Rust: Re-model std::env sources using models-as-data.

geoffw0 · geoffw0 · commit 5a73e0bd0923 · 2025-01-17T13:39:04.000Z
diff --git a/rust/ql/lib/codeql/rust/Concepts.qll b/rust/ql/lib/codeql/rust/Concepts.qll
@@ -7,6 +7,7 @@
 private import codeql.rust.dataflow.DataFlow
 private import codeql.threatmodels.ThreatModels
 private import codeql.rust.Frameworks
+private import codeql.rust.dataflow.FlowSource
 
 /**
  * A data flow source for a specific threat-model.
@@ -66,6 +67,15 @@ module CommandLineArgsSource {
   }
 }
 
+/**
+ * An externally modeled source for command line arguments.
+ */
+class ModeledCommandLineArgsSource extends CommandLineArgsSource::Range {
+  ModeledCommandLineArgsSource() {
+    sourceNode(this, "command-line-source")
+  }
+}
+
 /**
  * A data flow source corresponding to the program's environment.
  */
@@ -85,6 +95,15 @@ module EnvironmentSource {
   }
 }
 
+/**
+ * An externally modeled source for data from the program's environment.
+ */
+class ModeledEnvironmentSource extends EnvironmentSource::Range {
+  ModeledEnvironmentSource() {
+    sourceNode(this, "environment-source")
+  }
+}
+
 /**
  * A data flow source for remote (network) data.
  */
@@ -104,6 +123,15 @@ module RemoteSource {
   }
 }
 
+/**
+ * An externally modeled source for remote (network) data.
+ */
+class ModeledRemoteSource extends RemoteSource::Range {
+  ModeledRemoteSource() {
+    sourceNode(this, "remote-source")
+  }
+}
+
 /**
  * A data flow node that constructs a SQL statement (for later execution).
  *
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["lang:std", "crate::env::args", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::args_os", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::current_dir", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::current_exe", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::home_dir", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::var", "ReturnValue", "environment-source", "manual"]
+      - ["lang:std", "crate::env::var_os", "ReturnValue", "environment-source", "manual"]
+      - ["lang:std", "crate::env::vars", "ReturnValue", "environment-source", "manual"]
+      - ["lang:std", "crate::env::vars_os", "ReturnValue", "environment-source", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected
@@ -1,4 +0,0 @@
-| test.rs:8:34:8:84 | //... | Missing result: hasTaintFlow |
-| test.rs:9:37:9:87 | //... | Missing result: hasTaintFlow |
-| test.rs:41:20:41:36 | //... | Missing result: hasTaintFlow |
-| test.rs:45:20:45:36 | //... | Missing result: hasTaintFlow |
diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected
@@ -1,19 +1,17 @@
-#select
+| test.rs:8:10:8:22 | ...::var | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:9:10:9:25 | ...::var_os | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:11:16:11:28 | ...::var | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:12:16:12:31 | ...::var_os | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:17:25:17:38 | ...::vars | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:22:25:22:41 | ...::vars_os | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:29:29:29:42 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:32:16:32:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:33:16:33:32 | ...::args_os | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:40:16:40:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:44:16:44:32 | ...::args_os | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:50:15:50:35 | ...::current_dir | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:51:15:51:35 | ...::current_exe | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:52:16:52:33 | ...::home_dir | Flow source 'CommandLineArgs' of type commandargs. |
 | test.rs:60:26:60:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:63:26:63:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). |
 | test.rs:66:26:66:60 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). |
-testFailures
-| test.rs:8:34:8:84 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:9:37:9:87 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:11:62:11:99 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:12:51:12:88 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:17:44:17:81 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:22:47:22:84 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:29:57:29:94 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:32:50:32:87 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:33:53:33:90 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:40:35:40:72 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:44:38:44:75 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:50:57:50:94 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:51:57:51:94 | //... | Missing result: Alert[rust/summary/taint-sources] |
-| test.rs:52:55:52:92 | //... | Missing result: Alert[rust/summary/taint-sources] |
diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs
@@ -5,8 +5,8 @@ fn sink<T>(_: T) { }
 // --- tests ---
 
 fn test_env_vars() {
-    sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow
-    sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow
+    sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="HOME"
+    sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="PATH"
 
     let var1 = std::env::var("HOME").expect("HOME not set"); // $ Alert[rust/summary/taint-sources]
     let var2 = std::env::var_os("PATH").unwrap(); // $ Alert[rust/summary/taint-sources]
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
@@ -1,5 +1,5 @@
-| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:14 |
-| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:12 |
+| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:23 |
+| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:21 |
 | file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
 | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... |  |
