.label | source(...) |
+| main.rs:239:14:239:15 | s1 [Some] | semmle.label | s1 [Some] |
+| main.rs:239:14:239:16 | TryExpr | semmle.label | TryExpr |
+| main.rs:240:10:240:11 | i1 | semmle.label | i1 |
+| main.rs:246:32:246:45 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] |
+| main.rs:246:35:246:44 | source(...) | semmle.label | source(...) |
+| main.rs:249:14:249:15 | s1 [Ok] | semmle.label | s1 [Ok] |
+| main.rs:249:14:249:16 | TryExpr | semmle.label | TryExpr |
+| main.rs:251:10:251:11 | i1 | semmle.label | i1 |
+| main.rs:264:14:264:39 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
+| main.rs:264:29:264:38 | source(...) | semmle.label | source(...) |
+| main.rs:267:9:267:25 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
+| main.rs:267:24:267:24 | n | semmle.label | n |
+| main.rs:267:35:267:35 | n | semmle.label | n |
+| main.rs:271:9:271:25 | ...::A(...) [A] | semmle.label | ...::A(...) [A] |
+| main.rs:271:24:271:24 | n | semmle.label | n |
+| main.rs:271:55:271:55 | n | semmle.label | n |
+| main.rs:282:14:282:26 | A(...) [A] | semmle.label | A(...) [A] |
+| main.rs:282:16:282:25 | source(...) | semmle.label | source(...) |
+| main.rs:285:9:285:12 | A(...) [A] | semmle.label | A(...) [A] |
+| main.rs:285:11:285:11 | n | semmle.label | n |
+| main.rs:285:22:285:22 | n | semmle.label | n |
+| main.rs:289:9:289:12 | A(...) [A] | semmle.label | A(...) [A] |
+| main.rs:289:11:289:11 | n | semmle.label | n |
+| main.rs:289:29:289:29 | n | semmle.label | n |
+| main.rs:303:14:305:5 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
+| main.rs:304:18:304:27 | source(...) | semmle.label | source(...) |
+| main.rs:308:9:308:38 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
+| main.rs:308:36:308:36 | n | semmle.label | n |
+| main.rs:308:48:308:48 | n | semmle.label | n |
+| main.rs:312:9:312:38 | ...::C {...} [C] | semmle.label | ...::C {...} [C] |
+| main.rs:312:36:312:36 | n | semmle.label | n |
+| main.rs:312:81:312:81 | n | semmle.label | n |
+| main.rs:323:14:325:5 | C {...} [C] | semmle.label | C {...} [C] |
+| main.rs:324:18:324:27 | source(...) | semmle.label | source(...) |
+| main.rs:328:9:328:24 | C {...} [C] | semmle.label | C {...} [C] |
+| main.rs:328:22:328:22 | n | semmle.label | n |
+| main.rs:328:34:328:34 | n | semmle.label | n |
+| main.rs:332:9:332:24 | C {...} [C] | semmle.label | C {...} [C] |
+| main.rs:332:22:332:22 | n | semmle.label | n |
+| main.rs:332:53:332:53 | n | semmle.label | n |
+| main.rs:344:16:344:33 | [...] [array[]] | semmle.label | [...] [array[]] |
+| main.rs:344:23:344:32 | source(...) | semmle.label | source(...) |
+| main.rs:345:14:345:17 | arr1 [array[]] | semmle.label | arr1 [array[]] |
+| main.rs:345:14:345:20 | arr1[2] | semmle.label | arr1[2] |
+| main.rs:346:10:346:11 | n1 | semmle.label | n1 |
+| main.rs:348:16:348:31 | [...; 10] [array[]] | semmle.label | [...; 10] [array[]] |
+| main.rs:348:17:348:26 | source(...) | semmle.label | source(...) |
+| main.rs:349:14:349:17 | arr2 [array[]] | semmle.label | arr2 [array[]] |
+| main.rs:349:14:349:20 | arr2[4] | semmle.label | arr2[4] |
+| main.rs:350:10:350:11 | n2 | semmle.label | n2 |
+| main.rs:358:16:358:33 | [...] [array[]] | semmle.label | [...] [array[]] |
+| main.rs:358:23:358:32 | source(...) | semmle.label | source(...) |
+| main.rs:359:9:359:10 | n1 | semmle.label | n1 |
+| main.rs:359:15:359:18 | arr1 [array[]] | semmle.label | arr1 [array[]] |
+| main.rs:360:14:360:15 | n1 | semmle.label | n1 |
+| main.rs:370:16:370:33 | [...] [array[]] | semmle.label | [...] [array[]] |
+| main.rs:370:23:370:32 | source(...) | semmle.label | source(...) |
+| main.rs:372:9:372:17 | SlicePat [array[]] | semmle.label | SlicePat [array[]] |
+| main.rs:372:10:372:10 | a | semmle.label | a |
+| main.rs:372:13:372:13 | b | semmle.label | b |
+| main.rs:372:16:372:16 | c | semmle.label | c |
+| main.rs:373:18:373:18 | a | semmle.label | a |
+| main.rs:374:18:374:18 | b | semmle.label | b |
+| main.rs:375:18:375:18 | c | semmle.label | c |
+| main.rs:384:5:384:11 | [post] mut_arr [array[]] | semmle.label | [post] mut_arr [array[]] |
+| main.rs:384:18:384:27 | source(...) | semmle.label | source(...) |
+| main.rs:385:13:385:19 | mut_arr [array[]] | semmle.label | mut_arr [array[]] |
+| main.rs:385:13:385:22 | mut_arr[1] | semmle.label | mut_arr[1] |
+| main.rs:386:10:386:10 | d | semmle.label | d |
+| main.rs:387:10:387:16 | mut_arr [array[]] | semmle.label | mut_arr [array[]] |
+| main.rs:387:10:387:19 | mut_arr[0] | semmle.label | mut_arr[0] |
 subpaths
 testFailures
 #select
@@ -240,21 +240,21 @@ testFailures
 | main.rs:201:33:201:33 | n | main.rs:198:27:198:36 | source(...) | main.rs:201:33:201:33 | n | $@ | main.rs:198:27:198:36 | source(...) | source(...) |
 | main.rs:214:25:214:25 | n | main.rs:211:19:211:28 | source(...) | main.rs:214:25:214:25 | n | $@ | main.rs:211:19:211:28 | source(...) | source(...) |
 | main.rs:225:10:225:20 | s1.unwrap(...) | main.rs:224:19:224:28 | source(...) | main.rs:225:10:225:20 | s1.unwrap(...) | $@ | main.rs:224:19:224:28 | source(...) | source(...) |
-| main.rs:232:10:232:11 | i1 | main.rs:229:19:229:28 | source(...) | main.rs:232:10:232:11 | i1 | $@ | main.rs:229:19:229:28 | source(...) | source(...) |
-| main.rs:243:10:243:11 | i1 | main.rs:238:35:238:44 | source(...) | main.rs:243:10:243:11 | i1 | $@ | main.rs:238:35:238:44 | source(...) | source(...) |
-| main.rs:259:35:259:35 | n | main.rs:256:29:256:38 | source(...) | main.rs:259:35:259:35 | n | $@ | main.rs:256:29:256:38 | source(...) | source(...) |
-| main.rs:263:55:263:55 | n | main.rs:256:29:256:38 | source(...) | main.rs:263:55:263:55 | n | $@ | main.rs:256:29:256:38 | source(...) | source(...) |
-| main.rs:277:22:277:22 | n | main.rs:274:16:274:25 | source(...) | main.rs:277:22:277:22 | n | $@ | main.rs:274:16:274:25 | source(...) | source(...) |
-| main.rs:281:29:281:29 | n | main.rs:274:16:274:25 | source(...) | main.rs:281:29:281:29 | n | $@ | main.rs:274:16:274:25 | source(...) | source(...) |
-| main.rs:300:48:300:48 | n | main.rs:296:18:296:27 | source(...) | main.rs:300:48:300:48 | n | $@ | main.rs:296:18:296:27 | source(...) | source(...) |
-| main.rs:304:81:304:81 | n | main.rs:296:18:296:27 | source(...) | main.rs:304:81:304:81 | n | $@ | main.rs:296:18:296:27 | source(...) | source(...) |
-| main.rs:320:34:320:34 | n | main.rs:316:18:316:27 | source(...) | main.rs:320:34:320:34 | n | $@ | main.rs:316:18:316:27 | source(...) | source(...) |
-| main.rs:324:53:324:53 | n | main.rs:316:18:316:27 | source(...) | main.rs:324:53:324:53 | n | $@ | main.rs:316:18:316:27 | source(...) | source(...) |
-| main.rs:338:10:338:11 | n1 | main.rs:336:23:336:32 | source(...) | main.rs:338:10:338:11 | n1 | $@ | main.rs:336:23:336:32 | source(...) | source(...) |
-| main.rs:342:10:342:11 | n2 | main.rs:340:17:340:26 | source(...) | main.rs:342:10:342:11 | n2 | $@ | main.rs:340:17:340:26 | source(...) | source(...) |
-| main.rs:352:14:352:15 | n1 | main.rs:350:23:350:32 | source(...) | main.rs:352:14:352:15 | n1 | $@ | main.rs:350:23:350:32 | source(...) | source(...) |
-| main.rs:365:18:365:18 | a | main.rs:362:23:362:32 | source(...) | main.rs:365:18:365:18 | a | $@ | main.rs:362:23:362:32 | source(...) | source(...) |
-| main.rs:366:18:366:18 | b | main.rs:362:23:362:32 | source(...) | main.rs:366:18:366:18 | b | $@ | main.rs:362:23:362:32 | source(...) | source(...) |
-| main.rs:367:18:367:18 | c | main.rs:362:23:362:32 | source(...) | main.rs:367:18:367:18 | c | $@ | main.rs:362:23:362:32 | source(...) | source(...) |
-| main.rs:378:10:378:10 | d | main.rs:376:18:376:27 | source(...) | main.rs:378:10:378:10 | d | $@ | main.rs:376:18:376:27 | source(...) | source(...) |
-| main.rs:379:10:379:19 | mut_arr[0] | main.rs:376:18:376:27 | source(...) | main.rs:379:10:379:19 | mut_arr[0] | $@ | main.rs:376:18:376:27 | source(...) | source(...) |
+| main.rs:240:10:240:11 | i1 | main.rs:237:19:237:28 | source(...) | main.rs:240:10:240:11 | i1 | $@ | main.rs:237:19:237:28 | source(...) | source(...) |
+| main.rs:251:10:251:11 | i1 | main.rs:246:35:246:44 | source(...) | main.rs:251:10:251:11 | i1 | $@ | main.rs:246:35:246:44 | source(...) | source(...) |
+| main.rs:267:35:267:35 | n | main.rs:264:29:264:38 | source(...) | main.rs:267:35:267:35 | n | $@ | main.rs:264:29:264:38 | source(...) | source(...) |
+| main.rs:271:55:271:55 | n | main.rs:264:29:264:38 | source(...) | main.rs:271:55:271:55 | n | $@ | main.rs:264:29:264:38 | source(...) | source(...) |
+| main.rs:285:22:285:22 | n | main.rs:282:16:282:25 | source(...) | main.rs:285:22:285:22 | n | $@ | main.rs:282:16:282:25 | source(...) | source(...) |
+| main.rs:289:29:289:29 | n | main.rs:282:16:282:25 | source(...) | main.rs:289:29:289:29 | n | $@ | main.rs:282:16:282:25 | source(...) | source(...) |
+| main.rs:308:48:308:48 | n | main.rs:304:18:304:27 | source(...) | main.rs:308:48:308:48 | n | $@ | main.rs:304:18:304:27 | source(...) | source(...) |
+| main.rs:312:81:312:81 | n | main.rs:304:18:304:27 | source(...) | main.rs:312:81:312:81 | n | $@ | main.rs:304:18:304:27 | source(...) | source(...) |
+| main.rs:328:34:328:34 | n | main.rs:324:18:324:27 | source(...) | main.rs:328:34:328:34 | n | $@ | main.rs:324:18:324:27 | source(...) | source(...) |
+| main.rs:332:53:332:53 | n | main.rs:324:18:324:27 | source(...) | main.rs:332:53:332:53 | n | $@ | main.rs:324:18:324:27 | source(...) | source(...) |
+| main.rs:346:10:346:11 | n1 | main.rs:344:23:344:32 | source(...) | main.rs:346:10:346:11 | n1 | $@ | main.rs:344:23:344:32 | source(...) | source(...) |
+| main.rs:350:10:350:11 | n2 | main.rs:348:17:348:26 | source(...) | main.rs:350:10:350:11 | n2 | $@ | main.rs:348:17:348:26 | source(...) | source(...) |
+| main.rs:360:14:360:15 | n1 | main.rs:358:23:358:32 | source(...) | main.rs:360:14:360:15 | n1 | $@ | main.rs:358:23:358:32 | source(...) | source(...) |
+| main.rs:373:18:373:18 | a | main.rs:370:23:370:32 | source(...) | main.rs:373:18:373:18 | a | $@ | main.rs:370:23:370:32 | source(...) | source(...) |
+| main.rs:374:18:374:18 | b | main.rs:370:23:370:32 | source(...) | main.rs:374:18:374:18 | b | $@ | main.rs:370:23:370:32 | source(...) | source(...) |
+| main.rs:375:18:375:18 | c | main.rs:370:23:370:32 | source(...) | main.rs:375:18:375:18 | c | $@ | main.rs:370:23:370:32 | source(...) | source(...) |
+| main.rs:386:10:386:10 | d | main.rs:384:18:384:27 | source(...) | main.rs:386:10:386:10 | d | $@ | main.rs:384:18:384:27 | source(...) | source(...) |
+| main.rs:387:10:387:19 | mut_arr[0] | main.rs:384:18:384:27 | source(...) | main.rs:387:10:387:19 | mut_arr[0] | $@ | main.rs:384:18:384:27 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/local/main.rs b/rust/ql/test/library-tests/dataflow/local/main.rs
index 57757324542d..566cec6340a8 100644
--- a/rust/ql/test/library-tests/dataflow/local/main.rs
+++ b/rust/ql/test/library-tests/dataflow/local/main.rs
@@ -225,6 +225,14 @@ fn option_unwrap() {
     sink(s1.unwrap()); // $ hasValueFlow=19
 }
 
+fn option_unwrap_or() {
+    let s1 = Some(source(46));
+    sink(s1.unwrap_or(0)); // $ MISSING: hasValueFlow=46
+
+    let s2 = Some(0);
+    sink(s2.unwrap_or(source(47))); // $ MISSING: hasValueFlow=47
+}
+
 fn option_questionmark() -> Option<i64> {
     let s1 = Some(source(20));
     let s2 = Some(2);
@@ -379,24 +387,6 @@ fn array_assignment() {
     sink(mut_arr[0]); // $ SPURIOUS: hasValueFlow=55
 }
 
-// -----------------------------------------------------------------------------
-// Data flow through mutable borrows
-
-fn read_through_borrow() {
-    let a = source(21);
-    let b = &a;
-    let c = *b;
-    sink(c); // $ MISSING: hasValueFlow=21
-}
-
-fn write_through_borrow() {
-    let mut a = 1;
-    sink(a);
-    let b = &mut a;
-    *b = source(39);
-    sink(a); // $ MISSING: hasValueFlow=39
-}
-
 // Test data flow inconsistency occuring with captured variables and `continue`
 // in a loop.
 pub fn captured_variable_and_continue(names: Vec<(bool, Option<String>)>) {
@@ -430,6 +420,7 @@ fn main() {
     option_pattern_match_qualified();
     option_pattern_match_unqualified();
     option_unwrap();
+    option_unwrap_or();
     option_questionmark();
     let _ = result_questionmark();
     custom_tuple_enum_pattern_match_qualified();
@@ -443,7 +434,5 @@ fn main() {
     array_for_loop();
     array_slice_pattern();
     array_assignment();
-    read_through_borrow();
-    write_through_borrow();
     captured_variable_and_continue(vec![]);
 }
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
new file mode 100644
index 000000000000..8e1efa3cf6ea
--- /dev/null
+++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
@@ -0,0 +1,23 @@
+models
+edges
+| main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | provenance |  |
+| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | main.rs:42:32:42:37 | number | provenance |  |
+| main.rs:42:32:42:37 | number | main.rs:40:31:46:5 | { ... } | provenance |  |
+| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | main.rs:59:10:59:18 | my_number [MyNumber] | provenance |  |
+| main.rs:58:40:58:49 | source(...) | main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | provenance |  |
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | provenance |  |
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:59:10:59:30 | my_number.to_number(...) | provenance |  |
+nodes
+| main.rs:40:18:40:21 | SelfParam [MyNumber] | semmle.label | SelfParam [MyNumber] |
+| main.rs:40:31:46:5 | { ... } | semmle.label | { ... } |
+| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
+| main.rs:42:32:42:37 | number | semmle.label | number |
+| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
+| main.rs:58:40:58:49 | source(...) | semmle.label | source(...) |
+| main.rs:59:10:59:18 | my_number [MyNumber] | semmle.label | my_number [MyNumber] |
+| main.rs:59:10:59:30 | my_number.to_number(...) | semmle.label | my_number.to_number(...) |
+subpaths
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:40:31:46:5 | { ... } | main.rs:59:10:59:30 | my_number.to_number(...) |
+testFailures
+#select
+| main.rs:59:10:59:30 | my_number.to_number(...) | main.rs:58:40:58:49 | source(...) | main.rs:59:10:59:30 | my_number.to_number(...) | $@ | main.rs:58:40:58:49 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
new file mode 100644
index 000000000000..ad553fe548dc
--- /dev/null
+++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
@@ -0,0 +1,12 @@
+/**
+ * @kind path-problem
+ */
+
+import rust
+import utils.InlineFlowTest
+import DefaultFlowTest
+import ValueFlow::PathGraph
+
+from ValueFlow::PathNode source, ValueFlow::PathNode sink
+where ValueFlow::flowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()
diff --git a/rust/ql/test/library-tests/dataflow/pointers/main.rs b/rust/ql/test/library-tests/dataflow/pointers/main.rs
new file mode 100644
index 000000000000..1ec2c9177481
--- /dev/null
+++ b/rust/ql/test/library-tests/dataflow/pointers/main.rs
@@ -0,0 +1,79 @@
+// -----------------------------------------------------------------------------
+// Data flow through pointers.
+
+fn source(i: i64) -> i64 {
+    1000 + i
+}
+
+fn sink(s: i64) {
+    println!("{}", s);
+}
+
+fn read_through_borrow() {
+    let a = source(21);
+    let b = &a;
+    let c = *b;
+    sink(c); // $ MISSING: hasValueFlow=21
+}
+
+fn write_through_borrow() {
+    let mut a = 1;
+    sink(a);
+    let b = &mut a;
+    *b = source(39);
+    sink(a); // $ MISSING: hasValueFlow=39
+}
+
+fn write_and_read_through_borrow() {
+    let mut a = 12;
+    let b = &mut a;
+    sink(*b);
+    *b = source(37);
+    sink(*b); // $ MISSING: hasValueFlow=37
+}
+
+enum MyNumber {
+    MyNumber(i64)
+}
+
+impl MyNumber {
+    fn to_number(self) -> i64 {
+        match self {
+            MyNumber::MyNumber(number) => {
+                number
+            }
+        }
+    }
+
+    fn get_number(&self) -> i64 {
+        match self {
+            MyNumber::MyNumber(number) => {
+                *number
+            }
+        }
+    }
+}
+
+fn through_self_in_method_no_borrow() {
+    let my_number = MyNumber::MyNumber(source(33));
+    sink(my_number.to_number()); // $ hasValueFlow=33
+}
+
+fn through_self_in_method_implicit_borrow() {
+    let my_number = MyNumber::MyNumber(source(85));
+    sink(my_number.get_number()); // $ MISSING: hasValueFlow=85
+}
+
+fn through_self_in_method_explicit_borrow() {
+    let my_number = &MyNumber::MyNumber(source(40));
+    sink(my_number.get_number()); // $ MISSING: hasValueFlow=40
+}
+
+fn main() {
+    read_through_borrow();
+    write_through_borrow();
+    write_and_read_through_borrow();
+    through_self_in_method_no_borrow();
+    through_self_in_method_implicit_borrow();
+    through_self_in_method_explicit_borrow();
+}
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
new file mode 100644
index 000000000000..8084135dbcba
--- /dev/null
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -0,0 +1,10 @@
+models
+edges
+| main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | provenance |  |
+nodes
+| main.rs:26:14:26:23 | source(...) | semmle.label | source(...) |
+| main.rs:32:10:32:11 | s4 | semmle.label | s4 |
+subpaths
+testFailures
+#select
+| main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
new file mode 100644
index 000000000000..2929ae90964f
--- /dev/null
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
@@ -0,0 +1,12 @@
+/**
+ * @kind path-problem
+ */
+
+import rust
+import utils.InlineFlowTest
+import DefaultFlowTest
+import TaintFlow::PathGraph
+
+from TaintFlow::PathNode source, TaintFlow::PathNode sink
+where TaintFlow::flowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()
diff --git a/rust/ql/test/library-tests/dataflow/strings/main.rs b/rust/ql/test/library-tests/dataflow/strings/main.rs
new file mode 100644
index 000000000000..3e2008e9b459
--- /dev/null
+++ b/rust/ql/test/library-tests/dataflow/strings/main.rs
@@ -0,0 +1,81 @@
+// Taint tests for strings
+
+fn source(i: i64) -> String {
+    format!("{}", i)
+}
+
+fn source_slice(_i: i64) -> &'static str {
+    "source"
+}
+
+fn sink_slice(s: &str) {
+    println!("{}", s);
+}
+
+fn sink(s: String) {
+    println!("{}", s);
+}
+
+fn string_slice() {
+    let s = source(35);
+    let sliced = &s[1..3];
+    sink_slice(sliced); // $ MISSING: hasTaintFlow=35
+}
+
+fn string_add() {
+    let s1 = source(83);
+    let s2 = "2".to_owned();
+    let s3 = "3";
+    let s4 = s1 + s3;
+    let s5 = s2 + s3;
+
+    sink(s4); // $ hasTaintFlow=83
+    sink(s5);
+}
+
+fn string_add_reference() {
+    let s1 = source(37);
+    let s2 = "1".to_string();
+
+    sink("Hello ".to_string() + &s1); // $ MISSING: hasTaintFlow=37
+    sink("Hello ".to_string() + &s2);
+}
+
+fn string_from() {
+    let s1 = source_slice(36);
+    let s2 = String::from(s1);
+    sink(s2); // $ MISSING: hasTaintFlow=36
+}
+
+fn string_to_string() {
+    let s1 = source_slice(22);
+    let s2 = s1.to_string();
+    sink(s2); // $ MISSING: hasTaintFlow=22
+}
+
+fn as_str() {
+    let s = source(67);
+    sink_slice(s.as_str()); // $ MISSING: hasTaintFlow=67
+}
+
+fn string_format() {
+    let s1 = source(34);
+    let s2 = "2";
+    let s3 = "3";
+
+    let s4 = format!("{s1} and {s3}");
+    let s5 = format!("{s2} and {s3}");
+
+    sink_slice(&s4); // $ MISSING: hasTaintFlow=34
+    sink_slice(&s5);
+}
+
+fn main() {
+    string_slice();
+    string_add();
+    string_add_reference();
+    string_from();
+    as_str();
+    string_to_string();
+    string_format();
+}
diff --git a/rust/ql/test/utils/InlineFlowTest.qll b/rust/ql/test/utils/InlineFlowTest.qll
index cb5b9f72abb2..894468c5aa9e 100644
--- a/rust/ql/test/utils/InlineFlowTest.qll
+++ b/rust/ql/test/utils/InlineFlowTest.qll
@@ -12,9 +12,13 @@ private import codeql.rust.dataflow.internal.TaintTrackingImpl
 private import codeql.rust.dataflow.internal.ModelsAsData as MaD
 private import internal.InlineExpectationsTestImpl as InlineExpectationsTestImpl
 
-// Holds if the target expression of `call` is a path and the string representation of the path is `name`.
+/**
+ * Holds if the target expression of `call` is a path and the string
+ * representation of the path has `name` as a prefix.
+ */
+bindingset[name]
 private predicate callTargetName(CallExprCfgNode call, string name) {
-  call.getFunction().(PathExprCfgNode).toString() = name
+  call.getFunction().(PathExprCfgNode).toString().matches(name + "%")
 }
 
 private module FlowTestImpl implements InputSig<Location, RustDataFlow> {

From aab3428bc771628bb4787324d30d0999b7b19fbb Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Mon, 16 Dec 2024 11:15:37 +0100
Subject: [PATCH 2/7] Rust: Model address-of and dereference as stores and
 loads

---
 .../rust/dataflow/internal/DataFlowImpl.qll   | 24 +++++++++++++++++--
 .../dataflow/internal/TaintTrackingImpl.qll   |  7 +++++-
 .../rust/elements/internal/VariableImpl.qll   |  1 -
 .../dataflow/local/DataFlowStep.expected      |  1 +
 .../dataflow/pointers/inline-flow.expected    | 12 ++++++++++
 .../library-tests/dataflow/pointers/main.rs   |  2 +-
 .../strings/inline-taint-flow.expected        | 13 ++++++++++
 .../library-tests/dataflow/strings/main.rs    |  4 ++--
 .../dataflow/taint/TaintFlowStep.expected     |  1 +
 .../dataflow/taint/inline-taint-flow.expected |  9 +++++++
 .../test/library-tests/dataflow/taint/main.rs |  2 +-
 .../test/library-tests/variables/Ssa.expected |  9 +++++++
 .../variables/variables.expected              | 10 ++++++++
 .../test/library-tests/variables/variables.rs | 20 ++++++++--------
 14 files changed, 97 insertions(+), 18 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
index a36afb4450f5..0c116ee03e52 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -712,6 +712,11 @@ private class CapturedVariableContent extends Content, TCapturedVariableContent
   override string toString() { result = "captured " + v }
 }
 
+/** A value refered to by a reference. */
+final class ReferenceContent extends Content, TReferenceContent {
+  override string toString() { result = "&ref" }
+}
+
 /**
  * An element in an array.
  */
@@ -1040,6 +1045,13 @@ module RustDataFlow implements InputSig<Location> {
           ["crate::option::Option::Some", "crate::result::Result::Ok"]
       )
       or
+      exists(PrefixExprCfgNode deref |
+        c instanceof ReferenceContent and
+        deref.getOperatorName() = "*" and
+        node1.asExpr() = deref.getExpr() and
+        node2.asExpr() = deref
+      )
+      or
       VariableCapture::readStep(node1, c, node2)
     )
     or
@@ -1123,6 +1135,12 @@ module RustDataFlow implements InputSig<Location> {
         node2.(PostUpdateNode).getPreUpdateNode().asExpr() = index.getBase()
       )
       or
+      exists(RefExprCfgNode ref |
+        c instanceof ReferenceContent and
+        node1.asExpr() = ref.getExpr() and
+        node2.asExpr() = ref
+      )
+      or
       VariableCapture::storeStep(node1, c, node2)
     )
     or
@@ -1382,7 +1400,8 @@ private module Cached {
       e =
         [
           any(IndexExprCfgNode i).getBase(), any(FieldExprCfgNode access).getExpr(),
-          any(TryExprCfgNode try).getExpr()
+          any(TryExprCfgNode try).getExpr(),
+          any(PrefixExprCfgNode pe | pe.getOperatorName() = "*").getExpr()
         ]
     } or
     TSsaNode(SsaImpl::DataFlowIntegration::SsaNode node) or
@@ -1482,7 +1501,8 @@ private module Cached {
     TStructFieldContent(StructCanonicalPath s, string field) {
       field = s.getStruct().getFieldList().(RecordFieldList).getAField().getName().getText()
     } or
-    TCapturedVariableContent(VariableCapture::CapturedVariable v)
+    TCapturedVariableContent(VariableCapture::CapturedVariable v) or
+    TReferenceContent()
 
   cached
   newtype TContentSet = TSingletonContentSet(Content c)
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
index 25cc7e22fafc..986e2e2dde67 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
@@ -46,6 +46,8 @@ module RustTaintTracking implements InputSig<Location, RustDataFlow> {
         RustDataFlow::readStep(pred, cs, succ) and
         cs.getContent() instanceof ArrayElementContent
       )
+      or
+      pred.asExpr() = succ.asExpr().(RefExprCfgNode).getExpr()
     )
     or
     FlowSummaryImpl::Private::Steps::summaryLocalStep(pred.(Node::FlowSummaryNode).getSummaryNode(),
@@ -59,7 +61,10 @@ module RustTaintTracking implements InputSig<Location, RustDataFlow> {
   bindingset[node]
   predicate defaultImplicitTaintRead(Node::Node node, ContentSet cs) {
     exists(node) and
-    cs.(SingletonContentSet).getContent() instanceof ArrayElementContent
+    exists(Content c | c = cs.(SingletonContentSet).getContent() |
+      c instanceof ArrayElementContent or
+      c instanceof ReferenceContent
+    )
   }
 
   /**
diff --git a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
index b21cf924204e..61b81f266ec6 100644
--- a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
+++ b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
@@ -484,7 +484,6 @@ module Impl {
   class VariableReadAccess extends VariableAccess {
     VariableReadAccess() {
       not this instanceof VariableWriteAccess and
-      not this = any(RefExpr re).getExpr() and
       not this = any(CompoundAssignmentExpr cae).getLhs()
     }
   }
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
index f3286730b2ef..500fd9c00721 100644
--- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -530,6 +530,7 @@ storeStep
 readStep
 | file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | Some | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap |
 | main.rs:33:9:33:15 | Some(...) | Some | main.rs:33:14:33:14 | _ |
+| main.rs:87:11:87:11 | i | &ref | main.rs:87:10:87:11 | * ... |
 | main.rs:95:10:95:10 | a | tuple.0 | main.rs:95:10:95:12 | a.0 |
 | main.rs:96:10:96:10 | a | tuple.1 | main.rs:96:10:96:12 | a.1 |
 | main.rs:109:10:109:10 | a | tuple.0 | main.rs:109:10:109:12 | a.0 |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
index 8e1efa3cf6ea..ee54904481ae 100644
--- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
@@ -1,5 +1,10 @@
 models
 edges
+| main.rs:13:13:13:22 | source(...) | main.rs:14:14:14:14 | a | provenance |  |
+| main.rs:14:13:14:14 | &a [&ref] | main.rs:15:14:15:14 | b [&ref] | provenance |  |
+| main.rs:14:14:14:14 | a | main.rs:14:13:14:14 | &a [&ref] | provenance |  |
+| main.rs:15:13:15:14 | * ... | main.rs:16:10:16:10 | c | provenance |  |
+| main.rs:15:14:15:14 | b [&ref] | main.rs:15:13:15:14 | * ... | provenance |  |
 | main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | provenance |  |
 | main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | main.rs:42:32:42:37 | number | provenance |  |
 | main.rs:42:32:42:37 | number | main.rs:40:31:46:5 | { ... } | provenance |  |
@@ -8,6 +13,12 @@ edges
 | main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | provenance |  |
 | main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:59:10:59:30 | my_number.to_number(...) | provenance |  |
 nodes
+| main.rs:13:13:13:22 | source(...) | semmle.label | source(...) |
+| main.rs:14:13:14:14 | &a [&ref] | semmle.label | &a [&ref] |
+| main.rs:14:14:14:14 | a | semmle.label | a |
+| main.rs:15:13:15:14 | * ... | semmle.label | * ... |
+| main.rs:15:14:15:14 | b [&ref] | semmle.label | b [&ref] |
+| main.rs:16:10:16:10 | c | semmle.label | c |
 | main.rs:40:18:40:21 | SelfParam [MyNumber] | semmle.label | SelfParam [MyNumber] |
 | main.rs:40:31:46:5 | { ... } | semmle.label | { ... } |
 | main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
@@ -20,4 +31,5 @@ subpaths
 | main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:40:31:46:5 | { ... } | main.rs:59:10:59:30 | my_number.to_number(...) |
 testFailures
 #select
+| main.rs:16:10:16:10 | c | main.rs:13:13:13:22 | source(...) | main.rs:16:10:16:10 | c | $@ | main.rs:13:13:13:22 | source(...) | source(...) |
 | main.rs:59:10:59:30 | my_number.to_number(...) | main.rs:58:40:58:49 | source(...) | main.rs:59:10:59:30 | my_number.to_number(...) | $@ | main.rs:58:40:58:49 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/main.rs b/rust/ql/test/library-tests/dataflow/pointers/main.rs
index 1ec2c9177481..2644616d1e43 100644
--- a/rust/ql/test/library-tests/dataflow/pointers/main.rs
+++ b/rust/ql/test/library-tests/dataflow/pointers/main.rs
@@ -13,7 +13,7 @@ fn read_through_borrow() {
     let a = source(21);
     let b = &a;
     let c = *b;
-    sink(c); // $ MISSING: hasValueFlow=21
+    sink(c); // $ hasValueFlow=21
 }
 
 fn write_through_borrow() {
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
index 8084135dbcba..876e6a068caa 100644
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -1,10 +1,23 @@
 models
 edges
+| main.rs:20:13:20:22 | source(...) | main.rs:21:19:21:25 | s[...] | provenance |  |
+| main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | provenance |  |
+| main.rs:21:18:21:25 | &... [&ref] | main.rs:22:16:22:21 | sliced | provenance |  |
+| main.rs:21:19:21:25 | s[...] | main.rs:21:18:21:25 | &... [&ref] | provenance |  |
 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | provenance |  |
+| main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | provenance |  |
 nodes
+| main.rs:20:13:20:22 | source(...) | semmle.label | source(...) |
+| main.rs:21:18:21:25 | &... [&ref] | semmle.label | &... [&ref] |
+| main.rs:21:19:21:25 | s[...] | semmle.label | s[...] |
+| main.rs:22:16:22:21 | sliced | semmle.label | sliced |
 | main.rs:26:14:26:23 | source(...) | semmle.label | source(...) |
 | main.rs:32:10:32:11 | s4 | semmle.label | s4 |
+| main.rs:37:14:37:23 | source(...) | semmle.label | source(...) |
+| main.rs:40:10:40:35 | ... + ... | semmle.label | ... + ... |
 subpaths
 testFailures
 #select
+| main.rs:22:16:22:21 | sliced | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | $@ | main.rs:20:13:20:22 | source(...) | source(...) |
 | main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) |
+| main.rs:40:10:40:35 | ... + ... | main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | $@ | main.rs:37:14:37:23 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/strings/main.rs b/rust/ql/test/library-tests/dataflow/strings/main.rs
index 3e2008e9b459..62cea44f89dd 100644
--- a/rust/ql/test/library-tests/dataflow/strings/main.rs
+++ b/rust/ql/test/library-tests/dataflow/strings/main.rs
@@ -19,7 +19,7 @@ fn sink(s: String) {
 fn string_slice() {
     let s = source(35);
     let sliced = &s[1..3];
-    sink_slice(sliced); // $ MISSING: hasTaintFlow=35
+    sink_slice(sliced); // $ hasTaintFlow=35
 }
 
 fn string_add() {
@@ -37,7 +37,7 @@ fn string_add_reference() {
     let s1 = source(37);
     let s2 = "1".to_string();
 
-    sink("Hello ".to_string() + &s1); // $ MISSING: hasTaintFlow=37
+    sink("Hello ".to_string() + &s1); // $ hasTaintFlow=37
     sink("Hello ".to_string() + &s2);
 }
 
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
index 3b727d29b677..c12f5df87774 100644
--- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
@@ -6,6 +6,7 @@
 | main.rs:23:13:23:13 | a | main.rs:23:13:23:19 | a as u8 |  |
 | main.rs:24:10:24:10 | b | main.rs:24:10:24:17 | b as i64 |  |
 | main.rs:38:23:38:23 | s | main.rs:38:23:38:29 | s[...] |  |
+| main.rs:38:23:38:29 | s[...] | main.rs:38:22:38:29 | &... |  |
 | main.rs:54:14:54:16 | arr | main.rs:54:14:54:19 | arr[1] |  |
 | main.rs:64:24:64:24 | s | main.rs:64:24:64:27 | s[1] |  |
 | main.rs:69:9:69:12 | arr2 | main.rs:69:9:69:15 | arr2[1] |  |
diff --git a/rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
index 626607e043c8..4a54e9e258aa 100644
--- a/rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
@@ -3,6 +3,10 @@ edges
 | main.rs:12:13:12:22 | source(...) | main.rs:13:10:13:14 | ... + ... | provenance |  |
 | main.rs:17:13:17:22 | source(...) | main.rs:18:10:18:11 | - ... | provenance |  |
 | main.rs:22:13:22:22 | source(...) | main.rs:24:10:24:17 | b as i64 | provenance |  |
+| main.rs:37:17:37:26 | source(...) | main.rs:38:23:38:29 | s[...] | provenance |  |
+| main.rs:37:17:37:26 | source(...) | main.rs:39:14:39:19 | sliced | provenance |  |
+| main.rs:38:22:38:29 | &... [&ref] | main.rs:39:14:39:19 | sliced | provenance |  |
+| main.rs:38:23:38:29 | s[...] | main.rs:38:22:38:29 | &... [&ref] | provenance |  |
 | main.rs:53:19:53:28 | source(...) | main.rs:54:14:54:19 | arr[1] | provenance |  |
 | main.rs:69:9:69:12 | [post] arr2 [array[]] | main.rs:70:14:70:17 | arr2 | provenance |  |
 | main.rs:69:19:69:28 | source(...) | main.rs:69:9:69:12 | [post] arr2 [array[]] | provenance |  |
@@ -13,6 +17,10 @@ nodes
 | main.rs:18:10:18:11 | - ... | semmle.label | - ... |
 | main.rs:22:13:22:22 | source(...) | semmle.label | source(...) |
 | main.rs:24:10:24:17 | b as i64 | semmle.label | b as i64 |
+| main.rs:37:17:37:26 | source(...) | semmle.label | source(...) |
+| main.rs:38:22:38:29 | &... [&ref] | semmle.label | &... [&ref] |
+| main.rs:38:23:38:29 | s[...] | semmle.label | s[...] |
+| main.rs:39:14:39:19 | sliced | semmle.label | sliced |
 | main.rs:53:19:53:28 | source(...) | semmle.label | source(...) |
 | main.rs:54:14:54:19 | arr[1] | semmle.label | arr[1] |
 | main.rs:69:9:69:12 | [post] arr2 [array[]] | semmle.label | [post] arr2 [array[]] |
@@ -24,5 +32,6 @@ testFailures
 | main.rs:13:10:13:14 | ... + ... | main.rs:12:13:12:22 | source(...) | main.rs:13:10:13:14 | ... + ... | $@ | main.rs:12:13:12:22 | source(...) | source(...) |
 | main.rs:18:10:18:11 | - ... | main.rs:17:13:17:22 | source(...) | main.rs:18:10:18:11 | - ... | $@ | main.rs:17:13:17:22 | source(...) | source(...) |
 | main.rs:24:10:24:17 | b as i64 | main.rs:22:13:22:22 | source(...) | main.rs:24:10:24:17 | b as i64 | $@ | main.rs:22:13:22:22 | source(...) | source(...) |
+| main.rs:39:14:39:19 | sliced | main.rs:37:17:37:26 | source(...) | main.rs:39:14:39:19 | sliced | $@ | main.rs:37:17:37:26 | source(...) | source(...) |
 | main.rs:54:14:54:19 | arr[1] | main.rs:53:19:53:28 | source(...) | main.rs:54:14:54:19 | arr[1] | $@ | main.rs:53:19:53:28 | source(...) | source(...) |
 | main.rs:70:14:70:17 | arr2 | main.rs:69:19:69:28 | source(...) | main.rs:70:14:70:17 | arr2 | $@ | main.rs:69:19:69:28 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/taint/main.rs b/rust/ql/test/library-tests/dataflow/taint/main.rs
index 71bababfba64..90af2ec8a060 100644
--- a/rust/ql/test/library-tests/dataflow/taint/main.rs
+++ b/rust/ql/test/library-tests/dataflow/taint/main.rs
@@ -36,7 +36,7 @@ mod string {
     pub fn string_slice() {
         let s = source(35);
         let sliced = &s[1..3];
-        sink(sliced); // $ MISSING: hasTaintFlow=35
+        sink(sliced); // $ hasTaintFlow=35
     }
 }
 
diff --git a/rust/ql/test/library-tests/variables/Ssa.expected b/rust/ql/test/library-tests/variables/Ssa.expected
index 13e7f1e4ce38..e34b8218db3f 100644
--- a/rust/ql/test/library-tests/variables/Ssa.expected
+++ b/rust/ql/test/library-tests/variables/Ssa.expected
@@ -152,6 +152,8 @@ read
 | variables.rs:16:9:16:10 | x1 | variables.rs:16:9:16:10 | x1 | variables.rs:17:15:17:16 | x1 |
 | variables.rs:21:9:21:14 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:22:15:22:16 | x2 |
 | variables.rs:23:5:23:6 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:24:15:24:16 | x2 |
+| variables.rs:28:9:28:13 | x | variables.rs:28:13:28:13 | x | variables.rs:29:20:29:20 | x |
+| variables.rs:30:5:30:5 | x | variables.rs:28:13:28:13 | x | variables.rs:31:20:31:20 | x |
 | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:36:15:36:16 | x3 |
 | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:38:9:38:10 | x3 |
 | variables.rs:37:9:37:10 | x3 | variables.rs:37:9:37:10 | x3 | variables.rs:39:15:39:16 | x3 |
@@ -276,7 +278,9 @@ read
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:512:5:512:5 | a |
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:513:15:513:15 | a |
 | variables.rs:514:5:514:5 | a | variables.rs:510:13:510:13 | a | variables.rs:515:15:515:15 | a |
+| variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:520:20:520:20 | x |
 | variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:521:15:521:15 | x |
+| variables.rs:523:9:523:9 | z | variables.rs:523:9:523:9 | z | variables.rs:524:20:524:20 | z |
 | variables.rs:532:10:532:18 | SelfParam | variables.rs:532:15:532:18 | self | variables.rs:533:6:533:9 | self |
 firstRead
 | variables.rs:3:14:3:14 | s | variables.rs:3:14:3:14 | s | variables.rs:4:20:4:20 | s |
@@ -285,6 +289,8 @@ firstRead
 | variables.rs:16:9:16:10 | x1 | variables.rs:16:9:16:10 | x1 | variables.rs:17:15:17:16 | x1 |
 | variables.rs:21:9:21:14 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:22:15:22:16 | x2 |
 | variables.rs:23:5:23:6 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:24:15:24:16 | x2 |
+| variables.rs:28:9:28:13 | x | variables.rs:28:13:28:13 | x | variables.rs:29:20:29:20 | x |
+| variables.rs:30:5:30:5 | x | variables.rs:28:13:28:13 | x | variables.rs:31:20:31:20 | x |
 | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:36:15:36:16 | x3 |
 | variables.rs:37:9:37:10 | x3 | variables.rs:37:9:37:10 | x3 | variables.rs:39:15:39:16 | x3 |
 | variables.rs:43:9:43:10 | x4 | variables.rs:43:9:43:10 | x4 | variables.rs:44:15:44:16 | x4 |
@@ -383,7 +389,9 @@ firstRead
 | variables.rs:491:22:491:22 | n | variables.rs:491:22:491:22 | n | variables.rs:493:25:493:25 | n |
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:511:15:511:15 | a |
 | variables.rs:514:5:514:5 | a | variables.rs:510:13:510:13 | a | variables.rs:515:15:515:15 | a |
+| variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:520:20:520:20 | x |
 | variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:521:15:521:15 | x |
+| variables.rs:523:9:523:9 | z | variables.rs:523:9:523:9 | z | variables.rs:524:20:524:20 | z |
 | variables.rs:532:10:532:18 | SelfParam | variables.rs:532:15:532:18 | self | variables.rs:533:6:533:9 | self |
 lastRead
 | variables.rs:3:14:3:14 | s | variables.rs:3:14:3:14 | s | variables.rs:4:20:4:20 | s |
@@ -523,6 +531,7 @@ adjacentReads
 | variables.rs:491:13:491:17 | f | variables.rs:491:17:491:17 | f | variables.rs:495:9:495:9 | f | variables.rs:496:9:496:9 | f |
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:511:15:511:15 | a | variables.rs:512:5:512:5 | a |
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:512:5:512:5 | a | variables.rs:513:15:513:15 | a |
+| variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:520:20:520:20 | x | variables.rs:521:15:521:15 | x |
 phi
 | variables.rs:191:9:191:44 | [match(true)] phi | variables.rs:191:9:191:44 | a3 | variables.rs:191:22:191:23 | a3 |
 | variables.rs:191:9:191:44 | [match(true)] phi | variables.rs:191:9:191:44 | a3 | variables.rs:191:42:191:43 | a3 |
diff --git a/rust/ql/test/library-tests/variables/variables.expected b/rust/ql/test/library-tests/variables/variables.expected
index 1e3fc90633ce..6a310db8cb0a 100644
--- a/rust/ql/test/library-tests/variables/variables.expected
+++ b/rust/ql/test/library-tests/variables/variables.expected
@@ -293,6 +293,8 @@ variableReadAccess
 | variables.rs:17:15:17:16 | x1 | variables.rs:16:9:16:10 | x1 |
 | variables.rs:22:15:22:16 | x2 | variables.rs:21:13:21:14 | x2 |
 | variables.rs:24:15:24:16 | x2 | variables.rs:21:13:21:14 | x2 |
+| variables.rs:29:20:29:20 | x | variables.rs:28:13:28:13 | x |
+| variables.rs:31:20:31:20 | x | variables.rs:28:13:28:13 | x |
 | variables.rs:36:15:36:16 | x3 | variables.rs:35:9:35:10 | x3 |
 | variables.rs:38:9:38:10 | x3 | variables.rs:35:9:35:10 | x3 |
 | variables.rs:39:15:39:16 | x3 | variables.rs:37:9:37:10 | x3 |
@@ -369,7 +371,9 @@ variableReadAccess
 | variables.rs:335:12:335:12 | v | variables.rs:332:9:332:9 | v |
 | variables.rs:336:19:336:22 | text | variables.rs:334:9:334:12 | text |
 | variables.rs:343:15:343:15 | a | variables.rs:341:13:341:13 | a |
+| variables.rs:344:11:344:11 | a | variables.rs:341:13:341:13 | a |
 | variables.rs:345:15:345:15 | a | variables.rs:341:13:341:13 | a |
+| variables.rs:351:14:351:14 | i | variables.rs:349:13:349:13 | i |
 | variables.rs:352:6:352:10 | ref_i | variables.rs:350:9:350:13 | ref_i |
 | variables.rs:353:15:353:15 | i | variables.rs:349:13:349:13 | i |
 | variables.rs:357:6:357:6 | x | variables.rs:356:17:356:17 | x |
@@ -381,11 +385,15 @@ variableReadAccess
 | variables.rs:366:10:366:10 | x | variables.rs:363:22:363:22 | x |
 | variables.rs:367:6:367:6 | y | variables.rs:363:39:363:39 | y |
 | variables.rs:368:9:368:9 | x | variables.rs:363:22:363:22 | x |
+| variables.rs:374:27:374:27 | x | variables.rs:372:13:372:13 | x |
 | variables.rs:375:6:375:6 | y | variables.rs:373:9:373:9 | y |
 | variables.rs:377:15:377:15 | x | variables.rs:372:13:372:13 | x |
+| variables.rs:381:19:381:19 | x | variables.rs:372:13:372:13 | x |
+| variables.rs:383:14:383:14 | z | variables.rs:379:13:379:13 | z |
 | variables.rs:384:9:384:9 | w | variables.rs:380:9:380:9 | w |
 | variables.rs:386:7:386:7 | w | variables.rs:380:9:380:9 | w |
 | variables.rs:388:15:388:15 | z | variables.rs:379:13:379:13 | z |
+| variables.rs:394:14:394:14 | x | variables.rs:392:13:392:13 | x |
 | variables.rs:395:6:395:6 | y | variables.rs:393:9:393:9 | y |
 | variables.rs:396:15:396:15 | x | variables.rs:392:13:392:13 | x |
 | variables.rs:403:19:403:19 | x | variables.rs:400:9:400:9 | x |
@@ -429,7 +437,9 @@ variableReadAccess
 | variables.rs:512:5:512:5 | a | variables.rs:510:13:510:13 | a |
 | variables.rs:513:15:513:15 | a | variables.rs:510:13:510:13 | a |
 | variables.rs:515:15:515:15 | a | variables.rs:510:13:510:13 | a |
+| variables.rs:520:20:520:20 | x | variables.rs:519:9:519:9 | x |
 | variables.rs:521:15:521:15 | x | variables.rs:519:9:519:9 | x |
+| variables.rs:524:20:524:20 | z | variables.rs:523:9:523:9 | z |
 | variables.rs:533:6:533:9 | self | variables.rs:532:15:532:18 | self |
 | variables.rs:539:3:539:3 | a | variables.rs:538:11:538:11 | a |
 | variables.rs:541:13:541:13 | a | variables.rs:538:11:538:11 | a |
diff --git a/rust/ql/test/library-tests/variables/variables.rs b/rust/ql/test/library-tests/variables/variables.rs
index 155ebaa8584a..637538695b8d 100644
--- a/rust/ql/test/library-tests/variables/variables.rs
+++ b/rust/ql/test/library-tests/variables/variables.rs
@@ -26,9 +26,9 @@ fn mutable_variable() {
 
 fn mutable_variable_immutable_borrow() {
     let mut x = 1;
-    print_i64_ref(&x); // $ access=x
+    print_i64_ref(&x); // $ read_access=x
     x = 2; // $ write_access=x
-    print_i64_ref(&x); // $ access=x
+    print_i64_ref(&x); // $ read_access=x
 }
 
 fn variable_shadow1() {
@@ -341,14 +341,14 @@ fn add_assign() {
     let mut a = 0; // a
     a += 1; // $ access=a
     print_i64(a); // $ read_access=a
-    (&mut a).add_assign(10); // $ access=a
+    (&mut a).add_assign(10); // $ read_access=a
     print_i64(a); // $ read_access=a
 }
 
 fn mutate() {
     let mut i = 1; // i
     let ref_i = // ref_i
-        &mut i; // $ access=i
+        &mut i; // $ read_access=i
     *ref_i = 2; // $ read_access=ref_i
     print_i64(i); // $ read_access=i
 }
@@ -371,16 +371,16 @@ fn mutate_param2<'a>(x : &'a mut i64, y :&mut &'a mut i64) {
 fn mutate_arg() {
     let mut x = 2; // x
     let y = // y
-        mutate_param(&mut x); // $ access=x
+        mutate_param(&mut x); // $ read_access=x
     *y = 10; // $ read_access=y
     // prints 10, not 4
     print_i64(x); // $ read_access=x
 
     let mut z = 4; // z
     let w = // w
-        &mut &mut x; // $ access=x
+        &mut &mut x; // $ read_access=x
     mutate_param2(
-        &mut z, // $ access=z
+        &mut z, // $ read_access=z
         w // $ read_access=w
     );
     **w = 11; // $ read_access=w
@@ -391,7 +391,7 @@ fn mutate_arg() {
 fn alias() {
     let mut x = 1; // x
     let y = // y
-        &mut x; // $ access=x
+        &mut x; // $ read_access=x
     *y = 2; // $ read_access=y
     print_i64(x); // $ read_access=x
 }
@@ -517,11 +517,11 @@ fn arrays() {
 
 fn ref_arg() {
     let x = 16; // x
-    print_i64_ref(&x); // $ access=x
+    print_i64_ref(&x); // $ read_access=x
     print_i64(x); // $ read_access=x
 
     let z = 17; // z
-    print_i64_ref(&z); // $ access=z
+    print_i64_ref(&z); // $ read_access=z
 }
 
 trait Bar {

From defbbb2a2439d5bb0c3234dc417b6eb6b90d638a Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Mon, 16 Dec 2024 11:46:57 +0100
Subject: [PATCH 3/7] Rust: Add additional models for stdlib and sqlx

---
 .../codeql/rust/frameworks/reqwest.model.yml  |  6 ++
 .../frameworks/stdlib/lang-core.model.yml     | 13 +++
 .../dataflow/local/DataFlowStep.expected      |  5 +
 .../dataflow/local/inline-flow.expected       | 14 +++
 .../test/library-tests/dataflow/local/main.rs |  4 +-
 .../library-tests/dataflow/sources/test.rs    |  4 +-
 .../strings/inline-taint-flow.expected        |  7 ++
 .../library-tests/dataflow/strings/main.rs    |  2 +-
 .../dataflow/taint/TaintFlowStep.expected     |  6 ++
 .../security/CWE-089/SqlInjection.expected    | 91 +++++++++++++++++++
 .../test/query-tests/security/CWE-089/sqlx.rs | 32 +++----
 11 files changed, 163 insertions(+), 21 deletions(-)
 create mode 100644 rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml

diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
new file mode 100644
index 000000000000..48835844e50c
--- /dev/null
+++ b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: summaryModel
+    data:
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text", "Argument[self]", "ReturnValue", "taint", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
index db61e6c70b5b..9fc8d029a428 100644
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
@@ -3,4 +3,17 @@ extensions:
       pack: codeql/rust-all
       extensible: summaryModel
     data:
+      # Option
       - ["lang:core", "<crate::option::Option>::unwrap", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::option::Option>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self]", "ReturnValue", "taint", "manual"]
+      # Result
+      - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[self]", "ReturnValue", "taint", "manual"]
+      # String
+      - ["lang:alloc", "<crate::string::String>::as_str", "Argument[self]", "ReturnValue", "taint", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
index 500fd9c00721..31798fa0c488 100644
--- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -207,9 +207,11 @@ localStep
 | main.rs:229:9:229:10 | [SSA] s1 | main.rs:230:10:230:11 | s1 |
 | main.rs:229:9:229:10 | s1 | main.rs:229:9:229:10 | [SSA] s1 |
 | main.rs:229:14:229:29 | Some(...) | main.rs:229:9:229:10 | s1 |
+| main.rs:230:23:230:23 | 0 | main.rs:230:10:230:24 | s1.unwrap_or(...) |
 | main.rs:232:9:232:10 | [SSA] s2 | main.rs:233:10:233:11 | s2 |
 | main.rs:232:9:232:10 | s2 | main.rs:232:9:232:10 | [SSA] s2 |
 | main.rs:232:14:232:20 | Some(...) | main.rs:232:9:232:10 | s2 |
+| main.rs:233:23:233:32 | source(...) | main.rs:233:10:233:33 | s2.unwrap_or(...) |
 | main.rs:237:9:237:10 | [SSA] s1 | main.rs:239:14:239:15 | s1 |
 | main.rs:237:9:237:10 | s1 | main.rs:237:9:237:10 | [SSA] s1 |
 | main.rs:237:14:237:29 | Some(...) | main.rs:237:9:237:10 | s1 |
@@ -529,6 +531,9 @@ storeStep
 | main.rs:407:27:407:27 | 0 | Some | main.rs:407:22:407:28 | Some(...) |
 readStep
 | file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | Some | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap_or | Some | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::option::Option::Some(0)] in lang:core::_::<crate::option::Option>::unwrap_or |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | Ok | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::result::Result::Ok(0)] in lang:core::_::<crate::result::Result>::unwrap |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | Ok | file://:0:0:0:0 | [summary] read: Argument[self].Variant[crate::result::Result::Ok(0)] in lang:core::_::<crate::result::Result>::unwrap_or |
 | main.rs:33:9:33:15 | Some(...) | Some | main.rs:33:14:33:14 | _ |
 | main.rs:87:11:87:11 | i | &ref | main.rs:87:10:87:11 | * ... |
 | main.rs:95:10:95:10 | a | tuple.0 | main.rs:95:10:95:12 | a.0 |
diff --git a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected
index d19b0a5bcb04..f7d7f4ee79d7 100644
--- a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected
@@ -1,5 +1,7 @@
 models
 | 1 | Summary: lang:core; <crate::option::Option>::unwrap; Argument[self].Variant[crate::option::Option::Some(0)]; ReturnValue; value |
+| 2 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[0]; ReturnValue; value |
+| 3 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[self].Variant[crate::option::Option::Some(0)]; ReturnValue; value |
 edges
 | main.rs:19:13:19:21 | source(...) | main.rs:20:10:20:10 | s | provenance |  |
 | main.rs:24:13:24:21 | source(...) | main.rs:27:10:27:10 | c | provenance |  |
@@ -37,6 +39,10 @@ edges
 | main.rs:224:14:224:29 | Some(...) [Some] | main.rs:225:10:225:11 | s1 [Some] | provenance |  |
 | main.rs:224:19:224:28 | source(...) | main.rs:224:14:224:29 | Some(...) [Some] | provenance |  |
 | main.rs:225:10:225:11 | s1 [Some] | main.rs:225:10:225:20 | s1.unwrap(...) | provenance | MaD:1 |
+| main.rs:229:14:229:29 | Some(...) [Some] | main.rs:230:10:230:11 | s1 [Some] | provenance |  |
+| main.rs:229:19:229:28 | source(...) | main.rs:229:14:229:29 | Some(...) [Some] | provenance |  |
+| main.rs:230:10:230:11 | s1 [Some] | main.rs:230:10:230:24 | s1.unwrap_or(...) | provenance | MaD:3 |
+| main.rs:233:23:233:32 | source(...) | main.rs:233:10:233:33 | s2.unwrap_or(...) | provenance | MaD:2 |
 | main.rs:237:14:237:29 | Some(...) [Some] | main.rs:239:14:239:15 | s1 [Some] | provenance |  |
 | main.rs:237:19:237:28 | source(...) | main.rs:237:14:237:29 | Some(...) [Some] | provenance |  |
 | main.rs:239:14:239:15 | s1 [Some] | main.rs:239:14:239:16 | TryExpr | provenance |  |
@@ -150,6 +156,12 @@ nodes
 | main.rs:224:19:224:28 | source(...) | semmle.label | source(...) |
 | main.rs:225:10:225:11 | s1 [Some] | semmle.label | s1 [Some] |
 | main.rs:225:10:225:20 | s1.unwrap(...) | semmle.label | s1.unwrap(...) |
+| main.rs:229:14:229:29 | Some(...) [Some] | semmle.label | Some(...) [Some] |
+| main.rs:229:19:229:28 | source(...) | semmle.label | source(...) |
+| main.rs:230:10:230:11 | s1 [Some] | semmle.label | s1 [Some] |
+| main.rs:230:10:230:24 | s1.unwrap_or(...) | semmle.label | s1.unwrap_or(...) |
+| main.rs:233:10:233:33 | s2.unwrap_or(...) | semmle.label | s2.unwrap_or(...) |
+| main.rs:233:23:233:32 | source(...) | semmle.label | source(...) |
 | main.rs:237:14:237:29 | Some(...) [Some] | semmle.label | Some(...) [Some] |
 | main.rs:237:19:237:28 | source(...) | semmle.label | source(...) |
 | main.rs:239:14:239:15 | s1 [Some] | semmle.label | s1 [Some] |
@@ -240,6 +252,8 @@ testFailures
 | main.rs:201:33:201:33 | n | main.rs:198:27:198:36 | source(...) | main.rs:201:33:201:33 | n | $@ | main.rs:198:27:198:36 | source(...) | source(...) |
 | main.rs:214:25:214:25 | n | main.rs:211:19:211:28 | source(...) | main.rs:214:25:214:25 | n | $@ | main.rs:211:19:211:28 | source(...) | source(...) |
 | main.rs:225:10:225:20 | s1.unwrap(...) | main.rs:224:19:224:28 | source(...) | main.rs:225:10:225:20 | s1.unwrap(...) | $@ | main.rs:224:19:224:28 | source(...) | source(...) |
+| main.rs:230:10:230:24 | s1.unwrap_or(...) | main.rs:229:19:229:28 | source(...) | main.rs:230:10:230:24 | s1.unwrap_or(...) | $@ | main.rs:229:19:229:28 | source(...) | source(...) |
+| main.rs:233:10:233:33 | s2.unwrap_or(...) | main.rs:233:23:233:32 | source(...) | main.rs:233:10:233:33 | s2.unwrap_or(...) | $@ | main.rs:233:23:233:32 | source(...) | source(...) |
 | main.rs:240:10:240:11 | i1 | main.rs:237:19:237:28 | source(...) | main.rs:240:10:240:11 | i1 | $@ | main.rs:237:19:237:28 | source(...) | source(...) |
 | main.rs:251:10:251:11 | i1 | main.rs:246:35:246:44 | source(...) | main.rs:251:10:251:11 | i1 | $@ | main.rs:246:35:246:44 | source(...) | source(...) |
 | main.rs:267:35:267:35 | n | main.rs:264:29:264:38 | source(...) | main.rs:267:35:267:35 | n | $@ | main.rs:264:29:264:38 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/local/main.rs b/rust/ql/test/library-tests/dataflow/local/main.rs
index 566cec6340a8..e8d01b46ed70 100644
--- a/rust/ql/test/library-tests/dataflow/local/main.rs
+++ b/rust/ql/test/library-tests/dataflow/local/main.rs
@@ -227,10 +227,10 @@ fn option_unwrap() {
 
 fn option_unwrap_or() {
     let s1 = Some(source(46));
-    sink(s1.unwrap_or(0)); // $ MISSING: hasValueFlow=46
+    sink(s1.unwrap_or(0)); // $ hasValueFlow=46
 
     let s2 = Some(0);
-    sink(s2.unwrap_or(source(47))); // $ MISSING: hasValueFlow=47
+    sink(s2.unwrap_or(source(47))); // $ hasValueFlow=47
 }
 
 fn option_questionmark() -> Option<i64> {
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
index 7b33a00864e2..d025ea90fdfc 100644
--- a/rust/ql/test/library-tests/dataflow/sources/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -12,7 +12,7 @@ fn test_env_vars() {
     let var2 = std::env::var_os("PATH").unwrap(); // $ Alert[rust/summary/taint-sources]
 
     sink(var1); // $ MISSING: hasTaintFlow
-    sink(var2); // $ MISSING: hasTaintFlow
+    sink(var2); // $ hasTaintFlow
 
     for (key, value) in std::env::vars() { // $ Alert[rust/summary/taint-sources]
         sink(key); // $ MISSING: hasTaintFlow
@@ -61,7 +61,7 @@ async fn test_reqwest() -> Result<(), reqwest::Error> {
     sink(remote_string1); // $ MISSING: hasTaintFlow
 
     let remote_string2 = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap(); // $ Alert[rust/summary/taint-sources]
-    sink(remote_string2); // $ MISSING: hasTaintFlow
+    sink(remote_string2); // $ hasTaintFlow
 
     let remote_string3 = reqwest::get("http://example.com/").await?.text().await?; // $ Alert[rust/summary/taint-sources]
     sink(remote_string3); // $ MISSING: hasTaintFlow
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
index 876e6a068caa..52042c61e9ee 100644
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -1,4 +1,5 @@
 models
+| 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
 edges
 | main.rs:20:13:20:22 | source(...) | main.rs:21:19:21:25 | s[...] | provenance |  |
 | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | provenance |  |
@@ -6,6 +7,8 @@ edges
 | main.rs:21:19:21:25 | s[...] | main.rs:21:18:21:25 | &... [&ref] | provenance |  |
 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | provenance |  |
 | main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | provenance |  |
+| main.rs:57:13:57:22 | source(...) | main.rs:58:16:58:16 | s | provenance |  |
+| main.rs:58:16:58:16 | s | main.rs:58:16:58:25 | s.as_str(...) | provenance | MaD:1 |
 nodes
 | main.rs:20:13:20:22 | source(...) | semmle.label | source(...) |
 | main.rs:21:18:21:25 | &... [&ref] | semmle.label | &... [&ref] |
@@ -15,9 +18,13 @@ nodes
 | main.rs:32:10:32:11 | s4 | semmle.label | s4 |
 | main.rs:37:14:37:23 | source(...) | semmle.label | source(...) |
 | main.rs:40:10:40:35 | ... + ... | semmle.label | ... + ... |
+| main.rs:57:13:57:22 | source(...) | semmle.label | source(...) |
+| main.rs:58:16:58:16 | s | semmle.label | s |
+| main.rs:58:16:58:25 | s.as_str(...) | semmle.label | s.as_str(...) |
 subpaths
 testFailures
 #select
 | main.rs:22:16:22:21 | sliced | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | $@ | main.rs:20:13:20:22 | source(...) | source(...) |
 | main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) |
 | main.rs:40:10:40:35 | ... + ... | main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | $@ | main.rs:37:14:37:23 | source(...) | source(...) |
+| main.rs:58:16:58:25 | s.as_str(...) | main.rs:57:13:57:22 | source(...) | main.rs:58:16:58:25 | s.as_str(...) | $@ | main.rs:57:13:57:22 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/strings/main.rs b/rust/ql/test/library-tests/dataflow/strings/main.rs
index 62cea44f89dd..7ce170ec3c63 100644
--- a/rust/ql/test/library-tests/dataflow/strings/main.rs
+++ b/rust/ql/test/library-tests/dataflow/strings/main.rs
@@ -55,7 +55,7 @@ fn string_to_string() {
 
 fn as_str() {
     let s = source(67);
-    sink_slice(s.as_str()); // $ MISSING: hasTaintFlow=67
+    sink_slice(s.as_str()); // $ hasTaintFlow=67
 }
 
 fn string_format() {
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
index c12f5df87774..b044999e57fe 100644
--- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
@@ -1,3 +1,9 @@
+| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:11 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap | MaD:2 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap_or | MaD:5 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap | MaD:7 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or | MaD:10 |
+| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
 | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:13:10:13:10 | a | main.rs:13:10:13:14 | ... + ... |  |
diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
index 58f42bec0c84..e04397c16347 100644
--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -1,4 +1,95 @@
 #select
+| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:69 | ...::get(...) | user-provided value |
+| sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:69 | ...::get(...) | user-provided value |
+| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:69 | ...::get(...) | user-provided value |
+| sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:69 | ...::get(...) | user-provided value |
+| sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
+| sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
+| sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
+| sqlx.rs:123:29:123:51 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:123:29:123:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
+| sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
+| sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
+| sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
+| sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:169:25:169:69 | ...::get(...) | user-provided value |
+| sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:169:25:169:69 | ...::get(...) | user-provided value |
 edges
+| sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:48:25:48:78 | ... .unwrap(...) | provenance | MaD:2 |
+| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) | provenance | MaD:4 |
+| sqlx.rs:48:25:48:85 | ... .text(...) | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:65:30:65:43 | unsafe_query_2 | provenance |  |
+| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:66:30:66:43 | unsafe_query_3 | provenance |  |
+| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:76:29:76:42 | unsafe_query_2 | provenance |  |
+| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:77:29:77:42 | unsafe_query_3 | provenance |  |
+| sqlx.rs:65:30:65:43 | unsafe_query_2 | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:66:30:66:43 | unsafe_query_3 | sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:76:29:76:42 | unsafe_query_2 | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:77:29:77:42 | unsafe_query_3 | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:96:25:96:78 | ... .unwrap(...) | provenance | MaD:2 |
+| sqlx.rs:96:25:96:78 | ... .unwrap(...) | sqlx.rs:96:25:96:85 | ... .text(...) | provenance | MaD:4 |
+| sqlx.rs:96:25:96:85 | ... .text(...) | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:104:30:104:43 | unsafe_query_1 | provenance |  |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:109:31:109:44 | unsafe_query_1 | provenance |  |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:116:29:116:42 | unsafe_query_1 | provenance |  |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:123:29:123:42 | unsafe_query_1 | provenance |  |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:132:55:132:68 | unsafe_query_1 | provenance |  |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:141:55:141:68 | unsafe_query_1 | provenance |  |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:149:29:149:42 | unsafe_query_1 | provenance |  |
+| sqlx.rs:104:30:104:43 | unsafe_query_1 | sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:109:31:109:44 | unsafe_query_1 | sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:116:29:116:42 | unsafe_query_1 | sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:123:29:123:42 | unsafe_query_1 | sqlx.rs:123:29:123:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:132:55:132:68 | unsafe_query_1 | sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:141:55:141:68 | unsafe_query_1 | sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:149:29:149:42 | unsafe_query_1 | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:169:25:169:78 | ... .unwrap(...) | provenance | MaD:2 |
+| sqlx.rs:169:25:169:78 | ... .unwrap(...) | sqlx.rs:169:25:169:85 | ... .text(...) | provenance | MaD:4 |
+| sqlx.rs:169:25:169:85 | ... .text(...) | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:177:30:177:43 | unsafe_query_1 | provenance |  |
+| sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:184:29:184:42 | unsafe_query_1 | provenance |  |
+| sqlx.rs:177:30:177:43 | unsafe_query_1 | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:184:29:184:42 | unsafe_query_1 | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+models
+| 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
+| 2 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self]; ReturnValue; taint |
+| 3 | Summary: lang:core; <crate::result::Result>::unwrap_or; Argument[self]; ReturnValue; taint |
+| 4 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue; taint |
 nodes
+| sqlx.rs:48:25:48:69 | ...::get(...) | semmle.label | ...::get(...) |
+| sqlx.rs:48:25:48:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
+| sqlx.rs:48:25:48:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| sqlx.rs:65:30:65:43 | unsafe_query_2 | semmle.label | unsafe_query_2 |
+| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) |
+| sqlx.rs:66:30:66:43 | unsafe_query_3 | semmle.label | unsafe_query_3 |
+| sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | semmle.label | unsafe_query_3.as_str(...) |
+| sqlx.rs:76:29:76:42 | unsafe_query_2 | semmle.label | unsafe_query_2 |
+| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) |
+| sqlx.rs:77:29:77:42 | unsafe_query_3 | semmle.label | unsafe_query_3 |
+| sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | semmle.label | unsafe_query_3.as_str(...) |
+| sqlx.rs:96:25:96:69 | ...::get(...) | semmle.label | ...::get(...) |
+| sqlx.rs:96:25:96:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
+| sqlx.rs:96:25:96:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| sqlx.rs:104:30:104:43 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:109:31:109:44 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:116:29:116:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:123:29:123:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:123:29:123:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:132:55:132:68 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:141:55:141:68 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:149:29:149:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:169:25:169:69 | ...::get(...) | semmle.label | ...::get(...) |
+| sqlx.rs:169:25:169:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
+| sqlx.rs:169:25:169:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| sqlx.rs:177:30:177:43 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:184:29:184:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
+| sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
 subpaths
diff --git a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
index 173f6c730b29..133fc29db52d 100644
--- a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
@@ -45,7 +45,7 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
     // construct queries (with extra variants)
     let const_string = String::from("Alice");
     let arg_string = std::env::args().nth(1).unwrap_or(String::from("Alice")); // $ MISSING: Source=args1
-    let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ MISSING: Source=remote1
+    let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ Source=remote1
     let remote_number = remote_string.parse::<i32>().unwrap_or(0);
     let safe_query_1 = String::from("SELECT * FROM people WHERE firstname='Alice'");
     let safe_query_2 = String::from("SELECT * FROM people WHERE firstname='") + &const_string + "'";
@@ -62,8 +62,8 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
     let _ = conn.execute(safe_query_3.as_str()).await?; // $ sql-sink
     let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink MISSING: Alert[sql-injection]=args1
     if enable_remote {
-        let _ = conn.execute(unsafe_query_2.as_str()).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote1
-        let _ = conn.execute(unsafe_query_3.as_str()).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote1
+        let _ = conn.execute(unsafe_query_2.as_str()).await?; // $ sql-sink Alert=remote1
+        let _ = conn.execute(unsafe_query_3.as_str()).await?; // $ sql-sink Alert=remote1
         let _ = conn.execute(unsafe_query_4.as_str()).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote1
     }
 
@@ -73,8 +73,8 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
     let _ = sqlx::query(safe_query_3.as_str()).execute(&pool).await?; // $ sql-sink
     let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[sql-injection]=args1
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote1
-        let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote1
+        let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink Alert=remote1
+        let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink Alert=remote1
         let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote1
     }
     let _ = sqlx::query(prepared_query_1.as_str()).bind(const_string).execute(&pool).await?; // $ sql-sink
@@ -93,7 +93,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
 
     // construct queries
     let const_string = String::from("Alice");
-    let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ MISSING: Source=remote2
+    let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ Source=remote2
     let safe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &const_string + "'";
     let unsafe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
     let prepared_query_1 = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe)
@@ -101,26 +101,26 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     // direct execution (with extra variants)
     let _ = conn.execute(safe_query_1.as_str()).await?; // $ sql-sink
     if enable_remote {
-        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote2
+        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert=remote2
     }
     // ...
     let _ = sqlx::raw_sql(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote2
+        let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert=remote2
     }
 
     // prepared queries (with extra variants)
     let _ = sqlx::query(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&mut conn).await?; // $ sql-sink
     }
     // ...
     let _ = sqlx::query(safe_query_1.as_str()).fetch(&mut conn); // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch(&mut conn); // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink MISSING: Alert[sql-injection]=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink Alert=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch(&mut conn); // $ sql-sink
     }
     // ...
@@ -129,7 +129,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let row2: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_one(&mut conn).await?; // $ sql-sink
     println!("  row2 = {:?}", row2);
     if enable_remote {
-        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote2
+        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink Alert=remote2
         let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_one(&mut conn).await?; // $ sql-sink
     }
     // ...
@@ -138,7 +138,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let row4: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink
     println!("  row4 = {:?}", row4);
     if enable_remote {
-        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ MISSING: Alert[sql-injection]=remote2
+        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ Alert=remote2
         let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink
     }
     // ...
@@ -146,7 +146,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink
     let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink Alert=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink
         let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink
     }
@@ -166,7 +166,7 @@ async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx::
 
     // construct queries
     let const_string = String::from("Alice");
-    let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ MISSING: Source=remote3
+    let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ Source=remote3
     let safe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &const_string + "'";
     let unsafe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'";
     let prepared_query_1 = String::from("SELECT * FROM people WHERE firstname=$1"); // (prepared arguments are safe)
@@ -174,14 +174,14 @@ async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx::
     // direct execution
     let _ = conn.execute(safe_query_1.as_str()).await?; // $ sql-sink
     if enable_remote {
-        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote3
+        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert=remote3
     }
 
     // prepared queries
     let _ = sqlx::query(safe_query_1.as_str()).execute(&pool).await?; // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&pool).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote3
+        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert=remote3
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&pool).await?; // $ sql-sink
     }
 

From cad4f39aeea8e034e8d324c98279d4a56ad7f89b Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Mon, 16 Dec 2024 13:15:42 +0100
Subject: [PATCH 4/7] Rust: Database name capitalization

---
 rust/ql/test/query-tests/security/CWE-089/sqlx.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
index 133fc29db52d..be5a97c32bad 100644
--- a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
@@ -38,7 +38,7 @@ use sqlx::Executor;
  */
 
 async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Error> {
-    // connect through a MySql connection pool
+    // connect through a MySQL connection pool
     let pool = sqlx::mysql::MySqlPool::connect(url).await?;
     let mut conn = pool.acquire().await?;
 
@@ -88,7 +88,7 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
 }
 
 async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Error> {
-    // connect through Sqlite, no connection pool
+    // connect through SQLite, no connection pool
     let mut conn = sqlx::sqlite::SqliteConnection::connect(url).await?;
 
     // construct queries
@@ -160,7 +160,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
 }
 
 async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx::Error> {
-    // connect through a PostGres connection pool
+    // connect through a PostgreSQL connection pool
     let pool = sqlx::postgres::PgPool::connect(url).await?;
     let mut conn = pool.acquire().await?;
 

From 402d4e11c463c598362cd9b7c75a01ff5da8e528 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Mon, 16 Dec 2024 16:36:30 +0100
Subject: [PATCH 5/7] Rust: Re-add inline expectations query tags

---
 .../test/query-tests/security/CWE-089/sqlx.rs | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
index be5a97c32bad..b8115a2bcd6d 100644
--- a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
@@ -60,22 +60,22 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
     let _ = conn.execute(safe_query_1.as_str()).await?; // $ sql-sink
     let _ = conn.execute(safe_query_2.as_str()).await?; // $ sql-sink
     let _ = conn.execute(safe_query_3.as_str()).await?; // $ sql-sink
-    let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink MISSING: Alert[sql-injection]=args1
+    let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=args1
     if enable_remote {
-        let _ = conn.execute(unsafe_query_2.as_str()).await?; // $ sql-sink Alert=remote1
-        let _ = conn.execute(unsafe_query_3.as_str()).await?; // $ sql-sink Alert=remote1
-        let _ = conn.execute(unsafe_query_4.as_str()).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote1
+        let _ = conn.execute(unsafe_query_2.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
+        let _ = conn.execute(unsafe_query_3.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
+        let _ = conn.execute(unsafe_query_4.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
     }
 
     // prepared queries
     let _ = sqlx::query(safe_query_1.as_str()).execute(&pool).await?; // $ sql-sink
     let _ = sqlx::query(safe_query_2.as_str()).execute(&pool).await?; // $ sql-sink
     let _ = sqlx::query(safe_query_3.as_str()).execute(&pool).await?; // $ sql-sink
-    let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[sql-injection]=args1
+    let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection][rust/sql-injection]=args1
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink Alert=remote1
-        let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink Alert=remote1
-        let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[sql-injection]=remote1
+        let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
+        let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
+        let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
     }
     let _ = sqlx::query(prepared_query_1.as_str()).bind(const_string).execute(&pool).await?; // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(arg_string).execute(&pool).await?; // $ sql-sink
@@ -101,26 +101,26 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     // direct execution (with extra variants)
     let _ = conn.execute(safe_query_1.as_str()).await?; // $ sql-sink
     if enable_remote {
-        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert=remote2
+        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
     }
     // ...
     let _ = sqlx::raw_sql(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert=remote2
+        let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
     }
 
     // prepared queries (with extra variants)
     let _ = sqlx::query(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&mut conn).await?; // $ sql-sink
     }
     // ...
     let _ = sqlx::query(safe_query_1.as_str()).fetch(&mut conn); // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch(&mut conn); // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink Alert=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink Alert[rust/sql-injection]=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch(&mut conn); // $ sql-sink
     }
     // ...
@@ -129,7 +129,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let row2: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_one(&mut conn).await?; // $ sql-sink
     println!("  row2 = {:?}", row2);
     if enable_remote {
-        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink Alert=remote2
+        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
         let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_one(&mut conn).await?; // $ sql-sink
     }
     // ...
@@ -138,7 +138,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let row4: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink
     println!("  row4 = {:?}", row4);
     if enable_remote {
-        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ Alert=remote2
+        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ Alert[rust/sql-injection]=remote2
         let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink
     }
     // ...
@@ -146,7 +146,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink
     let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink Alert=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink
         let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink
     }
@@ -174,14 +174,14 @@ async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx::
     // direct execution
     let _ = conn.execute(safe_query_1.as_str()).await?; // $ sql-sink
     if enable_remote {
-        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert=remote3
+        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote3
     }
 
     // prepared queries
     let _ = sqlx::query(safe_query_1.as_str()).execute(&pool).await?; // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&pool).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert=remote3
+        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote3
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&pool).await?; // $ sql-sink
     }
 

From c1e21974c6921b3d176c3c52c7900754af03be2b Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Tue, 17 Dec 2024 16:15:55 +0100
Subject: [PATCH 6/7] Rust: Address review comments

---
 .../rust/dataflow/internal/DataFlowImpl.qll   |  2 +-
 .../codeql/rust/dataflow/internal/SsaImpl.qll | 18 +++---
 .../rust/elements/internal/VariableImpl.qll   |  1 +
 .../codeql/rust/frameworks/reqwest.model.yml  |  2 +-
 .../frameworks/stdlib/lang-core.model.yml     |  1 -
 .../dataflow/local/DataFlowStep.expected      |  1 +
 .../dataflow/pointers/inline-flow.expected    | 51 +++++++++++++--
 .../dataflow/pointers/inline-flow.ql          |  2 +-
 .../strings/inline-taint-flow.expected        | 50 +++++++++++++--
 .../dataflow/strings/inline-taint-flow.ql     |  2 +-
 .../dataflow/taint/TaintFlowStep.expected     |  9 ++-
 .../test/library-tests/variables/Ssa.expected |  4 +-
 .../variables/variables.expected              | 10 ---
 .../test/library-tests/variables/variables.rs | 20 +++---
 .../security/CWE-089/SqlInjection.expected    | 62 ++++++++++++-------
 15 files changed, 157 insertions(+), 78 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
index f718afa4887d..39c0c2c4185e 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -712,7 +712,7 @@ private class CapturedVariableContent extends Content, TCapturedVariableContent
   override string toString() { result = "captured " + v }
 }
 
-/** A value refered to by a reference. */
+/** A value referred to by a reference. */
 final class ReferenceContent extends Content, TReferenceContent {
   override string toString() { result = "&ref" }
 }
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
index 75b52b16c707..f2078999e60d 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
@@ -88,22 +88,16 @@ module SsaInput implements SsaImplCommon::InputSig<Location> {
     |
       va instanceof VariableReadAccess
       or
+      // For immutable variables, we model a read when they are borrowed
+      // (although the actual read happens later, if at all).
+      va = any(RefExpr re).getExpr()
+      or
       // Although compound assignments, like `x += y`, may in fact not read `x`,
       // it makes sense to treat them as such
       va = any(CompoundAssignmentExpr cae).getLhs()
     ) and
     certain = true
     or
-    // For immutable variables, we model a read when they are borrowed (although the
-    // actual read happens later, if at all). This only affects the SSA liveness
-    // analysis.
-    exists(VariableAccess va |
-      va = any(RefExpr re).getExpr() and
-      va = bb.getNode(i).getAstNode() and
-      v = va.getVariable() and
-      certain = false
-    )
-    or
     capturedCallRead(_, bb, i, v) and certain = false
     or
     capturedExitRead(bb, i, v) and certain = false
@@ -146,7 +140,9 @@ private predicate adjacentDefReadExt(
 
 /** Holds if `v` is read at index `i` in basic block `bb`. */
 private predicate variableReadActual(BasicBlock bb, int i, Variable v) {
-  exists(VariableReadAccess read |
+  exists(VariableAccess read |
+    read instanceof VariableReadAccess or read = any(RefExpr re).getExpr()
+  |
     read.getVariable() = v and
     read = bb.getNode(i).getAstNode()
   )
diff --git a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
index 61b81f266ec6..b21cf924204e 100644
--- a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
+++ b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
@@ -484,6 +484,7 @@ module Impl {
   class VariableReadAccess extends VariableAccess {
     VariableReadAccess() {
       not this instanceof VariableWriteAccess and
+      not this = any(RefExpr re).getExpr() and
       not this = any(CompoundAssignmentExpr cae).getLhs()
     }
   }
diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
index 48835844e50c..8b2b9afc79b4 100644
--- a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
@@ -3,4 +3,4 @@ extensions:
       pack: codeql/rust-all
       extensible: summaryModel
     data:
-      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text", "Argument[self]", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "taint", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
index 9fc8d029a428..30028d756b3d 100644
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
@@ -8,7 +8,6 @@ extensions:
       - ["lang:core", "<crate::option::Option>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self]", "ReturnValue", "taint", "manual"]
       # Result
       - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
index 31798fa0c488..e77026b7e5c1 100644
--- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -458,6 +458,7 @@ localStep
 | main.rs:398:7:398:14 | [SSA] [input] SSA phi read(default_name) | main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) |
 | main.rs:425:13:425:33 | result_questionmark(...) | main.rs:425:9:425:9 | _ |
 storeStep
+| file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text |
 | main.rs:94:14:94:22 | source(...) | tuple.0 | main.rs:94:13:94:26 | TupleExpr |
 | main.rs:94:25:94:25 | 2 | tuple.1 | main.rs:94:13:94:26 | TupleExpr |
 | main.rs:100:14:100:14 | 2 | tuple.0 | main.rs:100:13:100:30 | TupleExpr |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
index 9c4e671046b7..4c3442683e76 100644
--- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
@@ -1,6 +1,45 @@
-ERROR: could not resolve module DefaultFlowTest (inline-flow.ql:7,8-23)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:8,8-17)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:10,6-15)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:10,34-43)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:11,7-16)
-ERROR: could not resolve module utils.InlineFlowTest (inline-flow.ql:6,8-28)
+models
+edges
+| main.rs:13:9:13:9 | a | main.rs:14:14:14:14 | a | provenance |  |
+| main.rs:13:13:13:22 | source(...) | main.rs:13:9:13:9 | a | provenance |  |
+| main.rs:14:9:14:9 | b [&ref] | main.rs:15:14:15:14 | b [&ref] | provenance |  |
+| main.rs:14:13:14:14 | &a [&ref] | main.rs:14:9:14:9 | b [&ref] | provenance |  |
+| main.rs:14:14:14:14 | a | main.rs:14:13:14:14 | &a [&ref] | provenance |  |
+| main.rs:15:9:15:9 | c | main.rs:16:10:16:10 | c | provenance |  |
+| main.rs:15:13:15:14 | * ... | main.rs:15:9:15:9 | c | provenance |  |
+| main.rs:15:14:15:14 | b [&ref] | main.rs:15:13:15:14 | * ... | provenance |  |
+| main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:41:15:41:18 | self [MyNumber] | provenance |  |
+| main.rs:41:15:41:18 | self [MyNumber] | main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | provenance |  |
+| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | main.rs:42:32:42:37 | number | provenance |  |
+| main.rs:42:32:42:37 | number | main.rs:40:31:46:5 | { ... } | provenance |  |
+| main.rs:58:9:58:17 | my_number [MyNumber] | main.rs:59:10:59:18 | my_number [MyNumber] | provenance |  |
+| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | main.rs:58:9:58:17 | my_number [MyNumber] | provenance |  |
+| main.rs:58:40:58:49 | source(...) | main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | provenance |  |
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | provenance |  |
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:59:10:59:30 | my_number.to_number(...) | provenance |  |
+nodes
+| main.rs:13:9:13:9 | a | semmle.label | a |
+| main.rs:13:13:13:22 | source(...) | semmle.label | source(...) |
+| main.rs:14:9:14:9 | b [&ref] | semmle.label | b [&ref] |
+| main.rs:14:13:14:14 | &a [&ref] | semmle.label | &a [&ref] |
+| main.rs:14:14:14:14 | a | semmle.label | a |
+| main.rs:15:9:15:9 | c | semmle.label | c |
+| main.rs:15:13:15:14 | * ... | semmle.label | * ... |
+| main.rs:15:14:15:14 | b [&ref] | semmle.label | b [&ref] |
+| main.rs:16:10:16:10 | c | semmle.label | c |
+| main.rs:40:18:40:21 | SelfParam [MyNumber] | semmle.label | SelfParam [MyNumber] |
+| main.rs:40:31:46:5 | { ... } | semmle.label | { ... } |
+| main.rs:41:15:41:18 | self [MyNumber] | semmle.label | self [MyNumber] |
+| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
+| main.rs:42:32:42:37 | number | semmle.label | number |
+| main.rs:58:9:58:17 | my_number [MyNumber] | semmle.label | my_number [MyNumber] |
+| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
+| main.rs:58:40:58:49 | source(...) | semmle.label | source(...) |
+| main.rs:59:10:59:18 | my_number [MyNumber] | semmle.label | my_number [MyNumber] |
+| main.rs:59:10:59:30 | my_number.to_number(...) | semmle.label | my_number.to_number(...) |
+subpaths
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:40:31:46:5 | { ... } | main.rs:59:10:59:30 | my_number.to_number(...) |
+testFailures
+#select
+| main.rs:16:10:16:10 | c | main.rs:13:13:13:22 | source(...) | main.rs:16:10:16:10 | c | $@ | main.rs:13:13:13:22 | source(...) | source(...) |
+| main.rs:59:10:59:30 | my_number.to_number(...) | main.rs:58:40:58:49 | source(...) | main.rs:59:10:59:30 | my_number.to_number(...) | $@ | main.rs:58:40:58:49 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
index ad553fe548dc..e399ea0e5d71 100644
--- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
+++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
@@ -3,7 +3,7 @@
  */
 
 import rust
-import utils.InlineFlowTest
+import utils.test.InlineFlowTest
 import DefaultFlowTest
 import ValueFlow::PathGraph
 
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
index 16bca2d4d864..e59994c86ccc 100644
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -1,6 +1,44 @@
-ERROR: could not resolve module DefaultFlowTest (inline-taint-flow.ql:7,8-23)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:8,8-17)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:10,6-15)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:10,34-43)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:11,7-16)
-ERROR: could not resolve module utils.InlineFlowTest (inline-taint-flow.ql:6,8-28)
+models
+| 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
+edges
+| main.rs:20:9:20:9 | s | main.rs:21:9:21:14 | sliced | provenance |  |
+| main.rs:20:9:20:9 | s | main.rs:21:19:21:25 | s[...] | provenance |  |
+| main.rs:20:13:20:22 | source(...) | main.rs:20:9:20:9 | s | provenance |  |
+| main.rs:21:9:21:14 | sliced | main.rs:22:16:22:21 | sliced | provenance |  |
+| main.rs:21:9:21:14 | sliced [&ref] | main.rs:22:16:22:21 | sliced | provenance |  |
+| main.rs:21:18:21:25 | &... [&ref] | main.rs:21:9:21:14 | sliced [&ref] | provenance |  |
+| main.rs:21:19:21:25 | s[...] | main.rs:21:18:21:25 | &... [&ref] | provenance |  |
+| main.rs:26:9:26:10 | s1 | main.rs:29:9:29:10 | s4 | provenance |  |
+| main.rs:26:14:26:23 | source(...) | main.rs:26:9:26:10 | s1 | provenance |  |
+| main.rs:29:9:29:10 | s4 | main.rs:32:10:32:11 | s4 | provenance |  |
+| main.rs:37:9:37:10 | s1 | main.rs:40:10:40:35 | ... + ... | provenance |  |
+| main.rs:37:14:37:23 | source(...) | main.rs:37:9:37:10 | s1 | provenance |  |
+| main.rs:57:9:57:9 | s | main.rs:58:16:58:16 | s | provenance |  |
+| main.rs:57:13:57:22 | source(...) | main.rs:57:9:57:9 | s | provenance |  |
+| main.rs:58:16:58:16 | s | main.rs:58:16:58:25 | s.as_str(...) | provenance | MaD:1 |
+nodes
+| main.rs:20:9:20:9 | s | semmle.label | s |
+| main.rs:20:13:20:22 | source(...) | semmle.label | source(...) |
+| main.rs:21:9:21:14 | sliced | semmle.label | sliced |
+| main.rs:21:9:21:14 | sliced [&ref] | semmle.label | sliced [&ref] |
+| main.rs:21:18:21:25 | &... [&ref] | semmle.label | &... [&ref] |
+| main.rs:21:19:21:25 | s[...] | semmle.label | s[...] |
+| main.rs:22:16:22:21 | sliced | semmle.label | sliced |
+| main.rs:26:9:26:10 | s1 | semmle.label | s1 |
+| main.rs:26:14:26:23 | source(...) | semmle.label | source(...) |
+| main.rs:29:9:29:10 | s4 | semmle.label | s4 |
+| main.rs:32:10:32:11 | s4 | semmle.label | s4 |
+| main.rs:37:9:37:10 | s1 | semmle.label | s1 |
+| main.rs:37:14:37:23 | source(...) | semmle.label | source(...) |
+| main.rs:40:10:40:35 | ... + ... | semmle.label | ... + ... |
+| main.rs:57:9:57:9 | s | semmle.label | s |
+| main.rs:57:13:57:22 | source(...) | semmle.label | source(...) |
+| main.rs:58:16:58:16 | s | semmle.label | s |
+| main.rs:58:16:58:25 | s.as_str(...) | semmle.label | s.as_str(...) |
+subpaths
+testFailures
+#select
+| main.rs:22:16:22:21 | sliced | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | $@ | main.rs:20:13:20:22 | source(...) | source(...) |
+| main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) |
+| main.rs:40:10:40:35 | ... + ... | main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | $@ | main.rs:37:14:37:23 | source(...) | source(...) |
+| main.rs:58:16:58:25 | s.as_str(...) | main.rs:57:13:57:22 | source(...) | main.rs:58:16:58:25 | s.as_str(...) | $@ | main.rs:57:13:57:22 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
index 2929ae90964f..5dcb7ee70a9d 100644
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
@@ -3,7 +3,7 @@
  */
 
 import rust
-import utils.InlineFlowTest
+import utils.test.InlineFlowTest
 import DefaultFlowTest
 import TaintFlow::PathGraph
 
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
index b044999e57fe..a5963684d000 100644
--- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
@@ -1,9 +1,8 @@
-| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:11 |
+| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:10 |
 | file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap | MaD:2 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap_or | MaD:5 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap | MaD:7 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or | MaD:10 |
-| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap | MaD:6 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or | MaD:9 |
+| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
 | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:13:10:13:10 | a | main.rs:13:10:13:14 | ... + ... |  |
diff --git a/rust/ql/test/library-tests/variables/Ssa.expected b/rust/ql/test/library-tests/variables/Ssa.expected
index e34b8218db3f..6736f87d709f 100644
--- a/rust/ql/test/library-tests/variables/Ssa.expected
+++ b/rust/ql/test/library-tests/variables/Ssa.expected
@@ -390,7 +390,6 @@ firstRead
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:511:15:511:15 | a |
 | variables.rs:514:5:514:5 | a | variables.rs:510:13:510:13 | a | variables.rs:515:15:515:15 | a |
 | variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:520:20:520:20 | x |
-| variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:521:15:521:15 | x |
 | variables.rs:523:9:523:9 | z | variables.rs:523:9:523:9 | z | variables.rs:524:20:524:20 | z |
 | variables.rs:532:10:532:18 | SelfParam | variables.rs:532:15:532:18 | self | variables.rs:533:6:533:9 | self |
 lastRead
@@ -400,6 +399,8 @@ lastRead
 | variables.rs:16:9:16:10 | x1 | variables.rs:16:9:16:10 | x1 | variables.rs:17:15:17:16 | x1 |
 | variables.rs:21:9:21:14 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:22:15:22:16 | x2 |
 | variables.rs:23:5:23:6 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:24:15:24:16 | x2 |
+| variables.rs:28:9:28:13 | x | variables.rs:28:13:28:13 | x | variables.rs:29:20:29:20 | x |
+| variables.rs:30:5:30:5 | x | variables.rs:28:13:28:13 | x | variables.rs:31:20:31:20 | x |
 | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:38:9:38:10 | x3 |
 | variables.rs:37:9:37:10 | x3 | variables.rs:37:9:37:10 | x3 | variables.rs:39:15:39:16 | x3 |
 | variables.rs:43:9:43:10 | x4 | variables.rs:43:9:43:10 | x4 | variables.rs:49:15:49:16 | x4 |
@@ -500,6 +501,7 @@ lastRead
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:513:15:513:15 | a |
 | variables.rs:514:5:514:5 | a | variables.rs:510:13:510:13 | a | variables.rs:515:15:515:15 | a |
 | variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:521:15:521:15 | x |
+| variables.rs:523:9:523:9 | z | variables.rs:523:9:523:9 | z | variables.rs:524:20:524:20 | z |
 | variables.rs:532:10:532:18 | SelfParam | variables.rs:532:15:532:18 | self | variables.rs:533:6:533:9 | self |
 adjacentReads
 | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:36:15:36:16 | x3 | variables.rs:38:9:38:10 | x3 |
diff --git a/rust/ql/test/library-tests/variables/variables.expected b/rust/ql/test/library-tests/variables/variables.expected
index 6a310db8cb0a..1e3fc90633ce 100644
--- a/rust/ql/test/library-tests/variables/variables.expected
+++ b/rust/ql/test/library-tests/variables/variables.expected
@@ -293,8 +293,6 @@ variableReadAccess
 | variables.rs:17:15:17:16 | x1 | variables.rs:16:9:16:10 | x1 |
 | variables.rs:22:15:22:16 | x2 | variables.rs:21:13:21:14 | x2 |
 | variables.rs:24:15:24:16 | x2 | variables.rs:21:13:21:14 | x2 |
-| variables.rs:29:20:29:20 | x | variables.rs:28:13:28:13 | x |
-| variables.rs:31:20:31:20 | x | variables.rs:28:13:28:13 | x |
 | variables.rs:36:15:36:16 | x3 | variables.rs:35:9:35:10 | x3 |
 | variables.rs:38:9:38:10 | x3 | variables.rs:35:9:35:10 | x3 |
 | variables.rs:39:15:39:16 | x3 | variables.rs:37:9:37:10 | x3 |
@@ -371,9 +369,7 @@ variableReadAccess
 | variables.rs:335:12:335:12 | v | variables.rs:332:9:332:9 | v |
 | variables.rs:336:19:336:22 | text | variables.rs:334:9:334:12 | text |
 | variables.rs:343:15:343:15 | a | variables.rs:341:13:341:13 | a |
-| variables.rs:344:11:344:11 | a | variables.rs:341:13:341:13 | a |
 | variables.rs:345:15:345:15 | a | variables.rs:341:13:341:13 | a |
-| variables.rs:351:14:351:14 | i | variables.rs:349:13:349:13 | i |
 | variables.rs:352:6:352:10 | ref_i | variables.rs:350:9:350:13 | ref_i |
 | variables.rs:353:15:353:15 | i | variables.rs:349:13:349:13 | i |
 | variables.rs:357:6:357:6 | x | variables.rs:356:17:356:17 | x |
@@ -385,15 +381,11 @@ variableReadAccess
 | variables.rs:366:10:366:10 | x | variables.rs:363:22:363:22 | x |
 | variables.rs:367:6:367:6 | y | variables.rs:363:39:363:39 | y |
 | variables.rs:368:9:368:9 | x | variables.rs:363:22:363:22 | x |
-| variables.rs:374:27:374:27 | x | variables.rs:372:13:372:13 | x |
 | variables.rs:375:6:375:6 | y | variables.rs:373:9:373:9 | y |
 | variables.rs:377:15:377:15 | x | variables.rs:372:13:372:13 | x |
-| variables.rs:381:19:381:19 | x | variables.rs:372:13:372:13 | x |
-| variables.rs:383:14:383:14 | z | variables.rs:379:13:379:13 | z |
 | variables.rs:384:9:384:9 | w | variables.rs:380:9:380:9 | w |
 | variables.rs:386:7:386:7 | w | variables.rs:380:9:380:9 | w |
 | variables.rs:388:15:388:15 | z | variables.rs:379:13:379:13 | z |
-| variables.rs:394:14:394:14 | x | variables.rs:392:13:392:13 | x |
 | variables.rs:395:6:395:6 | y | variables.rs:393:9:393:9 | y |
 | variables.rs:396:15:396:15 | x | variables.rs:392:13:392:13 | x |
 | variables.rs:403:19:403:19 | x | variables.rs:400:9:400:9 | x |
@@ -437,9 +429,7 @@ variableReadAccess
 | variables.rs:512:5:512:5 | a | variables.rs:510:13:510:13 | a |
 | variables.rs:513:15:513:15 | a | variables.rs:510:13:510:13 | a |
 | variables.rs:515:15:515:15 | a | variables.rs:510:13:510:13 | a |
-| variables.rs:520:20:520:20 | x | variables.rs:519:9:519:9 | x |
 | variables.rs:521:15:521:15 | x | variables.rs:519:9:519:9 | x |
-| variables.rs:524:20:524:20 | z | variables.rs:523:9:523:9 | z |
 | variables.rs:533:6:533:9 | self | variables.rs:532:15:532:18 | self |
 | variables.rs:539:3:539:3 | a | variables.rs:538:11:538:11 | a |
 | variables.rs:541:13:541:13 | a | variables.rs:538:11:538:11 | a |
diff --git a/rust/ql/test/library-tests/variables/variables.rs b/rust/ql/test/library-tests/variables/variables.rs
index 637538695b8d..155ebaa8584a 100644
--- a/rust/ql/test/library-tests/variables/variables.rs
+++ b/rust/ql/test/library-tests/variables/variables.rs
@@ -26,9 +26,9 @@ fn mutable_variable() {
 
 fn mutable_variable_immutable_borrow() {
     let mut x = 1;
-    print_i64_ref(&x); // $ read_access=x
+    print_i64_ref(&x); // $ access=x
     x = 2; // $ write_access=x
-    print_i64_ref(&x); // $ read_access=x
+    print_i64_ref(&x); // $ access=x
 }
 
 fn variable_shadow1() {
@@ -341,14 +341,14 @@ fn add_assign() {
     let mut a = 0; // a
     a += 1; // $ access=a
     print_i64(a); // $ read_access=a
-    (&mut a).add_assign(10); // $ read_access=a
+    (&mut a).add_assign(10); // $ access=a
     print_i64(a); // $ read_access=a
 }
 
 fn mutate() {
     let mut i = 1; // i
     let ref_i = // ref_i
-        &mut i; // $ read_access=i
+        &mut i; // $ access=i
     *ref_i = 2; // $ read_access=ref_i
     print_i64(i); // $ read_access=i
 }
@@ -371,16 +371,16 @@ fn mutate_param2<'a>(x : &'a mut i64, y :&mut &'a mut i64) {
 fn mutate_arg() {
     let mut x = 2; // x
     let y = // y
-        mutate_param(&mut x); // $ read_access=x
+        mutate_param(&mut x); // $ access=x
     *y = 10; // $ read_access=y
     // prints 10, not 4
     print_i64(x); // $ read_access=x
 
     let mut z = 4; // z
     let w = // w
-        &mut &mut x; // $ read_access=x
+        &mut &mut x; // $ access=x
     mutate_param2(
-        &mut z, // $ read_access=z
+        &mut z, // $ access=z
         w // $ read_access=w
     );
     **w = 11; // $ read_access=w
@@ -391,7 +391,7 @@ fn mutate_arg() {
 fn alias() {
     let mut x = 1; // x
     let y = // y
-        &mut x; // $ read_access=x
+        &mut x; // $ access=x
     *y = 2; // $ read_access=y
     print_i64(x); // $ read_access=x
 }
@@ -517,11 +517,11 @@ fn arrays() {
 
 fn ref_arg() {
     let x = 16; // x
-    print_i64_ref(&x); // $ read_access=x
+    print_i64_ref(&x); // $ access=x
     print_i64(x); // $ read_access=x
 
     let z = 17; // z
-    print_i64_ref(&z); // $ read_access=z
+    print_i64_ref(&z); // $ access=z
 }
 
 trait Bar {
diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
index e04397c16347..0a2dcf90d0de 100644
--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -13,27 +13,32 @@
 | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:169:25:169:69 | ...::get(...) | user-provided value |
 | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:169:25:169:69 | ...::get(...) | user-provided value |
 edges
+| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:9:54:22 | unsafe_query_2 | provenance |  |
+| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance |  |
 | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:48:25:48:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) | provenance | MaD:4 |
-| sqlx.rs:48:25:48:85 | ... .text(...) | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:3 |
-| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:65:30:65:43 | unsafe_query_2 | provenance |  |
-| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:66:30:66:43 | unsafe_query_3 | provenance |  |
-| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:76:29:76:42 | unsafe_query_2 | provenance |  |
-| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:77:29:77:42 | unsafe_query_3 | provenance |  |
+| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | provenance | MaD:4 |
+| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance |  |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 | sqlx.rs:65:30:65:43 | unsafe_query_2 | provenance |  |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 | sqlx.rs:76:29:76:42 | unsafe_query_2 | provenance |  |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:66:30:66:43 | unsafe_query_3 | provenance |  |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:77:29:77:42 | unsafe_query_3 | provenance |  |
 | sqlx.rs:65:30:65:43 | unsafe_query_2 | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:66:30:66:43 | unsafe_query_3 | sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:76:29:76:42 | unsafe_query_2 | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:77:29:77:42 | unsafe_query_3 | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:96:9:96:21 | remote_string | sqlx.rs:98:9:98:22 | unsafe_query_1 | provenance |  |
 | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:96:25:96:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:96:25:96:78 | ... .unwrap(...) | sqlx.rs:96:25:96:85 | ... .text(...) | provenance | MaD:4 |
-| sqlx.rs:96:25:96:85 | ... .text(...) | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | provenance | MaD:3 |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:104:30:104:43 | unsafe_query_1 | provenance |  |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:109:31:109:44 | unsafe_query_1 | provenance |  |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:116:29:116:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:123:29:123:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:132:55:132:68 | unsafe_query_1 | provenance |  |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:141:55:141:68 | unsafe_query_1 | provenance |  |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:149:29:149:42 | unsafe_query_1 | provenance |  |
+| sqlx.rs:96:25:96:78 | ... .unwrap(...) | sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | provenance | MaD:4 |
+| sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:96:9:96:21 | remote_string | provenance |  |
+| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:104:30:104:43 | unsafe_query_1 | provenance |  |
+| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:109:31:109:44 | unsafe_query_1 | provenance |  |
+| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:116:29:116:42 | unsafe_query_1 | provenance |  |
+| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:123:29:123:42 | unsafe_query_1 | provenance |  |
+| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:132:55:132:68 | unsafe_query_1 | provenance |  |
+| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:141:55:141:68 | unsafe_query_1 | provenance |  |
+| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:149:29:149:42 | unsafe_query_1 | provenance |  |
 | sqlx.rs:104:30:104:43 | unsafe_query_1 | sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:109:31:109:44 | unsafe_query_1 | sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:116:29:116:42 | unsafe_query_1 | sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
@@ -41,23 +46,28 @@ edges
 | sqlx.rs:132:55:132:68 | unsafe_query_1 | sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:141:55:141:68 | unsafe_query_1 | sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:149:29:149:42 | unsafe_query_1 | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
+| sqlx.rs:169:9:169:21 | remote_string | sqlx.rs:171:9:171:22 | unsafe_query_1 | provenance |  |
 | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:169:25:169:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:169:25:169:78 | ... .unwrap(...) | sqlx.rs:169:25:169:85 | ... .text(...) | provenance | MaD:4 |
-| sqlx.rs:169:25:169:85 | ... .text(...) | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | provenance | MaD:3 |
-| sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:177:30:177:43 | unsafe_query_1 | provenance |  |
-| sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:184:29:184:42 | unsafe_query_1 | provenance |  |
+| sqlx.rs:169:25:169:78 | ... .unwrap(...) | sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | provenance | MaD:4 |
+| sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:169:9:169:21 | remote_string | provenance |  |
+| sqlx.rs:171:9:171:22 | unsafe_query_1 | sqlx.rs:177:30:177:43 | unsafe_query_1 | provenance |  |
+| sqlx.rs:171:9:171:22 | unsafe_query_1 | sqlx.rs:184:29:184:42 | unsafe_query_1 | provenance |  |
 | sqlx.rs:177:30:177:43 | unsafe_query_1 | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:184:29:184:42 | unsafe_query_1 | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
 models
 | 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
 | 2 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self]; ReturnValue; taint |
-| 3 | Summary: lang:core; <crate::result::Result>::unwrap_or; Argument[self]; ReturnValue; taint |
-| 4 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue; taint |
+| 3 | Summary: lang:core; <crate::result::Result>::unwrap_or; Argument[self].Variant[crate::result::Result::Ok(0)]; ReturnValue; value |
+| 4 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue.Variant[crate::result::Result::Ok(0)]; taint |
 nodes
+| sqlx.rs:48:9:48:21 | remote_string | semmle.label | remote_string |
 | sqlx.rs:48:25:48:69 | ...::get(...) | semmle.label | ...::get(...) |
 | sqlx.rs:48:25:48:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:48:25:48:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
 | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| sqlx.rs:54:9:54:22 | unsafe_query_2 | semmle.label | unsafe_query_2 |
+| sqlx.rs:55:9:55:22 | unsafe_query_3 | semmle.label | unsafe_query_3 |
 | sqlx.rs:65:30:65:43 | unsafe_query_2 | semmle.label | unsafe_query_2 |
 | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) |
 | sqlx.rs:66:30:66:43 | unsafe_query_3 | semmle.label | unsafe_query_3 |
@@ -66,10 +76,12 @@ nodes
 | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) |
 | sqlx.rs:77:29:77:42 | unsafe_query_3 | semmle.label | unsafe_query_3 |
 | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | semmle.label | unsafe_query_3.as_str(...) |
+| sqlx.rs:96:9:96:21 | remote_string | semmle.label | remote_string |
 | sqlx.rs:96:25:96:69 | ...::get(...) | semmle.label | ...::get(...) |
 | sqlx.rs:96:25:96:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:96:25:96:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
 | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| sqlx.rs:98:9:98:22 | unsafe_query_1 | semmle.label | unsafe_query_1 |
 | sqlx.rs:104:30:104:43 | unsafe_query_1 | semmle.label | unsafe_query_1 |
 | sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
 | sqlx.rs:109:31:109:44 | unsafe_query_1 | semmle.label | unsafe_query_1 |
@@ -84,10 +96,12 @@ nodes
 | sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
 | sqlx.rs:149:29:149:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
 | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
+| sqlx.rs:169:9:169:21 | remote_string | semmle.label | remote_string |
 | sqlx.rs:169:25:169:69 | ...::get(...) | semmle.label | ...::get(...) |
 | sqlx.rs:169:25:169:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:169:25:169:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
 | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
+| sqlx.rs:171:9:171:22 | unsafe_query_1 | semmle.label | unsafe_query_1 |
 | sqlx.rs:177:30:177:43 | unsafe_query_1 | semmle.label | unsafe_query_1 |
 | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
 | sqlx.rs:184:29:184:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |

From 049fab4c72b4cbf555a0fa3ff83b3fe0a72691c0 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Wed, 18 Dec 2024 11:22:56 +0100
Subject: [PATCH 7/7] Rust: Remove taint steps

---
 .../dataflow/internal/TaintTrackingImpl.qll   |   2 -
 .../frameworks/stdlib/lang-core.model.yml     |   3 -
 .../library-tests/dataflow/sources/test.rs    |   4 +-
 .../strings/inline-taint-flow.expected        |   9 --
 .../library-tests/dataflow/strings/main.rs    |   2 +-
 .../dataflow/taint/TaintFlowStep.expected     |   6 +-
 .../dataflow/taint/inline-taint-flow.expected |   3 -
 .../security/CWE-089/SqlInjection.expected    | 105 ------------------
 .../test/query-tests/security/CWE-089/sqlx.rs |  26 ++---
 9 files changed, 17 insertions(+), 143 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
index 986e2e2dde67..4d2cd8b43ee6 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
@@ -46,8 +46,6 @@ module RustTaintTracking implements InputSig<Location, RustDataFlow> {
         RustDataFlow::readStep(pred, cs, succ) and
         cs.getContent() instanceof ArrayElementContent
       )
-      or
-      pred.asExpr() = succ.asExpr().(RefExprCfgNode).getExpr()
     )
     or
     FlowSummaryImpl::Private::Steps::summaryLocalStep(pred.(Node::FlowSummaryNode).getSummaryNode(),
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
index 30028d756b3d..f9ded7bc690c 100644
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
@@ -5,14 +5,11 @@ extensions:
     data:
       # Option
       - ["lang:core", "<crate::option::Option>::unwrap", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
-      - ["lang:core", "<crate::option::Option>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
       # Result
       - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
-      - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[self]", "ReturnValue", "taint", "manual"]
       # String
       - ["lang:alloc", "<crate::string::String>::as_str", "Argument[self]", "ReturnValue", "taint", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
index d025ea90fdfc..7b33a00864e2 100644
--- a/rust/ql/test/library-tests/dataflow/sources/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -12,7 +12,7 @@ fn test_env_vars() {
     let var2 = std::env::var_os("PATH").unwrap(); // $ Alert[rust/summary/taint-sources]
 
     sink(var1); // $ MISSING: hasTaintFlow
-    sink(var2); // $ hasTaintFlow
+    sink(var2); // $ MISSING: hasTaintFlow
 
     for (key, value) in std::env::vars() { // $ Alert[rust/summary/taint-sources]
         sink(key); // $ MISSING: hasTaintFlow
@@ -61,7 +61,7 @@ async fn test_reqwest() -> Result<(), reqwest::Error> {
     sink(remote_string1); // $ MISSING: hasTaintFlow
 
     let remote_string2 = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap(); // $ Alert[rust/summary/taint-sources]
-    sink(remote_string2); // $ hasTaintFlow
+    sink(remote_string2); // $ MISSING: hasTaintFlow
 
     let remote_string3 = reqwest::get("http://example.com/").await?.text().await?; // $ Alert[rust/summary/taint-sources]
     sink(remote_string3); // $ MISSING: hasTaintFlow
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
index e59994c86ccc..ed7262638a49 100644
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -1,25 +1,20 @@
 models
 | 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
 edges
-| main.rs:20:9:20:9 | s | main.rs:21:9:21:14 | sliced | provenance |  |
 | main.rs:20:9:20:9 | s | main.rs:21:19:21:25 | s[...] | provenance |  |
 | main.rs:20:13:20:22 | source(...) | main.rs:20:9:20:9 | s | provenance |  |
-| main.rs:21:9:21:14 | sliced | main.rs:22:16:22:21 | sliced | provenance |  |
 | main.rs:21:9:21:14 | sliced [&ref] | main.rs:22:16:22:21 | sliced | provenance |  |
 | main.rs:21:18:21:25 | &... [&ref] | main.rs:21:9:21:14 | sliced [&ref] | provenance |  |
 | main.rs:21:19:21:25 | s[...] | main.rs:21:18:21:25 | &... [&ref] | provenance |  |
 | main.rs:26:9:26:10 | s1 | main.rs:29:9:29:10 | s4 | provenance |  |
 | main.rs:26:14:26:23 | source(...) | main.rs:26:9:26:10 | s1 | provenance |  |
 | main.rs:29:9:29:10 | s4 | main.rs:32:10:32:11 | s4 | provenance |  |
-| main.rs:37:9:37:10 | s1 | main.rs:40:10:40:35 | ... + ... | provenance |  |
-| main.rs:37:14:37:23 | source(...) | main.rs:37:9:37:10 | s1 | provenance |  |
 | main.rs:57:9:57:9 | s | main.rs:58:16:58:16 | s | provenance |  |
 | main.rs:57:13:57:22 | source(...) | main.rs:57:9:57:9 | s | provenance |  |
 | main.rs:58:16:58:16 | s | main.rs:58:16:58:25 | s.as_str(...) | provenance | MaD:1 |
 nodes
 | main.rs:20:9:20:9 | s | semmle.label | s |
 | main.rs:20:13:20:22 | source(...) | semmle.label | source(...) |
-| main.rs:21:9:21:14 | sliced | semmle.label | sliced |
 | main.rs:21:9:21:14 | sliced [&ref] | semmle.label | sliced [&ref] |
 | main.rs:21:18:21:25 | &... [&ref] | semmle.label | &... [&ref] |
 | main.rs:21:19:21:25 | s[...] | semmle.label | s[...] |
@@ -28,9 +23,6 @@ nodes
 | main.rs:26:14:26:23 | source(...) | semmle.label | source(...) |
 | main.rs:29:9:29:10 | s4 | semmle.label | s4 |
 | main.rs:32:10:32:11 | s4 | semmle.label | s4 |
-| main.rs:37:9:37:10 | s1 | semmle.label | s1 |
-| main.rs:37:14:37:23 | source(...) | semmle.label | source(...) |
-| main.rs:40:10:40:35 | ... + ... | semmle.label | ... + ... |
 | main.rs:57:9:57:9 | s | semmle.label | s |
 | main.rs:57:13:57:22 | source(...) | semmle.label | source(...) |
 | main.rs:58:16:58:16 | s | semmle.label | s |
@@ -40,5 +32,4 @@ testFailures
 #select
 | main.rs:22:16:22:21 | sliced | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | $@ | main.rs:20:13:20:22 | source(...) | source(...) |
 | main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) |
-| main.rs:40:10:40:35 | ... + ... | main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | $@ | main.rs:37:14:37:23 | source(...) | source(...) |
 | main.rs:58:16:58:25 | s.as_str(...) | main.rs:57:13:57:22 | source(...) | main.rs:58:16:58:25 | s.as_str(...) | $@ | main.rs:57:13:57:22 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/strings/main.rs b/rust/ql/test/library-tests/dataflow/strings/main.rs
index 7ce170ec3c63..7cc273132e78 100644
--- a/rust/ql/test/library-tests/dataflow/strings/main.rs
+++ b/rust/ql/test/library-tests/dataflow/strings/main.rs
@@ -37,7 +37,7 @@ fn string_add_reference() {
     let s1 = source(37);
     let s2 = "1".to_string();
 
-    sink("Hello ".to_string() + &s1); // $ hasTaintFlow=37
+    sink("Hello ".to_string() + &s1); // $ MISSING: hasTaintFlow=37
     sink("Hello ".to_string() + &s2);
 }
 
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
index a5963684d000..016fa4e74cd2 100644
--- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
@@ -1,7 +1,4 @@
-| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:10 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap | MaD:2 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap | MaD:6 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or | MaD:9 |
+| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:7 |
 | file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
 | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... |  |
@@ -11,7 +8,6 @@
 | main.rs:23:13:23:13 | a | main.rs:23:13:23:19 | a as u8 |  |
 | main.rs:24:10:24:10 | b | main.rs:24:10:24:17 | b as i64 |  |
 | main.rs:38:23:38:23 | s | main.rs:38:23:38:29 | s[...] |  |
-| main.rs:38:23:38:29 | s[...] | main.rs:38:22:38:29 | &... |  |
 | main.rs:54:14:54:16 | arr | main.rs:54:14:54:19 | arr[1] |  |
 | main.rs:64:24:64:24 | s | main.rs:64:24:64:27 | s[1] |  |
 | main.rs:69:9:69:12 | arr2 | main.rs:69:9:69:15 | arr2[1] |  |
diff --git a/rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
index 4730611d8c72..2de69da5312d 100644
--- a/rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/taint/inline-taint-flow.expected
@@ -7,10 +7,8 @@ edges
 | main.rs:22:9:22:9 | a | main.rs:23:9:23:9 | b | provenance |  |
 | main.rs:22:13:22:22 | source(...) | main.rs:22:9:22:9 | a | provenance |  |
 | main.rs:23:9:23:9 | b | main.rs:24:10:24:17 | b as i64 | provenance |  |
-| main.rs:37:13:37:13 | s | main.rs:38:13:38:18 | sliced | provenance |  |
 | main.rs:37:13:37:13 | s | main.rs:38:23:38:29 | s[...] | provenance |  |
 | main.rs:37:17:37:26 | source(...) | main.rs:37:13:37:13 | s | provenance |  |
-| main.rs:38:13:38:18 | sliced | main.rs:39:14:39:19 | sliced | provenance |  |
 | main.rs:38:13:38:18 | sliced [&ref] | main.rs:39:14:39:19 | sliced | provenance |  |
 | main.rs:38:22:38:29 | &... [&ref] | main.rs:38:13:38:18 | sliced [&ref] | provenance |  |
 | main.rs:38:23:38:29 | s[...] | main.rs:38:22:38:29 | &... [&ref] | provenance |  |
@@ -31,7 +29,6 @@ nodes
 | main.rs:24:10:24:17 | b as i64 | semmle.label | b as i64 |
 | main.rs:37:13:37:13 | s | semmle.label | s |
 | main.rs:37:17:37:26 | source(...) | semmle.label | source(...) |
-| main.rs:38:13:38:18 | sliced | semmle.label | sliced |
 | main.rs:38:13:38:18 | sliced [&ref] | semmle.label | sliced [&ref] |
 | main.rs:38:22:38:29 | &... [&ref] | semmle.label | &... [&ref] |
 | main.rs:38:23:38:29 | s[...] | semmle.label | s[...] |
diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
index 0a2dcf90d0de..58f42bec0c84 100644
--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -1,109 +1,4 @@
 #select
-| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:69 | ...::get(...) | user-provided value |
-| sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:69 | ...::get(...) | user-provided value |
-| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:69 | ...::get(...) | user-provided value |
-| sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:69 | ...::get(...) | user-provided value |
-| sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
-| sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
-| sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
-| sqlx.rs:123:29:123:51 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:123:29:123:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
-| sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
-| sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
-| sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:96:25:96:69 | ...::get(...) | user-provided value |
-| sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:169:25:169:69 | ...::get(...) | user-provided value |
-| sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:169:25:169:69 | ...::get(...) | user-provided value |
 edges
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:9:54:22 | unsafe_query_2 | provenance |  |
-| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance |  |
-| sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:48:25:48:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | provenance | MaD:4 |
-| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:3 |
-| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance |  |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 | sqlx.rs:65:30:65:43 | unsafe_query_2 | provenance |  |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 | sqlx.rs:76:29:76:42 | unsafe_query_2 | provenance |  |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:66:30:66:43 | unsafe_query_3 | provenance |  |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:77:29:77:42 | unsafe_query_3 | provenance |  |
-| sqlx.rs:65:30:65:43 | unsafe_query_2 | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:66:30:66:43 | unsafe_query_3 | sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:76:29:76:42 | unsafe_query_2 | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:77:29:77:42 | unsafe_query_3 | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:96:9:96:21 | remote_string | sqlx.rs:98:9:98:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:96:25:96:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:96:25:96:78 | ... .unwrap(...) | sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | provenance | MaD:4 |
-| sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | provenance | MaD:3 |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:96:9:96:21 | remote_string | provenance |  |
-| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:104:30:104:43 | unsafe_query_1 | provenance |  |
-| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:109:31:109:44 | unsafe_query_1 | provenance |  |
-| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:116:29:116:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:123:29:123:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:132:55:132:68 | unsafe_query_1 | provenance |  |
-| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:141:55:141:68 | unsafe_query_1 | provenance |  |
-| sqlx.rs:98:9:98:22 | unsafe_query_1 | sqlx.rs:149:29:149:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:104:30:104:43 | unsafe_query_1 | sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:109:31:109:44 | unsafe_query_1 | sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:116:29:116:42 | unsafe_query_1 | sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:123:29:123:42 | unsafe_query_1 | sqlx.rs:123:29:123:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:132:55:132:68 | unsafe_query_1 | sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:141:55:141:68 | unsafe_query_1 | sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:149:29:149:42 | unsafe_query_1 | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:169:9:169:21 | remote_string | sqlx.rs:171:9:171:22 | unsafe_query_1 | provenance |  |
-| sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:169:25:169:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:169:25:169:78 | ... .unwrap(...) | sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | provenance | MaD:4 |
-| sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | provenance | MaD:3 |
-| sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:169:9:169:21 | remote_string | provenance |  |
-| sqlx.rs:171:9:171:22 | unsafe_query_1 | sqlx.rs:177:30:177:43 | unsafe_query_1 | provenance |  |
-| sqlx.rs:171:9:171:22 | unsafe_query_1 | sqlx.rs:184:29:184:42 | unsafe_query_1 | provenance |  |
-| sqlx.rs:177:30:177:43 | unsafe_query_1 | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-| sqlx.rs:184:29:184:42 | unsafe_query_1 | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
-models
-| 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
-| 2 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self]; ReturnValue; taint |
-| 3 | Summary: lang:core; <crate::result::Result>::unwrap_or; Argument[self].Variant[crate::result::Result::Ok(0)]; ReturnValue; value |
-| 4 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue.Variant[crate::result::Result::Ok(0)]; taint |
 nodes
-| sqlx.rs:48:9:48:21 | remote_string | semmle.label | remote_string |
-| sqlx.rs:48:25:48:69 | ...::get(...) | semmle.label | ...::get(...) |
-| sqlx.rs:48:25:48:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
-| sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| sqlx.rs:54:9:54:22 | unsafe_query_2 | semmle.label | unsafe_query_2 |
-| sqlx.rs:55:9:55:22 | unsafe_query_3 | semmle.label | unsafe_query_3 |
-| sqlx.rs:65:30:65:43 | unsafe_query_2 | semmle.label | unsafe_query_2 |
-| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) |
-| sqlx.rs:66:30:66:43 | unsafe_query_3 | semmle.label | unsafe_query_3 |
-| sqlx.rs:66:30:66:52 | unsafe_query_3.as_str(...) | semmle.label | unsafe_query_3.as_str(...) |
-| sqlx.rs:76:29:76:42 | unsafe_query_2 | semmle.label | unsafe_query_2 |
-| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) |
-| sqlx.rs:77:29:77:42 | unsafe_query_3 | semmle.label | unsafe_query_3 |
-| sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | semmle.label | unsafe_query_3.as_str(...) |
-| sqlx.rs:96:9:96:21 | remote_string | semmle.label | remote_string |
-| sqlx.rs:96:25:96:69 | ...::get(...) | semmle.label | ...::get(...) |
-| sqlx.rs:96:25:96:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
-| sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| sqlx.rs:98:9:98:22 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:104:30:104:43 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
-| sqlx.rs:109:31:109:44 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:109:31:109:53 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
-| sqlx.rs:116:29:116:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:116:29:116:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
-| sqlx.rs:123:29:123:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:123:29:123:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
-| sqlx.rs:132:55:132:68 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:132:55:132:77 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
-| sqlx.rs:141:55:141:68 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
-| sqlx.rs:149:29:149:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
-| sqlx.rs:169:9:169:21 | remote_string | semmle.label | remote_string |
-| sqlx.rs:169:25:169:69 | ...::get(...) | semmle.label | ...::get(...) |
-| sqlx.rs:169:25:169:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
-| sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
-| sqlx.rs:171:9:171:22 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:177:30:177:43 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
-| sqlx.rs:184:29:184:42 | unsafe_query_1 | semmle.label | unsafe_query_1 |
-| sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
 subpaths
diff --git a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
index b8115a2bcd6d..257e1b6004d4 100644
--- a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
+++ b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs
@@ -62,8 +62,8 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
     let _ = conn.execute(safe_query_3.as_str()).await?; // $ sql-sink
     let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=args1
     if enable_remote {
-        let _ = conn.execute(unsafe_query_2.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
-        let _ = conn.execute(unsafe_query_3.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
+        let _ = conn.execute(unsafe_query_2.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
+        let _ = conn.execute(unsafe_query_3.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
         let _ = conn.execute(unsafe_query_4.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
     }
 
@@ -73,8 +73,8 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err
     let _ = sqlx::query(safe_query_3.as_str()).execute(&pool).await?; // $ sql-sink
     let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection][rust/sql-injection]=args1
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
-        let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1
+        let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
+        let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
         let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1
     }
     let _ = sqlx::query(prepared_query_1.as_str()).bind(const_string).execute(&pool).await?; // $ sql-sink
@@ -101,26 +101,26 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     // direct execution (with extra variants)
     let _ = conn.execute(safe_query_1.as_str()).await?; // $ sql-sink
     if enable_remote {
-        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
+        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2
     }
     // ...
     let _ = sqlx::raw_sql(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
+        let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2
     }
 
     // prepared queries (with extra variants)
     let _ = sqlx::query(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&mut conn).await?; // $ sql-sink
     }
     // ...
     let _ = sqlx::query(safe_query_1.as_str()).fetch(&mut conn); // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch(&mut conn); // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink Alert[rust/sql-injection]=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch(&mut conn); // $ sql-sink
     }
     // ...
@@ -129,7 +129,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let row2: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_one(&mut conn).await?; // $ sql-sink
     println!("  row2 = {:?}", row2);
     if enable_remote {
-        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
+        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2
         let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_one(&mut conn).await?; // $ sql-sink
     }
     // ...
@@ -138,7 +138,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let row4: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink
     println!("  row4 = {:?}", row4);
     if enable_remote {
-        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ Alert[rust/sql-injection]=remote2
+        let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ MISSING: Alert[rust/sql-injection]=remote2
         let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink
     }
     // ...
@@ -146,7 +146,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink
     let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2
+        let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink
         let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink
     }
@@ -174,14 +174,14 @@ async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx::
     // direct execution
     let _ = conn.execute(safe_query_1.as_str()).await?; // $ sql-sink
     if enable_remote {
-        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink Alert[rust/sql-injection]=remote3
+        let _ = conn.execute(unsafe_query_1.as_str()).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote3
     }
 
     // prepared queries
     let _ = sqlx::query(safe_query_1.as_str()).execute(&pool).await?; // $ sql-sink
     let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&pool).await?; // $ sql-sink
     if enable_remote {
-        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote3
+        let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote3
         let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&pool).await?; // $ sql-sink
     }