From 00f6d9b305f78faead99be50e8e5baa762945420 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 10 Apr 2025 17:35:27 +0200 Subject: [PATCH 01/22] Rust: start preparing documentation changes --- docs/codeql/reusables/supported-versions-compilers.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 7d5a9bdb34ab..2e2c6f4d096c 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -25,6 +25,7 @@ JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [7]_" Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py`` Ruby [9]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``" + Rust [13]_,"Rust editions 2021 and 2024","Rust compiler","``.rs``, ``Cargo.toml``" Swift [10]_,"Swift 5.4-6.0","Swift compiler","``.swift``" TypeScript [11]_,"2.6-5.8",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``" @@ -42,3 +43,4 @@ .. [10] Support for the analysis of Swift requires macOS. .. [11] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. .. [12] Support for GitHub Actions is in public preview. + .. [13] Support for Rust is in private preview and requires ``rustup`` and ``cargo`` to be installed. Features from nightly toolchains are not supported. From df427f7de834178b31c546743839602ec98c4daf Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 11 Apr 2025 11:53:27 +0200 Subject: [PATCH 02/22] Rust: add supported frameworks file --- .../codeql/reusables/supported-frameworks.rst | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 402a3b9ee3d3..4ff4d8919fc9 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -306,6 +306,39 @@ and the CodeQL library pack ``codeql/ruby-all`` (`changelog `__, `source `__) +and the CodeQL library pack ``codeql/rust-all`` (`changelog `__, `source `__). +All support is experimental. + +.. csv-table:: + :header-rows: 1 + :class: fullWidthTable + :widths: auto + :align: left + + Name, Category + alloc, Standard library + core, Standard library + `digest `__, Cryptography library + `futures-executor `__, Utility library + `hyper `__, HTTP library + `hyper-util `__, HTTP library + `libc `__, Utility library + `log `__, Logging library + `md5 `__, Utility library + `postgres `__, Database + proc_macro, Standard library + `regex `__, Utility library + `reqwest `__, HTTP client + `rusqlite `__, Database + std, Standard library + `tokio-postgres `__, Database + `url `__, Utility library + Swift built-in support ================================ From 33c857ce9f4a2fa31a0d086577940740adcdaa23 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 11 Apr 2025 12:01:24 +0200 Subject: [PATCH 03/22] Rust: update supported languages footnote --- docs/codeql/reusables/supported-versions-compilers.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 2e2c6f4d096c..818fe8cfa402 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -43,4 +43,4 @@ .. [10] Support for the analysis of Swift requires macOS. .. [11] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. .. [12] Support for GitHub Actions is in public preview. - .. [13] Support for Rust is in private preview and requires ``rustup`` and ``cargo`` to be installed. Features from nightly toolchains are not supported. + .. [13] Support for Rust is experimental and requires ``rustup`` and ``cargo`` to be installed, as well as `CODEQL_ENABLE_EXPERIMENTAL_FEATURES=true` set in the environment. Features from nightly toolchains are not supported. From e2a86aaf939afe27adbcc9ba1fc5690b8b3b3829 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 2 May 2025 13:18:56 +0200 Subject: [PATCH 04/22] Rust: update supported libraries Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- docs/codeql/reusables/supported-frameworks.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 4ff4d8919fc9..5f09ddb17a29 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -336,6 +336,8 @@ All support is experimental. `reqwest `__, HTTP client `rusqlite `__, Database std, Standard library + `sqlx `__, Database + `tokio `__, Asynchronous IO `tokio-postgres `__, Database `url `__, Utility library From 00f4bfdd2411e8de794ab56cb17f292d2395ce64 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 2 May 2025 13:20:02 +0200 Subject: [PATCH 05/22] Rust: add some more supported libraries Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- docs/codeql/reusables/supported-frameworks.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 5f09ddb17a29..07afdce4de3a 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -330,12 +330,14 @@ All support is experimental. `libc `__, Utility library `log `__, Logging library `md5 `__, Utility library + `poem `__, Web framework `postgres `__, Database proc_macro, Standard library `regex `__, Utility library `reqwest `__, HTTP client `rusqlite `__, Database std, Standard library + `rust-crypto `__, Cryptography library `sqlx `__, Database `tokio `__, Asynchronous IO `tokio-postgres `__, Database From c70decbe86fa945a445da1c9b1e7267702cf5b39 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 6 Jun 2025 16:18:16 +0200 Subject: [PATCH 06/22] Rust: add `Callable::getParam` and `CallExprBase::getArg` shortcuts --- rust/ql/.generated.list | 22 +++++++++++-------- rust/ql/.gitattributes | 4 ++++ .../internal/generated/CfgNodes.qll | 15 +++++++++++++ rust/ql/lib/codeql/rust/elements/Callable.qll | 1 + .../elements/internal/CallExprBaseImpl.qll | 2 ++ .../rust/elements/internal/CallableImpl.qll | 5 +++-- .../internal/generated/CallExprBase.qll | 16 ++++++++++++++ .../elements/internal/generated/Callable.qll | 16 ++++++++++++++ .../generated/CallExpr/CallExpr.ql | 7 +++--- .../generated/CallExpr/CallExpr_getArg.ql | 7 ++++++ .../generated/ClosureExpr/ClosureExpr.ql | 13 ++++++----- .../ClosureExpr/ClosureExpr_getParam.ql | 7 ++++++ .../generated/Function/Function.ql | 21 ++++++++++-------- .../generated/Function/Function_getParam.ql | 7 ++++++ .../MethodCallExpr/MethodCallExpr.ql | 13 ++++++----- .../MethodCallExpr/MethodCallExpr_getArg.ql | 7 ++++++ rust/schema/annotations.py | 1 + rust/schema/prelude.py | 1 + 18 files changed, 132 insertions(+), 33 deletions(-) create mode 100644 rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql create mode 100644 rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql create mode 100644 rust/ql/test/extractor-tests/generated/Function/Function_getParam.ql create mode 100644 rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index eb60dccb3e6a..903f91362d38 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -1,4 +1,4 @@ -lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll bd01b4d17625ee8c0da93231cf2291deb7e57db2c8aaa2c37968553c3144c47e 6e6ac58e09b84d02f461699a25ee80798a1bdc51c1836d9d75f5b52e93ae7ba6 +lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll 6a103a6d04c951ca2f0c2989bed737cdbac56dd5ea9432b858da3416412bbf79 cf2bc67b65a1555de58bbd0a35b834b8867112a2f7c1951307c9416400ce70d0 lib/codeql/rust/elements/Abi.qll 485a2e79f6f7bfd1c02a6e795a71e62dede3c3e150149d5f8f18b761253b7208 6159ba175e7ead0dd2e3f2788f49516c306ee11b1a443bd4bdc00b7017d559bd lib/codeql/rust/elements/Addressable.qll 13011bfd2e1556694c3d440cc34af8527da4df49ad92b62f2939d3699ff2cea5 ddb25935f7553a1a384b1abe2e4b4fa90ab50b952dadec32fd867afcb054f4be lib/codeql/rust/elements/ArgList.qll 3d2f6f5542340b80a4c6e944ac17aba0d00727588bb66e501453ac0f80c82f83 afd52700bf5a337f19827846667cd0fb1fea5abbbcbc353828e292a727ea58c9 @@ -33,7 +33,7 @@ lib/codeql/rust/elements/BoxPat.qll 1b2c3fff171aa6aa238c9460b122f26c79e04577cea6 lib/codeql/rust/elements/BreakExpr.qll 7ca3807a20e9a9a988d1fd7abebf240325ed422fcb45c719ba46272f031f94db dffb7379d3f3ba220acfbd05eb7bb6cfd9cfda211e9c8b1f5240ca5fa61be3fc lib/codeql/rust/elements/CallExpr.qll f336500ca7a611b164d48b90e80edb0c0d3816792b0ececce659ac1ff1ffeb3e f99a9c55466418ef53860c44d9f2d6161af4b492178ddd9e5870dff742b70ae5 lib/codeql/rust/elements/CallExprBase.qll 2846202b5208b541977500286951d96487bf555838c6c16cdd006a71e383745a c789d412bf099c624329379e0c7d94fa0d23ae2edea7a25a2ea0f3c0042ccf62 -lib/codeql/rust/elements/Callable.qll e1ed21a7e6bd2426f6ccd0e46cee506d8ebf90a6fdc4dca0979157da439853aa 02f6c09710116ce82157aec9a5ec706983c38e4d85cc631327baf8d409b018c6 +lib/codeql/rust/elements/Callable.qll 0f7f78c3bfabbe24962f6232b0440d27e51f06d2b8d341fc623ffbfbff173f47 5fd13aaa0eaf76ea0b47fa0641bd23eea20a069f0b3cbc1ee4e290e88321008a lib/codeql/rust/elements/CastExpr.qll 2fe1f36ba31fa29de309baf0a665cfcae67b61c73345e8f9bbd41e8c235fec45 c5b4c1e9dc24eb2357799defcb2df25989075e3a80e8663b74204a1c1b70e29a lib/codeql/rust/elements/ClosureBinder.qll 02c8e83bf07deaf7bf0233b76623ec7f1837be8b77fe7e1c23544edc7d85e3c4 2b114d9a6dede694324aebe3dac80a802d139cfacd39beb0f12b5b0a46ee6390 lib/codeql/rust/elements/ClosureExpr.qll 67e2a106e9154c90367b129987e574d2a9ecf5b297536627e43706675d35eaed d6a381132ddd589c5a7ce174f50f9620041ddf690e15a65ebfb05ff7e7c02de7 @@ -492,8 +492,8 @@ lib/codeql/rust/elements/internal/generated/BlockExpr.qll 5a5ddbe34bc478a7bd9b0d lib/codeql/rust/elements/internal/generated/BoxPat.qll 597bed52f7489e0addce3266f7bee5be7c53d2d1263eceec3a252d041ca0908f b8ccf363ca5f1a988547caf1fd266a55aec7cbf8623578deea99765d264b0151 lib/codeql/rust/elements/internal/generated/BreakExpr.qll 0f428a8b2f4209b134c2ffc3e1c93c30bc6b0e9c9172f140cefa88c1f77d8690 957b39f38ff6befe9061f55bc0b403c2f1c366dd0cf63b874bae6f8216576d76 lib/codeql/rust/elements/internal/generated/CallExpr.qll f1b8dae487077cc9d1dccf8c3cd61fd17afe860585f17ce8b860be4859be7ca4 6034fc03778e38802cdf3a6e460364b74e92912622581b31e6179951022bbbd6 -lib/codeql/rust/elements/internal/generated/CallExprBase.qll cce796e36847249f416629bacf3ea146313084de3374587412e66c10d2917b83 c219aa2174321c161a4a742ca0605521687ca9a5ca32db453a5c62db6f7784cc -lib/codeql/rust/elements/internal/generated/Callable.qll b0502b5263b7bcd18e740f284f992c0e600e37d68556e3e0ba54a2ac42b94934 bda3e1eea11cacf5a9b932cd72efc2de6105103e8c575880fcd0cd89daadf068 +lib/codeql/rust/elements/internal/generated/CallExprBase.qll 2268e01d65015014c05166161bb28e5a1e78164d525ca16fc1e3106866cf231d b2f9b912153ba4d3e3612df4f74ac0e83077c31d5b31383bd277974081417a56 +lib/codeql/rust/elements/internal/generated/Callable.qll 9a8661aa018fd90a21529760c1dbc46c1ad3649e17b030e59ced0683fbf83f8a 8b573adfc23ec0ac91949da415e6a0c988fa02cbce9534d45ac98a5512d7b1ca lib/codeql/rust/elements/internal/generated/CastExpr.qll ddc20054b0b339ad4d40298f3461490d25d00af87c876da5ffbc6a11c0832295 f4247307afcd74d80e926f29f8c57e78c50800984483e6b6003a44681e4a71f3 lib/codeql/rust/elements/internal/generated/ClosureBinder.qll ab199df96f525a083a0762fd654cd098802033c79700a593bb204a9a0c69ec01 86b33543e0886715830cfcdaca43b555a242a4f12a4caa18b88732d5afb584bd lib/codeql/rust/elements/internal/generated/ClosureExpr.qll 34149bf82f107591e65738221e1407ec1dc9cc0dfb10ae7f761116fda45162de fd2fbc9a87fc0773c940db64013cf784d5e4137515cc1020e2076da329f5a952 @@ -578,7 +578,7 @@ lib/codeql/rust/elements/internal/generated/ParamList.qll eaa0cd4402d3665013d47e lib/codeql/rust/elements/internal/generated/ParenExpr.qll 812d2ff65079277f39f15c084657a955a960a7c1c0e96dd60472a58d56b945eb eb8c607f43e1fcbb41f37a10de203a1db806690e10ff4f04d48ed874189cb0eb lib/codeql/rust/elements/internal/generated/ParenPat.qll 24f9dc7fce75827d6fddb856cd48f80168143151b27295c0bab6db5a06567a09 ebadbc6f5498e9ed754b39893ce0763840409a0721036a25b56e1ead7dcc09aa lib/codeql/rust/elements/internal/generated/ParenTypeRepr.qll 03f5c5b96a37adeb845352d7fcea3e098da9050e534972d14ac0f70d60a2d776 ed3d6e5d02086523087adebce4e89e35461eb95f2a66d1d4100fe23fc691b126 -lib/codeql/rust/elements/internal/generated/ParentChild.qll e2c6aaaa1735113f160c0e178d682bff8e9ebc627632f73c0dd2d1f4f9d692a8 61cf70eb649f241e2fcd5e0ba34df63f3a14f07032811b9ae151721783a0fd20 +lib/codeql/rust/elements/internal/generated/ParentChild.qll 794df100370be92e8537c2b90431d02558c4eeb783c68ffdc7fc6445629acae2 61cf70eb649f241e2fcd5e0ba34df63f3a14f07032811b9ae151721783a0fd20 lib/codeql/rust/elements/internal/generated/ParenthesizedArgList.qll d901fdc8142a5b8847cc98fc2afcfd16428b8ace4fbffb457e761b5fd3901a77 5dbb0aea5a13f937da666ccb042494af8f11e776ade1459d16b70a4dd193f9fb lib/codeql/rust/elements/internal/generated/Pat.qll 3605ac062be2f294ee73336e9669027b8b655f4ad55660e1eab35266275154ee 7f9400db2884d336dd1d21df2a8093759c2a110be9bf6482ce8e80ae0fd74ed4 lib/codeql/rust/elements/internal/generated/Path.qll 9b12afb46fc5a9ad3a811b05472621bbecccb900c47504feb7f29d96b28421ca bcacbffc36fb3e0c9b26523b5963af0ffa9fd6b19f00a2a31bdb2316071546bd @@ -730,7 +730,8 @@ test/extractor-tests/generated/BreakExpr/BreakExpr.ql cdde2855d98f658187c60b9edc test/extractor-tests/generated/BreakExpr/BreakExpr_getAttr.ql c7690a9aab1923bf3c2fb06f0a1d441d480b3c91ee1df3a868bbbd96c4042053 c592dd077fb6e22b2d6ddcaec37da2c5a26ba92d84f5d1ae4c78a615b9013765 test/extractor-tests/generated/BreakExpr/BreakExpr_getExpr.ql 0358f4fe6a66da56177703cf0e991042729c5e34ae8b6dccbb827f95fe936c72 1cb2dd778c50e19fe04c5fdf3a08a502635ea8303e71ff38d03aa7dc53213986 test/extractor-tests/generated/BreakExpr/BreakExpr_getLifetime.ql ad83cc0db3c0f959fef6bb7ce0938d241a877e8cf84d15fb63879be2fe47238c 240b2fe2156b763d3a82fc64159615872db65b65ffb9ba2f3fd5d1ebd6c60f34 -test/extractor-tests/generated/CallExpr/CallExpr.ql ffb0cf1cb359a6dcbdf792a570c281e2d300779dca2dbc0f324990652adb972f 978a9e6c82758f9e8b334a682a02d6b893a6bf1db3cd85e9535839a9696b09b4 +test/extractor-tests/generated/CallExpr/CallExpr.ql cd38ec018b1afe9ae32ef94feca62295ad37c770c38b48a47bfb09697e7ee531 f6b0f2128cd5e63715f630c581d07b83678c298f7a7c56e38815e0d2c49ee36e +test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql 7d8d53ee4a0642f85d6bbfee6912fead699b5d117534d2b1803a670550894484 1782b33724b72afc9b7d99e3a52cacd4431ce1e12a7e43a7ac9872aad769b4ee test/extractor-tests/generated/CallExpr/CallExpr_getArgList.ql b022e7b6b6db9932e787e37b7760c6a09c91140a0368940374a2c919688e0488 c20849c96b53c96f6f717efff5e8b4c0e900c0ef5d715cfbaf7101c7056ad8f4 test/extractor-tests/generated/CallExpr/CallExpr_getAttr.ql 1ace458070875b9ff2c671c2ee18392ea7bf6e51b68ee98d412c8606e8eb8d33 4c35da8255d2975cef4adee15623662441bb8f2e1d73582e4c193d1bc11cc1b5 test/extractor-tests/generated/CallExpr/CallExpr_getFunction.ql 060a6c8b5b85c839b14fe96f9e50291a7a0e5662a945f4f337070f782ec76715 e9a1e44433936146d87be939aa160848b9a7d7333c36da601fb7d1a66d71eb59 @@ -740,10 +741,11 @@ test/extractor-tests/generated/CastExpr/CastExpr_getExpr.ql c37186b8f3e3dab8ae28 test/extractor-tests/generated/CastExpr/CastExpr_getTypeRepr.ql ab6b0a61adc404c89c0e2e1962236a8e703fdc5092512bb4a5d9995af8e13c7b 4e7f6b6f58a1ef34ed45e31e35154dd8dc59054ebedcaa87200c84cc727ef1dd test/extractor-tests/generated/ClosureBinder/ClosureBinder.ql 42516df87ac28c814d65f6739b2ede6eaa41c505d64756a3b8c7e0ca79895230 8b840f92ec033a4ef5edbe52bed909d8be0fffddf6d3e4bfaf9a8bc174fa2f2c test/extractor-tests/generated/ClosureBinder/ClosureBinder_getGenericParamList.ql 71010c43a78a7abe8e63c94353f4b7eb97aca011755d200e7087467c1e3b7a68 2c834328f783ec5032544a692f7e23975bac0228b52b9f8fde46ef46a5f22a5f -test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql f25f9b32e5c0cd61e4b75053a5af4640a08b115ea5a4310ab95df450f6dfe1c4 9b731218857fa16776e29bce084c2ec1526b24e15f46d4f24047917d77d4646a +test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql 4d5f40935d07b0b24d77b93f56e9cea47666c5a3de84744641f9a4cb5d8d1319 b9a235c0a2d6a254d15f1fd1d0c8fdb6a7af51487b3826f26d8ca7a3b6cbc9b2 test/extractor-tests/generated/ClosureExpr/ClosureExpr_getAttr.ql f7f803afa4e2a5976c911fdf8a91ec607c2f998e22531b9c69a63d85579e34c3 1296acd0fb97e1484aa3f1d5ba09d18088001186f3ba5821eb3218a931ca0d54 test/extractor-tests/generated/ClosureExpr/ClosureExpr_getBody.ql 22a973a61274e87620e38338b29beef395818b95a88e2261fff197f7a78a8f76 bd28ed426e4d07823044db869aa8022dc81e8599d156e3e0e7cd49be914a1f36 test/extractor-tests/generated/ClosureExpr/ClosureExpr_getClosureBinder.ql cbfcf89b8efb5cb9b7bfbea26b5a78b3d4c7994cbf03d5ca60b61ee1b5cb4be5 621431277732ef79c585cb0b7199c49b14c597ee6b594a70d9e6966a09d40a9f +test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql c87b61e80dd62e031e8b310d8a4b781a468ecf2e5e81662be400f18bf33c5862 22abbc976a0e6f33c32c0e93cd0dd567cead13d82d561b9214275ea01b4a0573 test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParamList.ql 68ce501516094512dd5bfed42a785474583a91312f704087cba801b02ba7b834 eacbf89d63159e7decfd84c2a1dc5c067dfce56a8157fbb52bc133e9702d266d test/extractor-tests/generated/ClosureExpr/ClosureExpr_getRetType.ql c95bc7306b2d77aa05a6501b6321e6f1e7a48b7ad422ba082635ab20014288ae fe72d44c9819b42fff49b9092a9fb2bfafde6d3b9e4967547fb5298822f30bc3 test/extractor-tests/generated/Comment/Comment.ql 5428b8417a737f88f0d55d87de45c4693d81f03686f03da11dc5369e163d977b 8948c1860cde198d49cff7c74741f554a9e89f8af97bb94de80f3c62e1e29244 @@ -833,7 +835,7 @@ test/extractor-tests/generated/FormatArgsExpr/FormatTemplateVariableAccess.ql 27 test/extractor-tests/generated/FormatArgsExpr/Format_getArgumentRef.ql 634efdffaae4199aa9d95652cf081a8dc26e88224e24678845f8a67dc24ce090 d0302fee5c50403214771d5c6b896ba7c6e52be10c9bea59720ef2bb954e6f40 test/extractor-tests/generated/FormatArgsExpr/Format_getPrecisionArgument.ql 0d2140f84d0220b0c72c48c6bd272f4cfe1863d1797eddd16a6e238552a61e4d f4fe9b29697041e30764fa3dea44f125546bfb648f32c3474a1e922a4255c534 test/extractor-tests/generated/FormatArgsExpr/Format_getWidthArgument.ql 01ef27dd0bfab273e1ddc57ada0e079ece8a2bfd195ce413261006964b444093 acd0161f86010759417015c5b58044467a7f760f288ec4e8525458c54ae9a715 -test/extractor-tests/generated/Function/Function.ql 2efae1916e8f501668b3dbb2237cda788243fdd643683eda41b108dfdc578a90 6ec948518963985ec41b66e2b3b2b953e1da872dcd052a6d8c8f61c25bf09600 +test/extractor-tests/generated/Function/Function.ql b32c49f4371a51b9c217758fa5da2601d58bcbf3b195e7c8adb76bae5180d315 12e55c66a90ee88207c729736f388866cda13af78ea07a5d4e995c4a58a1e378 test/extractor-tests/generated/Function/Function_getAbi.ql e5c9c97de036ddd51cae5d99d41847c35c6b2eabbbd145f4467cb501edc606d8 0b81511528bd0ef9e63b19edfc3cb638d8af43eb87d018fad69d6ef8f8221454 test/extractor-tests/generated/Function/Function_getAttr.ql 44067ee11bdec8e91774ff10de0704a8c5c1b60816d587378e86bf3d82e1f660 b4bebf9441bda1f2d1e34e9261e07a7468cbabf53cf8047384f3c8b11869f04e test/extractor-tests/generated/Function/Function_getAttributeMacroExpansion.ql 17a346a9e5d28af99522520d1af3852db4cae01fb3d290a65c5f84d8d039c345 36fb06b55370828d9bc379cf5fad7f383cdb6f6db6f7377660276943ab0e1ec8 @@ -842,6 +844,7 @@ test/extractor-tests/generated/Function/Function_getCrateOrigin.ql acec761c56b38 test/extractor-tests/generated/Function/Function_getExtendedCanonicalPath.ql 0bcdca25bb92424007cea950409d73ba681e3ffbea53e0508f1d630fccfa8bed ff28c3349f5fc007d5f144e549579bd04870973c0fabef4198edce0fba0ef421 test/extractor-tests/generated/Function/Function_getGenericParamList.ql 0b255791c153b7cb03a64f1b9ab5beccc832984251f37516e1d06ce311e71c2b d200f90d4dd6f8dfd22ce49203423715d5bef27436c56ee553097c668e71c5a1 test/extractor-tests/generated/Function/Function_getName.ql 3d9e0518075d161213485389efe0adf8a9e6352dd1c6233ef0403a9abbcc7ed1 841e644ecefff7e9a82f458bcf14d9976d6a6dbe9191755ead88374d7c086375 +test/extractor-tests/generated/Function/Function_getParam.ql ef0b46453512fef08fbcc2a15bc14ae319bbc4810a4e4ce03a5ca3b1e8859ca7 ce36d3974059c1cd63eb1d6b76111985087f40dd4fe0c716a00aa9a178c712c4 test/extractor-tests/generated/Function/Function_getParamList.ql f888802ab00defb58de59cc39d1e0518e3884db7eaf845f39dfa55befdda58b2 ba0d1a07676f1c987b820a3d126a563ecf9a3d53ac1115b87a5af487a8a03c3e test/extractor-tests/generated/Function/Function_getRetType.ql b3a1ab90c8ebf0543e5db6a415896e44a02f984321f49bc409aec2657298942b cdfa37772e5026febb19c9bcd0d325688b0fbf2f6e7bba424b73eca38b9b3e38 test/extractor-tests/generated/Function/Function_getVisibility.ql 490b0a369c809a757d4835b97becf617b0399f16a63a2b06258c9a227d5cc415 25ceff15d3cd03821e1cb2c04cb8894bcd101eeca62b66b54d1751b628107818 @@ -965,7 +968,8 @@ test/extractor-tests/generated/Meta/Meta.ql 16f163f00ba2bbaa0a8c6f3f6710c860a8f6 test/extractor-tests/generated/Meta/Meta_getExpr.ql ec9ec61f5be7d65c32775fb5c068daea04f9db7d875293ed99cc1b2481db041f 77a0c52f1cb6ddc8fdb294d637f9eda1b7301ffa3067f0fca6272d894f57d3ee test/extractor-tests/generated/Meta/Meta_getPath.ql aa9d4145a4e613c51b6e4637d57e3b7d0f66e0bb88f4ce959d598870814c06bb 2087e00686d502c0e2e89c88eae0fb354463576a9ae4101320981d3fd79b9078 test/extractor-tests/generated/Meta/Meta_getTokenTree.ql 1051c27ffd0d9a20436d684fde529b9ff55abe30d50e1d575b0318951e75bd34 983975672d928fb907676628384c949731da9807bf0c781bb7ec749d25733d2d -test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql d141f5a2ef95019aa64e8cb384ab4a45e7a93c941b84ef2e14c13377f159e4db 47a68fc874af6cc9a4b278a5aab1633a9db17300fd7dbd6dbe193d48d99144bc +test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql 85d3b8c794167f87840469e03d21aa00daf0998c28028f1c8848c7c4bd895db4 fa368ce4543c2544ecd2e636ade8d92849741226599290f59e0138a4a479357c +test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql 10a88c3bf63dfb26f43b9cd1ed7fceef0f436ce2eff4b5a816da369bf5b775d2 ee3b5043719591b4048ec32e21bb5fb3a9f83f0420ef18c338fc0ac28d0e3240 test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArgList.ql 180e0b1715f5cd2be0de01bff3d3a45594b495b8250748d40ff7108d6c85923d bdadcdbecca5891287a47b6dd6b2fda62e07457718aef39212503ab63bc17783 test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getAttr.ql 2ce876a04a159efce83b863dffc47fbb714b95daea2b91fa6fbb623d28eed9ec 7bca1cd0e8fbceec0e640afb6800e1780eff5b5b402e71b9b169c0ba26966f96 test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getGenericArgList.ql 655db9a0501b1ef20d604cc4cd9d708371781291443e8dec97b70ec2914601d2 2fc7df0eca22dcef2f9f5c86d37ee43452d372a4c0f9f4da0194828c82ba93e0 diff --git a/rust/ql/.gitattributes b/rust/ql/.gitattributes index 3326912c0ca8..5e1382f75bb1 100644 --- a/rust/ql/.gitattributes +++ b/rust/ql/.gitattributes @@ -733,6 +733,7 @@ /test/extractor-tests/generated/BreakExpr/BreakExpr_getExpr.ql linguist-generated /test/extractor-tests/generated/BreakExpr/BreakExpr_getLifetime.ql linguist-generated /test/extractor-tests/generated/CallExpr/CallExpr.ql linguist-generated +/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql linguist-generated /test/extractor-tests/generated/CallExpr/CallExpr_getArgList.ql linguist-generated /test/extractor-tests/generated/CallExpr/CallExpr_getAttr.ql linguist-generated /test/extractor-tests/generated/CallExpr/CallExpr_getFunction.ql linguist-generated @@ -746,6 +747,7 @@ /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getAttr.ql linguist-generated /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getBody.ql linguist-generated /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getClosureBinder.ql linguist-generated +/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql linguist-generated /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParamList.ql linguist-generated /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getRetType.ql linguist-generated /test/extractor-tests/generated/Comment/Comment.ql linguist-generated @@ -844,6 +846,7 @@ /test/extractor-tests/generated/Function/Function_getExtendedCanonicalPath.ql linguist-generated /test/extractor-tests/generated/Function/Function_getGenericParamList.ql linguist-generated /test/extractor-tests/generated/Function/Function_getName.ql linguist-generated +/test/extractor-tests/generated/Function/Function_getParam.ql linguist-generated /test/extractor-tests/generated/Function/Function_getParamList.ql linguist-generated /test/extractor-tests/generated/Function/Function_getRetType.ql linguist-generated /test/extractor-tests/generated/Function/Function_getVisibility.ql linguist-generated @@ -968,6 +971,7 @@ /test/extractor-tests/generated/Meta/Meta_getPath.ql linguist-generated /test/extractor-tests/generated/Meta/Meta_getTokenTree.ql linguist-generated /test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql linguist-generated +/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql linguist-generated /test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArgList.ql linguist-generated /test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getAttr.ql linguist-generated /test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getGenericArgList.ql linguist-generated diff --git a/rust/ql/lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll b/rust/ql/lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll index cfa37ed45394..36dd0fb304f2 100644 --- a/rust/ql/lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll +++ b/rust/ql/lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll @@ -722,6 +722,21 @@ module MakeCfgNodes Input> { * Gets the number of attrs of this call expression base. */ int getNumberOfAttrs() { result = count(int i | exists(this.getAttr(i))) } + + /** + * Gets the `index`th argument of this call expression base (0-based). + */ + Expr getArg(int index) { result = node.getArg(index) } + + /** + * Gets any of the arguments of this call expression base. + */ + Expr getAnArg() { result = this.getArg(_) } + + /** + * Gets the number of arguments of this call expression base. + */ + int getNumberOfArgs() { result = count(int i | exists(this.getArg(i))) } } final private class ParentCastExpr extends ParentAstNode, CastExpr { diff --git a/rust/ql/lib/codeql/rust/elements/Callable.qll b/rust/ql/lib/codeql/rust/elements/Callable.qll index c42262a1854a..11d029fff7df 100644 --- a/rust/ql/lib/codeql/rust/elements/Callable.qll +++ b/rust/ql/lib/codeql/rust/elements/Callable.qll @@ -6,6 +6,7 @@ private import internal.CallableImpl import codeql.rust.elements.AstNode import codeql.rust.elements.Attr +import codeql.rust.elements.Param import codeql.rust.elements.ParamList /** diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll index c916b717bf65..b78720b08fa3 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll @@ -28,5 +28,7 @@ module Impl { class CallExprBase extends Generated::CallExprBase { /** Gets the static target of this call, if any. */ Callable getStaticTarget() { none() } // overridden by subclasses, but cannot be made abstract + + override Expr getArg(int index) { result = this.getArgList().getArg(index) } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll index d604b4d239f0..c2a6efb40ab5 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll @@ -1,4 +1,3 @@ -// generated by codegen, remove this comment if you wish to edit this file /** * This module provides a hand-modifiable wrapper around the generated class `Callable`. * @@ -15,5 +14,7 @@ module Impl { /** * A callable. Either a `Function` or a `ClosureExpr`. */ - class Callable extends Generated::Callable { } + class Callable extends Generated::Callable { + override Param getParam(int index) { result = this.getParamList().getParam(index) } + } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/CallExprBase.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/CallExprBase.qll index 046558c356d2..1d6364fb94f3 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/CallExprBase.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/CallExprBase.qll @@ -8,6 +8,7 @@ private import codeql.rust.elements.internal.generated.Synth private import codeql.rust.elements.internal.generated.Raw import codeql.rust.elements.ArgList import codeql.rust.elements.Attr +import codeql.rust.elements.Expr import codeql.rust.elements.internal.ExprImpl::Impl as ExprImpl /** @@ -55,5 +56,20 @@ module Generated { * Gets the number of attrs of this call expression base. */ final int getNumberOfAttrs() { result = count(int i | exists(this.getAttr(i))) } + + /** + * Gets the `index`th argument of this call expression base (0-based). + */ + Expr getArg(int index) { none() } + + /** + * Gets any of the arguments of this call expression base. + */ + final Expr getAnArg() { result = this.getArg(_) } + + /** + * Gets the number of arguments of this call expression base. + */ + final int getNumberOfArgs() { result = count(int i | exists(this.getArg(i))) } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/Callable.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/Callable.qll index 710cfe2078e3..f42f711dcf82 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/Callable.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/Callable.qll @@ -8,6 +8,7 @@ private import codeql.rust.elements.internal.generated.Synth private import codeql.rust.elements.internal.generated.Raw import codeql.rust.elements.internal.AstNodeImpl::Impl as AstNodeImpl import codeql.rust.elements.Attr +import codeql.rust.elements.Param import codeql.rust.elements.ParamList /** @@ -53,5 +54,20 @@ module Generated { * Gets the number of attrs of this callable. */ final int getNumberOfAttrs() { result = count(int i | exists(this.getAttr(i))) } + + /** + * Gets the `index`th parameter of this callable (0-based). + */ + Param getParam(int index) { none() } + + /** + * Gets any of the parameters of this callable. + */ + final Param getAParam() { result = this.getParam(_) } + + /** + * Gets the number of parameters of this callable. + */ + final int getNumberOfParams() { result = count(int i | exists(this.getParam(i))) } } } diff --git a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.ql b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.ql index cd043e88d1dd..8abf8b2a08e0 100644 --- a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.ql +++ b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.ql @@ -2,12 +2,13 @@ import codeql.rust.elements import TestUtils -from CallExpr x, string hasArgList, int getNumberOfAttrs, string hasFunction +from CallExpr x, string hasArgList, int getNumberOfAttrs, int getNumberOfArgs, string hasFunction where toBeTested(x) and not x.isUnknown() and (if x.hasArgList() then hasArgList = "yes" else hasArgList = "no") and getNumberOfAttrs = x.getNumberOfAttrs() and + getNumberOfArgs = x.getNumberOfArgs() and if x.hasFunction() then hasFunction = "yes" else hasFunction = "no" -select x, "hasArgList:", hasArgList, "getNumberOfAttrs:", getNumberOfAttrs, "hasFunction:", - hasFunction +select x, "hasArgList:", hasArgList, "getNumberOfAttrs:", getNumberOfAttrs, "getNumberOfArgs:", + getNumberOfArgs, "hasFunction:", hasFunction diff --git a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql new file mode 100644 index 000000000000..37483c3e6378 --- /dev/null +++ b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql @@ -0,0 +1,7 @@ +// generated by codegen, do not edit +import codeql.rust.elements +import TestUtils + +from CallExpr x, int index +where toBeTested(x) and not x.isUnknown() +select x, index, x.getArg(index) diff --git a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql index b4b3dddc6798..6a5536c5be13 100644 --- a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql +++ b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql @@ -3,13 +3,15 @@ import codeql.rust.elements import TestUtils from - ClosureExpr x, string hasParamList, int getNumberOfAttrs, string hasBody, string hasClosureBinder, - string isAsync, string isConst, string isGen, string isMove, string isStatic, string hasRetType + ClosureExpr x, string hasParamList, int getNumberOfAttrs, int getNumberOfParams, string hasBody, + string hasClosureBinder, string isAsync, string isConst, string isGen, string isMove, + string isStatic, string hasRetType where toBeTested(x) and not x.isUnknown() and (if x.hasParamList() then hasParamList = "yes" else hasParamList = "no") and getNumberOfAttrs = x.getNumberOfAttrs() and + getNumberOfParams = x.getNumberOfParams() and (if x.hasBody() then hasBody = "yes" else hasBody = "no") and (if x.hasClosureBinder() then hasClosureBinder = "yes" else hasClosureBinder = "no") and (if x.isAsync() then isAsync = "yes" else isAsync = "no") and @@ -18,6 +20,7 @@ where (if x.isMove() then isMove = "yes" else isMove = "no") and (if x.isStatic() then isStatic = "yes" else isStatic = "no") and if x.hasRetType() then hasRetType = "yes" else hasRetType = "no" -select x, "hasParamList:", hasParamList, "getNumberOfAttrs:", getNumberOfAttrs, "hasBody:", hasBody, - "hasClosureBinder:", hasClosureBinder, "isAsync:", isAsync, "isConst:", isConst, "isGen:", isGen, - "isMove:", isMove, "isStatic:", isStatic, "hasRetType:", hasRetType +select x, "hasParamList:", hasParamList, "getNumberOfAttrs:", getNumberOfAttrs, + "getNumberOfParams:", getNumberOfParams, "hasBody:", hasBody, "hasClosureBinder:", + hasClosureBinder, "isAsync:", isAsync, "isConst:", isConst, "isGen:", isGen, "isMove:", isMove, + "isStatic:", isStatic, "hasRetType:", hasRetType diff --git a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql new file mode 100644 index 000000000000..06cef03f2065 --- /dev/null +++ b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql @@ -0,0 +1,7 @@ +// generated by codegen, do not edit +import codeql.rust.elements +import TestUtils + +from ClosureExpr x, int index +where toBeTested(x) and not x.isUnknown() +select x, index, x.getParam(index) diff --git a/rust/ql/test/extractor-tests/generated/Function/Function.ql b/rust/ql/test/extractor-tests/generated/Function/Function.ql index 3c368187c296..cd9875a2373e 100644 --- a/rust/ql/test/extractor-tests/generated/Function/Function.ql +++ b/rust/ql/test/extractor-tests/generated/Function/Function.ql @@ -3,15 +3,17 @@ import codeql.rust.elements import TestUtils from - Function x, string hasParamList, int getNumberOfAttrs, string hasExtendedCanonicalPath, - string hasCrateOrigin, string hasAttributeMacroExpansion, string hasAbi, string hasBody, - string hasGenericParamList, string isAsync, string isConst, string isDefault, string isGen, - string isUnsafe, string hasName, string hasRetType, string hasVisibility, string hasWhereClause + Function x, string hasParamList, int getNumberOfAttrs, int getNumberOfParams, + string hasExtendedCanonicalPath, string hasCrateOrigin, string hasAttributeMacroExpansion, + string hasAbi, string hasBody, string hasGenericParamList, string isAsync, string isConst, + string isDefault, string isGen, string isUnsafe, string hasName, string hasRetType, + string hasVisibility, string hasWhereClause where toBeTested(x) and not x.isUnknown() and (if x.hasParamList() then hasParamList = "yes" else hasParamList = "no") and getNumberOfAttrs = x.getNumberOfAttrs() and + getNumberOfParams = x.getNumberOfParams() and ( if x.hasExtendedCanonicalPath() then hasExtendedCanonicalPath = "yes" @@ -36,8 +38,9 @@ where (if x.hasVisibility() then hasVisibility = "yes" else hasVisibility = "no") and if x.hasWhereClause() then hasWhereClause = "yes" else hasWhereClause = "no" select x, "hasParamList:", hasParamList, "getNumberOfAttrs:", getNumberOfAttrs, - "hasExtendedCanonicalPath:", hasExtendedCanonicalPath, "hasCrateOrigin:", hasCrateOrigin, - "hasAttributeMacroExpansion:", hasAttributeMacroExpansion, "hasAbi:", hasAbi, "hasBody:", hasBody, - "hasGenericParamList:", hasGenericParamList, "isAsync:", isAsync, "isConst:", isConst, - "isDefault:", isDefault, "isGen:", isGen, "isUnsafe:", isUnsafe, "hasName:", hasName, - "hasRetType:", hasRetType, "hasVisibility:", hasVisibility, "hasWhereClause:", hasWhereClause + "getNumberOfParams:", getNumberOfParams, "hasExtendedCanonicalPath:", hasExtendedCanonicalPath, + "hasCrateOrigin:", hasCrateOrigin, "hasAttributeMacroExpansion:", hasAttributeMacroExpansion, + "hasAbi:", hasAbi, "hasBody:", hasBody, "hasGenericParamList:", hasGenericParamList, "isAsync:", + isAsync, "isConst:", isConst, "isDefault:", isDefault, "isGen:", isGen, "isUnsafe:", isUnsafe, + "hasName:", hasName, "hasRetType:", hasRetType, "hasVisibility:", hasVisibility, + "hasWhereClause:", hasWhereClause diff --git a/rust/ql/test/extractor-tests/generated/Function/Function_getParam.ql b/rust/ql/test/extractor-tests/generated/Function/Function_getParam.ql new file mode 100644 index 000000000000..c936ea99da7d --- /dev/null +++ b/rust/ql/test/extractor-tests/generated/Function/Function_getParam.ql @@ -0,0 +1,7 @@ +// generated by codegen, do not edit +import codeql.rust.elements +import TestUtils + +from Function x, int index +where toBeTested(x) and not x.isUnknown() +select x, index, x.getParam(index) diff --git a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql index d0b082f4523b..518d3dee36ef 100644 --- a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql +++ b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql @@ -3,13 +3,15 @@ import codeql.rust.elements import TestUtils from - MethodCallExpr x, string hasArgList, int getNumberOfAttrs, string hasResolvedPath, - string hasResolvedCrateOrigin, string hasGenericArgList, string hasIdentifier, string hasReceiver + MethodCallExpr x, string hasArgList, int getNumberOfAttrs, int getNumberOfArgs, + string hasResolvedPath, string hasResolvedCrateOrigin, string hasGenericArgList, + string hasIdentifier, string hasReceiver where toBeTested(x) and not x.isUnknown() and (if x.hasArgList() then hasArgList = "yes" else hasArgList = "no") and getNumberOfAttrs = x.getNumberOfAttrs() and + getNumberOfArgs = x.getNumberOfArgs() and (if x.hasResolvedPath() then hasResolvedPath = "yes" else hasResolvedPath = "no") and ( if x.hasResolvedCrateOrigin() @@ -19,6 +21,7 @@ where (if x.hasGenericArgList() then hasGenericArgList = "yes" else hasGenericArgList = "no") and (if x.hasIdentifier() then hasIdentifier = "yes" else hasIdentifier = "no") and if x.hasReceiver() then hasReceiver = "yes" else hasReceiver = "no" -select x, "hasArgList:", hasArgList, "getNumberOfAttrs:", getNumberOfAttrs, "hasResolvedPath:", - hasResolvedPath, "hasResolvedCrateOrigin:", hasResolvedCrateOrigin, "hasGenericArgList:", - hasGenericArgList, "hasIdentifier:", hasIdentifier, "hasReceiver:", hasReceiver +select x, "hasArgList:", hasArgList, "getNumberOfAttrs:", getNumberOfAttrs, "getNumberOfArgs:", + getNumberOfArgs, "hasResolvedPath:", hasResolvedPath, "hasResolvedCrateOrigin:", + hasResolvedCrateOrigin, "hasGenericArgList:", hasGenericArgList, "hasIdentifier:", hasIdentifier, + "hasReceiver:", hasReceiver diff --git a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql new file mode 100644 index 000000000000..58529cebfe5e --- /dev/null +++ b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql @@ -0,0 +1,7 @@ +// generated by codegen, do not edit +import codeql.rust.elements +import TestUtils + +from MethodCallExpr x, int index +where toBeTested(x) and not x.isUnknown() +select x, index, x.getArg(index) diff --git a/rust/schema/annotations.py b/rust/schema/annotations.py index c6ab581d7cae..1311522fca01 100644 --- a/rust/schema/annotations.py +++ b/rust/schema/annotations.py @@ -226,6 +226,7 @@ class CallExprBase(Expr): """ arg_list: optional["ArgList"] | child attrs: list["Attr"] | child + args: list["Expr"] | synth @annotate(CallExpr, replace_bases={Expr: CallExprBase}, cfg=True) diff --git a/rust/schema/prelude.py b/rust/schema/prelude.py index 6d356567d22a..62334b2d8641 100644 --- a/rust/schema/prelude.py +++ b/rust/schema/prelude.py @@ -73,6 +73,7 @@ class Callable(AstNode): """ param_list: optional["ParamList"] | child attrs: list["Attr"] | child + params: list["Param"] | synth class Addressable(AstNode): From f3e4f94e81ece832577bd0426c9753e98464005f Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 6 Jun 2025 16:19:20 +0200 Subject: [PATCH 07/22] Rust: add documentation --- .../analyzing-data-flow-in-rust.rst | 300 ++++++++++++++++++ .../codeql-for-rust.rst | 16 + .../codeql-library-for-rust.rst | 62 ++++ docs/codeql/codeql-language-guides/index.rst | 1 + docs/codeql/codeql-overview/codeql-tools.rst | 2 + .../codeql/query-help/codeql-cwe-coverage.rst | 2 +- docs/codeql/query-help/index.rst | 2 + docs/codeql/query-help/rust-cwe.md | 7 + docs/codeql/query-help/rust.rst | 8 + docs/codeql/reusables/extractors.rst | 8 +- .../codeql/reusables/rust-further-reading.rst | 2 + .../about-codeql-queries.rst | 1 + docs/query-metadata-style-guide.md | 5 +- 13 files changed, 410 insertions(+), 6 deletions(-) create mode 100644 docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst create mode 100644 docs/codeql/codeql-language-guides/codeql-for-rust.rst create mode 100644 docs/codeql/codeql-language-guides/codeql-library-for-rust.rst create mode 100644 docs/codeql/query-help/rust-cwe.md create mode 100644 docs/codeql/query-help/rust.rst create mode 100644 docs/codeql/reusables/rust-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst new file mode 100644 index 000000000000..3f6a18e42834 --- /dev/null +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst @@ -0,0 +1,300 @@ +.. _analyzing-data-flow-in-rust: + +Analyzing data flow in Rust +============================= + +You can use CodeQL to track the flow of data through a Rust program to places where the data is used. + +About this article +------------------ + +This article describes how data flow analysis is implemented in the CodeQL libraries for Rust and includes examples to help you write your own data flow queries. +The following sections describe how to use the libraries for local data flow, global data flow, and taint tracking. +For a more general introduction to modeling data flow, see ":ref:`About data flow analysis `." + +.. include:: ../reusables/new-data-flow-api.rst + +Local data flow +--------------- + +Local data flow tracks the flow of data within a single method or callable. Local data flow is easier, faster, and more precise than global data flow. Before looking at more complex tracking, you should always consider local tracking because it is sufficient for many queries. + +Using local data flow +~~~~~~~~~~~~~~~~~~~~~ + +You can use the local data flow library by importing the ``codeql.rust.dataflow.DataFlow`` module. The library uses the class ``Node`` to represent any element through which data can flow. +``Node``\ s are divided into expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). +You can map a data flow ``ParameterNode`` to its corresponding ``Parameter`` AST node using the ``asParameter`` member predicate. +Similarly, you can use the ``asExpr`` member predicate to map a data flow ``ExprNode`` to its corresponding ``ExprCfgNode`` in the control-flow library. + +.. code-block:: ql + + class Node { + /** Gets the expression corresponding to this node, if any. */ + CfgNodes::ExprCfgNode asExpr() { ... } + + /** Gets the parameter corresponding to this node, if any. */ + Parameter asParameter() { ... } + + ... + } + +You can use the predicates ``exprNode`` and ``parameterNode`` to map from expressions and parameters to their data-flow node: + +.. code-block:: ql + + /** + * Gets a node corresponding to expression `e`. + */ + ExprNode exprNode(CfgNodes::ExprCfgNode e) { ... } + + /** + * Gets the node corresponding to the value of parameter `p` at function entry. + */ + ParameterNode parameterNode(Parameter p) { ... } + +Note that since ``asExpr`` and ``exprNode`` map between data-flow and control-flow nodes, you then need to call the ``getExpr`` member predicate on the control-flow node to map to the corresponding AST node, +for example, by writing ``node.asExpr().getExpr()``. +A control-flow graph considers every way control can flow through code, consequently, there can be multiple data-flow and control-flow nodes associated with a single expression node in the AST. + +The predicate ``localFlowStep(Node nodeFrom, Node nodeTo)`` holds if there is an immediate data flow edge from the node ``nodeFrom`` to the node ``nodeTo``. +You can apply the predicate recursively, by using the ``+`` and ``*`` operators, or you can use the predefined recursive predicate ``localFlow``. + +For example, you can find flow from an expression ``source`` to an expression ``sink`` in zero or more local steps: + +.. code-block:: ql + + DataFlow::localFlow(source, sink) + +Using local taint tracking +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Local taint tracking extends local data flow to include flow steps where values are not preserved, for example, string manipulation. +For example: + +.. code-block:: rust + + let y: String = "Hello ".to_owned() + x + +If ``x`` is a tainted string then ``y`` is also tainted. + +The local taint tracking library is in the module ``TaintTracking``. +Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. +You can apply the predicate recursively, by using the ``+`` and ``*`` operators, or you can use the predefined recursive predicate ``localTaint``. + +For example, you can find taint propagation from an expression ``source`` to an expression ``sink`` in zero or more local steps: + +.. code-block:: ql + + TaintTracking::localTaint(source, sink) + + +Using local sources +~~~~~~~~~~~~~~~~~~~ + +When exploring local data flow or taint propagation between two expressions as above, you would normally constrain the expressions to be relevant to your investigation. +The next section gives some concrete examples, but first it's helpful to introduce the concept of a local source. + +A local source is a data-flow node with no local data flow into it. +As such, it is a local origin of data flow, a place where a new value is created. +This includes parameters (which only receive values from global data flow) and most expressions (because they are not value-preserving). +The class ``LocalSourceNode`` represents data-flow nodes that are also local sources. +It comes with a useful member predicate ``flowsTo(DataFlow::Node node)``, which holds if there is local data flow from the local source to ``node``. + +Examples of local data flow +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +This query finds the argument passed in each call to ``File::create``: + +.. code-block:: ql + + import rust + + from CallExpr call + where call.getStaticTarget().(Function).getCanonicalPath() = "::create" + select call.getArg(0) + +Unfortunately this will only give the expression in the argument, not the values which could be passed to it. +So we use local data flow to find all expressions that flow into the argument: + +.. code-block:: ql + + import rust + import codeql.rust.dataflow.DataFlow + + from CallExpr call, DataFlow::ExprNode source, DataFlow::ExprNode sink + where + call.getStaticTarget().(Function).getCanonicalPath() = "::create" and + sink.asExpr().getExpr() = call.getArg(0) and + DataFlow::localFlow(source, sink) + select source, sink + +We can vary the source, for example, making the source the parameter of a function rather than an expression. The following query finds where a parameter is used for the file creation: + +.. code-block:: ql + + import rust + import codeql.rust.dataflow.DataFlow + + from CallExpr call, Method method, ParamDecl sourceParam, Expr sinkExpr + where + call.getStaticTarget() = method and + method.hasQualifiedName("String", "init(format:_:)") and + sinkExpr = call.getArgument(0).getExpr() and + DataFlow::localFlow(DataFlow::parameterNode(sourceParam), DataFlow::exprNode(sinkExpr)) + select sourceParam, sinkExpr + +The following example finds calls to ``String.init(format:_:)`` where the format string is not a hard-coded string literal: + +.. code-block:: ql + + import rust + import codeql.rust.dataflow.DataFlow + + from CallExpr call, Method method, DataFlow::Node sinkNode + where + call.getStaticTarget() = method and + method.hasQualifiedName("String", "init(format:_:)") and + sinkNode.asExpr() = call.getArgument(0).getExpr() and + not exists(StringLiteralExpr sourceLiteral | + DataFlow::localFlow(DataFlow::exprNode(sourceLiteral), sinkNode) + ) + select call, "Format argument to " + method.getName() + " isn't hard-coded." + +Global data flow +---------------- + +Global data flow tracks data flow throughout the entire program, and is therefore more powerful than local data flow. +However, global data flow is less precise than local data flow, and the analysis typically requires significantly more time and memory to perform. + +.. pull-quote:: Note + + .. include:: ../reusables/path-problem.rst + +Using global data flow +~~~~~~~~~~~~~~~~~~~~~~ + +We can use the global data flow library by implementing the signature ``DataFlow::ConfigSig`` and applying the module ``DataFlow::Global``: + +.. code-block:: ql + + import codeql.rust.dataflow.DataFlow + + module MyDataFlowConfiguration implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + ... + } + + predicate isSink(DataFlow::Node sink) { + ... + } + } + + module MyDataFlow = DataFlow::Global; + +These predicates are defined in the configuration: + +- ``isSource`` - defines where data may flow from. +- ``isSink`` - defines where data may flow to. +- ``isBarrier`` - optional, defines where data flow is blocked. +- ``isAdditionalFlowStep`` - optional, adds additional flow steps. + +The last line (``module MyDataFlow = ...``) instantiates the parameterized module for data flow analysis by passing the configuration to the parameterized module. Data flow analysis can then be performed using ``MyDataFlow::flow(DataFlow::Node source, DataFlow::Node sink)``: + +.. code-block:: ql + + from DataFlow::Node source, DataFlow::Node sink + where MyDataFlow::flow(source, sink) + select source, "Dataflow to $@.", sink, sink.toString() + +Using global taint tracking +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Global taint tracking is to global data flow what local taint tracking is to local data flow. +That is, global taint tracking extends global data flow with additional non-value-preserving steps. +The global taint tracking library uses the same configuration module as the global data flow library. You can perform taint flow analysis using ``TaintTracking::Global``: + +.. code-block:: ql + + module MyTaintFlow = TaintTracking::Global; + + from DataFlow::Node source, DataFlow::Node sink + where MyTaintFlow::flow(source, sink) + select source, "Taint flow to $@.", sink, sink.toString() + +Predefined sources +~~~~~~~~~~~~~~~~~~ + +The data flow library module ``codeql.rust.dataflow.FlowSources`` contains a number of predefined sources that you can use to write security queries to track data flow and taint flow. + +- The class ``RemoteFlowSource`` represents data flow from remote network inputs and from other applications. +- The class ``LocalFlowSource`` represents data flow from local user input. +- The class ``FlowSource`` includes both of the above. + +Examples of global data flow +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following global taint-tracking query finds places where a string literal is used in a function call argument named "password". + - Since this is a taint-tracking query, the ``TaintTracking::Global`` module is used. + - The ``isSource`` predicate defines sources as any ``StringLiteralExpr``. + - The ``isSink`` predicate defines sinks as arguments to a ``CallExpr`` called "password". + - The sources and sinks may need tuning to a particular use, for example, if passwords are represented by a type other than ``String`` or passed in arguments of a different name than "password". + +.. code-block:: ql + + import rust + import codeql.rust.dataflow.DataFlow + import codeql.rust.dataflow.TaintTracking + + module ConstantPasswordConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.asExpr() instanceof StringLiteralExpr } + + predicate isSink(DataFlow::Node node) { + // any argument called `password` + exists(CallExpr call | call.getArgumentWithLabel("password").getExpr() = node.asExpr()) + } + + module ConstantPasswordFlow = TaintTracking::Global; + + from DataFlow::Node sourceNode, DataFlow::Node sinkNode + where ConstantPasswordFlow::flow(sourceNode, sinkNode) + select sinkNode, "The value $@ is used as a constant password.", sourceNode, sourceNode.toString() + + +The following global taint-tracking query finds places where a value from a remote or local user input is used as an argument to the SQLite ``Connection.execute(_:)`` function. + - Since this is a taint-tracking query, the ``TaintTracking::Global`` module is used. + - The ``isSource`` predicate defines sources as a ``FlowSource`` (remote or local user input). + - The ``isSink`` predicate defines sinks as the first argument in any call to ``Connection.execute(_:)``. + +.. code-block:: ql + + import rust + import codeql.rust.dataflow.DataFlow + import codeql.rust.dataflow.TaintTracking + import codeql.rust.dataflow.FlowSources + + module SqlInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof FlowSource } + + predicate isSink(DataFlow::Node node) { + exists(CallExpr call | + call.getStaticTarget().(Method).hasQualifiedName("Connection", "execute(_:)") and + call.getArgument(0).getExpr() = node.asExpr() + ) + } + } + + module SqlInjectionFlow = TaintTracking::Global; + + from DataFlow::Node sourceNode, DataFlow::Node sinkNode + where SqlInjectionFlow::flow(sourceNode, sinkNode) + select sinkNode, "This query depends on a $@.", sourceNode, "user-provided value" + +Further reading +--------------- + +- `Exploring data flow with path queries `__ in the GitHub documentation. + + +.. include:: ../reusables/rust-further-reading.rst +.. include:: ../reusables/codeql-ref-tools-further-reading.rst diff --git a/docs/codeql/codeql-language-guides/codeql-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-for-rust.rst new file mode 100644 index 000000000000..c8262208cf58 --- /dev/null +++ b/docs/codeql/codeql-language-guides/codeql-for-rust.rst @@ -0,0 +1,16 @@ + +.. _codeql-for-rust: + +CodeQL for Rust +========================= + +Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Rust code. + +.. toctree:: + :hidden: + + codeql-library-for-rust + analyzing-data-flow-in-rust + +- :doc:`CodeQL library for Rust `: When you're analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. +- :doc:`Analyzing data flow in Ruby `: You can use CodeQL to track the flow of data through a Rust program to places where the data is used. diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst new file mode 100644 index 000000000000..dd25d7696925 --- /dev/null +++ b/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst @@ -0,0 +1,62 @@ +.. _codeql-library-for-rust: + +CodeQL library for Rust +================================= + +When you're analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. + +Overview +-------- + +CodeQL ships with a library for analyzing Rust code. The classes in this library present the data from a CodeQL database in an object-oriented form and provide +abstractions and predicates to help you with common analysis tasks. + +The library is implemented as a set of CodeQL modules, that is, files with the extension ``.qll``. The +module `rust.qll `__ imports most other standard library modules, so you can include the complete +library by beginning your query with: + +.. code-block:: ql + + import rust + +The CodeQL libraries model various aspects of Rust code. The above import includes the abstract syntax tree (AST) library, which is used for locating program elements, +to match syntactic elements in the source code. This can be used for example to find values, patterns and structures. + +The control flow graph (CFG) is imported using + +.. code-block:: ql + + import codeql.rust.controlflow.ControlFlowGraph + +The CFG models the control flow between statements and expressions, for example whether one expression can +be evaluated before another expression, or whether an expression "dominates" another one, meaning that all paths to an +expression must flow through another expression first. + +The data flow library is imported using + +.. code-block:: ql + + import codeql.rust.dataflow.DataFlow + +Data flow tracks the flow of data through the program, including through function calls (interprocedural data flow) and between steps in a job or workflow. +Data flow is particularly useful for security queries, where untrusted data flows to vulnerable parts of the program +to exploit it. Related to data flow, is the taint-tracking library, which finds how data can *influence* other values +in a program, even when it is not copied exactly. + +To summarize, the main Rust library modules are: + +.. list-table:: Main Rust library modules + :header-rows: 1 + + * - Import + - Description + * - ``rust`` + - The standard Rust library + * - ``codeql.rust.elements`` + - The abstract syntax tree library (also imported by `rust.qll`) + * - ``codeql.rust.controlflow.ControlFlowGraph`` + - The control flow graph library + * - ``codeql.rust.dataflow.DataFlow`` + - The data flow library + * - ``codeql.rust.dataflow.TaintTracking`` + - The taint tracking library diff --git a/docs/codeql/codeql-language-guides/index.rst b/docs/codeql/codeql-language-guides/index.rst index ca03ebffd759..5ec9a715a4d7 100644 --- a/docs/codeql/codeql-language-guides/index.rst +++ b/docs/codeql/codeql-language-guides/index.rst @@ -15,4 +15,5 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat codeql-for-javascript codeql-for-python codeql-for-ruby + codeql-for-rust codeql-for-swift diff --git a/docs/codeql/codeql-overview/codeql-tools.rst b/docs/codeql/codeql-overview/codeql-tools.rst index ada1a75689ed..12d138974134 100644 --- a/docs/codeql/codeql-overview/codeql-tools.rst +++ b/docs/codeql/codeql-overview/codeql-tools.rst @@ -39,6 +39,8 @@ maintained by GitHub are: - ``codeql/python-all`` (`changelog `__, `source `__) - ``codeql/ruby-queries`` (`changelog `__, `source `__) - ``codeql/ruby-all`` (`changelog `__, `source `__) +- ``codeql/rust-queries`` (`changelog `__, `source `__) +- ``codeql/rust-all`` (`changelog `__, `source `__) - ``codeql/swift-queries`` (`changelog `__, `source `__) - ``codeql/swift-all`` (`changelog `__, `source `__) diff --git a/docs/codeql/query-help/codeql-cwe-coverage.rst b/docs/codeql/query-help/codeql-cwe-coverage.rst index 6236289a9ab5..0c0089a576da 100644 --- a/docs/codeql/query-help/codeql-cwe-coverage.rst +++ b/docs/codeql/query-help/codeql-cwe-coverage.rst @@ -35,5 +35,5 @@ Note that the CWE coverage includes both "`supported queries ` - :doc:`CodeQL query help for Python ` - :doc:`CodeQL query help for Ruby ` +- :doc:`CodeQL query help for Rust ` - :doc:`CodeQL query help for Swift ` .. pull-quote:: Information @@ -37,5 +38,6 @@ For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE cove javascript python ruby + rust swift codeql-cwe-coverage diff --git a/docs/codeql/query-help/rust-cwe.md b/docs/codeql/query-help/rust-cwe.md new file mode 100644 index 000000000000..6468ff890acd --- /dev/null +++ b/docs/codeql/query-help/rust-cwe.md @@ -0,0 +1,7 @@ +# CWE coverage for Rust + +An overview of CWE coverage for Rust in the latest release of CodeQL. + +## Overview + + diff --git a/docs/codeql/query-help/rust.rst b/docs/codeql/query-help/rust.rst new file mode 100644 index 000000000000..b430fd3692e3 --- /dev/null +++ b/docs/codeql/query-help/rust.rst @@ -0,0 +1,8 @@ +CodeQL query help for Rust +============================ + +.. include:: ../reusables/query-help-overview.rst + +These queries are published in the CodeQL query pack ``codeql/rust-queries`` (`changelog `__, `source `__). + +.. include:: toc-rust.rst diff --git a/docs/codeql/reusables/extractors.rst b/docs/codeql/reusables/extractors.rst index 30ccef6e4654..c09926666b0a 100644 --- a/docs/codeql/reusables/extractors.rst +++ b/docs/codeql/reusables/extractors.rst @@ -6,9 +6,9 @@ - Identifier * - GitHub Actions - ``actions`` - * - C/C++ + * - C/C++ - ``cpp`` - * - C# + * - C# - ``csharp`` * - Go - ``go`` @@ -20,5 +20,7 @@ - ``python`` * - Ruby - ``ruby`` + - Rust + - ``rust`` * - Swift - - ``swift`` \ No newline at end of file + - ``swift`` diff --git a/docs/codeql/reusables/rust-further-reading.rst b/docs/codeql/reusables/rust-further-reading.rst new file mode 100644 index 000000000000..a82dee7f28e1 --- /dev/null +++ b/docs/codeql/reusables/rust-further-reading.rst @@ -0,0 +1,2 @@ +- `CodeQL queries for Rust `__ +- `CodeQL library reference for Rust `__ diff --git a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst index f4e60b513c9a..92e4b963bff1 100644 --- a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst +++ b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst @@ -79,6 +79,7 @@ When writing your own alert queries, you would typically import the standard lib - :ref:`CodeQL library guide for JavaScript ` - :ref:`CodeQL library guide for Python ` - :ref:`CodeQL library guide for Ruby ` +- :ref:`CodeQL library guide for Rust ` - :ref:`CodeQL library guide for TypeScript ` There are also libraries containing commonly used predicates, types, and other modules associated with different analyses, including data flow, control flow, and taint-tracking. In order to calculate path graphs, path queries require you to import a data flow library into the query file. For more information, see ":doc:`Creating path queries `." diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index f5f2143d8be4..6538d207e6a0 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -25,6 +25,7 @@ For examples of query files for the languages supported by CodeQL, visit the fol * [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) * [Ruby queries](https://codeql.github.com/codeql-query-help/ruby/) +* [Rust queries](https://codeql.github.com/codeql-query-help/rust/) * [Swift queries](https://codeql.github.com/codeql-query-help/swift/) ## Metadata area @@ -154,7 +155,7 @@ When you tag a query like this, the associated CWE pages from [MITRE.org](https: * `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. * `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution. -Software quality doesn't have as universally-agreed categorization method as security issues like CWE, so we will do our own categorization instead of using tags like CWE. +Software quality doesn't have as universally-agreed categorization method as security issues like CWE, so we will do our own categorization instead of using tags like CWE. We'll use two "top-level" categories of quality queries, with sub-categories beneath: @@ -162,7 +163,7 @@ We'll use two "top-level" categories of quality queries, with sub-categories ben * `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. * `@tags useless-code`-for queries that detect functions that are never used and other instances of unused code * `@tags complexity`-for queries that detect patterns in the code that lead to unnecesary complexity such as unclear control flow, or high cyclomatic complexity - + * `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution. * `@tags correctness`–for queries that detect incorrect program behavior or couse result in unintended outcomes. From 9c2fea914ecb595caa59ba6c904fb6e1c2a78ea1 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 10 Jun 2025 09:30:43 +0200 Subject: [PATCH 08/22] Rust: accept test changes --- .../generated/CallExpr/CallExpr.expected | 8 ++++---- .../generated/CallExpr/CallExpr_getArg.expected | 4 ++++ .../generated/ClosureExpr/ClosureExpr.expected | 10 +++++----- .../ClosureExpr/ClosureExpr_getParam.expected | 6 ++++++ .../generated/Function/Function.expected | 4 ++-- .../generated/Function/Function_getParam.expected | 1 + .../generated/MethodCallExpr/MethodCallExpr.expected | 4 ++-- .../MethodCallExpr/MethodCallExpr_getArg.expected | 2 ++ 8 files changed, 26 insertions(+), 13 deletions(-) create mode 100644 rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.expected create mode 100644 rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.expected create mode 100644 rust/ql/test/extractor-tests/generated/Function/Function_getParam.expected create mode 100644 rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.expected diff --git a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.expected b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.expected index ebe6eeda1049..31824b731a65 100644 --- a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.expected +++ b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.expected @@ -1,4 +1,4 @@ -| gen_call_expr.rs:5:5:5:11 | foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasFunction: | yes | -| gen_call_expr.rs:6:5:6:23 | foo::<...>(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasFunction: | yes | -| gen_call_expr.rs:7:5:7:14 | ...(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasFunction: | yes | -| gen_call_expr.rs:8:5:8:10 | foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasFunction: | yes | +| gen_call_expr.rs:5:5:5:11 | foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasFunction: | yes | +| gen_call_expr.rs:6:5:6:23 | foo::<...>(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasFunction: | yes | +| gen_call_expr.rs:7:5:7:14 | ...(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasFunction: | yes | +| gen_call_expr.rs:8:5:8:10 | foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasFunction: | yes | diff --git a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.expected b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.expected new file mode 100644 index 000000000000..2bf849534104 --- /dev/null +++ b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.expected @@ -0,0 +1,4 @@ +| gen_call_expr.rs:5:5:5:11 | foo(...) | 0 | gen_call_expr.rs:5:9:5:10 | 42 | +| gen_call_expr.rs:6:5:6:23 | foo::<...>(...) | 0 | gen_call_expr.rs:6:21:6:22 | 42 | +| gen_call_expr.rs:7:5:7:14 | ...(...) | 0 | gen_call_expr.rs:7:12:7:13 | 42 | +| gen_call_expr.rs:8:5:8:10 | foo(...) | 0 | gen_call_expr.rs:8:9:8:9 | 1 | diff --git a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.expected b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.expected index 3ea9f463a00d..d8a9b33ce0eb 100644 --- a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.expected +++ b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.expected @@ -1,5 +1,5 @@ -| gen_closure_expr.rs:5:5:5:13 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | -| gen_closure_expr.rs:6:5:6:34 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | yes | isStatic: | no | hasRetType: | yes | -| gen_closure_expr.rs:7:5:7:27 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | hasBody: | yes | hasClosureBinder: | no | isAsync: | yes | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | -| gen_closure_expr.rs:8:6:9:15 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | -| gen_closure_expr.rs:10:6:11:23 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | yes | hasRetType: | no | +| gen_closure_expr.rs:5:5:5:13 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | +| gen_closure_expr.rs:6:5:6:34 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | yes | isStatic: | no | hasRetType: | yes | +| gen_closure_expr.rs:7:5:7:27 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 2 | hasBody: | yes | hasClosureBinder: | no | isAsync: | yes | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | +| gen_closure_expr.rs:8:6:9:15 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 1 | getNumberOfParams: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | +| gen_closure_expr.rs:10:6:11:23 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 1 | getNumberOfParams: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | yes | hasRetType: | no | diff --git a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.expected b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.expected new file mode 100644 index 000000000000..29be6ae9ef03 --- /dev/null +++ b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.expected @@ -0,0 +1,6 @@ +| gen_closure_expr.rs:5:5:5:13 | \|...\| ... | 0 | gen_closure_expr.rs:5:6:5:6 | ... | +| gen_closure_expr.rs:6:5:6:34 | \|...\| ... | 0 | gen_closure_expr.rs:6:11:6:16 | ...: i32 | +| gen_closure_expr.rs:7:5:7:27 | \|...\| ... | 0 | gen_closure_expr.rs:7:12:7:17 | ...: i32 | +| gen_closure_expr.rs:7:5:7:27 | \|...\| ... | 1 | gen_closure_expr.rs:7:20:7:20 | ... | +| gen_closure_expr.rs:8:6:9:15 | \|...\| ... | 0 | gen_closure_expr.rs:9:6:9:6 | ... | +| gen_closure_expr.rs:10:6:11:23 | \|...\| ... | 0 | gen_closure_expr.rs:11:14:11:14 | ... | diff --git a/rust/ql/test/extractor-tests/generated/Function/Function.expected b/rust/ql/test/extractor-tests/generated/Function/Function.expected index d30ef684493d..117aad5d2936 100644 --- a/rust/ql/test/extractor-tests/generated/Function/Function.expected +++ b/rust/ql/test/extractor-tests/generated/Function/Function.expected @@ -1,2 +1,2 @@ -| gen_function.rs:3:1:4:38 | fn foo | hasParamList: | yes | getNumberOfAttrs: | 0 | hasExtendedCanonicalPath: | yes | hasCrateOrigin: | yes | hasAttributeMacroExpansion: | no | hasAbi: | no | hasBody: | yes | hasGenericParamList: | no | isAsync: | no | isConst: | no | isDefault: | no | isGen: | no | isUnsafe: | no | hasName: | yes | hasRetType: | yes | hasVisibility: | no | hasWhereClause: | no | -| gen_function.rs:7:5:7:13 | fn bar | hasParamList: | yes | getNumberOfAttrs: | 0 | hasExtendedCanonicalPath: | yes | hasCrateOrigin: | yes | hasAttributeMacroExpansion: | no | hasAbi: | no | hasBody: | no | hasGenericParamList: | no | isAsync: | no | isConst: | no | isDefault: | no | isGen: | no | isUnsafe: | no | hasName: | yes | hasRetType: | no | hasVisibility: | no | hasWhereClause: | no | +| gen_function.rs:3:1:4:38 | fn foo | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 1 | hasExtendedCanonicalPath: | yes | hasCrateOrigin: | yes | hasAttributeMacroExpansion: | no | hasAbi: | no | hasBody: | yes | hasGenericParamList: | no | isAsync: | no | isConst: | no | isDefault: | no | isGen: | no | isUnsafe: | no | hasName: | yes | hasRetType: | yes | hasVisibility: | no | hasWhereClause: | no | +| gen_function.rs:7:5:7:13 | fn bar | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 0 | hasExtendedCanonicalPath: | yes | hasCrateOrigin: | yes | hasAttributeMacroExpansion: | no | hasAbi: | no | hasBody: | no | hasGenericParamList: | no | isAsync: | no | isConst: | no | isDefault: | no | isGen: | no | isUnsafe: | no | hasName: | yes | hasRetType: | no | hasVisibility: | no | hasWhereClause: | no | diff --git a/rust/ql/test/extractor-tests/generated/Function/Function_getParam.expected b/rust/ql/test/extractor-tests/generated/Function/Function_getParam.expected new file mode 100644 index 000000000000..6a7340509a7a --- /dev/null +++ b/rust/ql/test/extractor-tests/generated/Function/Function_getParam.expected @@ -0,0 +1 @@ +| gen_function.rs:3:1:4:38 | fn foo | 0 | gen_function.rs:4:8:4:13 | ...: u32 | diff --git a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.expected b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.expected index 5862cd940812..516e47d8b398 100644 --- a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.expected +++ b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.expected @@ -1,2 +1,2 @@ -| gen_method_call_expr.rs:5:5:5:13 | x.foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasResolvedPath: | no | hasResolvedCrateOrigin: | no | hasGenericArgList: | no | hasIdentifier: | yes | hasReceiver: | yes | -| gen_method_call_expr.rs:6:5:6:25 | x.foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasResolvedPath: | no | hasResolvedCrateOrigin: | no | hasGenericArgList: | yes | hasIdentifier: | yes | hasReceiver: | yes | +| gen_method_call_expr.rs:5:5:5:13 | x.foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasResolvedPath: | no | hasResolvedCrateOrigin: | no | hasGenericArgList: | no | hasIdentifier: | yes | hasReceiver: | yes | +| gen_method_call_expr.rs:6:5:6:25 | x.foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasResolvedPath: | no | hasResolvedCrateOrigin: | no | hasGenericArgList: | yes | hasIdentifier: | yes | hasReceiver: | yes | diff --git a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.expected b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.expected new file mode 100644 index 000000000000..36af4e22c504 --- /dev/null +++ b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.expected @@ -0,0 +1,2 @@ +| gen_method_call_expr.rs:5:5:5:13 | x.foo(...) | 0 | gen_method_call_expr.rs:5:11:5:12 | 42 | +| gen_method_call_expr.rs:6:5:6:25 | x.foo(...) | 0 | gen_method_call_expr.rs:6:23:6:24 | 42 | From f647b3316634cc841273bdecfeedb664003b9e94 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 10 Jun 2025 09:31:12 +0200 Subject: [PATCH 09/22] Rust: rerun codegen --- rust/ql/.generated.list | 1 - rust/ql/.gitattributes | 1 - rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index 903f91362d38..d2e2ec8d2d47 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -240,7 +240,6 @@ lib/codeql/rust/elements/internal/BlockExprImpl.qll 36ac09e4a6eeeec22919b62b1d00 lib/codeql/rust/elements/internal/BoxPatConstructor.qll 153f110ba25fd6c889092bfd16f73bb610fa60d6e0c8965d5f44d2446fcd48a2 9324cf0d8aa29945551bf8ab64801d598f57aab8cd4e19bcd4e9ef8a4a4e06eb lib/codeql/rust/elements/internal/BreakExprConstructor.qll 356be043c28e0b34fdf925a119c945632ee883c6f5ebb9a27003c6a8d250afd9 bb77e66b04bb9489340e7506931559b94285c6904b6f9d2f83b214cba4f3cfd5 lib/codeql/rust/elements/internal/CallExprConstructor.qll 742b38e862e2cf82fd1ecc4d4fc5b4782a9c7c07f031452b2bae7aa59d5aa13a cad6e0a8be21d91b20ac2ec16cab9c30eae810b452c0f1992ed87d5c7f4144dc -lib/codeql/rust/elements/internal/CallableImpl.qll 917a7d298583e15246428f32fba4cde6fc57a1790262731be27a96baddd8cf5e c5c0848024e0fe3fbb775e7750cf1a2c2dfa454a5aef0df55fec3d0a6fe99190 lib/codeql/rust/elements/internal/CastExprConstructor.qll f3d6e10c4731f38a384675aeab3fba47d17b9e15648293787092bb3247ed808d d738a7751dbadb70aa1dcffcf8af7fa61d4cf8029798369a7e8620013afff4ed lib/codeql/rust/elements/internal/ClosureBinderConstructor.qll 6e376ab9d40308e95bcdaf1cc892472c92099d477720192cd382d2c4e0d9c8a1 60a0efe50203ad5bb97bdfc06d602182edcc48ac9670f2d27a9675bd9fd8e19f lib/codeql/rust/elements/internal/ClosureBinderImpl.qll 9f6ce7068b5c17df44f00037ebb42e6c8fdbbbd09bf89951221fb04f378fbdf1 6e6e372e151fe0b0f17a5ea0ed774553b6ed0bf53e1d377e5ed24a0f98529735 diff --git a/rust/ql/.gitattributes b/rust/ql/.gitattributes index 5e1382f75bb1..65c3aae0e9e1 100644 --- a/rust/ql/.gitattributes +++ b/rust/ql/.gitattributes @@ -242,7 +242,6 @@ /lib/codeql/rust/elements/internal/BoxPatConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/BreakExprConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/CallExprConstructor.qll linguist-generated -/lib/codeql/rust/elements/internal/CallableImpl.qll linguist-generated /lib/codeql/rust/elements/internal/CastExprConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/ClosureBinderConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/ClosureBinderImpl.qll linguist-generated diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll index c2a6efb40ab5..37e24a9150ce 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll @@ -11,6 +11,7 @@ private import codeql.rust.elements.internal.generated.Callable * be referenced directly. */ module Impl { + // the following QLdoc is generated: if you need to edit it, do it in the schema file /** * A callable. Either a `Function` or a `ClosureExpr`. */ From 3fe6ba692a6f3ae79147540503207af0a332f5fc Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 10 Jun 2025 09:42:28 +0200 Subject: [PATCH 10/22] Revert "Rust: add `Callable::getParam` and `CallExprBase::getArg` shortcuts" This reverts commit c70decbe86fa945a445da1c9b1e7267702cf5b39. --- rust/ql/.generated.list | 22 ++++++++----------- rust/ql/.gitattributes | 4 ---- .../internal/generated/CfgNodes.qll | 15 ------------- rust/ql/lib/codeql/rust/elements/Callable.qll | 1 - .../elements/internal/CallExprBaseImpl.qll | 2 -- .../rust/elements/internal/CallableImpl.qll | 5 ++--- .../internal/generated/CallExprBase.qll | 16 -------------- .../elements/internal/generated/Callable.qll | 16 -------------- .../generated/CallExpr/CallExpr.ql | 7 +++--- .../generated/CallExpr/CallExpr_getArg.ql | 7 ------ .../generated/ClosureExpr/ClosureExpr.ql | 13 +++++------ .../ClosureExpr/ClosureExpr_getParam.ql | 7 ------ .../generated/Function/Function.ql | 21 ++++++++---------- .../generated/Function/Function_getParam.ql | 7 ------ .../MethodCallExpr/MethodCallExpr.ql | 13 +++++------ .../MethodCallExpr/MethodCallExpr_getArg.ql | 7 ------ rust/schema/annotations.py | 1 - rust/schema/prelude.py | 1 - 18 files changed, 33 insertions(+), 132 deletions(-) delete mode 100644 rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql delete mode 100644 rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql delete mode 100644 rust/ql/test/extractor-tests/generated/Function/Function_getParam.ql delete mode 100644 rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index d2e2ec8d2d47..47d787806873 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -1,4 +1,4 @@ -lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll 6a103a6d04c951ca2f0c2989bed737cdbac56dd5ea9432b858da3416412bbf79 cf2bc67b65a1555de58bbd0a35b834b8867112a2f7c1951307c9416400ce70d0 +lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll bd01b4d17625ee8c0da93231cf2291deb7e57db2c8aaa2c37968553c3144c47e 6e6ac58e09b84d02f461699a25ee80798a1bdc51c1836d9d75f5b52e93ae7ba6 lib/codeql/rust/elements/Abi.qll 485a2e79f6f7bfd1c02a6e795a71e62dede3c3e150149d5f8f18b761253b7208 6159ba175e7ead0dd2e3f2788f49516c306ee11b1a443bd4bdc00b7017d559bd lib/codeql/rust/elements/Addressable.qll 13011bfd2e1556694c3d440cc34af8527da4df49ad92b62f2939d3699ff2cea5 ddb25935f7553a1a384b1abe2e4b4fa90ab50b952dadec32fd867afcb054f4be lib/codeql/rust/elements/ArgList.qll 3d2f6f5542340b80a4c6e944ac17aba0d00727588bb66e501453ac0f80c82f83 afd52700bf5a337f19827846667cd0fb1fea5abbbcbc353828e292a727ea58c9 @@ -33,7 +33,7 @@ lib/codeql/rust/elements/BoxPat.qll 1b2c3fff171aa6aa238c9460b122f26c79e04577cea6 lib/codeql/rust/elements/BreakExpr.qll 7ca3807a20e9a9a988d1fd7abebf240325ed422fcb45c719ba46272f031f94db dffb7379d3f3ba220acfbd05eb7bb6cfd9cfda211e9c8b1f5240ca5fa61be3fc lib/codeql/rust/elements/CallExpr.qll f336500ca7a611b164d48b90e80edb0c0d3816792b0ececce659ac1ff1ffeb3e f99a9c55466418ef53860c44d9f2d6161af4b492178ddd9e5870dff742b70ae5 lib/codeql/rust/elements/CallExprBase.qll 2846202b5208b541977500286951d96487bf555838c6c16cdd006a71e383745a c789d412bf099c624329379e0c7d94fa0d23ae2edea7a25a2ea0f3c0042ccf62 -lib/codeql/rust/elements/Callable.qll 0f7f78c3bfabbe24962f6232b0440d27e51f06d2b8d341fc623ffbfbff173f47 5fd13aaa0eaf76ea0b47fa0641bd23eea20a069f0b3cbc1ee4e290e88321008a +lib/codeql/rust/elements/Callable.qll e1ed21a7e6bd2426f6ccd0e46cee506d8ebf90a6fdc4dca0979157da439853aa 02f6c09710116ce82157aec9a5ec706983c38e4d85cc631327baf8d409b018c6 lib/codeql/rust/elements/CastExpr.qll 2fe1f36ba31fa29de309baf0a665cfcae67b61c73345e8f9bbd41e8c235fec45 c5b4c1e9dc24eb2357799defcb2df25989075e3a80e8663b74204a1c1b70e29a lib/codeql/rust/elements/ClosureBinder.qll 02c8e83bf07deaf7bf0233b76623ec7f1837be8b77fe7e1c23544edc7d85e3c4 2b114d9a6dede694324aebe3dac80a802d139cfacd39beb0f12b5b0a46ee6390 lib/codeql/rust/elements/ClosureExpr.qll 67e2a106e9154c90367b129987e574d2a9ecf5b297536627e43706675d35eaed d6a381132ddd589c5a7ce174f50f9620041ddf690e15a65ebfb05ff7e7c02de7 @@ -491,8 +491,8 @@ lib/codeql/rust/elements/internal/generated/BlockExpr.qll 5a5ddbe34bc478a7bd9b0d lib/codeql/rust/elements/internal/generated/BoxPat.qll 597bed52f7489e0addce3266f7bee5be7c53d2d1263eceec3a252d041ca0908f b8ccf363ca5f1a988547caf1fd266a55aec7cbf8623578deea99765d264b0151 lib/codeql/rust/elements/internal/generated/BreakExpr.qll 0f428a8b2f4209b134c2ffc3e1c93c30bc6b0e9c9172f140cefa88c1f77d8690 957b39f38ff6befe9061f55bc0b403c2f1c366dd0cf63b874bae6f8216576d76 lib/codeql/rust/elements/internal/generated/CallExpr.qll f1b8dae487077cc9d1dccf8c3cd61fd17afe860585f17ce8b860be4859be7ca4 6034fc03778e38802cdf3a6e460364b74e92912622581b31e6179951022bbbd6 -lib/codeql/rust/elements/internal/generated/CallExprBase.qll 2268e01d65015014c05166161bb28e5a1e78164d525ca16fc1e3106866cf231d b2f9b912153ba4d3e3612df4f74ac0e83077c31d5b31383bd277974081417a56 -lib/codeql/rust/elements/internal/generated/Callable.qll 9a8661aa018fd90a21529760c1dbc46c1ad3649e17b030e59ced0683fbf83f8a 8b573adfc23ec0ac91949da415e6a0c988fa02cbce9534d45ac98a5512d7b1ca +lib/codeql/rust/elements/internal/generated/CallExprBase.qll cce796e36847249f416629bacf3ea146313084de3374587412e66c10d2917b83 c219aa2174321c161a4a742ca0605521687ca9a5ca32db453a5c62db6f7784cc +lib/codeql/rust/elements/internal/generated/Callable.qll b0502b5263b7bcd18e740f284f992c0e600e37d68556e3e0ba54a2ac42b94934 bda3e1eea11cacf5a9b932cd72efc2de6105103e8c575880fcd0cd89daadf068 lib/codeql/rust/elements/internal/generated/CastExpr.qll ddc20054b0b339ad4d40298f3461490d25d00af87c876da5ffbc6a11c0832295 f4247307afcd74d80e926f29f8c57e78c50800984483e6b6003a44681e4a71f3 lib/codeql/rust/elements/internal/generated/ClosureBinder.qll ab199df96f525a083a0762fd654cd098802033c79700a593bb204a9a0c69ec01 86b33543e0886715830cfcdaca43b555a242a4f12a4caa18b88732d5afb584bd lib/codeql/rust/elements/internal/generated/ClosureExpr.qll 34149bf82f107591e65738221e1407ec1dc9cc0dfb10ae7f761116fda45162de fd2fbc9a87fc0773c940db64013cf784d5e4137515cc1020e2076da329f5a952 @@ -577,7 +577,7 @@ lib/codeql/rust/elements/internal/generated/ParamList.qll eaa0cd4402d3665013d47e lib/codeql/rust/elements/internal/generated/ParenExpr.qll 812d2ff65079277f39f15c084657a955a960a7c1c0e96dd60472a58d56b945eb eb8c607f43e1fcbb41f37a10de203a1db806690e10ff4f04d48ed874189cb0eb lib/codeql/rust/elements/internal/generated/ParenPat.qll 24f9dc7fce75827d6fddb856cd48f80168143151b27295c0bab6db5a06567a09 ebadbc6f5498e9ed754b39893ce0763840409a0721036a25b56e1ead7dcc09aa lib/codeql/rust/elements/internal/generated/ParenTypeRepr.qll 03f5c5b96a37adeb845352d7fcea3e098da9050e534972d14ac0f70d60a2d776 ed3d6e5d02086523087adebce4e89e35461eb95f2a66d1d4100fe23fc691b126 -lib/codeql/rust/elements/internal/generated/ParentChild.qll 794df100370be92e8537c2b90431d02558c4eeb783c68ffdc7fc6445629acae2 61cf70eb649f241e2fcd5e0ba34df63f3a14f07032811b9ae151721783a0fd20 +lib/codeql/rust/elements/internal/generated/ParentChild.qll e2c6aaaa1735113f160c0e178d682bff8e9ebc627632f73c0dd2d1f4f9d692a8 61cf70eb649f241e2fcd5e0ba34df63f3a14f07032811b9ae151721783a0fd20 lib/codeql/rust/elements/internal/generated/ParenthesizedArgList.qll d901fdc8142a5b8847cc98fc2afcfd16428b8ace4fbffb457e761b5fd3901a77 5dbb0aea5a13f937da666ccb042494af8f11e776ade1459d16b70a4dd193f9fb lib/codeql/rust/elements/internal/generated/Pat.qll 3605ac062be2f294ee73336e9669027b8b655f4ad55660e1eab35266275154ee 7f9400db2884d336dd1d21df2a8093759c2a110be9bf6482ce8e80ae0fd74ed4 lib/codeql/rust/elements/internal/generated/Path.qll 9b12afb46fc5a9ad3a811b05472621bbecccb900c47504feb7f29d96b28421ca bcacbffc36fb3e0c9b26523b5963af0ffa9fd6b19f00a2a31bdb2316071546bd @@ -729,8 +729,7 @@ test/extractor-tests/generated/BreakExpr/BreakExpr.ql cdde2855d98f658187c60b9edc test/extractor-tests/generated/BreakExpr/BreakExpr_getAttr.ql c7690a9aab1923bf3c2fb06f0a1d441d480b3c91ee1df3a868bbbd96c4042053 c592dd077fb6e22b2d6ddcaec37da2c5a26ba92d84f5d1ae4c78a615b9013765 test/extractor-tests/generated/BreakExpr/BreakExpr_getExpr.ql 0358f4fe6a66da56177703cf0e991042729c5e34ae8b6dccbb827f95fe936c72 1cb2dd778c50e19fe04c5fdf3a08a502635ea8303e71ff38d03aa7dc53213986 test/extractor-tests/generated/BreakExpr/BreakExpr_getLifetime.ql ad83cc0db3c0f959fef6bb7ce0938d241a877e8cf84d15fb63879be2fe47238c 240b2fe2156b763d3a82fc64159615872db65b65ffb9ba2f3fd5d1ebd6c60f34 -test/extractor-tests/generated/CallExpr/CallExpr.ql cd38ec018b1afe9ae32ef94feca62295ad37c770c38b48a47bfb09697e7ee531 f6b0f2128cd5e63715f630c581d07b83678c298f7a7c56e38815e0d2c49ee36e -test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql 7d8d53ee4a0642f85d6bbfee6912fead699b5d117534d2b1803a670550894484 1782b33724b72afc9b7d99e3a52cacd4431ce1e12a7e43a7ac9872aad769b4ee +test/extractor-tests/generated/CallExpr/CallExpr.ql ffb0cf1cb359a6dcbdf792a570c281e2d300779dca2dbc0f324990652adb972f 978a9e6c82758f9e8b334a682a02d6b893a6bf1db3cd85e9535839a9696b09b4 test/extractor-tests/generated/CallExpr/CallExpr_getArgList.ql b022e7b6b6db9932e787e37b7760c6a09c91140a0368940374a2c919688e0488 c20849c96b53c96f6f717efff5e8b4c0e900c0ef5d715cfbaf7101c7056ad8f4 test/extractor-tests/generated/CallExpr/CallExpr_getAttr.ql 1ace458070875b9ff2c671c2ee18392ea7bf6e51b68ee98d412c8606e8eb8d33 4c35da8255d2975cef4adee15623662441bb8f2e1d73582e4c193d1bc11cc1b5 test/extractor-tests/generated/CallExpr/CallExpr_getFunction.ql 060a6c8b5b85c839b14fe96f9e50291a7a0e5662a945f4f337070f782ec76715 e9a1e44433936146d87be939aa160848b9a7d7333c36da601fb7d1a66d71eb59 @@ -740,11 +739,10 @@ test/extractor-tests/generated/CastExpr/CastExpr_getExpr.ql c37186b8f3e3dab8ae28 test/extractor-tests/generated/CastExpr/CastExpr_getTypeRepr.ql ab6b0a61adc404c89c0e2e1962236a8e703fdc5092512bb4a5d9995af8e13c7b 4e7f6b6f58a1ef34ed45e31e35154dd8dc59054ebedcaa87200c84cc727ef1dd test/extractor-tests/generated/ClosureBinder/ClosureBinder.ql 42516df87ac28c814d65f6739b2ede6eaa41c505d64756a3b8c7e0ca79895230 8b840f92ec033a4ef5edbe52bed909d8be0fffddf6d3e4bfaf9a8bc174fa2f2c test/extractor-tests/generated/ClosureBinder/ClosureBinder_getGenericParamList.ql 71010c43a78a7abe8e63c94353f4b7eb97aca011755d200e7087467c1e3b7a68 2c834328f783ec5032544a692f7e23975bac0228b52b9f8fde46ef46a5f22a5f -test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql 4d5f40935d07b0b24d77b93f56e9cea47666c5a3de84744641f9a4cb5d8d1319 b9a235c0a2d6a254d15f1fd1d0c8fdb6a7af51487b3826f26d8ca7a3b6cbc9b2 +test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql f25f9b32e5c0cd61e4b75053a5af4640a08b115ea5a4310ab95df450f6dfe1c4 9b731218857fa16776e29bce084c2ec1526b24e15f46d4f24047917d77d4646a test/extractor-tests/generated/ClosureExpr/ClosureExpr_getAttr.ql f7f803afa4e2a5976c911fdf8a91ec607c2f998e22531b9c69a63d85579e34c3 1296acd0fb97e1484aa3f1d5ba09d18088001186f3ba5821eb3218a931ca0d54 test/extractor-tests/generated/ClosureExpr/ClosureExpr_getBody.ql 22a973a61274e87620e38338b29beef395818b95a88e2261fff197f7a78a8f76 bd28ed426e4d07823044db869aa8022dc81e8599d156e3e0e7cd49be914a1f36 test/extractor-tests/generated/ClosureExpr/ClosureExpr_getClosureBinder.ql cbfcf89b8efb5cb9b7bfbea26b5a78b3d4c7994cbf03d5ca60b61ee1b5cb4be5 621431277732ef79c585cb0b7199c49b14c597ee6b594a70d9e6966a09d40a9f -test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql c87b61e80dd62e031e8b310d8a4b781a468ecf2e5e81662be400f18bf33c5862 22abbc976a0e6f33c32c0e93cd0dd567cead13d82d561b9214275ea01b4a0573 test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParamList.ql 68ce501516094512dd5bfed42a785474583a91312f704087cba801b02ba7b834 eacbf89d63159e7decfd84c2a1dc5c067dfce56a8157fbb52bc133e9702d266d test/extractor-tests/generated/ClosureExpr/ClosureExpr_getRetType.ql c95bc7306b2d77aa05a6501b6321e6f1e7a48b7ad422ba082635ab20014288ae fe72d44c9819b42fff49b9092a9fb2bfafde6d3b9e4967547fb5298822f30bc3 test/extractor-tests/generated/Comment/Comment.ql 5428b8417a737f88f0d55d87de45c4693d81f03686f03da11dc5369e163d977b 8948c1860cde198d49cff7c74741f554a9e89f8af97bb94de80f3c62e1e29244 @@ -834,7 +832,7 @@ test/extractor-tests/generated/FormatArgsExpr/FormatTemplateVariableAccess.ql 27 test/extractor-tests/generated/FormatArgsExpr/Format_getArgumentRef.ql 634efdffaae4199aa9d95652cf081a8dc26e88224e24678845f8a67dc24ce090 d0302fee5c50403214771d5c6b896ba7c6e52be10c9bea59720ef2bb954e6f40 test/extractor-tests/generated/FormatArgsExpr/Format_getPrecisionArgument.ql 0d2140f84d0220b0c72c48c6bd272f4cfe1863d1797eddd16a6e238552a61e4d f4fe9b29697041e30764fa3dea44f125546bfb648f32c3474a1e922a4255c534 test/extractor-tests/generated/FormatArgsExpr/Format_getWidthArgument.ql 01ef27dd0bfab273e1ddc57ada0e079ece8a2bfd195ce413261006964b444093 acd0161f86010759417015c5b58044467a7f760f288ec4e8525458c54ae9a715 -test/extractor-tests/generated/Function/Function.ql b32c49f4371a51b9c217758fa5da2601d58bcbf3b195e7c8adb76bae5180d315 12e55c66a90ee88207c729736f388866cda13af78ea07a5d4e995c4a58a1e378 +test/extractor-tests/generated/Function/Function.ql 2efae1916e8f501668b3dbb2237cda788243fdd643683eda41b108dfdc578a90 6ec948518963985ec41b66e2b3b2b953e1da872dcd052a6d8c8f61c25bf09600 test/extractor-tests/generated/Function/Function_getAbi.ql e5c9c97de036ddd51cae5d99d41847c35c6b2eabbbd145f4467cb501edc606d8 0b81511528bd0ef9e63b19edfc3cb638d8af43eb87d018fad69d6ef8f8221454 test/extractor-tests/generated/Function/Function_getAttr.ql 44067ee11bdec8e91774ff10de0704a8c5c1b60816d587378e86bf3d82e1f660 b4bebf9441bda1f2d1e34e9261e07a7468cbabf53cf8047384f3c8b11869f04e test/extractor-tests/generated/Function/Function_getAttributeMacroExpansion.ql 17a346a9e5d28af99522520d1af3852db4cae01fb3d290a65c5f84d8d039c345 36fb06b55370828d9bc379cf5fad7f383cdb6f6db6f7377660276943ab0e1ec8 @@ -843,7 +841,6 @@ test/extractor-tests/generated/Function/Function_getCrateOrigin.ql acec761c56b38 test/extractor-tests/generated/Function/Function_getExtendedCanonicalPath.ql 0bcdca25bb92424007cea950409d73ba681e3ffbea53e0508f1d630fccfa8bed ff28c3349f5fc007d5f144e549579bd04870973c0fabef4198edce0fba0ef421 test/extractor-tests/generated/Function/Function_getGenericParamList.ql 0b255791c153b7cb03a64f1b9ab5beccc832984251f37516e1d06ce311e71c2b d200f90d4dd6f8dfd22ce49203423715d5bef27436c56ee553097c668e71c5a1 test/extractor-tests/generated/Function/Function_getName.ql 3d9e0518075d161213485389efe0adf8a9e6352dd1c6233ef0403a9abbcc7ed1 841e644ecefff7e9a82f458bcf14d9976d6a6dbe9191755ead88374d7c086375 -test/extractor-tests/generated/Function/Function_getParam.ql ef0b46453512fef08fbcc2a15bc14ae319bbc4810a4e4ce03a5ca3b1e8859ca7 ce36d3974059c1cd63eb1d6b76111985087f40dd4fe0c716a00aa9a178c712c4 test/extractor-tests/generated/Function/Function_getParamList.ql f888802ab00defb58de59cc39d1e0518e3884db7eaf845f39dfa55befdda58b2 ba0d1a07676f1c987b820a3d126a563ecf9a3d53ac1115b87a5af487a8a03c3e test/extractor-tests/generated/Function/Function_getRetType.ql b3a1ab90c8ebf0543e5db6a415896e44a02f984321f49bc409aec2657298942b cdfa37772e5026febb19c9bcd0d325688b0fbf2f6e7bba424b73eca38b9b3e38 test/extractor-tests/generated/Function/Function_getVisibility.ql 490b0a369c809a757d4835b97becf617b0399f16a63a2b06258c9a227d5cc415 25ceff15d3cd03821e1cb2c04cb8894bcd101eeca62b66b54d1751b628107818 @@ -967,8 +964,7 @@ test/extractor-tests/generated/Meta/Meta.ql 16f163f00ba2bbaa0a8c6f3f6710c860a8f6 test/extractor-tests/generated/Meta/Meta_getExpr.ql ec9ec61f5be7d65c32775fb5c068daea04f9db7d875293ed99cc1b2481db041f 77a0c52f1cb6ddc8fdb294d637f9eda1b7301ffa3067f0fca6272d894f57d3ee test/extractor-tests/generated/Meta/Meta_getPath.ql aa9d4145a4e613c51b6e4637d57e3b7d0f66e0bb88f4ce959d598870814c06bb 2087e00686d502c0e2e89c88eae0fb354463576a9ae4101320981d3fd79b9078 test/extractor-tests/generated/Meta/Meta_getTokenTree.ql 1051c27ffd0d9a20436d684fde529b9ff55abe30d50e1d575b0318951e75bd34 983975672d928fb907676628384c949731da9807bf0c781bb7ec749d25733d2d -test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql 85d3b8c794167f87840469e03d21aa00daf0998c28028f1c8848c7c4bd895db4 fa368ce4543c2544ecd2e636ade8d92849741226599290f59e0138a4a479357c -test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql 10a88c3bf63dfb26f43b9cd1ed7fceef0f436ce2eff4b5a816da369bf5b775d2 ee3b5043719591b4048ec32e21bb5fb3a9f83f0420ef18c338fc0ac28d0e3240 +test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql d141f5a2ef95019aa64e8cb384ab4a45e7a93c941b84ef2e14c13377f159e4db 47a68fc874af6cc9a4b278a5aab1633a9db17300fd7dbd6dbe193d48d99144bc test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArgList.ql 180e0b1715f5cd2be0de01bff3d3a45594b495b8250748d40ff7108d6c85923d bdadcdbecca5891287a47b6dd6b2fda62e07457718aef39212503ab63bc17783 test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getAttr.ql 2ce876a04a159efce83b863dffc47fbb714b95daea2b91fa6fbb623d28eed9ec 7bca1cd0e8fbceec0e640afb6800e1780eff5b5b402e71b9b169c0ba26966f96 test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getGenericArgList.ql 655db9a0501b1ef20d604cc4cd9d708371781291443e8dec97b70ec2914601d2 2fc7df0eca22dcef2f9f5c86d37ee43452d372a4c0f9f4da0194828c82ba93e0 diff --git a/rust/ql/.gitattributes b/rust/ql/.gitattributes index 65c3aae0e9e1..61c4fdc57e98 100644 --- a/rust/ql/.gitattributes +++ b/rust/ql/.gitattributes @@ -732,7 +732,6 @@ /test/extractor-tests/generated/BreakExpr/BreakExpr_getExpr.ql linguist-generated /test/extractor-tests/generated/BreakExpr/BreakExpr_getLifetime.ql linguist-generated /test/extractor-tests/generated/CallExpr/CallExpr.ql linguist-generated -/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql linguist-generated /test/extractor-tests/generated/CallExpr/CallExpr_getArgList.ql linguist-generated /test/extractor-tests/generated/CallExpr/CallExpr_getAttr.ql linguist-generated /test/extractor-tests/generated/CallExpr/CallExpr_getFunction.ql linguist-generated @@ -746,7 +745,6 @@ /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getAttr.ql linguist-generated /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getBody.ql linguist-generated /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getClosureBinder.ql linguist-generated -/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql linguist-generated /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParamList.ql linguist-generated /test/extractor-tests/generated/ClosureExpr/ClosureExpr_getRetType.ql linguist-generated /test/extractor-tests/generated/Comment/Comment.ql linguist-generated @@ -845,7 +843,6 @@ /test/extractor-tests/generated/Function/Function_getExtendedCanonicalPath.ql linguist-generated /test/extractor-tests/generated/Function/Function_getGenericParamList.ql linguist-generated /test/extractor-tests/generated/Function/Function_getName.ql linguist-generated -/test/extractor-tests/generated/Function/Function_getParam.ql linguist-generated /test/extractor-tests/generated/Function/Function_getParamList.ql linguist-generated /test/extractor-tests/generated/Function/Function_getRetType.ql linguist-generated /test/extractor-tests/generated/Function/Function_getVisibility.ql linguist-generated @@ -970,7 +967,6 @@ /test/extractor-tests/generated/Meta/Meta_getPath.ql linguist-generated /test/extractor-tests/generated/Meta/Meta_getTokenTree.ql linguist-generated /test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql linguist-generated -/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql linguist-generated /test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArgList.ql linguist-generated /test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getAttr.ql linguist-generated /test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getGenericArgList.ql linguist-generated diff --git a/rust/ql/lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll b/rust/ql/lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll index 36dd0fb304f2..cfa37ed45394 100644 --- a/rust/ql/lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll +++ b/rust/ql/lib/codeql/rust/controlflow/internal/generated/CfgNodes.qll @@ -722,21 +722,6 @@ module MakeCfgNodes Input> { * Gets the number of attrs of this call expression base. */ int getNumberOfAttrs() { result = count(int i | exists(this.getAttr(i))) } - - /** - * Gets the `index`th argument of this call expression base (0-based). - */ - Expr getArg(int index) { result = node.getArg(index) } - - /** - * Gets any of the arguments of this call expression base. - */ - Expr getAnArg() { result = this.getArg(_) } - - /** - * Gets the number of arguments of this call expression base. - */ - int getNumberOfArgs() { result = count(int i | exists(this.getArg(i))) } } final private class ParentCastExpr extends ParentAstNode, CastExpr { diff --git a/rust/ql/lib/codeql/rust/elements/Callable.qll b/rust/ql/lib/codeql/rust/elements/Callable.qll index 11d029fff7df..c42262a1854a 100644 --- a/rust/ql/lib/codeql/rust/elements/Callable.qll +++ b/rust/ql/lib/codeql/rust/elements/Callable.qll @@ -6,7 +6,6 @@ private import internal.CallableImpl import codeql.rust.elements.AstNode import codeql.rust.elements.Attr -import codeql.rust.elements.Param import codeql.rust.elements.ParamList /** diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll index b78720b08fa3..c916b717bf65 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll @@ -28,7 +28,5 @@ module Impl { class CallExprBase extends Generated::CallExprBase { /** Gets the static target of this call, if any. */ Callable getStaticTarget() { none() } // overridden by subclasses, but cannot be made abstract - - override Expr getArg(int index) { result = this.getArgList().getArg(index) } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll index 37e24a9150ce..d10e4caedae8 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll @@ -1,3 +1,4 @@ +// generated by codegen, remove this comment if you wish to edit this file /** * This module provides a hand-modifiable wrapper around the generated class `Callable`. * @@ -15,7 +16,5 @@ module Impl { /** * A callable. Either a `Function` or a `ClosureExpr`. */ - class Callable extends Generated::Callable { - override Param getParam(int index) { result = this.getParamList().getParam(index) } - } + class Callable extends Generated::Callable { } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/CallExprBase.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/CallExprBase.qll index 1d6364fb94f3..046558c356d2 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/CallExprBase.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/CallExprBase.qll @@ -8,7 +8,6 @@ private import codeql.rust.elements.internal.generated.Synth private import codeql.rust.elements.internal.generated.Raw import codeql.rust.elements.ArgList import codeql.rust.elements.Attr -import codeql.rust.elements.Expr import codeql.rust.elements.internal.ExprImpl::Impl as ExprImpl /** @@ -56,20 +55,5 @@ module Generated { * Gets the number of attrs of this call expression base. */ final int getNumberOfAttrs() { result = count(int i | exists(this.getAttr(i))) } - - /** - * Gets the `index`th argument of this call expression base (0-based). - */ - Expr getArg(int index) { none() } - - /** - * Gets any of the arguments of this call expression base. - */ - final Expr getAnArg() { result = this.getArg(_) } - - /** - * Gets the number of arguments of this call expression base. - */ - final int getNumberOfArgs() { result = count(int i | exists(this.getArg(i))) } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/Callable.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/Callable.qll index f42f711dcf82..710cfe2078e3 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/Callable.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/Callable.qll @@ -8,7 +8,6 @@ private import codeql.rust.elements.internal.generated.Synth private import codeql.rust.elements.internal.generated.Raw import codeql.rust.elements.internal.AstNodeImpl::Impl as AstNodeImpl import codeql.rust.elements.Attr -import codeql.rust.elements.Param import codeql.rust.elements.ParamList /** @@ -54,20 +53,5 @@ module Generated { * Gets the number of attrs of this callable. */ final int getNumberOfAttrs() { result = count(int i | exists(this.getAttr(i))) } - - /** - * Gets the `index`th parameter of this callable (0-based). - */ - Param getParam(int index) { none() } - - /** - * Gets any of the parameters of this callable. - */ - final Param getAParam() { result = this.getParam(_) } - - /** - * Gets the number of parameters of this callable. - */ - final int getNumberOfParams() { result = count(int i | exists(this.getParam(i))) } } } diff --git a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.ql b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.ql index 8abf8b2a08e0..cd043e88d1dd 100644 --- a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.ql +++ b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.ql @@ -2,13 +2,12 @@ import codeql.rust.elements import TestUtils -from CallExpr x, string hasArgList, int getNumberOfAttrs, int getNumberOfArgs, string hasFunction +from CallExpr x, string hasArgList, int getNumberOfAttrs, string hasFunction where toBeTested(x) and not x.isUnknown() and (if x.hasArgList() then hasArgList = "yes" else hasArgList = "no") and getNumberOfAttrs = x.getNumberOfAttrs() and - getNumberOfArgs = x.getNumberOfArgs() and if x.hasFunction() then hasFunction = "yes" else hasFunction = "no" -select x, "hasArgList:", hasArgList, "getNumberOfAttrs:", getNumberOfAttrs, "getNumberOfArgs:", - getNumberOfArgs, "hasFunction:", hasFunction +select x, "hasArgList:", hasArgList, "getNumberOfAttrs:", getNumberOfAttrs, "hasFunction:", + hasFunction diff --git a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql deleted file mode 100644 index 37483c3e6378..000000000000 --- a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.ql +++ /dev/null @@ -1,7 +0,0 @@ -// generated by codegen, do not edit -import codeql.rust.elements -import TestUtils - -from CallExpr x, int index -where toBeTested(x) and not x.isUnknown() -select x, index, x.getArg(index) diff --git a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql index 6a5536c5be13..b4b3dddc6798 100644 --- a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql +++ b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.ql @@ -3,15 +3,13 @@ import codeql.rust.elements import TestUtils from - ClosureExpr x, string hasParamList, int getNumberOfAttrs, int getNumberOfParams, string hasBody, - string hasClosureBinder, string isAsync, string isConst, string isGen, string isMove, - string isStatic, string hasRetType + ClosureExpr x, string hasParamList, int getNumberOfAttrs, string hasBody, string hasClosureBinder, + string isAsync, string isConst, string isGen, string isMove, string isStatic, string hasRetType where toBeTested(x) and not x.isUnknown() and (if x.hasParamList() then hasParamList = "yes" else hasParamList = "no") and getNumberOfAttrs = x.getNumberOfAttrs() and - getNumberOfParams = x.getNumberOfParams() and (if x.hasBody() then hasBody = "yes" else hasBody = "no") and (if x.hasClosureBinder() then hasClosureBinder = "yes" else hasClosureBinder = "no") and (if x.isAsync() then isAsync = "yes" else isAsync = "no") and @@ -20,7 +18,6 @@ where (if x.isMove() then isMove = "yes" else isMove = "no") and (if x.isStatic() then isStatic = "yes" else isStatic = "no") and if x.hasRetType() then hasRetType = "yes" else hasRetType = "no" -select x, "hasParamList:", hasParamList, "getNumberOfAttrs:", getNumberOfAttrs, - "getNumberOfParams:", getNumberOfParams, "hasBody:", hasBody, "hasClosureBinder:", - hasClosureBinder, "isAsync:", isAsync, "isConst:", isConst, "isGen:", isGen, "isMove:", isMove, - "isStatic:", isStatic, "hasRetType:", hasRetType +select x, "hasParamList:", hasParamList, "getNumberOfAttrs:", getNumberOfAttrs, "hasBody:", hasBody, + "hasClosureBinder:", hasClosureBinder, "isAsync:", isAsync, "isConst:", isConst, "isGen:", isGen, + "isMove:", isMove, "isStatic:", isStatic, "hasRetType:", hasRetType diff --git a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql deleted file mode 100644 index 06cef03f2065..000000000000 --- a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.ql +++ /dev/null @@ -1,7 +0,0 @@ -// generated by codegen, do not edit -import codeql.rust.elements -import TestUtils - -from ClosureExpr x, int index -where toBeTested(x) and not x.isUnknown() -select x, index, x.getParam(index) diff --git a/rust/ql/test/extractor-tests/generated/Function/Function.ql b/rust/ql/test/extractor-tests/generated/Function/Function.ql index cd9875a2373e..3c368187c296 100644 --- a/rust/ql/test/extractor-tests/generated/Function/Function.ql +++ b/rust/ql/test/extractor-tests/generated/Function/Function.ql @@ -3,17 +3,15 @@ import codeql.rust.elements import TestUtils from - Function x, string hasParamList, int getNumberOfAttrs, int getNumberOfParams, - string hasExtendedCanonicalPath, string hasCrateOrigin, string hasAttributeMacroExpansion, - string hasAbi, string hasBody, string hasGenericParamList, string isAsync, string isConst, - string isDefault, string isGen, string isUnsafe, string hasName, string hasRetType, - string hasVisibility, string hasWhereClause + Function x, string hasParamList, int getNumberOfAttrs, string hasExtendedCanonicalPath, + string hasCrateOrigin, string hasAttributeMacroExpansion, string hasAbi, string hasBody, + string hasGenericParamList, string isAsync, string isConst, string isDefault, string isGen, + string isUnsafe, string hasName, string hasRetType, string hasVisibility, string hasWhereClause where toBeTested(x) and not x.isUnknown() and (if x.hasParamList() then hasParamList = "yes" else hasParamList = "no") and getNumberOfAttrs = x.getNumberOfAttrs() and - getNumberOfParams = x.getNumberOfParams() and ( if x.hasExtendedCanonicalPath() then hasExtendedCanonicalPath = "yes" @@ -38,9 +36,8 @@ where (if x.hasVisibility() then hasVisibility = "yes" else hasVisibility = "no") and if x.hasWhereClause() then hasWhereClause = "yes" else hasWhereClause = "no" select x, "hasParamList:", hasParamList, "getNumberOfAttrs:", getNumberOfAttrs, - "getNumberOfParams:", getNumberOfParams, "hasExtendedCanonicalPath:", hasExtendedCanonicalPath, - "hasCrateOrigin:", hasCrateOrigin, "hasAttributeMacroExpansion:", hasAttributeMacroExpansion, - "hasAbi:", hasAbi, "hasBody:", hasBody, "hasGenericParamList:", hasGenericParamList, "isAsync:", - isAsync, "isConst:", isConst, "isDefault:", isDefault, "isGen:", isGen, "isUnsafe:", isUnsafe, - "hasName:", hasName, "hasRetType:", hasRetType, "hasVisibility:", hasVisibility, - "hasWhereClause:", hasWhereClause + "hasExtendedCanonicalPath:", hasExtendedCanonicalPath, "hasCrateOrigin:", hasCrateOrigin, + "hasAttributeMacroExpansion:", hasAttributeMacroExpansion, "hasAbi:", hasAbi, "hasBody:", hasBody, + "hasGenericParamList:", hasGenericParamList, "isAsync:", isAsync, "isConst:", isConst, + "isDefault:", isDefault, "isGen:", isGen, "isUnsafe:", isUnsafe, "hasName:", hasName, + "hasRetType:", hasRetType, "hasVisibility:", hasVisibility, "hasWhereClause:", hasWhereClause diff --git a/rust/ql/test/extractor-tests/generated/Function/Function_getParam.ql b/rust/ql/test/extractor-tests/generated/Function/Function_getParam.ql deleted file mode 100644 index c936ea99da7d..000000000000 --- a/rust/ql/test/extractor-tests/generated/Function/Function_getParam.ql +++ /dev/null @@ -1,7 +0,0 @@ -// generated by codegen, do not edit -import codeql.rust.elements -import TestUtils - -from Function x, int index -where toBeTested(x) and not x.isUnknown() -select x, index, x.getParam(index) diff --git a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql index 518d3dee36ef..d0b082f4523b 100644 --- a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql +++ b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.ql @@ -3,15 +3,13 @@ import codeql.rust.elements import TestUtils from - MethodCallExpr x, string hasArgList, int getNumberOfAttrs, int getNumberOfArgs, - string hasResolvedPath, string hasResolvedCrateOrigin, string hasGenericArgList, - string hasIdentifier, string hasReceiver + MethodCallExpr x, string hasArgList, int getNumberOfAttrs, string hasResolvedPath, + string hasResolvedCrateOrigin, string hasGenericArgList, string hasIdentifier, string hasReceiver where toBeTested(x) and not x.isUnknown() and (if x.hasArgList() then hasArgList = "yes" else hasArgList = "no") and getNumberOfAttrs = x.getNumberOfAttrs() and - getNumberOfArgs = x.getNumberOfArgs() and (if x.hasResolvedPath() then hasResolvedPath = "yes" else hasResolvedPath = "no") and ( if x.hasResolvedCrateOrigin() @@ -21,7 +19,6 @@ where (if x.hasGenericArgList() then hasGenericArgList = "yes" else hasGenericArgList = "no") and (if x.hasIdentifier() then hasIdentifier = "yes" else hasIdentifier = "no") and if x.hasReceiver() then hasReceiver = "yes" else hasReceiver = "no" -select x, "hasArgList:", hasArgList, "getNumberOfAttrs:", getNumberOfAttrs, "getNumberOfArgs:", - getNumberOfArgs, "hasResolvedPath:", hasResolvedPath, "hasResolvedCrateOrigin:", - hasResolvedCrateOrigin, "hasGenericArgList:", hasGenericArgList, "hasIdentifier:", hasIdentifier, - "hasReceiver:", hasReceiver +select x, "hasArgList:", hasArgList, "getNumberOfAttrs:", getNumberOfAttrs, "hasResolvedPath:", + hasResolvedPath, "hasResolvedCrateOrigin:", hasResolvedCrateOrigin, "hasGenericArgList:", + hasGenericArgList, "hasIdentifier:", hasIdentifier, "hasReceiver:", hasReceiver diff --git a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql deleted file mode 100644 index 58529cebfe5e..000000000000 --- a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.ql +++ /dev/null @@ -1,7 +0,0 @@ -// generated by codegen, do not edit -import codeql.rust.elements -import TestUtils - -from MethodCallExpr x, int index -where toBeTested(x) and not x.isUnknown() -select x, index, x.getArg(index) diff --git a/rust/schema/annotations.py b/rust/schema/annotations.py index 1311522fca01..c6ab581d7cae 100644 --- a/rust/schema/annotations.py +++ b/rust/schema/annotations.py @@ -226,7 +226,6 @@ class CallExprBase(Expr): """ arg_list: optional["ArgList"] | child attrs: list["Attr"] | child - args: list["Expr"] | synth @annotate(CallExpr, replace_bases={Expr: CallExprBase}, cfg=True) diff --git a/rust/schema/prelude.py b/rust/schema/prelude.py index 62334b2d8641..6d356567d22a 100644 --- a/rust/schema/prelude.py +++ b/rust/schema/prelude.py @@ -73,7 +73,6 @@ class Callable(AstNode): """ param_list: optional["ParamList"] | child attrs: list["Attr"] | child - params: list["Param"] | synth class Addressable(AstNode): From b6aa6921b3e07724289d0e9fcaea2f7c1472de8f Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 10 Jun 2025 09:43:02 +0200 Subject: [PATCH 11/22] Revert "Rust: accept test changes" This reverts commit 9c2fea914ecb595caa59ba6c904fb6e1c2a78ea1. --- .../generated/CallExpr/CallExpr.expected | 8 ++++---- .../generated/CallExpr/CallExpr_getArg.expected | 4 ---- .../generated/ClosureExpr/ClosureExpr.expected | 10 +++++----- .../ClosureExpr/ClosureExpr_getParam.expected | 6 ------ .../generated/Function/Function.expected | 4 ++-- .../generated/Function/Function_getParam.expected | 1 - .../generated/MethodCallExpr/MethodCallExpr.expected | 4 ++-- .../MethodCallExpr/MethodCallExpr_getArg.expected | 2 -- 8 files changed, 13 insertions(+), 26 deletions(-) delete mode 100644 rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.expected delete mode 100644 rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.expected delete mode 100644 rust/ql/test/extractor-tests/generated/Function/Function_getParam.expected delete mode 100644 rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.expected diff --git a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.expected b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.expected index 31824b731a65..ebe6eeda1049 100644 --- a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.expected +++ b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr.expected @@ -1,4 +1,4 @@ -| gen_call_expr.rs:5:5:5:11 | foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasFunction: | yes | -| gen_call_expr.rs:6:5:6:23 | foo::<...>(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasFunction: | yes | -| gen_call_expr.rs:7:5:7:14 | ...(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasFunction: | yes | -| gen_call_expr.rs:8:5:8:10 | foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasFunction: | yes | +| gen_call_expr.rs:5:5:5:11 | foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasFunction: | yes | +| gen_call_expr.rs:6:5:6:23 | foo::<...>(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasFunction: | yes | +| gen_call_expr.rs:7:5:7:14 | ...(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasFunction: | yes | +| gen_call_expr.rs:8:5:8:10 | foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasFunction: | yes | diff --git a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.expected b/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.expected deleted file mode 100644 index 2bf849534104..000000000000 --- a/rust/ql/test/extractor-tests/generated/CallExpr/CallExpr_getArg.expected +++ /dev/null @@ -1,4 +0,0 @@ -| gen_call_expr.rs:5:5:5:11 | foo(...) | 0 | gen_call_expr.rs:5:9:5:10 | 42 | -| gen_call_expr.rs:6:5:6:23 | foo::<...>(...) | 0 | gen_call_expr.rs:6:21:6:22 | 42 | -| gen_call_expr.rs:7:5:7:14 | ...(...) | 0 | gen_call_expr.rs:7:12:7:13 | 42 | -| gen_call_expr.rs:8:5:8:10 | foo(...) | 0 | gen_call_expr.rs:8:9:8:9 | 1 | diff --git a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.expected b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.expected index d8a9b33ce0eb..3ea9f463a00d 100644 --- a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.expected +++ b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr.expected @@ -1,5 +1,5 @@ -| gen_closure_expr.rs:5:5:5:13 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | -| gen_closure_expr.rs:6:5:6:34 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | yes | isStatic: | no | hasRetType: | yes | -| gen_closure_expr.rs:7:5:7:27 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 2 | hasBody: | yes | hasClosureBinder: | no | isAsync: | yes | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | -| gen_closure_expr.rs:8:6:9:15 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 1 | getNumberOfParams: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | -| gen_closure_expr.rs:10:6:11:23 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 1 | getNumberOfParams: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | yes | hasRetType: | no | +| gen_closure_expr.rs:5:5:5:13 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | +| gen_closure_expr.rs:6:5:6:34 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | yes | isStatic: | no | hasRetType: | yes | +| gen_closure_expr.rs:7:5:7:27 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 0 | hasBody: | yes | hasClosureBinder: | no | isAsync: | yes | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | +| gen_closure_expr.rs:8:6:9:15 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | no | hasRetType: | no | +| gen_closure_expr.rs:10:6:11:23 | \|...\| ... | hasParamList: | yes | getNumberOfAttrs: | 1 | hasBody: | yes | hasClosureBinder: | no | isAsync: | no | isConst: | no | isGen: | no | isMove: | no | isStatic: | yes | hasRetType: | no | diff --git a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.expected b/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.expected deleted file mode 100644 index 29be6ae9ef03..000000000000 --- a/rust/ql/test/extractor-tests/generated/ClosureExpr/ClosureExpr_getParam.expected +++ /dev/null @@ -1,6 +0,0 @@ -| gen_closure_expr.rs:5:5:5:13 | \|...\| ... | 0 | gen_closure_expr.rs:5:6:5:6 | ... | -| gen_closure_expr.rs:6:5:6:34 | \|...\| ... | 0 | gen_closure_expr.rs:6:11:6:16 | ...: i32 | -| gen_closure_expr.rs:7:5:7:27 | \|...\| ... | 0 | gen_closure_expr.rs:7:12:7:17 | ...: i32 | -| gen_closure_expr.rs:7:5:7:27 | \|...\| ... | 1 | gen_closure_expr.rs:7:20:7:20 | ... | -| gen_closure_expr.rs:8:6:9:15 | \|...\| ... | 0 | gen_closure_expr.rs:9:6:9:6 | ... | -| gen_closure_expr.rs:10:6:11:23 | \|...\| ... | 0 | gen_closure_expr.rs:11:14:11:14 | ... | diff --git a/rust/ql/test/extractor-tests/generated/Function/Function.expected b/rust/ql/test/extractor-tests/generated/Function/Function.expected index 117aad5d2936..d30ef684493d 100644 --- a/rust/ql/test/extractor-tests/generated/Function/Function.expected +++ b/rust/ql/test/extractor-tests/generated/Function/Function.expected @@ -1,2 +1,2 @@ -| gen_function.rs:3:1:4:38 | fn foo | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 1 | hasExtendedCanonicalPath: | yes | hasCrateOrigin: | yes | hasAttributeMacroExpansion: | no | hasAbi: | no | hasBody: | yes | hasGenericParamList: | no | isAsync: | no | isConst: | no | isDefault: | no | isGen: | no | isUnsafe: | no | hasName: | yes | hasRetType: | yes | hasVisibility: | no | hasWhereClause: | no | -| gen_function.rs:7:5:7:13 | fn bar | hasParamList: | yes | getNumberOfAttrs: | 0 | getNumberOfParams: | 0 | hasExtendedCanonicalPath: | yes | hasCrateOrigin: | yes | hasAttributeMacroExpansion: | no | hasAbi: | no | hasBody: | no | hasGenericParamList: | no | isAsync: | no | isConst: | no | isDefault: | no | isGen: | no | isUnsafe: | no | hasName: | yes | hasRetType: | no | hasVisibility: | no | hasWhereClause: | no | +| gen_function.rs:3:1:4:38 | fn foo | hasParamList: | yes | getNumberOfAttrs: | 0 | hasExtendedCanonicalPath: | yes | hasCrateOrigin: | yes | hasAttributeMacroExpansion: | no | hasAbi: | no | hasBody: | yes | hasGenericParamList: | no | isAsync: | no | isConst: | no | isDefault: | no | isGen: | no | isUnsafe: | no | hasName: | yes | hasRetType: | yes | hasVisibility: | no | hasWhereClause: | no | +| gen_function.rs:7:5:7:13 | fn bar | hasParamList: | yes | getNumberOfAttrs: | 0 | hasExtendedCanonicalPath: | yes | hasCrateOrigin: | yes | hasAttributeMacroExpansion: | no | hasAbi: | no | hasBody: | no | hasGenericParamList: | no | isAsync: | no | isConst: | no | isDefault: | no | isGen: | no | isUnsafe: | no | hasName: | yes | hasRetType: | no | hasVisibility: | no | hasWhereClause: | no | diff --git a/rust/ql/test/extractor-tests/generated/Function/Function_getParam.expected b/rust/ql/test/extractor-tests/generated/Function/Function_getParam.expected deleted file mode 100644 index 6a7340509a7a..000000000000 --- a/rust/ql/test/extractor-tests/generated/Function/Function_getParam.expected +++ /dev/null @@ -1 +0,0 @@ -| gen_function.rs:3:1:4:38 | fn foo | 0 | gen_function.rs:4:8:4:13 | ...: u32 | diff --git a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.expected b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.expected index 516e47d8b398..5862cd940812 100644 --- a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.expected +++ b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr.expected @@ -1,2 +1,2 @@ -| gen_method_call_expr.rs:5:5:5:13 | x.foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasResolvedPath: | no | hasResolvedCrateOrigin: | no | hasGenericArgList: | no | hasIdentifier: | yes | hasReceiver: | yes | -| gen_method_call_expr.rs:6:5:6:25 | x.foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | getNumberOfArgs: | 1 | hasResolvedPath: | no | hasResolvedCrateOrigin: | no | hasGenericArgList: | yes | hasIdentifier: | yes | hasReceiver: | yes | +| gen_method_call_expr.rs:5:5:5:13 | x.foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasResolvedPath: | no | hasResolvedCrateOrigin: | no | hasGenericArgList: | no | hasIdentifier: | yes | hasReceiver: | yes | +| gen_method_call_expr.rs:6:5:6:25 | x.foo(...) | hasArgList: | yes | getNumberOfAttrs: | 0 | hasResolvedPath: | no | hasResolvedCrateOrigin: | no | hasGenericArgList: | yes | hasIdentifier: | yes | hasReceiver: | yes | diff --git a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.expected b/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.expected deleted file mode 100644 index 36af4e22c504..000000000000 --- a/rust/ql/test/extractor-tests/generated/MethodCallExpr/MethodCallExpr_getArg.expected +++ /dev/null @@ -1,2 +0,0 @@ -| gen_method_call_expr.rs:5:5:5:13 | x.foo(...) | 0 | gen_method_call_expr.rs:5:11:5:12 | 42 | -| gen_method_call_expr.rs:6:5:6:25 | x.foo(...) | 0 | gen_method_call_expr.rs:6:23:6:24 | 42 | From 02c11b10af88a76615a92ec04d413460ed7c67b9 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 10 Jun 2025 09:43:35 +0200 Subject: [PATCH 12/22] Revert "Rust: rerun codegen" This reverts commit f647b3316634cc841273bdecfeedb664003b9e94. --- rust/ql/.generated.list | 1 + rust/ql/.gitattributes | 1 + rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll | 1 - 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index 47d787806873..eb60dccb3e6a 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -240,6 +240,7 @@ lib/codeql/rust/elements/internal/BlockExprImpl.qll 36ac09e4a6eeeec22919b62b1d00 lib/codeql/rust/elements/internal/BoxPatConstructor.qll 153f110ba25fd6c889092bfd16f73bb610fa60d6e0c8965d5f44d2446fcd48a2 9324cf0d8aa29945551bf8ab64801d598f57aab8cd4e19bcd4e9ef8a4a4e06eb lib/codeql/rust/elements/internal/BreakExprConstructor.qll 356be043c28e0b34fdf925a119c945632ee883c6f5ebb9a27003c6a8d250afd9 bb77e66b04bb9489340e7506931559b94285c6904b6f9d2f83b214cba4f3cfd5 lib/codeql/rust/elements/internal/CallExprConstructor.qll 742b38e862e2cf82fd1ecc4d4fc5b4782a9c7c07f031452b2bae7aa59d5aa13a cad6e0a8be21d91b20ac2ec16cab9c30eae810b452c0f1992ed87d5c7f4144dc +lib/codeql/rust/elements/internal/CallableImpl.qll 917a7d298583e15246428f32fba4cde6fc57a1790262731be27a96baddd8cf5e c5c0848024e0fe3fbb775e7750cf1a2c2dfa454a5aef0df55fec3d0a6fe99190 lib/codeql/rust/elements/internal/CastExprConstructor.qll f3d6e10c4731f38a384675aeab3fba47d17b9e15648293787092bb3247ed808d d738a7751dbadb70aa1dcffcf8af7fa61d4cf8029798369a7e8620013afff4ed lib/codeql/rust/elements/internal/ClosureBinderConstructor.qll 6e376ab9d40308e95bcdaf1cc892472c92099d477720192cd382d2c4e0d9c8a1 60a0efe50203ad5bb97bdfc06d602182edcc48ac9670f2d27a9675bd9fd8e19f lib/codeql/rust/elements/internal/ClosureBinderImpl.qll 9f6ce7068b5c17df44f00037ebb42e6c8fdbbbd09bf89951221fb04f378fbdf1 6e6e372e151fe0b0f17a5ea0ed774553b6ed0bf53e1d377e5ed24a0f98529735 diff --git a/rust/ql/.gitattributes b/rust/ql/.gitattributes index 61c4fdc57e98..3326912c0ca8 100644 --- a/rust/ql/.gitattributes +++ b/rust/ql/.gitattributes @@ -242,6 +242,7 @@ /lib/codeql/rust/elements/internal/BoxPatConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/BreakExprConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/CallExprConstructor.qll linguist-generated +/lib/codeql/rust/elements/internal/CallableImpl.qll linguist-generated /lib/codeql/rust/elements/internal/CastExprConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/ClosureBinderConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/ClosureBinderImpl.qll linguist-generated diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll index d10e4caedae8..d604b4d239f0 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll @@ -12,7 +12,6 @@ private import codeql.rust.elements.internal.generated.Callable * be referenced directly. */ module Impl { - // the following QLdoc is generated: if you need to edit it, do it in the schema file /** * A callable. Either a `Function` or a `ClosureExpr`. */ From 902a421c23a193007aa8beb175a5570bbb390343 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 10 Jun 2025 09:47:15 +0200 Subject: [PATCH 13/22] Rust: fix docs with `getArgList` and `getParamList` --- .../analyzing-data-flow-in-rust.rst | 92 +++++-------------- 1 file changed, 25 insertions(+), 67 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst index 3f6a18e42834..42eabf710f03 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst @@ -112,7 +112,7 @@ This query finds the argument passed in each call to ``File::create``: from CallExpr call where call.getStaticTarget().(Function).getCanonicalPath() = "::create" - select call.getArg(0) + select call.getArgList().getArg(0) Unfortunately this will only give the expression in the argument, not the values which could be passed to it. So we use local data flow to find all expressions that flow into the argument: @@ -125,7 +125,7 @@ So we use local data flow to find all expressions that flow into the argument: from CallExpr call, DataFlow::ExprNode source, DataFlow::ExprNode sink where call.getStaticTarget().(Function).getCanonicalPath() = "::create" and - sink.asExpr().getExpr() = call.getArg(0) and + sink.asExpr().getExpr() = call.getArgList().getArg(0) and DataFlow::localFlow(source, sink) select source, sink @@ -136,30 +136,12 @@ We can vary the source, for example, making the source the parameter of a functi import rust import codeql.rust.dataflow.DataFlow - from CallExpr call, Method method, ParamDecl sourceParam, Expr sinkExpr + from CallExpr call, DataFlow::ParameterNode source, DataFlow::ExprNode sink where - call.getStaticTarget() = method and - method.hasQualifiedName("String", "init(format:_:)") and - sinkExpr = call.getArgument(0).getExpr() and - DataFlow::localFlow(DataFlow::parameterNode(sourceParam), DataFlow::exprNode(sinkExpr)) - select sourceParam, sinkExpr - -The following example finds calls to ``String.init(format:_:)`` where the format string is not a hard-coded string literal: - -.. code-block:: ql - - import rust - import codeql.rust.dataflow.DataFlow - - from CallExpr call, Method method, DataFlow::Node sinkNode - where - call.getStaticTarget() = method and - method.hasQualifiedName("String", "init(format:_:)") and - sinkNode.asExpr() = call.getArgument(0).getExpr() and - not exists(StringLiteralExpr sourceLiteral | - DataFlow::localFlow(DataFlow::exprNode(sourceLiteral), sinkNode) - ) - select call, "Format argument to " + method.getName() + " isn't hard-coded." + call.getStaticTarget().(Function).getCanonicalPath() = "::create" and + sink.asExpr().getExpr() = call.getArgList().getArg(0) and + DataFlow::localFlow(source, sink) + select source, sink Global data flow ---------------- @@ -242,53 +224,29 @@ The following global taint-tracking query finds places where a string literal is .. code-block:: ql - import rust - import codeql.rust.dataflow.DataFlow - import codeql.rust.dataflow.TaintTracking - - module ConstantPasswordConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node.asExpr() instanceof StringLiteralExpr } - - predicate isSink(DataFlow::Node node) { - // any argument called `password` - exists(CallExpr call | call.getArgumentWithLabel("password").getExpr() = node.asExpr()) - } - - module ConstantPasswordFlow = TaintTracking::Global; - - from DataFlow::Node sourceNode, DataFlow::Node sinkNode - where ConstantPasswordFlow::flow(sourceNode, sinkNode) - select sinkNode, "The value $@ is used as a constant password.", sourceNode, sourceNode.toString() - - -The following global taint-tracking query finds places where a value from a remote or local user input is used as an argument to the SQLite ``Connection.execute(_:)`` function. - - Since this is a taint-tracking query, the ``TaintTracking::Global`` module is used. - - The ``isSource`` predicate defines sources as a ``FlowSource`` (remote or local user input). - - The ``isSink`` predicate defines sinks as the first argument in any call to ``Connection.execute(_:)``. - -.. code-block:: ql + import rust + import codeql.rust.dataflow.DataFlow + import codeql.rust.dataflow.TaintTracking - import rust - import codeql.rust.dataflow.DataFlow - import codeql.rust.dataflow.TaintTracking - import codeql.rust.dataflow.FlowSources + module ConstantPasswordConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.asExpr().getExpr() instanceof StringLiteralExpr } - module SqlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof FlowSource } + predicate isSink(DataFlow::Node node) { + // any argument going to a parameter called `password` + exists(Function f, CallExpr call, int index | + call.getArgList().getArg(index) = node.asExpr().getExpr() and + call.getStaticTarget() = f and + f.getParamList().getParam(index).getPat().(IdentPat).getName().getText() = "password" + ) + } + } - predicate isSink(DataFlow::Node node) { - exists(CallExpr call | - call.getStaticTarget().(Method).hasQualifiedName("Connection", "execute(_:)") and - call.getArgument(0).getExpr() = node.asExpr() - ) - } - } + module ConstantPasswordFlow = TaintTracking::Global; - module SqlInjectionFlow = TaintTracking::Global; + from DataFlow::Node sourceNode, DataFlow::Node sinkNode + where ConstantPasswordFlow::flow(sourceNode, sinkNode) + select sinkNode, "The value $@ is used as a constant password.", sourceNode, sourceNode.toString() - from DataFlow::Node sourceNode, DataFlow::Node sinkNode - where SqlInjectionFlow::flow(sourceNode, sinkNode) - select sinkNode, "This query depends on a $@.", sourceNode, "user-provided value" Further reading --------------- From c56a32580d8414cd053c2b0926e3878621c388ec Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 12 Jun 2025 17:35:00 +0200 Subject: [PATCH 14/22] Rust: remove now unneeded `get(Arg|Param)List` in the dataflow guide --- .../analyzing-data-flow-in-rust.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst index 42eabf710f03..3eab09126f39 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst @@ -112,7 +112,7 @@ This query finds the argument passed in each call to ``File::create``: from CallExpr call where call.getStaticTarget().(Function).getCanonicalPath() = "::create" - select call.getArgList().getArg(0) + select call.getArg(0) Unfortunately this will only give the expression in the argument, not the values which could be passed to it. So we use local data flow to find all expressions that flow into the argument: @@ -125,7 +125,7 @@ So we use local data flow to find all expressions that flow into the argument: from CallExpr call, DataFlow::ExprNode source, DataFlow::ExprNode sink where call.getStaticTarget().(Function).getCanonicalPath() = "::create" and - sink.asExpr().getExpr() = call.getArgList().getArg(0) and + sink.asExpr().getExpr() = call.getArg(0) and DataFlow::localFlow(source, sink) select source, sink @@ -139,7 +139,7 @@ We can vary the source, for example, making the source the parameter of a functi from CallExpr call, DataFlow::ParameterNode source, DataFlow::ExprNode sink where call.getStaticTarget().(Function).getCanonicalPath() = "::create" and - sink.asExpr().getExpr() = call.getArgList().getArg(0) and + sink.asExpr().getExpr() = call.getArg(0) and DataFlow::localFlow(source, sink) select source, sink @@ -234,9 +234,9 @@ The following global taint-tracking query finds places where a string literal is predicate isSink(DataFlow::Node node) { // any argument going to a parameter called `password` exists(Function f, CallExpr call, int index | - call.getArgList().getArg(index) = node.asExpr().getExpr() and + call.getArg(index) = node.asExpr().getExpr() and call.getStaticTarget() = f and - f.getParamList().getParam(index).getPat().(IdentPat).getName().getText() = "password" + f.getParam(index).getPat().(IdentPat).getName().getText() = "password" ) } } From cae4a0459bd568b1aee54a493c2d743e1d0ce0f9 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 13 Jun 2025 12:38:33 +0200 Subject: [PATCH 15/22] Rust: update `supported-frameworks.rst` --- docs/codeql/reusables/supported-frameworks.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 115c3326ee18..3d89a6630041 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -322,7 +322,9 @@ All support is experimental. :align: left Name, Category + `actix-web `__, Web framework alloc, Standard library + `clap `__, Utility library core, Standard library `digest `__, Cryptography library `futures-executor `__, Utility library @@ -331,14 +333,20 @@ All support is experimental. `libc `__, Utility library `log `__, Logging library `md5 `__, Utility library + `memchr `__, Utility library + `once_cell `__, Utility library `poem `__, Web framework `postgres `__, Database proc_macro, Standard library + `rand `__, Utility library `regex `__, Utility library `reqwest `__, HTTP client + `rocket `__, Web framework `rusqlite `__, Database std, Standard library `rust-crypto `__, Cryptography library + `serde `__, Serialization + `smallvec `__, Utility library `sqlx `__, Database `tokio `__, Asynchronous IO `tokio-postgres `__, Database From ad3a5d777dda26abb9ead1930dda575258052387 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 13 Jun 2025 13:03:39 +0200 Subject: [PATCH 16/22] Rust: add public preview change notes --- rust/ql/lib/change-notes/2025-06-13-public-preview.md | 4 ++++ rust/ql/src/change-notes/2025-06-13-public-preview.md | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 rust/ql/lib/change-notes/2025-06-13-public-preview.md create mode 100644 rust/ql/src/change-notes/2025-06-13-public-preview.md diff --git a/rust/ql/lib/change-notes/2025-06-13-public-preview.md b/rust/ql/lib/change-notes/2025-06-13-public-preview.md new file mode 100644 index 000000000000..d60dc3315b83 --- /dev/null +++ b/rust/ql/lib/change-notes/2025-06-13-public-preview.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* Initial public preview release. diff --git a/rust/ql/src/change-notes/2025-06-13-public-preview.md b/rust/ql/src/change-notes/2025-06-13-public-preview.md new file mode 100644 index 000000000000..ab2250e3b587 --- /dev/null +++ b/rust/ql/src/change-notes/2025-06-13-public-preview.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Initial public preview release. From e9a071032cd3cbd2e6e265e0056b5c0f7bcab6f6 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 17 Jun 2025 11:19:59 +0200 Subject: [PATCH 17/22] Rust: address review on docs --- .../analyzing-data-flow-in-rust.rst | 51 ++++++------------- .../codeql-for-rust.rst | 2 +- .../codeql-library-for-rust.rst | 6 +-- 3 files changed, 20 insertions(+), 39 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst index 3eab09126f39..a68dc08a22bf 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst @@ -23,10 +23,9 @@ Using local data flow ~~~~~~~~~~~~~~~~~~~~~ You can use the local data flow library by importing the ``codeql.rust.dataflow.DataFlow`` module. The library uses the class ``Node`` to represent any element through which data can flow. -``Node``\ s are divided into expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). -You can map a data flow ``ParameterNode`` to its corresponding ``Parameter`` AST node using the ``asParameter`` member predicate. -Similarly, you can use the ``asExpr`` member predicate to map a data flow ``ExprNode`` to its corresponding ``ExprCfgNode`` in the control-flow library. - +Common ``Node`` types include expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). +You can use the ``asExpr`` member predicate to map a data flow ``ExprNode`` to its corresponding ``ExprCfgNode`` in the control-flow library. +Similarly, you can map a data flow ``ParameterNode`` to its corresponding ``Parameter`` AST node using the ``asParameter`` member predicate. .. code-block:: ql class Node { @@ -39,22 +38,8 @@ Similarly, you can use the ``asExpr`` member predicate to map a data flow ``Expr ... } -You can use the predicates ``exprNode`` and ``parameterNode`` to map from expressions and parameters to their data-flow node: - -.. code-block:: ql - - /** - * Gets a node corresponding to expression `e`. - */ - ExprNode exprNode(CfgNodes::ExprCfgNode e) { ... } - - /** - * Gets the node corresponding to the value of parameter `p` at function entry. - */ - ParameterNode parameterNode(Parameter p) { ... } - -Note that since ``asExpr`` and ``exprNode`` map between data-flow and control-flow nodes, you then need to call the ``getExpr`` member predicate on the control-flow node to map to the corresponding AST node, -for example, by writing ``node.asExpr().getExpr()``. +Note that since ``asExpr`` maps from data-flow to control-flow nodes, you then need to call the ``getExpr`` member predicate on the control-flow node to map to the corresponding AST node, +for example by writing ``node.asExpr().getExpr()``. A control-flow graph considers every way control can flow through code, consequently, there can be multiple data-flow and control-flow nodes associated with a single expression node in the AST. The predicate ``localFlowStep(Node nodeFrom, Node nodeTo)`` holds if there is an immediate data flow edge from the node ``nodeFrom`` to the node ``nodeTo``. @@ -207,11 +192,7 @@ The global taint tracking library uses the same configuration module as the glob Predefined sources ~~~~~~~~~~~~~~~~~~ -The data flow library module ``codeql.rust.dataflow.FlowSources`` contains a number of predefined sources that you can use to write security queries to track data flow and taint flow. - -- The class ``RemoteFlowSource`` represents data flow from remote network inputs and from other applications. -- The class ``LocalFlowSource`` represents data flow from local user input. -- The class ``FlowSource`` includes both of the above. +The library module ``codeql.rust.Concepts`` contains a number of predefined sources and sinks that you can use to write security queries to track data flow and taint flow. Examples of global data flow ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -229,16 +210,16 @@ The following global taint-tracking query finds places where a string literal is import codeql.rust.dataflow.TaintTracking module ConstantPasswordConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node.asExpr().getExpr() instanceof StringLiteralExpr } - - predicate isSink(DataFlow::Node node) { - // any argument going to a parameter called `password` - exists(Function f, CallExpr call, int index | - call.getArg(index) = node.asExpr().getExpr() and - call.getStaticTarget() = f and - f.getParam(index).getPat().(IdentPat).getName().getText() = "password" - ) - } + predicate isSource(DataFlow::Node node) { node.asExpr().getExpr() instanceof StringLiteralExpr } + + predicate isSink(DataFlow::Node node) { + // any argument going to a parameter called `password` + exists(Function f, CallExpr call, int index | + call.getArg(index) = node.asExpr().getExpr() and + call.getStaticTarget() = f and + f.getParam(index).getPat().(IdentPat).getName().getText() = "password" + ) + } } module ConstantPasswordFlow = TaintTracking::Global; diff --git a/docs/codeql/codeql-language-guides/codeql-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-for-rust.rst index c8262208cf58..a2c5bb98724e 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-rust.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-rust.rst @@ -13,4 +13,4 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat analyzing-data-flow-in-rust - :doc:`CodeQL library for Rust `: When you're analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. -- :doc:`Analyzing data flow in Ruby `: You can use CodeQL to track the flow of data through a Rust program to places where the data is used. +- :doc:`Analyzing data flow in Rust `: You can use CodeQL to track the flow of data through a Rust program to places where the data is used. diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst index dd25d7696925..348490e22dd2 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst @@ -12,14 +12,14 @@ CodeQL ships with a library for analyzing Rust code. The classes in this library abstractions and predicates to help you with common analysis tasks. The library is implemented as a set of CodeQL modules, that is, files with the extension ``.qll``. The -module `rust.qll `__ imports most other standard library modules, so you can include the complete -library by beginning your query with: +module `rust.qll `__ imports most other standard library modules, so you can include them +by beginning your query with: .. code-block:: ql import rust -The CodeQL libraries model various aspects of Rust code. The above import includes the abstract syntax tree (AST) library, which is used for locating program elements, +The CodeQL libraries model various aspects of Rust code. The above import includes the abstract syntax tree (AST) library, which is used for locating program elements to match syntactic elements in the source code. This can be used for example to find values, patterns and structures. The control flow graph (CFG) is imported using From e0114753fe33307a23498e843eb1ef1a2b1c7bb3 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Wed, 18 Jun 2025 15:24:20 +0200 Subject: [PATCH 18/22] Rust: fix formatting in doc snippet --- .../analyzing-data-flow-in-rust.rst | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst index a68dc08a22bf..3337dde2faae 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst @@ -210,16 +210,16 @@ The following global taint-tracking query finds places where a string literal is import codeql.rust.dataflow.TaintTracking module ConstantPasswordConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node.asExpr().getExpr() instanceof StringLiteralExpr } - - predicate isSink(DataFlow::Node node) { - // any argument going to a parameter called `password` - exists(Function f, CallExpr call, int index | - call.getArg(index) = node.asExpr().getExpr() and - call.getStaticTarget() = f and - f.getParam(index).getPat().(IdentPat).getName().getText() = "password" - ) - } + predicate isSource(DataFlow::Node node) { node.asExpr().getExpr() instanceof StringLiteralExpr } + + predicate isSink(DataFlow::Node node) { + // any argument going to a parameter called `password` + exists(Function f, CallExpr call, int index | + call.getArg(index) = node.asExpr().getExpr() and + call.getStaticTarget() = f and + f.getParam(index).getPat().(IdentPat).getName().getText() = "password" + ) + } } module ConstantPasswordFlow = TaintTracking::Global; From 7a9f23c759631f6ce9ae69ec2155cd1b871cce2c Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 19 Jun 2025 18:19:26 +0200 Subject: [PATCH 19/22] Rust: fix `sphinx` error --- .../analyzing-data-flow-in-rust.rst | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst index 3337dde2faae..47f2366faf32 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst @@ -26,17 +26,23 @@ You can use the local data flow library by importing the ``codeql.rust.dataflow. Common ``Node`` types include expression nodes (``ExprNode``) and parameter nodes (``ParameterNode``). You can use the ``asExpr`` member predicate to map a data flow ``ExprNode`` to its corresponding ``ExprCfgNode`` in the control-flow library. Similarly, you can map a data flow ``ParameterNode`` to its corresponding ``Parameter`` AST node using the ``asParameter`` member predicate. + .. code-block:: ql - class Node { - /** Gets the expression corresponding to this node, if any. */ - CfgNodes::ExprCfgNode asExpr() { ... } + class Node { + /** + * Gets the expression corresponding to this node, if any. + */ + CfgNodes::ExprCfgNode asExpr() { ... } - /** Gets the parameter corresponding to this node, if any. */ - Parameter asParameter() { ... } + /** + * Gets the parameter corresponding to this node, if any. + */ + Parameter asParameter() { ... } ... - } + } + Note that since ``asExpr`` maps from data-flow to control-flow nodes, you then need to call the ``getExpr`` member predicate on the control-flow node to map to the corresponding AST node, for example by writing ``node.asExpr().getExpr()``. From f812b6461cbd02243ec8edd8e9e0be3235d9ce14 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Thu, 19 Jun 2025 18:28:13 +0200 Subject: [PATCH 20/22] Rust: address review --- .../codeql-language-guides/codeql-library-for-rust.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst index 348490e22dd2..c2357a8264cb 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst @@ -39,9 +39,8 @@ The data flow library is imported using import codeql.rust.dataflow.DataFlow Data flow tracks the flow of data through the program, including through function calls (interprocedural data flow) and between steps in a job or workflow. -Data flow is particularly useful for security queries, where untrusted data flows to vulnerable parts of the program -to exploit it. Related to data flow, is the taint-tracking library, which finds how data can *influence* other values -in a program, even when it is not copied exactly. +Data flow is particularly useful for security queries, where untrusted data flows to vulnerable parts of the program. Related to data flow is the taint-tracking library, +which finds how data can *influence* other values in a program, even when it is not copied exactly. To summarize, the main Rust library modules are: From 9c06a826cfcc0e7c078ebb063083aa6a1206e9fb Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 20 Jun 2025 18:16:32 +0200 Subject: [PATCH 21/22] Rust: apply suggestions from code review Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> --- .../analyzing-data-flow-in-rust.rst | 29 +++++++++---------- .../codeql-for-rust.rst | 2 +- .../codeql-library-for-rust.rst | 18 ++++++------ 3 files changed, 23 insertions(+), 26 deletions(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst index 47f2366faf32..96fc7191393c 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst @@ -17,7 +17,7 @@ For a more general introduction to modeling data flow, see ":ref:`About data flo Local data flow --------------- -Local data flow tracks the flow of data within a single method or callable. Local data flow is easier, faster, and more precise than global data flow. Before looking at more complex tracking, you should always consider local tracking because it is sufficient for many queries. +Local data flow tracks the flow of data within a single method or callable. Local data flow is easier, faster, and more precise than global data flow. Before using more complex tracking, consider local tracking, as it is sufficient for many queries. Using local data flow ~~~~~~~~~~~~~~~~~~~~~ @@ -43,13 +43,11 @@ Similarly, you can map a data flow ``ParameterNode`` to its corresponding ``Para ... } - -Note that since ``asExpr`` maps from data-flow to control-flow nodes, you then need to call the ``getExpr`` member predicate on the control-flow node to map to the corresponding AST node, -for example by writing ``node.asExpr().getExpr()``. +Note that because ``asExpr`` maps from data-flow to control-flow nodes, you need to call the ``getExpr`` member predicate on the control-flow node to map to the corresponding AST node. For example, you can write ``node.asExpr().getExpr()``. A control-flow graph considers every way control can flow through code, consequently, there can be multiple data-flow and control-flow nodes associated with a single expression node in the AST. The predicate ``localFlowStep(Node nodeFrom, Node nodeTo)`` holds if there is an immediate data flow edge from the node ``nodeFrom`` to the node ``nodeTo``. -You can apply the predicate recursively, by using the ``+`` and ``*`` operators, or you can use the predefined recursive predicate ``localFlow``. +You can apply the predicate recursively by using the ``+`` and ``*`` operators, or you can use the predefined recursive predicate ``localFlow``. For example, you can find flow from an expression ``source`` to an expression ``sink`` in zero or more local steps: @@ -71,7 +69,7 @@ If ``x`` is a tainted string then ``y`` is also tainted. The local taint tracking library is in the module ``TaintTracking``. Like local data flow, a predicate ``localTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo)`` holds if there is an immediate taint propagation edge from the node ``nodeFrom`` to the node ``nodeTo``. -You can apply the predicate recursively, by using the ``+`` and ``*`` operators, or you can use the predefined recursive predicate ``localTaint``. +You can apply the predicate recursively by using the ``+`` and ``*`` operators, or you can use the predefined recursive predicate ``localTaint``. For example, you can find taint propagation from an expression ``source`` to an expression ``sink`` in zero or more local steps: @@ -83,14 +81,14 @@ For example, you can find taint propagation from an expression ``source`` to an Using local sources ~~~~~~~~~~~~~~~~~~~ -When exploring local data flow or taint propagation between two expressions as above, you would normally constrain the expressions to be relevant to your investigation. -The next section gives some concrete examples, but first it's helpful to introduce the concept of a local source. +When exploring local data flow or taint propagation between two expressions, such as in the previous example, you typically constrain the expressions to those relevant to your investigation. +The next section provides concrete examples, but first introduces the concept of a local source. A local source is a data-flow node with no local data flow into it. -As such, it is a local origin of data flow, a place where a new value is created. +It is a local origin of data flow, a place where a new value is created. This includes parameters (which only receive values from global data flow) and most expressions (because they are not value-preserving). The class ``LocalSourceNode`` represents data-flow nodes that are also local sources. -It comes with a useful member predicate ``flowsTo(DataFlow::Node node)``, which holds if there is local data flow from the local source to ``node``. +It includes a useful member predicate ``flowsTo(DataFlow::Node node)``, which holds if there is local data flow from the local source to ``node``. Examples of local data flow ~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -105,8 +103,7 @@ This query finds the argument passed in each call to ``File::create``: where call.getStaticTarget().(Function).getCanonicalPath() = "::create" select call.getArg(0) -Unfortunately this will only give the expression in the argument, not the values which could be passed to it. -So we use local data flow to find all expressions that flow into the argument: +Unfortunately, this only returns the expression used as the argument, not the possible values that could be passed to it. To address this, you can use local data flow to find all expressions that flow into the argument. .. code-block:: ql @@ -120,7 +117,7 @@ So we use local data flow to find all expressions that flow into the argument: DataFlow::localFlow(source, sink) select source, sink -We can vary the source, for example, making the source the parameter of a function rather than an expression. The following query finds where a parameter is used for the file creation: +You can vary the source by making the source the parameter of a function instead of an expression. The following query finds where a parameter is used in file creation: .. code-block:: ql @@ -183,8 +180,8 @@ The last line (``module MyDataFlow = ...``) instantiates the parameterized modul Using global taint tracking ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Global taint tracking is to global data flow what local taint tracking is to local data flow. -That is, global taint tracking extends global data flow with additional non-value-preserving steps. +Global taint tracking relates to global data flow in the same way that local taint tracking relates to local data flow. +In other words, global taint tracking extends global data flow with additional non-value-preserving steps. The global taint tracking library uses the same configuration module as the global data flow library. You can perform taint flow analysis using ``TaintTracking::Global``: .. code-block:: ql @@ -207,7 +204,7 @@ The following global taint-tracking query finds places where a string literal is - Since this is a taint-tracking query, the ``TaintTracking::Global`` module is used. - The ``isSource`` predicate defines sources as any ``StringLiteralExpr``. - The ``isSink`` predicate defines sinks as arguments to a ``CallExpr`` called "password". - - The sources and sinks may need tuning to a particular use, for example, if passwords are represented by a type other than ``String`` or passed in arguments of a different name than "password". + - The sources and sinks may need to be adjusted for a particular use. For example, passwords might be represented by a type other than ``String`` or passed in arguments with a different name than "password". .. code-block:: ql diff --git a/docs/codeql/codeql-language-guides/codeql-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-for-rust.rst index a2c5bb98724e..24292909467e 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-rust.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-rust.rst @@ -12,5 +12,5 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat codeql-library-for-rust analyzing-data-flow-in-rust -- :doc:`CodeQL library for Rust `: When you're analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. +- :doc:`CodeQL library for Rust `: When analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. - :doc:`Analyzing data flow in Rust `: You can use CodeQL to track the flow of data through a Rust program to places where the data is used. diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst index c2357a8264cb..84da28c7dfc6 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-rust.rst @@ -3,7 +3,7 @@ CodeQL library for Rust ================================= -When you're analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. +When analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. Overview -------- @@ -11,7 +11,7 @@ Overview CodeQL ships with a library for analyzing Rust code. The classes in this library present the data from a CodeQL database in an object-oriented form and provide abstractions and predicates to help you with common analysis tasks. -The library is implemented as a set of CodeQL modules, that is, files with the extension ``.qll``. The +The library is implemented as a set of CodeQL modules, which are files with the extension ``.qll``. The module `rust.qll `__ imports most other standard library modules, so you can include them by beginning your query with: @@ -20,27 +20,27 @@ by beginning your query with: import rust The CodeQL libraries model various aspects of Rust code. The above import includes the abstract syntax tree (AST) library, which is used for locating program elements -to match syntactic elements in the source code. This can be used for example to find values, patterns and structures. +to match syntactic elements in the source code. This can be used to find values, patterns, and structures. -The control flow graph (CFG) is imported using +The control flow graph (CFG) is imported using: .. code-block:: ql import codeql.rust.controlflow.ControlFlowGraph -The CFG models the control flow between statements and expressions, for example whether one expression can +The CFG models the control flow between statements and expressions. For example, it can determine whether one expression can be evaluated before another expression, or whether an expression "dominates" another one, meaning that all paths to an expression must flow through another expression first. -The data flow library is imported using +The data flow library is imported using: .. code-block:: ql import codeql.rust.dataflow.DataFlow -Data flow tracks the flow of data through the program, including through function calls (interprocedural data flow) and between steps in a job or workflow. -Data flow is particularly useful for security queries, where untrusted data flows to vulnerable parts of the program. Related to data flow is the taint-tracking library, -which finds how data can *influence* other values in a program, even when it is not copied exactly. +Data flow tracks the flow of data through the program, including across function calls (interprocedural data flow) and between steps in a job or workflow. +Data flow is particularly useful for security queries, where untrusted data flows to vulnerable parts of the program. The taint-tracking library is related to data flow, +and helps you find how data can *influence* other values in a program, even when it is not copied exactly. To summarize, the main Rust library modules are: From 915b0b386189c5dc2a9b4be9ce0bfbaec580ca79 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 23 Jun 2025 10:16:55 +0200 Subject: [PATCH 22/22] Update docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> --- .../codeql-language-guides/analyzing-data-flow-in-rust.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst index 96fc7191393c..8aed9fc93266 100644 --- a/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst +++ b/docs/codeql/codeql-language-guides/analyzing-data-flow-in-rust.rst @@ -17,7 +17,7 @@ For a more general introduction to modeling data flow, see ":ref:`About data flo Local data flow --------------- -Local data flow tracks the flow of data within a single method or callable. Local data flow is easier, faster, and more precise than global data flow. Before using more complex tracking, consider local tracking, as it is sufficient for many queries. +Local data flow tracks the flow of data within a single method or callable. Local data flow is easier, faster, and more precise than global data flow. Before using more complex tracking, consider local tracking, as it is sufficient for many queries. Using local data flow ~~~~~~~~~~~~~~~~~~~~~