Rust: Move the getGreaterOperand/getLesserOperand predicates into RelationalOperation.

Author: geoffw0

rust/ql/lib/codeql/rust/elements/ComparisonOperation.qll

@@ -33,7 +33,23 @@ final class NotEqualOperation extends EqualityOperationImpl {
 /**
  * A relational comparison operation, that is, one of `<=`, `<`, `>`, or `>=`.
  */
-abstract private class RelationalOperationImpl extends BinaryExpr, ComparisonOperationImpl { }
+abstract private class RelationalOperationImpl extends BinaryExpr, ComparisonOperationImpl {
+  /**
+   * Gets the operand on the "greater" (or "greater-or-equal") side
+   * of this relational expression, that is, the side that is larger
+   * if the overall expression evaluates to `true`; for example on
+   * `x <= 20` this is the `20`, and on `y > 0` it is `y`.
+   */
+  abstract Expr getGreaterOperand();
+
+  /**
+   * Gets the operand on the "lesser" (or "lesser-or-equal") side
+   * of this relational expression, that is, the side that is smaller
+   * if the overall expression evaluates to `true`; for example on
+   * `x <= 20` this is `x`, and on `y > 0` it is the `0`.
+   */
+  abstract Expr getLesserOperand();
+}
 
 final class RelationalOperation = RelationalOperationImpl;
 
@@ -42,25 +58,41 @@ final class RelationalOperation = RelationalOperationImpl;
  */
 final class LessThanOperation extends RelationalOperationImpl, BinaryExpr {
   LessThanOperation() { this.getOperatorName() = "<" }
+
+  override Expr getGreaterOperand() { result = this.getRhs() }
+
+  override Expr getLesserOperand() { result = this.getLhs() }
 }
 
 /**
- * The greater than comparison operation, `>?`.
+ * The greater than comparison operation, `>`.
  */
 final class GreaterThanOperation extends RelationalOperationImpl, BinaryExpr {
   GreaterThanOperation() { this.getOperatorName() = ">" }
+
+  override Expr getGreaterOperand() { result = this.getLhs() }
+
+  override Expr getLesserOperand() { result = this.getRhs() }
 }
 
 /**
  * The less than or equal comparison operation, `<=`.
  */
 final class LessOrEqualOperation extends RelationalOperationImpl, BinaryExpr {
   LessOrEqualOperation() { this.getOperatorName() = "<=" }
+
+  override Expr getGreaterOperand() { result = this.getRhs() }
+
+  override Expr getLesserOperand() { result = this.getLhs() }
 }
 
 /**
  * The less than or equal comparison operation, `>=`.
  */
 final class GreaterOrEqualOperation extends RelationalOperationImpl, BinaryExpr {
   GreaterOrEqualOperation() { this.getOperatorName() = ">=" }
+
+  override Expr getGreaterOperand() { result = this.getLhs() }
+
+  override Expr getLesserOperand() { result = this.getRhs() }
 }

rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll

@@ -43,44 +43,16 @@ module UncontrolledAllocationSize {
     }
   }
 
-  /**
-   * Gets the operand on the "greater" (or "greater-or-equal") side
-   * of this relational expression, that is, the side that is larger
-   * if the overall expression evaluates to `true`; for example on
-   * `x <= 20` this is the `20`, and on `y > 0` it is `y`.
-   */
-  private Expr getGreaterOperand(BinaryExpr op) {
-    op.getOperatorName() = ["<", "<="] and
-    result = op.getRhs()
-    or
-    op.getOperatorName() = [">", ">="] and
-    result = op.getLhs()
-  }
-
-  /**
-   * Gets the operand on the "lesser" (or "lesser-or-equal") side
-   * of this relational expression, that is, the side that is smaller
-   * if the overall expression evaluates to `true`; for example on
-   * `x <= 20` this is `x`, and on `y > 0` it is the `0`.
-   */
-  private Expr getLesserOperand(BinaryExpr op) {
-    op.getOperatorName() = ["<", "<="] and
-    result = op.getLhs()
-    or
-    op.getOperatorName() = [">", ">="] and
-    result = op.getRhs()
-  }
-
   /**
    * Holds if comparison `g` having result `branch` indicates an upper bound for the sub-expression
    * `node`. For example when the comparison `x < 10` is true, we have an upper bound for `x`.
    */
   private predicate isUpperBoundCheck(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) {
     exists(BinaryExpr cmp | g = cmp.getACfgNode() |
-      node = getLesserOperand(cmp).getACfgNode() and
+      node = cmp.(RelationalOperation).getLesserOperand().getACfgNode() and
       branch = true
       or
-      node = getGreaterOperand(cmp).getACfgNode() and
+      node = cmp.(RelationalOperation).getGreaterOperand().getACfgNode() and
       branch = false
       or
       cmp.getOperatorName() = "==" and

rust/ql/test/library-tests/operations/Operations.ql

@@ -34,7 +34,9 @@ string describe(Expr op) {
 }
 
 module OperationsTest implements TestSig {
-  string getARelevantTag() { result = describe(_) or result = ["Op", "Operands"] }
+  string getARelevantTag() {
+    result = describe(_) or result = ["Op", "Operands", "Greater", "Lesser"]
+  }
 
   predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(Expr op |
@@ -51,6 +53,14 @@ module OperationsTest implements TestSig {
         op instanceof Operation and
         tag = "Operands" and
         value = count(op.(Operation).getAnOperand()).toString()
+        or
+        op instanceof RelationalOperation and
+        tag = "Greater" and
+        value = op.(RelationalOperation).getGreaterOperand().toString()
+        or
+        op instanceof RelationalOperation and
+        tag = "Lesser" and
+        value = op.(RelationalOperation).getLesserOperand().toString()
       )
     )
   }

rust/ql/test/library-tests/operations/test.rs

@@ -13,10 +13,10 @@ fn test_operations(
 	// comparison operations
 	x == y; // $ Operation Op=== Operands=2 BinaryExpr ComparisonOperation EqualityOperation EqualOperation
 	x != y; // $ Operation Op=!= Operands=2 BinaryExpr ComparisonOperation EqualityOperation NotEqualOperation
-	x < y; // $ Operation Op=< Operands=2 BinaryExpr ComparisonOperation RelationalOperation LessThanOperation
-	x <= y; // $ Operation Op=<= Operands=2 BinaryExpr ComparisonOperation RelationalOperation LessOrEqualOperation
-	x > y; // $ Operation Op=> Operands=2 BinaryExpr ComparisonOperation RelationalOperation GreaterThanOperation
-	x >= y; // $ Operation Op=>= Operands=2 BinaryExpr ComparisonOperation RelationalOperation GreaterOrEqualOperation
+	x < y; // $ Operation Op=< Operands=2 BinaryExpr ComparisonOperation RelationalOperation LessThanOperation Greater=y Lesser=x
+	x <= y; // $ Operation Op=<= Operands=2 BinaryExpr ComparisonOperation RelationalOperation LessOrEqualOperation Greater=y Lesser=x
+	x > y; // $ Operation Op=> Operands=2 BinaryExpr ComparisonOperation RelationalOperation GreaterThanOperation Greater=x Lesser=y
+	x >= y; // $ Operation Op=>= Operands=2 BinaryExpr ComparisonOperation RelationalOperation GreaterOrEqualOperation Greater=x Lesser=y
 
 	// arithmetic operations
 	x + y; // $ Operation Op=+ Operands=2 BinaryExpr