Rust: Add missing .Reference in various models
#21147
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| private import codeql.rust.internal.TypeMention | ||
| private import codeql.rust.internal.Type | ||
|
|
||
| private predicate relevantManualModel(SummarizedCallableImpl sc, string can) { |
Check warning
Code scanning / CodeQL
Dead code Warning
| ) | ||
| } | ||
|
|
||
| predicate manualModelMissingReturnReference( |
Check warning
Code scanning / CodeQL
Dead code Warning
hvitved
force-pushed
the
rust/fix-more-models
branch
3 times, most recently
from
ad07fbf to
edf0dea
Compare
hvitved
force-pushed
the
rust/fix-more-models
branch
from
edf0dea to
17441a5
Compare
There was a problem hiding this comment.
Pull request overview
This PR corrects data flow models for Rust standard library functions by adding missing .Reference tokens where parameters or return values are reference types. The changes also include debug logic to automatically detect such missing references in future manual models.
Changes:
- Updated 9 data flow models across 5 YAML files to properly handle reference types
- Added debug predicates to detect missing
.Referencetokens in manual models - Updated test expectations to reflect the corrected models
- Fixed a test case that now correctly detects taint flow through
BufReader::lines()
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml |
Updated String::as_str and String::as_bytes to include .Reference tokens; removed redundant Argument[self,0] model for String::add |
rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml |
Updated str::as_str to include .Reference tokens and changed kind from "value" to "taint" |
rust/ql/lib/codeql/rust/frameworks/stdlib/fs.model.yml |
Updated Path::join to add .Reference to Argument[self] |
rust/ql/lib/codeql/rust/frameworks/stdlib/net.model.yml |
Updated TcpStream::try_clone to add .Reference to Argument[self] |
rust/ql/lib/codeql/rust/frameworks/futures.model.yml |
Removed duplicate model for AsyncReadExt::read |
rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll |
Added debug module with predicates to detect missing .Reference tokens; refactored summaryModelRelevant predicate |
rust/ql/test/library-tests/dataflow/sources/net/test.rs |
Updated comment on line 207 from MISSING: to reflect fixed test case |
*.expected files |
Updated test expectations to reflect corrected model numbers and additional flow paths |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
geoffw0
left a comment
geoffw0
left a comment
There was a problem hiding this comment.
Happy with this, thanks for including the debug code so we can check for issues like these again in future.
| - ["<_ as alloc::string::ToString>::to_string", "Argument[self].Reference", "ReturnValue", "taint", "manual"] | ||
| # Overwrite generated model | ||
| - ["<alloc::string::String as core::ops::arith::Add>::add", "Argument[self,0]", "ReturnValue", "taint", "manual"] | ||
| - ["<alloc::string::String as core::ops::arith::Add>::add", "Argument[self]", "ReturnValue", "taint", "manual"] |
There was a problem hiding this comment.
I thought there was some kind of edge case behind the overlapping .Reference and non-.Reference models here. Something to do with appending &str strings perhaps, I can't remember exactly. Still, as this stuff is well tested and I see no regressions in the tests, I'm happy.
Alternative possible explanation: the incorrect models were only required for compatibility with other incorrect models elsewhere, which you've already updated.
2 participants
Wrote some logic for identifying missing
.Referencetokens, which is also included with this PR.DCA is fine.