Rust: address review

Also fix some minor things in `bulk_generate_mad.py`.

Author: Paolo Tranquilli

misc/scripts/models-as-data/bulk_generate_mad.py

@@ -8,23 +8,27 @@
 import os.path
 import subprocess
 import sys
-from typing import NotRequired, TypedDict, List, Callable, Optional
+from typing import Required, TypedDict, List, Callable, Optional
 from concurrent.futures import ThreadPoolExecutor, as_completed
 import time
 import argparse
-import json
-import requests
 import zipfile
 import tarfile
 import shutil
 
+def missing_module(module_name: str) -> None:
+    print(f"ERROR: {module_name} is not installed. Please install it with 'pip install {module_name}'.")
+    sys.exit(1)
+
 try:
     import yaml
 except ImportError:
-    print(
-        "ERROR: PyYAML is not installed. Please install it with 'pip install pyyaml'."
-    )
-    sys.exit(1)
+    missing_module("pyyaml")
+
+try:
+    import requests
+except ImportError:
+    missing_module("requests")
 
 import generate_mad as mad
 
@@ -37,23 +41,14 @@
 
 
 # A project to generate models for
-class Project(TypedDict):
-    """
-    Type definition for projects (acquired via a GitHub repo) to model.
-
-    Attributes:
-        name: The name of the project
-        git_repo: URL to the git repository
-        git_tag: Optional Git tag to check out
-    """
-
-    name: str
-    git_repo: NotRequired[str]
-    git_tag: NotRequired[str]
-    with_sinks: NotRequired[bool]
-    with_sinks: NotRequired[bool]
-    with_summaries: NotRequired[bool]
-
+Project = TypedDict("Project", {
+    "name": Required[str],
+    "git-repo": str,
+    "git-tag": str,
+    "with-sinks": bool,
+    "with-sources": bool,
+    "with-summaries": bool,
+}, total=False)
 
 def should_generate_sinks(project: Project) -> bool:
     return project.get("with-sinks", True)
@@ -72,14 +67,14 @@ def clone_project(project: Project) -> str:
     Shallow clone a project into the build directory.
 
     Args:
-        project: A dictionary containing project information with 'name', 'git_repo', and optional 'git_tag' keys.
+        project: A dictionary containing project information with 'name', 'git-repo', and optional 'git-tag' keys.
 
     Returns:
         The path to the cloned project directory.
     """
     name = project["name"]
-    repo_url = project["git_repo"]
-    git_tag = project.get("git_tag")
+    repo_url = project["git-repo"]
+    git_tag = project.get("git-tag")
 
     # Determine target directory
     target_dir = os.path.join(build_dir, name)
@@ -178,7 +173,7 @@ def build_database(
     Args:
         language: The language for which to build the database (e.g., "rust").
         extractor_options: Additional options for the extractor.
-        project: A dictionary containing project information with 'name' and 'git_repo' keys.
+        project: A dictionary containing project information with 'name' and 'git-repo' keys.
         project_dir: Path to the CodeQL database.
 
     Returns:

rust/bulk_generation_targets.yml

@@ -1,6 +1,12 @@
 strategy: dca
 language: rust
 destination: rust/ql/lib/ext/generated
+# targets must have name specified and corresponding to the name in the DCA suite
+# they can optionally specify any of
+#   with-sinks: false
+#   with-sources: false
+#   with-summaries: false
+# if a target has a dependency in this same list, it should be listed after that dependency
 targets:
 - name: rust
 - name: libc

rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected

@@ -526,3 +526,4 @@ nodes
 subpaths
 testFailures
 | main.rs:202:32:202:38 | realloc | Unexpected result: Alert=arg1 |
+| main.rs:202:52:202:96 | //... | Missing result: Alert[rust/uncontrolled-allocation-size] |

rust/ql/test/query-tests/security/CWE-770/main.rs

@@ -199,7 +199,7 @@ unsafe fn test_system_alloc(v: usize) {
 
     let l3 = std::alloc::Layout::array::<u8>(10).unwrap();
     let m3 = std::alloc::System.alloc(l3);
-    let _ = std::alloc::System.realloc(m3, l3, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size]
+    let _ = std::alloc::System.realloc(m3, l3, v); // $ Alert[rust/uncontrolled-allocation-size]
 
     let l4 = std::alloc::Layout::array::<u8>(10).unwrap();
     let m4 = std::ptr::NonNull::<u8>::new(std::alloc::alloc(l4)).unwrap();