From 37997c05610f6fe5e55d9a570ff6d8de8f5a43c3 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 1 Sep 2025 15:21:41 +0200 Subject: [PATCH 1/3] Rust: Fix some Ql4Ql violations. --- rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll | 3 ++- rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll | 3 +++ rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll | 3 +-- rust/ql/lib/codeql/rust/internal/Type.qll | 4 +--- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll index 727f14bb94ab..47ae294492eb 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll @@ -196,7 +196,8 @@ private ExprCfgNode getALastEvalNode(ExprCfgNode e) { /** * Holds if a reverse local flow step should be added from the post-update node - * for `e` to the post-update node for the result. + * for `e` to the post-update node for the result. `preservesValue` is true + * if the step is value preserving. * * This is needed to allow for side-effects on compound expressions to propagate * to sub components. For example, in diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll index 7f8df8d144ba..e5f6f09e17ad 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll @@ -52,6 +52,7 @@ private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprB /** * Holds if in a call to the function with canonical path `path`, the value referred * to by `output` is a flow source of the given `kind`. + * The `madId` is the data extension row number. * * `output = "ReturnValue"` simply means the result of the call itself. * @@ -65,6 +66,7 @@ extensible predicate sourceModel( /** * Holds if in a call to the function with canonical path `path`, the value referred * to by `input` is a flow sink of the given `kind`. + * The `madId` is the data extension row number. * * For example, `input = Argument[0]` means the first argument of the call. * @@ -78,6 +80,7 @@ extensible predicate sinkModel( /** * Holds if in a call to the function with canonical path `path`, the value referred * to by `input` can flow to the value referred to by `output`. + * The `madId` is the data extension row number. * * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving * steps, respectively. diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll index ac6e08bb9cf7..020b50594a6d 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll @@ -123,11 +123,10 @@ module Impl { } class CallExprMethodCall extends Call instanceof CallExpr { - Path qualifier; string methodName; boolean selfIsRef; - CallExprMethodCall() { callIsMethodCall(this, qualifier, methodName, selfIsRef) } + CallExprMethodCall() { callIsMethodCall(this, _, methodName, selfIsRef) } /** * Holds if this call must have an explicit borrow for the `self` argument, diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index 56c179354b40..eaa7e83fc6da 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -620,9 +620,7 @@ final class TypeBoundTypeAbstraction extends TypeAbstraction, TypeBound { } final class SelfTypeBoundTypeAbstraction extends TypeAbstraction, Name { - private TraitTypeAbstraction trait; - - SelfTypeBoundTypeAbstraction() { trait.getName() = this } + SelfTypeBoundTypeAbstraction() { any(TraitTypeAbstraction trait).getName() = this } override TypeParameter getATypeParameter() { none() } } From 464d8b13a85bb9cbd618ea8823169bd10ff421fd Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 2 Sep 2025 13:33:51 +0200 Subject: [PATCH 2/3] Rust: Address review comments. --- .../ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll index e5f6f09e17ad..4f1609dcf3c6 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll @@ -65,8 +65,8 @@ extensible predicate sourceModel( /** * Holds if in a call to the function with canonical path `path`, the value referred - * to by `input` is a flow sink of the given `kind`. - * The `madId` is the data extension row number. + * to by `input` is a flow sink of the given `kind` and `madId` is the data + * extension row number. * * For example, `input = Argument[0]` means the first argument of the call. * @@ -79,8 +79,8 @@ extensible predicate sinkModel( /** * Holds if in a call to the function with canonical path `path`, the value referred - * to by `input` can flow to the value referred to by `output`. - * The `madId` is the data extension row number. + * to by `input` can flow to the value referred to by `output` and `madId` is the data + * extension row number. * * `kind` should be either `value` or `taint`, for value-preserving or taint-preserving * steps, respectively. From 6f5da528a469bc32c3550cd4b3401c6eb1dfee04 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 2 Sep 2025 13:34:23 +0200 Subject: [PATCH 3/3] Update rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll Co-authored-by: Simon Friis Vindum --- rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll index 4f1609dcf3c6..067ef98b2fc0 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll @@ -51,8 +51,8 @@ private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprB /** * Holds if in a call to the function with canonical path `path`, the value referred - * to by `output` is a flow source of the given `kind`. - * The `madId` is the data extension row number. + * to by `output` is a flow source of the given `kind` and `madId` is the data + * extension row number. * * `output = "ReturnValue"` simply means the result of the call itself. *