Skip to content

Commit 8efd870

Browse files
hvitvedhvitved
authored
Merge pull request github#18292 from hvitved/rust/never-skip-lhs
Rust: Never skip assignment LHS in data flow
2 parents d8c05b5 + ddd05b5 commit 8efd870

File tree

7 files changed

+309
-90
lines changed

7 files changed

+309
-90
lines changed

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -855,6 +855,17 @@ module RustDataFlow implements InputSig<Location> {
855855
node instanceof Node::ClosureParameterNode
856856
}
857857

858+
predicate neverSkipInPathGraph(Node node) {
859+
node.getCfgNode() = any(LetStmtCfgNode s).getPat()
860+
or
861+
node.getCfgNode() = any(AssignmentExprCfgNode a).getLhs()
862+
or
863+
exists(MatchExprCfgNode match |
864+
node.asExpr() = match.getScrutinee() or
865+
node.asExpr() = match.getArmPat(_)
866+
)
867+
}
868+
858869
class DataFlowExpr = ExprCfgNode;
859870

860871
/** Gets the node corresponding to `e`. */

rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,32 @@
11
models
22
edges
3-
| main.rs:9:13:9:19 | ...: ... | main.rs:9:30:14:1 | { ... } | provenance | |
4-
| main.rs:21:13:21:21 | source(...) | main.rs:22:10:22:10 | s | provenance | |
5-
| main.rs:26:13:26:21 | source(...) | main.rs:27:22:27:22 | s | provenance | |
6-
| main.rs:27:13:27:23 | sanitize(...) | main.rs:28:10:28:10 | s | provenance | |
3+
| main.rs:9:13:9:19 | ...: ... | main.rs:10:11:10:11 | s | provenance | |
4+
| main.rs:10:11:10:11 | s | main.rs:9:30:14:1 | { ... } | provenance | |
5+
| main.rs:21:9:21:9 | s | main.rs:22:10:22:10 | s | provenance | |
6+
| main.rs:21:13:21:21 | source(...) | main.rs:21:9:21:9 | s | provenance | |
7+
| main.rs:26:9:26:9 | s | main.rs:27:22:27:22 | s | provenance | |
8+
| main.rs:26:13:26:21 | source(...) | main.rs:26:9:26:9 | s | provenance | |
9+
| main.rs:27:9:27:9 | s | main.rs:28:10:28:10 | s | provenance | |
10+
| main.rs:27:13:27:23 | sanitize(...) | main.rs:27:9:27:9 | s | provenance | |
711
| main.rs:27:22:27:22 | s | main.rs:9:13:9:19 | ...: ... | provenance | |
812
| main.rs:27:22:27:22 | s | main.rs:27:13:27:23 | sanitize(...) | provenance | |
9-
| main.rs:32:13:32:21 | source(...) | main.rs:33:10:33:10 | s | provenance | |
13+
| main.rs:32:9:32:9 | s | main.rs:33:10:33:10 | s | provenance | |
14+
| main.rs:32:13:32:21 | source(...) | main.rs:32:9:32:9 | s | provenance | |
1015
nodes
1116
| main.rs:9:13:9:19 | ...: ... | semmle.label | ...: ... |
1217
| main.rs:9:30:14:1 | { ... } | semmle.label | { ... } |
18+
| main.rs:10:11:10:11 | s | semmle.label | s |
1319
| main.rs:17:10:17:18 | source(...) | semmle.label | source(...) |
20+
| main.rs:21:9:21:9 | s | semmle.label | s |
1421
| main.rs:21:13:21:21 | source(...) | semmle.label | source(...) |
1522
| main.rs:22:10:22:10 | s | semmle.label | s |
23+
| main.rs:26:9:26:9 | s | semmle.label | s |
1624
| main.rs:26:13:26:21 | source(...) | semmle.label | source(...) |
25+
| main.rs:27:9:27:9 | s | semmle.label | s |
1726
| main.rs:27:13:27:23 | sanitize(...) | semmle.label | sanitize(...) |
1827
| main.rs:27:22:27:22 | s | semmle.label | s |
1928
| main.rs:28:10:28:10 | s | semmle.label | s |
29+
| main.rs:32:9:32:9 | s | semmle.label | s |
2030
| main.rs:32:13:32:21 | source(...) | semmle.label | source(...) |
2131
| main.rs:33:10:33:10 | s | semmle.label | s |
2232
subpaths

rust/ql/test/library-tests/dataflow/closures/inline-flow.expected

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,14 @@ edges
33
| main.rs:11:20:11:52 | if cond {...} else {...} | main.rs:12:10:12:16 | f(...) | provenance | |
44
| main.rs:11:30:11:39 | source(...) | main.rs:11:20:11:52 | if cond {...} else {...} | provenance | |
55
| main.rs:16:20:16:23 | ... | main.rs:18:18:18:21 | data | provenance | |
6-
| main.rs:22:13:22:22 | source(...) | main.rs:23:13:23:13 | a | provenance | |
6+
| main.rs:22:9:22:9 | a | main.rs:23:13:23:13 | a | provenance | |
7+
| main.rs:22:13:22:22 | source(...) | main.rs:22:9:22:9 | a | provenance | |
78
| main.rs:23:13:23:13 | a | main.rs:16:20:16:23 | ... | provenance | |
89
| main.rs:27:20:27:23 | ... | main.rs:28:9:32:9 | if cond {...} else {...} | provenance | |
9-
| main.rs:33:13:33:22 | source(...) | main.rs:34:21:34:21 | a | provenance | |
10-
| main.rs:34:13:34:22 | f(...) | main.rs:35:10:35:10 | b | provenance | |
10+
| main.rs:33:9:33:9 | a | main.rs:34:21:34:21 | a | provenance | |
11+
| main.rs:33:13:33:22 | source(...) | main.rs:33:9:33:9 | a | provenance | |
12+
| main.rs:34:9:34:9 | b | main.rs:35:10:35:10 | b | provenance | |
13+
| main.rs:34:13:34:22 | f(...) | main.rs:34:9:34:9 | b | provenance | |
1114
| main.rs:34:21:34:21 | a | main.rs:27:20:27:23 | ... | provenance | |
1215
| main.rs:34:21:34:21 | a | main.rs:34:13:34:22 | f(...) | provenance | |
1316
| main.rs:42:16:42:25 | source(...) | main.rs:44:5:44:5 | [post] f [captured capt] | provenance | |
@@ -20,11 +23,14 @@ nodes
2023
| main.rs:12:10:12:16 | f(...) | semmle.label | f(...) |
2124
| main.rs:16:20:16:23 | ... | semmle.label | ... |
2225
| main.rs:18:18:18:21 | data | semmle.label | data |
26+
| main.rs:22:9:22:9 | a | semmle.label | a |
2327
| main.rs:22:13:22:22 | source(...) | semmle.label | source(...) |
2428
| main.rs:23:13:23:13 | a | semmle.label | a |
2529
| main.rs:27:20:27:23 | ... | semmle.label | ... |
2630
| main.rs:28:9:32:9 | if cond {...} else {...} | semmle.label | if cond {...} else {...} |
31+
| main.rs:33:9:33:9 | a | semmle.label | a |
2732
| main.rs:33:13:33:22 | source(...) | semmle.label | source(...) |
33+
| main.rs:34:9:34:9 | b | semmle.label | b |
2834
| main.rs:34:13:34:22 | f(...) | semmle.label | f(...) |
2935
| main.rs:34:21:34:21 | a | semmle.label | a |
3036
| main.rs:35:10:35:10 | b | semmle.label | b |

rust/ql/test/library-tests/dataflow/global/inline-flow.expected

Lines changed: 27 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,45 +2,59 @@ models
22
edges
33
| main.rs:12:28:14:1 | { ... } | main.rs:17:13:17:23 | get_data(...) | provenance | |
44
| main.rs:13:5:13:13 | source(...) | main.rs:12:28:14:1 | { ... } | provenance | |
5-
| main.rs:17:13:17:23 | get_data(...) | main.rs:18:10:18:10 | a | provenance | |
5+
| main.rs:17:9:17:9 | a | main.rs:18:10:18:10 | a | provenance | |
6+
| main.rs:17:13:17:23 | get_data(...) | main.rs:17:9:17:9 | a | provenance | |
67
| main.rs:21:12:21:17 | ...: i64 | main.rs:22:10:22:10 | n | provenance | |
7-
| main.rs:26:13:26:21 | source(...) | main.rs:27:13:27:13 | a | provenance | |
8+
| main.rs:26:9:26:9 | a | main.rs:27:13:27:13 | a | provenance | |
9+
| main.rs:26:13:26:21 | source(...) | main.rs:26:9:26:9 | a | provenance | |
810
| main.rs:27:13:27:13 | a | main.rs:21:12:21:17 | ...: i64 | provenance | |
911
| main.rs:30:17:30:22 | ...: i64 | main.rs:30:32:32:1 | { ... } | provenance | |
10-
| main.rs:35:13:35:21 | source(...) | main.rs:36:26:36:26 | a | provenance | |
11-
| main.rs:36:13:36:27 | pass_through(...) | main.rs:37:10:37:10 | b | provenance | |
12+
| main.rs:35:9:35:9 | a | main.rs:36:26:36:26 | a | provenance | |
13+
| main.rs:35:13:35:21 | source(...) | main.rs:35:9:35:9 | a | provenance | |
14+
| main.rs:36:9:36:9 | b | main.rs:37:10:37:10 | b | provenance | |
15+
| main.rs:36:13:36:27 | pass_through(...) | main.rs:36:9:36:9 | b | provenance | |
1216
| main.rs:36:26:36:26 | a | main.rs:30:17:30:22 | ...: i64 | provenance | |
1317
| main.rs:36:26:36:26 | a | main.rs:36:13:36:27 | pass_through(...) | provenance | |
14-
| main.rs:41:13:44:6 | pass_through(...) | main.rs:45:10:45:10 | a | provenance | |
18+
| main.rs:41:9:41:9 | a | main.rs:45:10:45:10 | a | provenance | |
19+
| main.rs:41:13:44:6 | pass_through(...) | main.rs:41:9:41:9 | a | provenance | |
1520
| main.rs:41:26:44:5 | { ... } | main.rs:30:17:30:22 | ...: i64 | provenance | |
1621
| main.rs:41:26:44:5 | { ... } | main.rs:41:13:44:6 | pass_through(...) | provenance | |
1722
| main.rs:43:9:43:18 | source(...) | main.rs:41:26:44:5 | { ... } | provenance | |
1823
| main.rs:56:23:56:28 | ...: i64 | main.rs:57:14:57:14 | n | provenance | |
1924
| main.rs:59:31:65:5 | { ... } | main.rs:77:13:77:25 | mn.get_data(...) | provenance | |
2025
| main.rs:63:13:63:21 | source(...) | main.rs:59:31:65:5 | { ... } | provenance | |
2126
| main.rs:66:28:66:33 | ...: i64 | main.rs:66:43:72:5 | { ... } | provenance | |
22-
| main.rs:77:13:77:25 | mn.get_data(...) | main.rs:78:10:78:10 | a | provenance | |
23-
| main.rs:83:13:83:21 | source(...) | main.rs:84:16:84:16 | a | provenance | |
27+
| main.rs:77:9:77:9 | a | main.rs:78:10:78:10 | a | provenance | |
28+
| main.rs:77:13:77:25 | mn.get_data(...) | main.rs:77:9:77:9 | a | provenance | |
29+
| main.rs:83:9:83:9 | a | main.rs:84:16:84:16 | a | provenance | |
30+
| main.rs:83:13:83:21 | source(...) | main.rs:83:9:83:9 | a | provenance | |
2431
| main.rs:84:16:84:16 | a | main.rs:56:23:56:28 | ...: i64 | provenance | |
25-
| main.rs:89:13:89:21 | source(...) | main.rs:90:29:90:29 | a | provenance | |
26-
| main.rs:90:13:90:30 | mn.data_through(...) | main.rs:91:10:91:10 | b | provenance | |
32+
| main.rs:89:9:89:9 | a | main.rs:90:29:90:29 | a | provenance | |
33+
| main.rs:89:13:89:21 | source(...) | main.rs:89:9:89:9 | a | provenance | |
34+
| main.rs:90:9:90:9 | b | main.rs:91:10:91:10 | b | provenance | |
35+
| main.rs:90:13:90:30 | mn.data_through(...) | main.rs:90:9:90:9 | b | provenance | |
2736
| main.rs:90:29:90:29 | a | main.rs:66:28:66:33 | ...: i64 | provenance | |
2837
| main.rs:90:29:90:29 | a | main.rs:90:13:90:30 | mn.data_through(...) | provenance | |
2938
nodes
3039
| main.rs:12:28:14:1 | { ... } | semmle.label | { ... } |
3140
| main.rs:13:5:13:13 | source(...) | semmle.label | source(...) |
41+
| main.rs:17:9:17:9 | a | semmle.label | a |
3242
| main.rs:17:13:17:23 | get_data(...) | semmle.label | get_data(...) |
3343
| main.rs:18:10:18:10 | a | semmle.label | a |
3444
| main.rs:21:12:21:17 | ...: i64 | semmle.label | ...: i64 |
3545
| main.rs:22:10:22:10 | n | semmle.label | n |
46+
| main.rs:26:9:26:9 | a | semmle.label | a |
3647
| main.rs:26:13:26:21 | source(...) | semmle.label | source(...) |
3748
| main.rs:27:13:27:13 | a | semmle.label | a |
3849
| main.rs:30:17:30:22 | ...: i64 | semmle.label | ...: i64 |
3950
| main.rs:30:32:32:1 | { ... } | semmle.label | { ... } |
51+
| main.rs:35:9:35:9 | a | semmle.label | a |
4052
| main.rs:35:13:35:21 | source(...) | semmle.label | source(...) |
53+
| main.rs:36:9:36:9 | b | semmle.label | b |
4154
| main.rs:36:13:36:27 | pass_through(...) | semmle.label | pass_through(...) |
4255
| main.rs:36:26:36:26 | a | semmle.label | a |
4356
| main.rs:37:10:37:10 | b | semmle.label | b |
57+
| main.rs:41:9:41:9 | a | semmle.label | a |
4458
| main.rs:41:13:44:6 | pass_through(...) | semmle.label | pass_through(...) |
4559
| main.rs:41:26:44:5 | { ... } | semmle.label | { ... } |
4660
| main.rs:43:9:43:18 | source(...) | semmle.label | source(...) |
@@ -51,11 +65,15 @@ nodes
5165
| main.rs:63:13:63:21 | source(...) | semmle.label | source(...) |
5266
| main.rs:66:28:66:33 | ...: i64 | semmle.label | ...: i64 |
5367
| main.rs:66:43:72:5 | { ... } | semmle.label | { ... } |
68+
| main.rs:77:9:77:9 | a | semmle.label | a |
5469
| main.rs:77:13:77:25 | mn.get_data(...) | semmle.label | mn.get_data(...) |
5570
| main.rs:78:10:78:10 | a | semmle.label | a |
71+
| main.rs:83:9:83:9 | a | semmle.label | a |
5672
| main.rs:83:13:83:21 | source(...) | semmle.label | source(...) |
5773
| main.rs:84:16:84:16 | a | semmle.label | a |
74+
| main.rs:89:9:89:9 | a | semmle.label | a |
5875
| main.rs:89:13:89:21 | source(...) | semmle.label | source(...) |
76+
| main.rs:90:9:90:9 | b | semmle.label | b |
5977
| main.rs:90:13:90:30 | mn.data_through(...) | semmle.label | mn.data_through(...) |
6078
| main.rs:90:29:90:29 | a | semmle.label | a |
6179
| main.rs:91:10:91:10 | b | semmle.label | b |

0 commit comments

Comments
 (0)