Rust: Address review comments

paldepind · paldepind · commit c1e21974c692 · 2024-12-17T17:24:42.000+01:00
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -712,7 +712,7 @@ private class CapturedVariableContent extends Content, TCapturedVariableContent
   override string toString() { result = "captured " + v }
 }
 
-/** A value refered to by a reference. */
+/** A value referred to by a reference. */
 final class ReferenceContent extends Content, TReferenceContent {
   override string toString() { result = "&ref" }
 }
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
@@ -88,22 +88,16 @@ module SsaInput implements SsaImplCommon::InputSig<Location> {
     |
       va instanceof VariableReadAccess
       or
+      // For immutable variables, we model a read when they are borrowed
+      // (although the actual read happens later, if at all).
+      va = any(RefExpr re).getExpr()
+      or
       // Although compound assignments, like `x += y`, may in fact not read `x`,
       // it makes sense to treat them as such
       va = any(CompoundAssignmentExpr cae).getLhs()
     ) and
     certain = true
     or
-    // For immutable variables, we model a read when they are borrowed (although the
-    // actual read happens later, if at all). This only affects the SSA liveness
-    // analysis.
-    exists(VariableAccess va |
-      va = any(RefExpr re).getExpr() and
-      va = bb.getNode(i).getAstNode() and
-      v = va.getVariable() and
-      certain = false
-    )
-    or
     capturedCallRead(_, bb, i, v) and certain = false
     or
     capturedExitRead(bb, i, v) and certain = false
@@ -146,7 +140,9 @@ private predicate adjacentDefReadExt(
 
 /** Holds if `v` is read at index `i` in basic block `bb`. */
 private predicate variableReadActual(BasicBlock bb, int i, Variable v) {
-  exists(VariableReadAccess read |
+  exists(VariableAccess read |
+    read instanceof VariableReadAccess or read = any(RefExpr re).getExpr()
+  |
     read.getVariable() = v and
     read = bb.getNode(i).getAstNode()
   )
diff --git a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
@@ -484,6 +484,7 @@ module Impl {
   class VariableReadAccess extends VariableAccess {
     VariableReadAccess() {
       not this instanceof VariableWriteAccess and
+      not this = any(RefExpr re).getExpr() and
       not this = any(CompoundAssignmentExpr cae).getLhs()
     }
   }
diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
@@ -3,4 +3,4 @@ extensions:
       pack: codeql/rust-all
       extensible: summaryModel
     data:
-      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text", "Argument[self]", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "taint", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
@@ -8,7 +8,6 @@ extensions:
       - ["lang:core", "<crate::option::Option>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self]", "ReturnValue", "taint", "manual"]
       # Result
       - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -458,6 +458,7 @@ localStep
 | main.rs:398:7:398:14 | [SSA] [input] SSA phi read(default_name) | main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) |
 | main.rs:425:13:425:33 | result_questionmark(...) | main.rs:425:9:425:9 | _ |
 storeStep
+| file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text |
 | main.rs:94:14:94:22 | source(...) | tuple.0 | main.rs:94:13:94:26 | TupleExpr |
 | main.rs:94:25:94:25 | 2 | tuple.1 | main.rs:94:13:94:26 | TupleExpr |
 | main.rs:100:14:100:14 | 2 | tuple.0 | main.rs:100:13:100:30 | TupleExpr |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
@@ -1,6 +1,45 @@
-ERROR: could not resolve module DefaultFlowTest (inline-flow.ql:7,8-23)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:8,8-17)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:10,6-15)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:10,34-43)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:11,7-16)
-ERROR: could not resolve module utils.InlineFlowTest (inline-flow.ql:6,8-28)
+models
+edges
+| main.rs:13:9:13:9 | a | main.rs:14:14:14:14 | a | provenance |  |
+| main.rs:13:13:13:22 | source(...) | main.rs:13:9:13:9 | a | provenance |  |
+| main.rs:14:9:14:9 | b [&ref] | main.rs:15:14:15:14 | b [&ref] | provenance |  |
+| main.rs:14:13:14:14 | &a [&ref] | main.rs:14:9:14:9 | b [&ref] | provenance |  |
+| main.rs:14:14:14:14 | a | main.rs:14:13:14:14 | &a [&ref] | provenance |  |
+| main.rs:15:9:15:9 | c | main.rs:16:10:16:10 | c | provenance |  |
+| main.rs:15:13:15:14 | * ... | main.rs:15:9:15:9 | c | provenance |  |
+| main.rs:15:14:15:14 | b [&ref] | main.rs:15:13:15:14 | * ... | provenance |  |
+| main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:41:15:41:18 | self [MyNumber] | provenance |  |
+| main.rs:41:15:41:18 | self [MyNumber] | main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | provenance |  |
+| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | main.rs:42:32:42:37 | number | provenance |  |
+| main.rs:42:32:42:37 | number | main.rs:40:31:46:5 | { ... } | provenance |  |
+| main.rs:58:9:58:17 | my_number [MyNumber] | main.rs:59:10:59:18 | my_number [MyNumber] | provenance |  |
+| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | main.rs:58:9:58:17 | my_number [MyNumber] | provenance |  |
+| main.rs:58:40:58:49 | source(...) | main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | provenance |  |
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | provenance |  |
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:59:10:59:30 | my_number.to_number(...) | provenance |  |
+nodes
+| main.rs:13:9:13:9 | a | semmle.label | a |
+| main.rs:13:13:13:22 | source(...) | semmle.label | source(...) |
+| main.rs:14:9:14:9 | b [&ref] | semmle.label | b [&ref] |
+| main.rs:14:13:14:14 | &a [&ref] | semmle.label | &a [&ref] |
+| main.rs:14:14:14:14 | a | semmle.label | a |
+| main.rs:15:9:15:9 | c | semmle.label | c |
+| main.rs:15:13:15:14 | * ... | semmle.label | * ... |
+| main.rs:15:14:15:14 | b [&ref] | semmle.label | b [&ref] |
+| main.rs:16:10:16:10 | c | semmle.label | c |
+| main.rs:40:18:40:21 | SelfParam [MyNumber] | semmle.label | SelfParam [MyNumber] |
+| main.rs:40:31:46:5 | { ... } | semmle.label | { ... } |
+| main.rs:41:15:41:18 | self [MyNumber] | semmle.label | self [MyNumber] |
+| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
+| main.rs:42:32:42:37 | number | semmle.label | number |
+| main.rs:58:9:58:17 | my_number [MyNumber] | semmle.label | my_number [MyNumber] |
+| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
+| main.rs:58:40:58:49 | source(...) | semmle.label | source(...) |
+| main.rs:59:10:59:18 | my_number [MyNumber] | semmle.label | my_number [MyNumber] |
+| main.rs:59:10:59:30 | my_number.to_number(...) | semmle.label | my_number.to_number(...) |
+subpaths
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:40:31:46:5 | { ... } | main.rs:59:10:59:30 | my_number.to_number(...) |
+testFailures
+#select
+| main.rs:16:10:16:10 | c | main.rs:13:13:13:22 | source(...) | main.rs:16:10:16:10 | c | $@ | main.rs:13:13:13:22 | source(...) | source(...) |
+| main.rs:59:10:59:30 | my_number.to_number(...) | main.rs:58:40:58:49 | source(...) | main.rs:59:10:59:30 | my_number.to_number(...) | $@ | main.rs:58:40:58:49 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
@@ -3,7 +3,7 @@
  */
 
 import rust
-import utils.InlineFlowTest
+import utils.test.InlineFlowTest
 import DefaultFlowTest
 import ValueFlow::PathGraph
 
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -1,6 +1,44 @@
-ERROR: could not resolve module DefaultFlowTest (inline-taint-flow.ql:7,8-23)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:8,8-17)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:10,6-15)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:10,34-43)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:11,7-16)
-ERROR: could not resolve module utils.InlineFlowTest (inline-taint-flow.ql:6,8-28)
+models
+| 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
+edges
+| main.rs:20:9:20:9 | s | main.rs:21:9:21:14 | sliced | provenance |  |
+| main.rs:20:9:20:9 | s | main.rs:21:19:21:25 | s[...] | provenance |  |
+| main.rs:20:13:20:22 | source(...) | main.rs:20:9:20:9 | s | provenance |  |
+| main.rs:21:9:21:14 | sliced | main.rs:22:16:22:21 | sliced | provenance |  |
+| main.rs:21:9:21:14 | sliced [&ref] | main.rs:22:16:22:21 | sliced | provenance |  |
+| main.rs:21:18:21:25 | &... [&ref] | main.rs:21:9:21:14 | sliced [&ref] | provenance |  |
+| main.rs:21:19:21:25 | s[...] | main.rs:21:18:21:25 | &... [&ref] | provenance |  |
+| main.rs:26:9:26:10 | s1 | main.rs:29:9:29:10 | s4 | provenance |  |
+| main.rs:26:14:26:23 | source(...) | main.rs:26:9:26:10 | s1 | provenance |  |
+| main.rs:29:9:29:10 | s4 | main.rs:32:10:32:11 | s4 | provenance |  |
+| main.rs:37:9:37:10 | s1 | main.rs:40:10:40:35 | ... + ... | provenance |  |
+| main.rs:37:14:37:23 | source(...) | main.rs:37:9:37:10 | s1 | provenance |  |
+| main.rs:57:9:57:9 | s | main.rs:58:16:58:16 | s | provenance |  |
+| main.rs:57:13:57:22 | source(...) | main.rs:57:9:57:9 | s | provenance |  |
+| main.rs:58:16:58:16 | s | main.rs:58:16:58:25 | s.as_str(...) | provenance | MaD:1 |
+nodes
+| main.rs:20:9:20:9 | s | semmle.label | s |
+| main.rs:20:13:20:22 | source(...) | semmle.label | source(...) |
+| main.rs:21:9:21:14 | sliced | semmle.label | sliced |
+| main.rs:21:9:21:14 | sliced [&ref] | semmle.label | sliced [&ref] |
+| main.rs:21:18:21:25 | &... [&ref] | semmle.label | &... [&ref] |
+| main.rs:21:19:21:25 | s[...] | semmle.label | s[...] |
+| main.rs:22:16:22:21 | sliced | semmle.label | sliced |
+| main.rs:26:9:26:10 | s1 | semmle.label | s1 |
+| main.rs:26:14:26:23 | source(...) | semmle.label | source(...) |
+| main.rs:29:9:29:10 | s4 | semmle.label | s4 |
+| main.rs:32:10:32:11 | s4 | semmle.label | s4 |
+| main.rs:37:9:37:10 | s1 | semmle.label | s1 |
+| main.rs:37:14:37:23 | source(...) | semmle.label | source(...) |
+| main.rs:40:10:40:35 | ... + ... | semmle.label | ... + ... |
+| main.rs:57:9:57:9 | s | semmle.label | s |
+| main.rs:57:13:57:22 | source(...) | semmle.label | source(...) |
+| main.rs:58:16:58:16 | s | semmle.label | s |
+| main.rs:58:16:58:25 | s.as_str(...) | semmle.label | s.as_str(...) |
+subpaths
+testFailures
+#select
+| main.rs:22:16:22:21 | sliced | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | $@ | main.rs:20:13:20:22 | source(...) | source(...) |
+| main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) |
+| main.rs:40:10:40:35 | ... + ... | main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | $@ | main.rs:37:14:37:23 | source(...) | source(...) |
+| main.rs:58:16:58:25 | s.as_str(...) | main.rs:57:13:57:22 | source(...) | main.rs:58:16:58:25 | s.as_str(...) | $@ | main.rs:57:13:57:22 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
@@ -3,7 +3,7 @@
  */
 
 import rust
-import utils.InlineFlowTest
+import utils.test.InlineFlowTest
 import DefaultFlowTest
 import TaintFlow::PathGraph
 
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
@@ -1,9 +1,8 @@
-| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:11 |
+| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:10 |
 | file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap | MaD:2 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap_or | MaD:5 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap | MaD:7 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or | MaD:10 |
-| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap | MaD:6 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or | MaD:9 |
+| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
 | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:13:10:13:10 | a | main.rs:13:10:13:14 | ... + ... |  |
diff --git a/rust/ql/test/library-tests/variables/Ssa.expected b/rust/ql/test/library-tests/variables/Ssa.expected
@@ -390,7 +390,6 @@ firstRead
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:511:15:511:15 | a |
 | variables.rs:514:5:514:5 | a | variables.rs:510:13:510:13 | a | variables.rs:515:15:515:15 | a |
 | variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:520:20:520:20 | x |
-| variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:521:15:521:15 | x |
 | variables.rs:523:9:523:9 | z | variables.rs:523:9:523:9 | z | variables.rs:524:20:524:20 | z |
 | variables.rs:532:10:532:18 | SelfParam | variables.rs:532:15:532:18 | self | variables.rs:533:6:533:9 | self |
 lastRead
@@ -400,6 +399,8 @@ lastRead
 | variables.rs:16:9:16:10 | x1 | variables.rs:16:9:16:10 | x1 | variables.rs:17:15:17:16 | x1 |
 | variables.rs:21:9:21:14 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:22:15:22:16 | x2 |
 | variables.rs:23:5:23:6 | x2 | variables.rs:21:13:21:14 | x2 | variables.rs:24:15:24:16 | x2 |
+| variables.rs:28:9:28:13 | x | variables.rs:28:13:28:13 | x | variables.rs:29:20:29:20 | x |
+| variables.rs:30:5:30:5 | x | variables.rs:28:13:28:13 | x | variables.rs:31:20:31:20 | x |
 | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:38:9:38:10 | x3 |
 | variables.rs:37:9:37:10 | x3 | variables.rs:37:9:37:10 | x3 | variables.rs:39:15:39:16 | x3 |
 | variables.rs:43:9:43:10 | x4 | variables.rs:43:9:43:10 | x4 | variables.rs:49:15:49:16 | x4 |
@@ -500,6 +501,7 @@ lastRead
 | variables.rs:510:9:510:13 | a | variables.rs:510:13:510:13 | a | variables.rs:513:15:513:15 | a |
 | variables.rs:514:5:514:5 | a | variables.rs:510:13:510:13 | a | variables.rs:515:15:515:15 | a |
 | variables.rs:519:9:519:9 | x | variables.rs:519:9:519:9 | x | variables.rs:521:15:521:15 | x |
+| variables.rs:523:9:523:9 | z | variables.rs:523:9:523:9 | z | variables.rs:524:20:524:20 | z |
 | variables.rs:532:10:532:18 | SelfParam | variables.rs:532:15:532:18 | self | variables.rs:533:6:533:9 | self |
 adjacentReads
 | variables.rs:35:9:35:10 | x3 | variables.rs:35:9:35:10 | x3 | variables.rs:36:15:36:16 | x3 | variables.rs:38:9:38:10 | x3 |
diff --git a/rust/ql/test/library-tests/variables/variables.expected b/rust/ql/test/library-tests/variables/variables.expected
@@ -293,8 +293,6 @@ variableReadAccess
 | variables.rs:17:15:17:16 | x1 | variables.rs:16:9:16:10 | x1 |
 | variables.rs:22:15:22:16 | x2 | variables.rs:21:13:21:14 | x2 |
 | variables.rs:24:15:24:16 | x2 | variables.rs:21:13:21:14 | x2 |
-| variables.rs:29:20:29:20 | x | variables.rs:28:13:28:13 | x |
-| variables.rs:31:20:31:20 | x | variables.rs:28:13:28:13 | x |
 | variables.rs:36:15:36:16 | x3 | variables.rs:35:9:35:10 | x3 |
 | variables.rs:38:9:38:10 | x3 | variables.rs:35:9:35:10 | x3 |
 | variables.rs:39:15:39:16 | x3 | variables.rs:37:9:37:10 | x3 |
@@ -371,9 +369,7 @@ variableReadAccess
 | variables.rs:335:12:335:12 | v | variables.rs:332:9:332:9 | v |
 | variables.rs:336:19:336:22 | text | variables.rs:334:9:334:12 | text |
 | variables.rs:343:15:343:15 | a | variables.rs:341:13:341:13 | a |
-| variables.rs:344:11:344:11 | a | variables.rs:341:13:341:13 | a |
 | variables.rs:345:15:345:15 | a | variables.rs:341:13:341:13 | a |
-| variables.rs:351:14:351:14 | i | variables.rs:349:13:349:13 | i |
 | variables.rs:352:6:352:10 | ref_i | variables.rs:350:9:350:13 | ref_i |
 | variables.rs:353:15:353:15 | i | variables.rs:349:13:349:13 | i |
 | variables.rs:357:6:357:6 | x | variables.rs:356:17:356:17 | x |
@@ -385,15 +381,11 @@ variableReadAccess
 | variables.rs:366:10:366:10 | x | variables.rs:363:22:363:22 | x |
 | variables.rs:367:6:367:6 | y | variables.rs:363:39:363:39 | y |
 | variables.rs:368:9:368:9 | x | variables.rs:363:22:363:22 | x |
-| variables.rs:374:27:374:27 | x | variables.rs:372:13:372:13 | x |
 | variables.rs:375:6:375:6 | y | variables.rs:373:9:373:9 | y |
 | variables.rs:377:15:377:15 | x | variables.rs:372:13:372:13 | x |
-| variables.rs:381:19:381:19 | x | variables.rs:372:13:372:13 | x |
-| variables.rs:383:14:383:14 | z | variables.rs:379:13:379:13 | z |
 | variables.rs:384:9:384:9 | w | variables.rs:380:9:380:9 | w |
 | variables.rs:386:7:386:7 | w | variables.rs:380:9:380:9 | w |
 | variables.rs:388:15:388:15 | z | variables.rs:379:13:379:13 | z |
-| variables.rs:394:14:394:14 | x | variables.rs:392:13:392:13 | x |
 | variables.rs:395:6:395:6 | y | variables.rs:393:9:393:9 | y |
 | variables.rs:396:15:396:15 | x | variables.rs:392:13:392:13 | x |
 | variables.rs:403:19:403:19 | x | variables.rs:400:9:400:9 | x |
@@ -437,9 +429,7 @@ variableReadAccess
 | variables.rs:512:5:512:5 | a | variables.rs:510:13:510:13 | a |
 | variables.rs:513:15:513:15 | a | variables.rs:510:13:510:13 | a |
 | variables.rs:515:15:515:15 | a | variables.rs:510:13:510:13 | a |
-| variables.rs:520:20:520:20 | x | variables.rs:519:9:519:9 | x |
 | variables.rs:521:15:521:15 | x | variables.rs:519:9:519:9 | x |
-| variables.rs:524:20:524:20 | z | variables.rs:523:9:523:9 | z |
 | variables.rs:533:6:533:9 | self | variables.rs:532:15:532:18 | self |
 | variables.rs:539:3:539:3 | a | variables.rs:538:11:538:11 | a |
 | variables.rs:541:13:541:13 | a | variables.rs:538:11:538:11 | a |
diff --git a/rust/ql/test/library-tests/variables/variables.rs b/rust/ql/test/library-tests/variables/variables.rs
diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected

Original file line number	Diff line number	Diff line change
`@@ -712,7 +712,7 @@ private class CapturedVariableContent extends Content, TCapturedVariableContent`
`712`	`712`	`override string toString() { result = "captured " + v }`
`713`	`713`	`}`
`714`	`714`
`715`		`-/** A value refered to by a reference. */`
	`715`	`+/** A value referred to by a reference. */`
`716`	`716`	`final class ReferenceContent extends Content, TReferenceContent {`
`717`	`717`	`override string toString() { result = "&ref" }`
`718`	`718`	`}`
Original file line number	Diff line number	Diff line change
`@@ -484,6 +484,7 @@ module Impl {`
`484`	`484`	`class VariableReadAccess extends VariableAccess {`
`485`	`485`	`VariableReadAccess() {`
`486`	`486`	`not this instanceof VariableWriteAccess and`
	`487`	`+ not this = any(RefExpr re).getExpr() and`
`487`	`488`	`not this = any(CompoundAssignmentExpr cae).getLhs()`
`488`	`489`	`}`
`489`	`490`	`}`