Rust: Count taint edges as well.

Author: geoffw0

rust/ql/src/queries/summary/Stats.qll

@@ -44,6 +44,16 @@ int getTotalDataFlowInconsistencies() {
   result = sum(string type | | DataFlowConsistency::getInconsistencyCounts(type))
 }
 
+/**
+ * Gets the total number of taint edges in the database.
+ */
+int getTaintEdgesCount() {
+  result =
+    count(DataFlow::Node a, DataFlow::Node b |
+      RustTaintTracking::defaultAdditionalTaintStep(a, b, _)
+    )
+}
+
 /**
  * Gets a kind of query for which `n` is a sink (if any).
  */

rust/ql/src/queries/summary/SummaryStats.ql

@@ -60,6 +60,8 @@ where
   or
   key = "Taint sources - active" and value = count(ActiveThreatModelSource s)
   or
+  key = "Taint edges - number of edges" and value = getTaintEdgesCount()
+  or
   key = "Taint reach - nodes tainted" and value = getTaintedNodesCount()
   or
   key = "Taint reach - per million nodes" and value = getTaintReach().floor()

rust/ql/test/query-tests/diagnostics/SummaryStats.expected

@@ -15,6 +15,7 @@
 | Macro calls - total | 9 |
 | Macro calls - unresolved | 1 |
 | Sensitive data | 0 |
+| Taint edges - number of edges | 2 |
 | Taint reach - nodes tainted | 0 |
 | Taint reach - per million nodes | 0 |
 | Taint sinks - cryptographic operations | 0 |