Merge pull request github#18130 from hvitved/rust/flow-summary-impl

Rust: Adopt shared flow summaries library

Author: hvitved

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll

@@ -731,11 +731,9 @@ module LocalFlow {
     or
     node2 = node1.(LocalFunctionCreationNode).getAnAccess(true)
     or
-    node1 =
-      unique(FlowSummaryNode n1 |
-        FlowSummaryImpl::Private::Steps::summaryLocalStep(n1.getSummaryNode(),
-          node2.(FlowSummaryNode).getSummaryNode(), true, _)
-      )
+    FlowSummaryImpl::Private::Steps::summaryLocalMustFlowStep(node1
+          .(FlowSummaryNode)
+          .getSummaryNode(), node2.(FlowSummaryNode).getSummaryNode())
   }
 }
 

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll

@@ -160,11 +160,8 @@ predicate localMustFlowStep(Node node1, Node node2) {
   or
   node2.asExpr().(AssignExpr).getSource() = node1.asExpr()
   or
-  node1 =
-    unique(FlowSummaryNode n1 |
-      FlowSummaryImpl::Private::Steps::summaryLocalStep(n1.getSummaryNode(),
-        node2.(FlowSummaryNode).getSummaryNode(), true, _)
-    )
+  FlowSummaryImpl::Private::Steps::summaryLocalMustFlowStep(node1.(FlowSummaryNode).getSummaryNode(),
+    node2.(FlowSummaryNode).getSummaryNode())
 }
 
 import Cached

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll

@@ -175,11 +175,9 @@ module LocalFlow {
     or
     node1 = node2.(ImplicitBlockArgumentNode).getParameterNode(true)
     or
-    node1 =
-      unique(FlowSummaryNode n1 |
-        FlowSummaryImpl::Private::Steps::summaryLocalStep(n1.getSummaryNode(),
-          node2.(FlowSummaryNode).getSummaryNode(), true, _)
-      )
+    FlowSummaryImpl::Private::Steps::summaryLocalMustFlowStep(node1
+          .(FlowSummaryNode)
+          .getSummaryNode(), node2.(FlowSummaryNode).getSummaryNode())
   }
 }
 

rust/ql/lib/codeql/rust/dataflow/DataFlow.qll

@@ -15,7 +15,14 @@ private import DataFlowImpl::Node as Node
 module DataFlow {
   final class Node = Node::Node;
 
-  final class ParameterNode = Node::ParameterNode;
+  /**
+   * The value of a parameter at function entry, viewed as a node in a data
+   * flow graph.
+   */
+  final class ParameterNode extends Node instanceof Node::SourceParameterNode {
+    /** Gets the parameter that this node corresponds to. */
+    ParamBase getParameter() { result = super.getParameter().getParamBase() }
+  }
 
   final class PostUpdateNode = Node::PostUpdateNode;
 

rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll

@@ -0,0 +1,69 @@
+/** Provides classes and predicates for defining flow summaries. */
+
+private import rust
+private import internal.FlowSummaryImpl as Impl
+private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
+
+// import all instances below
+private module Summaries {
+  private import codeql.rust.Frameworks
+
+  // TODO: Use models-as-data when it's available
+  private class UnwrapSummary extends SummarizedCallable::Range {
+    UnwrapSummary() { this = "lang:core::_::<crate::option::Option>::unwrap" }
+
+    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
+      input = "Argument[self].Variant[crate::std::option::Option::Some(0)]" and
+      output = "ReturnValue" and
+      preservesValue = true
+    }
+  }
+}
+
+/** Provides the `Range` class used to define the extent of `LibraryCallable`. */
+module LibraryCallable {
+  /** A callable defined in library code, identified by a unique string. */
+  abstract class Range extends string {
+    bindingset[this]
+    Range() { any() }
+
+    /** Gets a call to this library callable. */
+    CallExprBase getACall() {
+      exists(Resolvable r, string crate |
+        r = CallExprBaseImpl::getCallResolvable(result) and
+        this = crate + r.getResolvedPath()
+      |
+        crate = r.getResolvedCrateOrigin() + "::_::"
+        or
+        not r.hasResolvedCrateOrigin() and
+        crate = ""
+      )
+    }
+  }
+}
+
+final class LibraryCallable = LibraryCallable::Range;
+
+/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
+module SummarizedCallable {
+  /** A callable with a flow summary, identified by a unique string. */
+  abstract class Range extends LibraryCallable::Range, Impl::Public::SummarizedCallable {
+    bindingset[this]
+    Range() { any() }
+
+    override predicate propagatesFlow(
+      string input, string output, boolean preservesValue, string model
+    ) {
+      this.propagatesFlow(input, output, preservesValue) and model = ""
+    }
+
+    /**
+     * Holds if data may flow from `input` to `output` through this callable.
+     *
+     * `preservesValue` indicates whether this is a value-preserving step or a taint-step.
+     */
+    abstract predicate propagatesFlow(string input, string output, boolean preservesValue);
+  }
+}
+
+final class SummarizedCallable = SummarizedCallable::Range;