diff --git a/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml b/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml deleted file mode 100644 index 706170d44b89..000000000000 --- a/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml +++ /dev/null @@ -1,12 +0,0 @@ -extensions: - - addsTo: - pack: codeql/rust-all - extensible: sourceModel - data: - - ["::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"] - - addsTo: - pack: codeql/rust-all - extensible: summaryModel - data: - - ["<_ as async_std::io::read::ReadExt>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["<_ as async_std::io::read::ReadExt>::read", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"] \ No newline at end of file diff --git a/rust/ql/lib/codeql/rust/frameworks/asyncstd/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/asyncstd/io.model.yml new file mode 100644 index 000000000000..99e14d0f0bc6 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/asyncstd/io.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["<_ as async_std::io::read::ReadExt>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as async_std::io::read::ReadExt>::read", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml b/rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml new file mode 100644 index 000000000000..9e65ba1b1964 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml index 56131c704620..5199a0e8117b 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml @@ -29,16 +29,25 @@ extensions: - ["::into_pin", "Argument[0]", "ReturnValue", "value", "manual"] # Fmt - ["alloc::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"] + # Layout + - ["::from_size_align", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::from_size_align_unchecked", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["::array", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::repeat", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["::repeat", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["::repeat_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::repeat_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::extend", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["::extend", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["::extend_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::extend_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::align_to", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::align_to", "Argument[self].Element", "ReturnValue.Field[0,1,2].Reference.Element", "taint", "manual"] + - ["::pad_to_align", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::size", "Argument[self]", "ReturnValue", "taint", "manual"] # String - - ["::as_str", "Argument[self]", "ReturnValue", "value", "manual"] - - ["::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"] - ["::as_str", "Argument[self]", "ReturnValue", "value", "manual"] - ["::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"] - ["<_ as alloc::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] - - ["<_ as core::ops::arith::Add>::add", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["<_ as core::ops::arith::Add>::add", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["<_ as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"] # Vec - ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml index 9a29741bd37e..46eea8f9c4ef 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml @@ -3,10 +3,13 @@ extensions: pack: codeql/rust-all extensible: summaryModel data: + # Arithmetic + - ["<_ as core::ops::arith::Add>::add", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as core::ops::arith::Add>::add", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["<_ as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"] # Clone - ["<_ as core::clone::Clone>::clone", "Argument[self].Reference", "ReturnValue", "value", "manual"] # Conversions - - ["::align_to", "Argument[self].Element", "ReturnValue.Field[0,1,2].Reference.Element", "taint", "manual"] - ["<_ as core::convert::Into>::into", "Argument[self].Element", "ReturnValue.Element", "taint", "manual"] - ["<_ as core::convert::Into>::into", "Argument[self].Reference.Element", "ReturnValue.Element", "taint", "manual"] # From @@ -23,21 +26,9 @@ extensions: - ["<_ as core::iter::traits::iterator::Iterator>::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"] - ["<_ as core::iter::traits::iterator::Iterator>::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["<_ as core::iter::traits::iterator::Iterator>::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - # Layout - - ["::from_size_align", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::from_size_align_unchecked", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["::array", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::repeat", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] - - ["::repeat", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] - - ["::repeat_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::repeat_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::extend", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] - - ["::extend", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] - - ["::extend_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::extend_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::align_to", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::pad_to_align", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::size", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::take", "Argument[self]", "ReturnValue", "taint", "manual"] # Pin - ["core::pin::Pin", "Argument[0]", "ReturnValue", "value", "manual"] - ["::new", "Argument[0]", "ReturnValue", "value", "manual"] @@ -53,13 +44,11 @@ extensions: - ["core::ptr::write_unaligned", "Argument[1]", "Argument[0].Reference", "value", "manual"] - ["core::ptr::write_volatile", "Argument[1]", "Argument[0].Reference", "value", "manual"] # Str - - ["::as_str", "Argument[self]", "ReturnValue", "taint", "value"] - - ["::as_str", "Argument[self]", "ReturnValue", "taint", "value"] - - ["::as_bytes", "Argument[self]", "ReturnValue", "taint", "value"] - - ["::as_bytes", "Argument[self]", "ReturnValue", "taint", "value"] - - ["::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::as_str", "Argument[self]", "ReturnValue", "value", "manual"] + - ["::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"] - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] + - ["::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] - addsTo: pack: codeql/rust-all extensible: sourceModel diff --git a/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml index ae58b2a077aa..17b0451793d8 100644 --- a/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml @@ -46,6 +46,3 @@ extensions: - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>:::read_f32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["<_ as core::iter::traits::iterator::Iterator>::take", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml b/rust/ql/lib/codeql/rust/frameworks/tokio/postgres.model.yml similarity index 100% rename from rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml rename to rust/ql/lib/codeql/rust/frameworks/tokio/postgres.model.yml diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index fafde42ff653..e1024e4ad729 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -183,9 +183,9 @@ edges | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 | | sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance | | | sqlx.rs:53:27:53:36 | arg_string | sqlx.rs:53:26:53:36 | &arg_string [&ref] | provenance | | -| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:33 | | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:29 | | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:33 | +| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:33 | | sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | | | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | | | sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:42 | unsafe_query_3 | provenance | | diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 64875e0a8ac9..8fcbd27ac02e 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -252,7 +252,6 @@ edges | main.rs:230:46:230:46 | v | main.rs:231:42:231:42 | v | provenance | | | main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:4 Sink:MaD:4 | | main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:41 | -| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:41 | | main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | | main.rs:280:21:280:47 | user_input.parse() [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | | main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance | | @@ -277,7 +276,6 @@ edges | main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:23 | | main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:38 | | main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:41 | -| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:41 | | main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:40 | | main.rs:317:13:317:91 | ... .unwrap() | main.rs:317:9:317:9 | v | provenance | | | main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | |