Skip to content

Rust: Generalize some models #20652

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
geoffw0 merged 10 commits into from
Oct 20, 2025
Merged

Rust: Generalize some models #20652

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
ea6c7cf
Rust: Generalize stdlib 'a as b' models.
geoffw0 Oct 15, 2025
483ab59
Rust: Combine and expand some of the models.
geoffw0 Oct 15, 2025
612e95b
Rust: More deduplication.
geoffw0 Oct 15, 2025
5105976
Rust: Change note.
geoffw0 Oct 15, 2025
217508e
Merge branch 'main' into gen1
geoffw0 Oct 16, 2025
c30e9a9
Rust: Accept changes to other test expectations.
geoffw0 Oct 16, 2025
c56de30
Rust: Fix merge conflict in .expected file.
geoffw0 Oct 16, 2025
ee86655
Rust: Update another affected test.
geoffw0 Oct 16, 2025
b933f8d
Merge branch 'main' into gen1
geoffw0 Oct 16, 2025
d4a599c
Rust: Accept more minor test expectation changes.
geoffw0 Oct 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions rust/ql/lib/change-notes/2025-10-15-models.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Generalized some existing models to improve data flow.
15 changes: 1 addition & 14 deletions rust/ql/lib/codeql/rust/frameworks/stdlib/io.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,11 @@ extensions:
extensible: summaryModel
data:
- ["<std::io::buffered::bufreader::BufReader>::new", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["<std::io::buffered::bufreader::BufReader as std::io::BufRead>::fill_buf", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<_ as std::io::BufRead>::fill_buf", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<std::io::buffered::bufreader::BufReader>::buffer", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<std::io::stdio::Stdin as std::io::Read>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::io::stdio::StdinLock as std::io::Read>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::fs::File as std::io::Read>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<_ as std::io::Read>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::io::stdio::Stdin as std::io::Read>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::io::stdio::StdinLock as std::io::Read>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::fs::File as std::io::Read>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<_ as std::io::Read>::read_to_string", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::io::stdio::Stdin as std::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::io::stdio::StdinLock as std::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::fs::File as std::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<_ as std::io::Read>::read_to_end", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::io::stdio::Stdin as std::io::Read>::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::io::stdio::StdinLock as std::io::Read>::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<std::fs::File as std::io::Read>::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<_ as std::io::Read>::read_exact", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<_ as std::io::BufRead>::read_line", "Argument[self]", "Argument[0].Reference", "taint", "manual"]
- ["<_ as std::io::BufRead>::read_until", "Argument[self]", "Argument[1].Reference", "taint", "manual"]
Expand All @@ -36,4 +24,3 @@ extensions:
- ["<_ as std::io::Read>::chain", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["<_ as std::io::Read>::take", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<std::io::stdio::Stdin>::lock", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<std::io::Split as core::iter::traits::iterator::Iterator>::next", "Argument[self]", "ReturnValue.Field[core::option::Option::Some(0)].Field[core::result::Result::Ok(0)]", "taint", "manual"]
24 changes: 8 additions & 16 deletions rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,11 @@ extensions:
- ["alloc::alloc::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"]
- ["alloc::alloc::realloc", "Argument[2]", "alloc-size", "manual"]
- ["<_ as core::alloc::global::GlobalAlloc>::alloc", "Argument[0]", "alloc-layout", "manual"]
- ["<std::alloc::System as core::alloc::global::GlobalAlloc>::alloc", "Argument[0]", "alloc-layout", "manual"]
- ["<_ as core::alloc::global::GlobalAlloc>::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"]
- ["<std::alloc::System as core::alloc::global::GlobalAlloc>::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"]
- ["<std::alloc::System as core::alloc::Allocator>::allocate", "Argument[0]", "alloc-layout", "manual"]
- ["<std::alloc::System as core::alloc::Allocator>::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"]
- ["<std::alloc::System as core::alloc::Allocator>::grow", "Argument[2]", "alloc-layout", "manual"]
- ["<std::alloc::System as core::alloc::Allocator>::grow_zeroed", "Argument[2]", "alloc-layout", "manual"]
- ["<alloc::alloc::Global as core::alloc::global::GlobalAlloc>::alloc", "Argument[0]", "alloc-layout", "manual"]
- ["<alloc::alloc::Global as core::alloc::global::GlobalAlloc>::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"]
- ["<alloc::alloc::Global as core::alloc::Allocator>::allocate", "Argument[0]", "alloc-layout", "manual"]
- ["<alloc::alloc::Global as core::alloc::Allocator>::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"]
- ["<alloc::alloc::Global as core::alloc::Allocator>::grow", "Argument[2]", "alloc-layout", "manual"]
- ["<alloc::alloc::Global as core::alloc::Allocator>::grow_zeroed", "Argument[2]", "alloc-layout", "manual"]
- ["<_ as core::alloc::Allocator>::allocate", "Argument[0]", "alloc-layout", "manual"]
- ["<_ as core::alloc::Allocator>::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"]
- ["<_ as core::alloc::Allocator>::grow", "Argument[2]", "alloc-layout", "manual"]
- ["<_ as core::alloc::Allocator>::grow_zeroed", "Argument[2]", "alloc-layout", "manual"]
- addsTo:
pack: codeql/rust-all
extensible: summaryModel
Expand All @@ -42,11 +34,11 @@ extensions:
- ["<core::str>::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"]
- ["<alloc::string::String>::as_str", "Argument[self]", "ReturnValue", "value", "manual"]
- ["<alloc::string::String>::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"]
- ["<alloc::str as alloc::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<alloc::string::String as alloc::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<_ as alloc::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<core::str>::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<core::str>::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"]
- ["<alloc::string::String as core::ops::arith::Add>::add", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<alloc::string::String as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"]
- ["<_ as core::ops::arith::Add>::add", "Argument[self]", "ReturnValue", "taint", "manual"]
- ["<_ as core::ops::arith::Add>::add", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["<_ as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"]
# Vec
- ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"]
11 changes: 3 additions & 8 deletions rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,25 +9,20 @@ extensions:
- ["<core::alloc::layout::Layout>::align_to", "Argument[self].Element", "ReturnValue.Field[0,1,2].Reference.Element", "taint", "manual"]
- ["<_ as core::convert::Into>::into", "Argument[self].Element", "ReturnValue.Element", "taint", "manual"]
- ["<_ as core::convert::Into>::into", "Argument[self].Reference.Element", "ReturnValue.Element", "taint", "manual"]
- ["<alloc::string::String as core::convert::Into>::into", "Argument[self].Element", "ReturnValue.Element", "taint", "manual"]
- ["<alloc::string::String as core::convert::Into>::into", "Argument[self].Reference.Element", "ReturnValue.Element", "taint", "manual"]
# From
- ["<_ as core::convert::From>::from", "Argument[0]", "ReturnValue", "taint", "manual"]
# Iterator
- ["<core::result::Result>::iter", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
- ["<alloc::vec::Vec as value_trait::array::Array>::iter", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
- ["<_ as value_trait::array::Array>::iter", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
- ["<core::result::Result>::iter_mut", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
- ["<core::result::Result>::into_iter", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::nth", "Argument[self].Element", "ReturnValue.Field[core::option::Option::Some(0)]", "value", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::next", "Argument[self].Element", "ReturnValue.Field[core::option::Option::Some(0)]", "value", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::next", "Argument[self].Element", "ReturnValue.Field[core::option::Option::Some(0)].Field[core::result::Result::Ok(0)]", "value", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"]
- ["<core::slice::iter::Iter as core::iter::traits::iterator::Iterator>::nth", "Argument[self].Element", "ReturnValue.Field[core::option::Option::Some(0)]", "value", "manual"]
- ["<core::slice::iter::Iter as core::iter::traits::iterator::Iterator>::next", "Argument[self].Element", "ReturnValue.Field[core::option::Option::Some(0)]", "value", "manual"]
- ["<core::slice::iter::Iter as core::iter::traits::iterator::Iterator>::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
- ["<core::slice::iter::Iter as core::iter::traits::iterator::Iterator>::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"]
- ["<_ as core::iter::traits::iterator::Iterator>::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"]
# Layout
- ["<core::alloc::layout::Layout>::from_size_align", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
- ["<core::alloc::layout::Layout>::from_size_align_unchecked", "Argument[0]", "ReturnValue", "taint", "manual"]
Expand Down
6 changes: 3 additions & 3 deletions rust/ql/test/library-tests/dataflow/local/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -508,9 +508,9 @@ fn parse() {
let d: i64 = b.parse().unwrap();

sink(a); // $ hasValueFlow=90
sink_string(b); // $ MISSING: we are not currently able to resolve the `to_string` call above, which comes from `impl<T: fmt::Display + ?Sized> ToString for T`
sink(c); // $ MISSING: hasTaintFlow=90 - we are not currently able to resolve the `parse` call above
sink(d); // $ MISSING: hasTaintFlow=90 - we are not currently able to resolve the `parse` call above
sink_string(b); // $ hasTaintFlow=90
sink(c); // $ hasTaintFlow=90
sink(d); // $ hasTaintFlow=90
Copy link
Contributor

@paldepind paldepind Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! 🎉

}

fn iterators() {
Expand Down
Loading