github · paldepind · Mar 3, 2025 · Feb 28, 2025 · Feb 28, 2025 · Feb 28, 2025
diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected
@@ -14,7 +14,7 @@
 | Macro calls - resolved | 2 |
 | Macro calls - total | 2 |
 | Macro calls - unresolved | 0 |
-| Taint edges - number of edges | 1471 |
+| Taint edges - number of edges | 1670 |
 | Taint reach - nodes tainted | 0 |
 | Taint reach - per million nodes | 0 |
 | Taint sinks - cryptographic operations | 0 |

diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected
@@ -14,7 +14,7 @@
 | Macro calls - resolved | 2 |
 | Macro calls - total | 2 |
 | Macro calls - unresolved | 0 |
-| Taint edges - number of edges | 1471 |
+| Taint edges - number of edges | 1670 |
 | Taint reach - nodes tainted | 0 |
 | Taint reach - per million nodes | 0 |
 | Taint sinks - cryptographic operations | 0 |

diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected
@@ -14,7 +14,7 @@
 | Macro calls - resolved | 2 |
 | Macro calls - total | 2 |
 | Macro calls - unresolved | 0 |
-| Taint edges - number of edges | 1471 |
+| Taint edges - number of edges | 1670 |
 | Taint reach - nodes tainted | 0 |
 | Taint reach - per million nodes | 0 |
 | Taint sinks - cryptographic operations | 0 |

diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
@@ -19,6 +19,13 @@ extensions:
       - ["lang:core", "<crate::slice::iter::Iter as crate::iter::traits::iterator::Iterator>::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"]
       - ["lang:core", "<crate::slice::iter::Iter as crate::iter::traits::iterator::Iterator>::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"]
       - ["lang:core", "<crate::slice::iter::Iter as crate::iter::traits::iterator::Iterator>::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"]
+      # ptr
+      - ["lang:core", "crate::ptr::read", "Argument[0].Reference", "ReturnValue", "value", "manual"]
+      - ["lang:core", "crate::ptr::read_unaligned", "Argument[0].Reference", "ReturnValue", "value", "manual"]
+      - ["lang:core", "crate::ptr::read_volatile", "Argument[0].Reference", "ReturnValue", "value", "manual"]
+      - ["lang:core", "crate::ptr::write", "Argument[1]", "Argument[0].Reference", "value", "manual"]
+      - ["lang:core", "crate::ptr::write_unaligned", "Argument[1]", "Argument[0].Reference", "value", "manual"]
+      - ["lang:core", "crate::ptr::write_volatile", "Argument[1]", "Argument[0].Reference", "value", "manual"]
       # Str
       - ["lang:core", "<str>::parse", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"]
       # String

diff --git a/rust/ql/lib/ext/generated/rust/lang-alloc.model.yml b/rust/ql/lib/ext/generated/rust/lang-alloc.model.yml
@@ -18,14 +18,15 @@ extensions:
       - ["lang:alloc", "<crate::borrow::Cow as crate::ops::arith::AddAssign>::add_assign", "Argument[0]", "Argument[self].Reference", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::borrow::Cow as crate::ops::deref::Deref>::deref", "Argument[self].Reference.Field[crate::borrow::Cow::Borrowed(0)]", "ReturnValue", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::borrow::Cow>::into_owned", "Argument[self].Field[crate::borrow::Cow::Owned(0)]", "ReturnValue", "value", "dfc-generated"]
-      - ["lang:alloc", "<crate::borrow::Cow>::to_mut", "Argument[self].Reference.Field[crate::borrow::Cow::Owned(0)]", "ReturnValue", "value", "dfc-generated"]
+      - ["lang:alloc", "<crate::borrow::Cow>::to_mut", "Argument[self].Reference.Field[crate::borrow::Cow::Owned(0)]", "ReturnValue.Reference", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::borrow::Borrow>::borrow", "Argument[self].Reference.Reference", "ReturnValue.Reference", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::borrow::BorrowMut>::borrow_mut", "Argument[self].Reference.Reference", "ReturnValue.Reference", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::clone::Clone>::clone_from", "Argument[0]", "Argument[self].Reference", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::clone::Clone>::clone_from", "Argument[0]", "Argument[self]", "taint", "df-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::convert::AsMut>::as_mut", "Argument[self].Reference.Reference", "ReturnValue.Reference", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::convert::AsRef>::as_ref", "Argument[self].Reference.Reference", "ReturnValue.Reference", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::convert::TryFrom>::try_from", "Argument[0]", "ReturnValue.Field[crate::result::Result::Err(0)]", "value", "dfc-generated"]
+      - ["lang:alloc", "<crate::boxed::Box as crate::iter::traits::iterator::Iterator>::next", "Argument[self]", "ReturnValue", "taint", "df-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::iter::traits::iterator::Iterator>::nth", "Argument[self]", "ReturnValue", "taint", "df-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::ops::deref::Deref>::deref", "Argument[self].Reference.Reference", "ReturnValue.Reference", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::boxed::Box as crate::ops::deref::DerefMut>::deref_mut", "Argument[self].Reference.Reference", "ReturnValue.Reference", "value", "dfc-generated"]
@@ -84,6 +85,7 @@ extensions:
       - ["lang:alloc", "<crate::collections::btree::node::NodeRef as crate::clone::Clone>::clone", "Argument[self].Reference", "ReturnValue", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::btree::node::NodeRef>::ascend", "Argument[self]", "ReturnValue.Field[crate::result::Result::Err(0)]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::btree::node::NodeRef>::calc_split_length", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["lang:alloc", "<crate::collections::btree::node::NodeRef>::choose_parent_kv", "Argument[self]", "ReturnValue.Field[crate::result::Result::Err(0)]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::btree::node::NodeRef>::find_lower_bound_edge", "Argument[0]", "ReturnValue.Field[1]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::btree::node::NodeRef>::find_lower_bound_edge", "Argument[self]", "ReturnValue.Field[0].Field[crate::collections::btree::node::Handle::node]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::btree::node::NodeRef>::find_upper_bound_edge", "Argument[0]", "ReturnValue.Field[1]", "value", "dfc-generated"]
@@ -114,7 +116,7 @@ extensions:
       - ["lang:alloc", "<crate::collections::linked_list::LinkedList>::extract_if", "Argument[0]", "ReturnValue.Field[crate::collections::linked_list::ExtractIf::pred]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::linked_list::LinkedList>::extract_if", "Argument[self]", "ReturnValue.Field[crate::collections::linked_list::ExtractIf::list]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::linked_list::LinkedList>::new_in", "Argument[0]", "ReturnValue.Field[crate::collections::linked_list::LinkedList::alloc]", "value", "dfc-generated"]
-      - ["lang:alloc", "<crate::collections::linked_list::LinkedList>::split_off", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["lang:alloc", "<crate::collections::linked_list::LinkedList>::split_off", "Argument[self].Reference", "ReturnValue", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::vec_deque::VecDeque as crate::iter::traits::collect::IntoIterator>::into_iter", "Argument[self]", "ReturnValue.Field[crate::collections::vec_deque::into_iter::IntoIter::inner]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::collections::vec_deque::VecDeque>::drain", "Argument[self]", "ReturnValue", "taint", "df-generated"]
       - ["lang:alloc", "<crate::collections::vec_deque::VecDeque>::retain", "Argument[self].Element", "Argument[0].Parameter[0].Reference", "value", "dfc-generated"]
@@ -181,9 +183,12 @@ extensions:
       - ["lang:alloc", "<crate::string::String as crate::convert::AsRef>::as_ref", "Argument[self]", "ReturnValue", "taint", "df-generated"]
       - ["lang:alloc", "<crate::string::String as crate::convert::AsRef>::as_ref", "Argument[self]", "ReturnValue", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::string::String as crate::convert::From>::from", "Argument[0].Field[crate::borrow::Cow::Owned(0)]", "ReturnValue", "value", "dfc-generated"]
+      - ["lang:alloc", "<crate::string::String as crate::convert::From>::from", "Argument[0]", "ReturnValue", "taint", "df-generated"]
       - ["lang:alloc", "<crate::string::String as crate::convert::From>::from", "Argument[0]", "ReturnValue", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::string::String as crate::convert::TryFrom>::try_from", "Argument[0].Field[0]", "ReturnValue.Field[crate::result::Result::Err(0)].Field[crate::string::FromUtf8Error::bytes]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::string::String as crate::convert::TryFrom>::try_from", "Argument[0].Field[0]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[crate::string::String::vec]", "value", "dfc-generated"]
+      - ["lang:alloc", "<crate::string::String as crate::convert::TryFrom>::try_from", "Argument[0]", "ReturnValue.Field[crate::result::Result::Err(0)].Field[crate::string::FromUtf8Error::bytes]", "value", "dfc-generated"]
+      - ["lang:alloc", "<crate::string::String as crate::convert::TryFrom>::try_from", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[crate::string::String::vec]", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::string::String as crate::ops::arith::Add>::add", "Argument[self]", "ReturnValue", "value", "dfc-generated"]
       - ["lang:alloc", "<crate::string::String as crate::ops::deref::Deref>::deref", "Argument[self]", "ReturnValue", "taint", "df-generated"]
       - ["lang:alloc", "<crate::string::String as crate::str::traits::FromStr>::from_str", "Argument[0].Field[crate::borrow::Cow::Owned(0)]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "value", "dfc-generated"]
@@ -239,5 +244,8 @@ extensions:
       - ["lang:alloc", "<dyn crate::error::Error>::downcast", "Argument[self]", "ReturnValue.Field[crate::result::Result::Err(0)]", "value", "dfc-generated"]
       - ["lang:alloc", "<str as crate::string::SpecToString>::spec_to_string", "Argument[self].Field[crate::borrow::Cow::Owned(0)]", "ReturnValue", "value", "dfc-generated"]
       - ["lang:alloc", "<str as crate::string::SpecToString>::spec_to_string", "Argument[self]", "ReturnValue", "value", "dfc-generated"]
-      - ["lang:alloc", "<{345}::StringError as crate::error::Error>::description", "Argument[self].Field[0]", "ReturnValue.Reference", "value", "dfc-generated"]
-      - ["lang:alloc", "crate::collections::btree::mem::replace", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["lang:alloc", "<{766}::StringError as crate::error::Error>::description", "Argument[self].Field[0]", "ReturnValue.Reference", "value", "dfc-generated"]
+      - ["lang:alloc", "crate::collections::btree::mem::replace", "Argument[0].Reference", "Argument[1].Parameter[0]", "value", "dfc-generated"]
+      - ["lang:alloc", "crate::collections::btree::mem::replace", "Argument[1].ReturnValue", "Argument[0].Reference", "value", "dfc-generated"]
+      - ["lang:alloc", "crate::collections::btree::mem::take_mut", "Argument[0].Reference", "Argument[1].Parameter[0]", "value", "dfc-generated"]
+      - ["lang:alloc", "crate::collections::btree::mem::take_mut", "Argument[1].ReturnValue", "Argument[0].Reference", "value", "dfc-generated"]