Rust: Adopt shared flow summaries library

Author: hvitved

rust/ql/lib/codeql/rust/dataflow/DataFlow.qll

@@ -15,7 +15,14 @@ private import DataFlowImpl::Node as Node
 module DataFlow {
   final class Node = Node::Node;
 
-  final class ParameterNode = Node::ParameterNode;
+  /**
+   * The value of a parameter at function entry, viewed as a node in a data
+   * flow graph.
+   */
+  final class ParameterNode extends Node instanceof Node::SourceParameterNode {
+    /** Gets the parameter that this node corresponds to. */
+    ParamBase getParameter() { result = super.getParameter().getParamBase() }
+  }
 
   final class PostUpdateNode = Node::PostUpdateNode;
 

rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll

@@ -0,0 +1,58 @@
+/** Provides classes and predicates for defining flow summaries. */
+
+private import rust
+private import internal.FlowSummaryImpl as Impl
+private import internal.DataFlowImpl
+
+// import all instances below
+private module Summaries {
+  private import codeql.rust.Frameworks
+}
+
+/** Provides the `Range` class used to define the extent of `LibraryCallable`. */
+module LibraryCallable {
+  /** A callable defined in library code, identified by a unique string. */
+  abstract class Range extends string {
+    bindingset[this]
+    Range() { any() }
+
+    /** Gets a call to this library callable. */
+    CallExprBase getACall() {
+      exists(Resolvable r, string crate |
+        r = getCallResolvable(result) and
+        this = crate + r.getResolvedPath()
+      |
+        crate = r.getResolvedCrateOrigin() + "::_::"
+        or
+        not r.hasResolvedCrateOrigin() and
+        crate = ""
+      )
+    }
+  }
+}
+
+final class LibraryCallable = LibraryCallable::Range;
+
+/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
+module SummarizedCallable {
+  /** A callable with a flow summary, identified by a unique string. */
+  abstract class Range extends LibraryCallable::Range, Impl::Public::SummarizedCallable {
+    bindingset[this]
+    Range() { any() }
+
+    override predicate propagatesFlow(
+      string input, string output, boolean preservesValue, string model
+    ) {
+      this.propagatesFlow(input, output, preservesValue) and model = ""
+    }
+
+    /**
+     * Holds if data may flow from `input` to `output` through this callable.
+     *
+     * `preservesValue` indicates whether this is a value-preserving step or a taint-step.
+     */
+    abstract predicate propagatesFlow(string input, string output, boolean preservesValue);
+  }
+}
+
+final class SummarizedCallable = SummarizedCallable::Range;