From 4b3a1c5abb374e85b8810c1a35c6111655bf5261 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:24:28 +0000 Subject: [PATCH 1/9] Rust: Move a model file into subdirectory. --- .../{tokio-postgres.model.yml => tokio/postgres.model.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rust/ql/lib/codeql/rust/frameworks/{tokio-postgres.model.yml => tokio/postgres.model.yml} (100%) diff --git a/rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml b/rust/ql/lib/codeql/rust/frameworks/tokio/postgres.model.yml similarity index 100% rename from rust/ql/lib/codeql/rust/frameworks/tokio-postgres.model.yml rename to rust/ql/lib/codeql/rust/frameworks/tokio/postgres.model.yml From 1b435ed07d539f9548b30d301e17750e5a4be599 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:26:37 +0000 Subject: [PATCH 2/9] Rust: Move another model file into subdirectory. --- .../frameworks/{async-rs.model.yml => asyncstd/net.model.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rust/ql/lib/codeql/rust/frameworks/{async-rs.model.yml => asyncstd/net.model.yml} (100%) diff --git a/rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml b/rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml similarity index 100% rename from rust/ql/lib/codeql/rust/frameworks/async-rs.model.yml rename to rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml From 8a2c117a0e3c2c0314a3186dab17945c56e4321f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:31:25 +0000 Subject: [PATCH 3/9] Rust: Move models between core.model.yml and alloc.model.yml. --- .../rust/frameworks/stdlib/alloc.model.yml | 26 ++++++++++++++----- .../rust/frameworks/stdlib/core.model.yml | 26 ++++++------------- 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml index 56131c704620..324f6244516c 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml @@ -27,18 +27,30 @@ extensions: - ["::pin", "Argument[0]", "ReturnValue.Reference", "value", "manual"] - ["::new", "Argument[0]", "ReturnValue.Reference", "value", "manual"] - ["::into_pin", "Argument[0]", "ReturnValue", "value", "manual"] + # Conversions + - ["::align_to", "Argument[self].Element", "ReturnValue.Field[0,1,2].Reference.Element", "taint", "manual"] # Fmt - ["alloc::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"] + # Layout + - ["::from_size_align", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::from_size_align_unchecked", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["::array", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::repeat", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["::repeat", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["::repeat_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::repeat_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::extend", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["::extend", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["::extend_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::extend_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::align_to", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::pad_to_align", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::size", "Argument[self]", "ReturnValue", "taint", "manual"] # String - - ["::as_str", "Argument[self]", "ReturnValue", "value", "manual"] - - ["::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"] + - ["::as_str", "Argument[self]", "ReturnValue", "taint", "value"] + - ["::as_bytes", "Argument[self]", "ReturnValue", "taint", "value"] - ["::as_str", "Argument[self]", "ReturnValue", "value", "manual"] - ["::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"] - ["<_ as alloc::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] - - ["<_ as core::ops::arith::Add>::add", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["<_ as core::ops::arith::Add>::add", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["<_ as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"] # Vec - ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml index 9a29741bd37e..76a38bd546bb 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml @@ -3,10 +3,13 @@ extensions: pack: codeql/rust-all extensible: summaryModel data: + # Arithmetic + - ["<_ as core::ops::arith::Add>::add", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as core::ops::arith::Add>::add", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["<_ as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"] # Clone - ["<_ as core::clone::Clone>::clone", "Argument[self].Reference", "ReturnValue", "value", "manual"] # Conversions - - ["::align_to", "Argument[self].Element", "ReturnValue.Field[0,1,2].Reference.Element", "taint", "manual"] - ["<_ as core::convert::Into>::into", "Argument[self].Element", "ReturnValue.Element", "taint", "manual"] - ["<_ as core::convert::Into>::into", "Argument[self].Reference.Element", "ReturnValue.Element", "taint", "manual"] # From @@ -23,21 +26,6 @@ extensions: - ["<_ as core::iter::traits::iterator::Iterator>::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"] - ["<_ as core::iter::traits::iterator::Iterator>::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["<_ as core::iter::traits::iterator::Iterator>::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - # Layout - - ["::from_size_align", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::from_size_align_unchecked", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["::array", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::repeat", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] - - ["::repeat", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] - - ["::repeat_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::repeat_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::extend", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] - - ["::extend", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)].Field[0]", "taint", "manual"] - - ["::extend_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::extend_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::align_to", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::pad_to_align", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::size", "Argument[self]", "ReturnValue", "taint", "manual"] # Pin - ["core::pin::Pin", "Argument[0]", "ReturnValue", "value", "manual"] - ["::new", "Argument[0]", "ReturnValue", "value", "manual"] @@ -53,10 +41,12 @@ extensions: - ["core::ptr::write_unaligned", "Argument[1]", "Argument[0].Reference", "value", "manual"] - ["core::ptr::write_volatile", "Argument[1]", "Argument[0].Reference", "value", "manual"] # Str + - ["::as_str", "Argument[self]", "ReturnValue", "value", "manual"] + - ["::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"] + - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] - ["::as_str", "Argument[self]", "ReturnValue", "taint", "value"] - - ["::as_str", "Argument[self]", "ReturnValue", "taint", "value"] - ["::as_bytes", "Argument[self]", "ReturnValue", "taint", "value"] - - ["::as_bytes", "Argument[self]", "ReturnValue", "taint", "value"] - ["::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] From 144fa7dd392c88267d311843ae1151eca15d9e98 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:33:37 +0000 Subject: [PATCH 4/9] Rust: Deduplicate some models. --- rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml | 2 -- rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml | 4 ---- 2 files changed, 6 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml index 324f6244516c..4dd9db8489cf 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml @@ -47,8 +47,6 @@ extensions: - ["::pad_to_align", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::size", "Argument[self]", "ReturnValue", "taint", "manual"] # String - - ["::as_str", "Argument[self]", "ReturnValue", "taint", "value"] - - ["::as_bytes", "Argument[self]", "ReturnValue", "taint", "value"] - ["::as_str", "Argument[self]", "ReturnValue", "value", "manual"] - ["::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"] - ["<_ as alloc::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml index 76a38bd546bb..eeeb948bf3a7 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml @@ -45,11 +45,7 @@ extensions: - ["::as_bytes", "Argument[self]", "ReturnValue", "value", "manual"] - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] - - ["::as_str", "Argument[self]", "ReturnValue", "taint", "value"] - - ["::as_bytes", "Argument[self]", "ReturnValue", "taint", "value"] - ["::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] - addsTo: pack: codeql/rust-all extensible: sourceModel From 5af83787d82dfc8deb236ac7f1ead56c0b13cab7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:35:27 +0000 Subject: [PATCH 5/9] Rust: Move a few more models. --- rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml | 3 +++ rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml index eeeb948bf3a7..46eea8f9c4ef 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml @@ -26,6 +26,9 @@ extensions: - ["<_ as core::iter::traits::iterator::Iterator>::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"] - ["<_ as core::iter::traits::iterator::Iterator>::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["<_ as core::iter::traits::iterator::Iterator>::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["<_ as core::iter::traits::iterator::Iterator>::take", "Argument[self]", "ReturnValue", "taint", "manual"] # Pin - ["core::pin::Pin", "Argument[0]", "ReturnValue", "value", "manual"] - ["::new", "Argument[0]", "ReturnValue", "value", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml index ae58b2a077aa..17b0451793d8 100644 --- a/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/tokio/io.model.yml @@ -46,6 +46,3 @@ extensions: - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>:::read_f32_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f64", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["<_ as tokio::io::util::async_read_ext::AsyncReadExt>::read_f64_le", "Argument[self]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"] - - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["<_ as core::iter::traits::iterator::Iterator>::take", "Argument[self]", "ReturnValue", "taint", "manual"] From 687cc6f544ace4a398a8b0029ae7b328d9b225f8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 3 Nov 2025 14:53:58 +0000 Subject: [PATCH 6/9] Rust: Re-arrange models slightly. --- rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml index 4dd9db8489cf..5199a0e8117b 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml @@ -27,8 +27,6 @@ extensions: - ["::pin", "Argument[0]", "ReturnValue.Reference", "value", "manual"] - ["::new", "Argument[0]", "ReturnValue.Reference", "value", "manual"] - ["::into_pin", "Argument[0]", "ReturnValue", "value", "manual"] - # Conversions - - ["::align_to", "Argument[self].Element", "ReturnValue.Field[0,1,2].Reference.Element", "taint", "manual"] # Fmt - ["alloc::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"] # Layout @@ -44,6 +42,7 @@ extensions: - ["::extend_packed", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["::extend_packed", "Argument[0]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["::align_to", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] + - ["::align_to", "Argument[self].Element", "ReturnValue.Field[0,1,2].Reference.Element", "taint", "manual"] - ["::pad_to_align", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::size", "Argument[self]", "ReturnValue", "taint", "manual"] # String From 56e98c45ec57eaa17e0282a507de6b700cd76f3b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 3 Nov 2025 17:08:22 +0000 Subject: [PATCH 7/9] Rust: Accept trivial changes to test .expected files. --- .../ql/test/query-tests/security/CWE-089/SqlInjection.expected | 3 +-- .../security/CWE-770/UncontrolledAllocationSize.expected | 2 -- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index ecd8cfa79376..3195a0b606e3 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -174,7 +174,6 @@ edges | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:30 | | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:34 | -| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:34 | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:84:55:96 | remote_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance | | @@ -195,9 +194,9 @@ edges | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:29 | | sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance | | | sqlx.rs:53:27:53:36 | arg_string | sqlx.rs:53:26:53:36 | &arg_string [&ref] | provenance | | -| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:33 | | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:29 | | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:33 | +| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:33 | | sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | | | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | | | sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:42 | unsafe_query_3 | provenance | | diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 64875e0a8ac9..8fcbd27ac02e 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -252,7 +252,6 @@ edges | main.rs:230:46:230:46 | v | main.rs:231:42:231:42 | v | provenance | | | main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:4 Sink:MaD:4 | | main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:41 | -| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:41 | | main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | | main.rs:280:21:280:47 | user_input.parse() [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | | main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance | | @@ -277,7 +276,6 @@ edges | main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:23 | | main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:38 | | main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:41 | -| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:41 | | main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:40 | | main.rs:317:13:317:91 | ... .unwrap() | main.rs:317:9:317:9 | v | provenance | | | main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | From 62e77687ca70215432bbdddfaef59b874d9bebcd Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 5 Nov 2025 15:09:39 +0000 Subject: [PATCH 8/9] Rust: Move async_std::io models. --- rust/ql/lib/codeql/rust/frameworks/asyncstd/io.model.yml | 7 +++++++ rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml | 6 ------ 2 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/asyncstd/io.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/asyncstd/io.model.yml b/rust/ql/lib/codeql/rust/frameworks/asyncstd/io.model.yml new file mode 100644 index 000000000000..99e14d0f0bc6 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/asyncstd/io.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["<_ as async_std::io::read::ReadExt>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] + - ["<_ as async_std::io::read::ReadExt>::read", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml b/rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml index 706170d44b89..9e65ba1b1964 100644 --- a/rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/asyncstd/net.model.yml @@ -4,9 +4,3 @@ extensions: extensible: sourceModel data: - ["::connect", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "remote", "manual"] - - addsTo: - pack: codeql/rust-all - extensible: summaryModel - data: - - ["<_ as async_std::io::read::ReadExt>::read", "Argument[self]", "Argument[0].Reference", "taint", "manual"] - - ["<_ as async_std::io::read::ReadExt>::read", "Argument[self].Reference", "Argument[0].Reference", "taint", "manual"] \ No newline at end of file From 680870dbf3257d4538087b9c3b750b642c5228e0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 6 Nov 2025 09:39:51 +0000 Subject: [PATCH 9/9] Rust: Fix after merge. --- rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected | 1 - 1 file changed, 1 deletion(-) diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index b74a6ee82e71..e1024e4ad729 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -172,7 +172,6 @@ edges | sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:25 | | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:30 | | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance | | -| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:34 | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:84:55:96 | remote_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance | |