Rust: Address PR comments

paldepind · paldepind · commit a96a5fc737c4 · 2025-03-14T13:24:16.000+01:00
diff --git a/rust/ql/lib/codeql/rust/dataflow/DataFlow.qll b/rust/ql/lib/codeql/rust/dataflow/DataFlow.qll
@@ -26,6 +26,20 @@ module DataFlow {
 
   final class Content = Content::Content;
 
+  final class FieldContent = Content::FieldContent;
+
+  final class TuplePositionContent = Content::TuplePositionContent;
+
+  final class TupleFieldContent = Content::TupleFieldContent;
+
+  final class RecordFieldContent = Content::RecordFieldContent;
+
+  final class ReferenceContent = Content::ReferenceContent;
+
+  final class ElementContent = Content::ElementContent;
+
+  final class FutureContent = Content::FutureContent;
+
   final class ContentSet = Content::ContentSet;
 
   /**
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll b/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll
@@ -209,32 +209,26 @@ final class SingletonContentSet extends ContentSet, TSingletonContentSet {
   override Content getAReadContent() { result = c }
 }
 
-/** A collection of cached types and predicates to be evaluated in the same stage. */
-cached
-private module Cached {
-  private import codeql.rust.internal.CachedStages
-
-  cached
-  newtype TContent =
-    TTupleFieldContent(TupleField field) { Stages::DataFlowStage::ref() } or
-    TRecordFieldContent(RecordField field) or
-    // TODO: Remove once library types are extracted
-    TVariantInLibTupleFieldContent(VariantInLib::VariantInLib v, int pos) { pos = v.getAPosition() } or
-    TElementContent() or
-    TFutureContent() or
-    TTuplePositionContent(int pos) {
-      pos in [0 .. max([
-                any(TuplePat pat).getNumberOfFields(),
-                any(FieldExpr access).getNameRef().getText().toInt()
-              ]
-          )]
-    } or
-    TFunctionCallReturnContent() or
-    TFunctionCallArgumentContent(int pos) {
-      pos in [0 .. any(CallExpr c).getArgList().getNumberOfArgs() - 1]
-    } or
-    TCapturedVariableContent(VariableCapture::CapturedVariable v) or
-    TReferenceContent()
-}
+private import codeql.rust.internal.CachedStages
 
-import Cached
+cached
+newtype TContent =
+  TTupleFieldContent(TupleField field) { Stages::DataFlowStage::ref() } or
+  TRecordFieldContent(RecordField field) or
+  // TODO: Remove once library types are extracted
+  TVariantInLibTupleFieldContent(VariantInLib::VariantInLib v, int pos) { pos = v.getAPosition() } or
+  TElementContent() or
+  TFutureContent() or
+  TTuplePositionContent(int pos) {
+    pos in [0 .. max([
+              any(TuplePat pat).getNumberOfFields(),
+              any(FieldExpr access).getNameRef().getText().toInt()
+            ]
+        )]
+  } or
+  TFunctionCallReturnContent() or
+  TFunctionCallArgumentContent(int pos) {
+    pos in [0 .. any(CallExpr c).getArgList().getNumberOfArgs() - 1]
+  } or
+  TCapturedVariableContent(VariableCapture::CapturedVariable v) or
+  TReferenceContent()
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll b/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll
@@ -446,41 +446,35 @@ private class CapturePostUpdateNode extends PostUpdateNode, CaptureNode {
 
 final class CastNode = NaNode;
 
-/** A collection of cached types and predicates to be evaluated in the same stage. */
-cached
-private module Cached {
-  private import codeql.rust.internal.CachedStages
-
-  cached
-  newtype TNode =
-    TExprNode(ExprCfgNode n) { Stages::DataFlowStage::ref() } or
-    TSourceParameterNode(ParamBaseCfgNode p) or
-    TPatNode(PatCfgNode p) or
-    TNameNode(NameCfgNode n) { n.getName() = any(Variable v).getName() } or
-    TExprPostUpdateNode(ExprCfgNode e) {
-      isArgumentForCall(e, _, _)
-      or
-      lambdaCallExpr(_, _, e)
-      or
-      lambdaCreationExpr(e.getExpr(), _)
-      or
-      // Whenever `&mut e` has a post-update node we also create one for `e`.
-      // E.g., for `e` in `f(..., &mut e, ...)` or `*(&mut e) = ...`.
-      e = any(RefExprCfgNode ref | ref.isMut() and exists(TExprPostUpdateNode(ref))).getExpr()
-      or
-      e =
-        [
-          any(IndexExprCfgNode i).getBase(), any(FieldExprCfgNode access).getExpr(),
-          any(TryExprCfgNode try).getExpr(),
-          any(PrefixExprCfgNode pe | pe.getOperatorName() = "*").getExpr(),
-          any(AwaitExprCfgNode a).getExpr(), any(MethodCallExprCfgNode mc).getReceiver()
-        ]
-    } or
-    TReceiverNode(MethodCallExprCfgNode mc, Boolean isPost) or
-    TSsaNode(SsaImpl::DataFlowIntegration::SsaNode node) or
-    TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
-    TClosureSelfReferenceNode(CfgScope c) { lambdaCreationExpr(c, _) } or
-    TCaptureNode(VariableCapture::Flow::SynthesizedCaptureNode cn)
-}
+private import codeql.rust.internal.CachedStages
 
-import Cached
+cached
+newtype TNode =
+  TExprNode(ExprCfgNode n) { Stages::DataFlowStage::ref() } or
+  TSourceParameterNode(ParamBaseCfgNode p) or
+  TPatNode(PatCfgNode p) or
+  TNameNode(NameCfgNode n) { n.getName() = any(Variable v).getName() } or
+  TExprPostUpdateNode(ExprCfgNode e) {
+    isArgumentForCall(e, _, _)
+    or
+    lambdaCallExpr(_, _, e)
+    or
+    lambdaCreationExpr(e.getExpr(), _)
+    or
+    // Whenever `&mut e` has a post-update node we also create one for `e`.
+    // E.g., for `e` in `f(..., &mut e, ...)` or `*(&mut e) = ...`.
+    e = any(RefExprCfgNode ref | ref.isMut() and exists(TExprPostUpdateNode(ref))).getExpr()
+    or
+    e =
+      [
+        any(IndexExprCfgNode i).getBase(), any(FieldExprCfgNode access).getExpr(),
+        any(TryExprCfgNode try).getExpr(),
+        any(PrefixExprCfgNode pe | pe.getOperatorName() = "*").getExpr(),
+        any(AwaitExprCfgNode a).getExpr(), any(MethodCallExprCfgNode mc).getReceiver()
+      ]
+  } or
+  TReceiverNode(MethodCallExprCfgNode mc, Boolean isPost) or
+  TSsaNode(SsaImpl::DataFlowIntegration::SsaNode node) or
+  TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
+  TClosureSelfReferenceNode(CfgScope c) { lambdaCreationExpr(c, _) } or
+  TCaptureNode(VariableCapture::Flow::SynthesizedCaptureNode cn)
diff --git a/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql b/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
@@ -17,7 +17,6 @@ import rust
 import codeql.rust.security.CleartextLoggingExtensions
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.dataflow.TaintTracking
-import codeql.rust.dataflow.internal.Content
 
 /**
  * A taint-tracking configuration for cleartext logging vulnerabilities.
@@ -44,7 +43,7 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {
   predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
     // flow out from tuple content at sinks.
     isSink(node) and
-    c.getAReadContent() instanceof TuplePositionContent
+    c.getAReadContent() instanceof DataFlow::TuplePositionContent
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,6 @@ import rust`
`17`	`17`	`import codeql.rust.security.CleartextLoggingExtensions`
`18`	`18`	`import codeql.rust.dataflow.DataFlow`
`19`	`19`	`import codeql.rust.dataflow.TaintTracking`
`20`		`-import codeql.rust.dataflow.internal.Content`
`21`	`20`
`22`	`21`	`/**`
`23`	`22`	`* A taint-tracking configuration for cleartext logging vulnerabilities.`
`@@ -44,7 +43,7 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {`
`44`	`43`	`predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {`
`45`	`44`	`// flow out from tuple content at sinks.`
`46`	`45`	`isSink(node) and`
`47`		`- c.getAReadContent() instanceof TuplePositionContent`
	`46`	`+ c.getAReadContent() instanceof DataFlow::TuplePositionContent`
`48`	`47`	`}`
`49`	`48`	`}`
`50`	`49`