From db4370d1491c709fd0ea2ea9f149f758fb718874 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 16 Jan 2025 18:14:05 +0000 Subject: [PATCH 1/9] Rust: Remove QL models for std::env sources. --- .../lib/codeql/rust/frameworks/stdlib/Env.qll | 30 ------------------- .../dataflow/sources/InlineFlow.expected | 4 +++ .../dataflow/sources/TaintSources.expected | 30 ++++++++++--------- 3 files changed, 20 insertions(+), 44 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll b/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll index 8410da77a069..2d0ccfb6d99b 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll @@ -4,33 +4,3 @@ private import rust private import codeql.rust.Concepts - -/** - * A call to `std::env::args` or `std::env::args_os`. - */ -private class StdEnvArgs extends CommandLineArgsSource::Range { - StdEnvArgs() { - this.asExpr().getExpr().(CallExpr).getFunction().(PathExpr).getResolvedPath() = - ["crate::env::args", "crate::env::args_os"] - } -} - -/** - * A call to `std::env::current_dir`, `std::env::current_exe` or `std::env::home_dir`. - */ -private class StdEnvDir extends CommandLineArgsSource::Range { - StdEnvDir() { - this.asExpr().getExpr().(CallExpr).getFunction().(PathExpr).getResolvedPath() = - ["crate::env::current_dir", "crate::env::current_exe", "crate::env::home_dir"] - } -} - -/** - * A call to `std::env::var`, `std::env::var_os`, `std::env::vars` or `std::env::vars_os`. - */ -private class StdEnvVar extends EnvironmentSource::Range { - StdEnvVar() { - this.asExpr().getExpr().(CallExpr).getFunction().(PathExpr).getResolvedPath() = - ["crate::env::var", "crate::env::var_os", "crate::env::vars", "crate::env::vars_os"] - } -} diff --git a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected index e69de29bb2d1..7bfe033a65bc 100644 --- a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected +++ b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected @@ -0,0 +1,4 @@ +| test.rs:8:34:8:84 | //... | Missing result: hasTaintFlow | +| test.rs:9:37:9:87 | //... | Missing result: hasTaintFlow | +| test.rs:41:20:41:36 | //... | Missing result: hasTaintFlow | +| test.rs:45:20:45:36 | //... | Missing result: hasTaintFlow | diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index cebbc00f3a5e..f92ca7e36ec0 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -1,17 +1,19 @@ -| test.rs:8:10:8:30 | ...::var(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:9:10:9:33 | ...::var_os(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:11:16:11:36 | ...::var(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:12:16:12:39 | ...::var_os(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:17:25:17:40 | ...::vars(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:22:25:22:43 | ...::vars_os(...) | Flow source 'EnvironmentSource' of type environment. | -| test.rs:29:29:29:44 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:32:16:32:31 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:33:16:33:34 | ...::args_os(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:40:16:40:31 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:44:16:44:34 | ...::args_os(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:50:15:50:37 | ...::current_dir(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:51:15:51:37 | ...::current_exe(...) | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:52:16:52:35 | ...::home_dir(...) | Flow source 'CommandLineArgs' of type commandargs. | +#select | test.rs:60:26:60:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | | test.rs:63:26:63:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | | test.rs:66:26:66:60 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | +testFailures +| test.rs:8:34:8:84 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:9:37:9:87 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:11:62:11:99 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:12:51:12:88 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:17:44:17:81 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:22:47:22:84 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:29:57:29:94 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:32:50:32:87 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:33:53:33:90 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:40:35:40:72 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:44:38:44:75 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:50:57:50:94 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:51:57:51:94 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:52:55:52:92 | //... | Missing result: Alert[rust/summary/taint-sources] | From 5a73e0bd09236885cd2d46345501e533b166f0c7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 16 Jan 2025 18:46:53 +0000 Subject: [PATCH 2/9] Rust: Re-model std::env sources using models-as-data. --- rust/ql/lib/codeql/rust/Concepts.qll | 28 +++++++++++++++++ .../rust/frameworks/stdlib/env.model.yml | 14 +++++++++ .../dataflow/sources/InlineFlow.expected | 4 --- .../dataflow/sources/TaintSources.expected | 30 +++++++++---------- .../library-tests/dataflow/sources/test.rs | 4 +-- .../dataflow/taint/TaintFlowStep.expected | 4 +-- 6 files changed, 60 insertions(+), 24 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml diff --git a/rust/ql/lib/codeql/rust/Concepts.qll b/rust/ql/lib/codeql/rust/Concepts.qll index 51d601070000..4a0334b98bfd 100644 --- a/rust/ql/lib/codeql/rust/Concepts.qll +++ b/rust/ql/lib/codeql/rust/Concepts.qll @@ -7,6 +7,7 @@ private import codeql.rust.dataflow.DataFlow private import codeql.threatmodels.ThreatModels private import codeql.rust.Frameworks +private import codeql.rust.dataflow.FlowSource /** * A data flow source for a specific threat-model. @@ -66,6 +67,15 @@ module CommandLineArgsSource { } } +/** + * An externally modeled source for command line arguments. + */ +class ModeledCommandLineArgsSource extends CommandLineArgsSource::Range { + ModeledCommandLineArgsSource() { + sourceNode(this, "command-line-source") + } +} + /** * A data flow source corresponding to the program's environment. */ @@ -85,6 +95,15 @@ module EnvironmentSource { } } +/** + * An externally modeled source for data from the program's environment. + */ +class ModeledEnvironmentSource extends EnvironmentSource::Range { + ModeledEnvironmentSource() { + sourceNode(this, "environment-source") + } +} + /** * A data flow source for remote (network) data. */ @@ -104,6 +123,15 @@ module RemoteSource { } } +/** + * An externally modeled source for remote (network) data. + */ +class ModeledRemoteSource extends RemoteSource::Range { + ModeledRemoteSource() { + sourceNode(this, "remote-source") + } +} + /** * A data flow node that constructs a SQL statement (for later execution). * diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml new file mode 100644 index 000000000000..ceb5a88f0c12 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["lang:std", "crate::env::args", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::args_os", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::current_dir", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::current_exe", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::home_dir", "ReturnValue", "command-line-source", "manual"] + - ["lang:std", "crate::env::var", "ReturnValue", "environment-source", "manual"] + - ["lang:std", "crate::env::var_os", "ReturnValue", "environment-source", "manual"] + - ["lang:std", "crate::env::vars", "ReturnValue", "environment-source", "manual"] + - ["lang:std", "crate::env::vars_os", "ReturnValue", "environment-source", "manual"] diff --git a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected index 7bfe033a65bc..e69de29bb2d1 100644 --- a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected +++ b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected @@ -1,4 +0,0 @@ -| test.rs:8:34:8:84 | //... | Missing result: hasTaintFlow | -| test.rs:9:37:9:87 | //... | Missing result: hasTaintFlow | -| test.rs:41:20:41:36 | //... | Missing result: hasTaintFlow | -| test.rs:45:20:45:36 | //... | Missing result: hasTaintFlow | diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index f92ca7e36ec0..7b1428ceb97f 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -1,19 +1,17 @@ -#select +| test.rs:8:10:8:22 | ...::var | Flow source 'EnvironmentSource' of type environment. | +| test.rs:9:10:9:25 | ...::var_os | Flow source 'EnvironmentSource' of type environment. | +| test.rs:11:16:11:28 | ...::var | Flow source 'EnvironmentSource' of type environment. | +| test.rs:12:16:12:31 | ...::var_os | Flow source 'EnvironmentSource' of type environment. | +| test.rs:17:25:17:38 | ...::vars | Flow source 'EnvironmentSource' of type environment. | +| test.rs:22:25:22:41 | ...::vars_os | Flow source 'EnvironmentSource' of type environment. | +| test.rs:29:29:29:42 | ...::args | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:32:16:32:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:33:16:33:32 | ...::args_os | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:40:16:40:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:44:16:44:32 | ...::args_os | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:50:15:50:35 | ...::current_dir | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:51:15:51:35 | ...::current_exe | Flow source 'CommandLineArgs' of type commandargs. | +| test.rs:52:16:52:33 | ...::home_dir | Flow source 'CommandLineArgs' of type commandargs. | | test.rs:60:26:60:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | | test.rs:63:26:63:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | | test.rs:66:26:66:60 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | -testFailures -| test.rs:8:34:8:84 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:9:37:9:87 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:11:62:11:99 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:12:51:12:88 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:17:44:17:81 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:22:47:22:84 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:29:57:29:94 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:32:50:32:87 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:33:53:33:90 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:40:35:40:72 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:44:38:44:75 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:50:57:50:94 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:51:57:51:94 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:52:55:52:92 | //... | Missing result: Alert[rust/summary/taint-sources] | diff --git a/rust/ql/test/library-tests/dataflow/sources/test.rs b/rust/ql/test/library-tests/dataflow/sources/test.rs index 7b33a00864e2..de482c251065 100644 --- a/rust/ql/test/library-tests/dataflow/sources/test.rs +++ b/rust/ql/test/library-tests/dataflow/sources/test.rs @@ -5,8 +5,8 @@ fn sink(_: T) { } // --- tests --- fn test_env_vars() { - sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow - sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow + sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="HOME" + sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="PATH" let var1 = std::env::var("HOME").expect("HOME not set"); // $ Alert[rust/summary/taint-sources] let var2 = std::env::var_os("PATH").unwrap(); // $ Alert[rust/summary/taint-sources] diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected index b2b6872a6d25..c8bc30eda6f8 100644 --- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected @@ -1,5 +1,5 @@ -| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:14 | -| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:12 | +| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:23 | +| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:21 | | file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:0 | | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... | | | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... | | From 1a000c39c923b30f38b65141e9e4e8be065779dd Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:26:49 +0000 Subject: [PATCH 3/9] Rust: Remove QL models for reqwest sources. --- rust/ql/lib/codeql/rust/frameworks/Reqwest.qll | 13 ------------- .../dataflow/sources/TaintSources.expected | 8 +++++--- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll b/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll index 2d3e04f94b3b..801c36d8028c 100644 --- a/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll +++ b/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll @@ -4,16 +4,3 @@ private import rust private import codeql.rust.Concepts - -/** - * A call to `reqwest::get` or `reqwest::blocking::get`. - */ -private class ReqwestGet extends RemoteSource::Range { - ReqwestGet() { - exists(CallExpr ce | - this.asExpr().getExpr() = ce and - ce.getFunction().(PathExpr).getResolvedCrateOrigin().matches("%reqwest") and - ce.getFunction().(PathExpr).getResolvedPath() = ["crate::get", "crate::blocking::get"] - ) - } -} diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index 7b1428ceb97f..da51f4acfade 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -1,3 +1,4 @@ +#select | test.rs:8:10:8:22 | ...::var | Flow source 'EnvironmentSource' of type environment. | | test.rs:9:10:9:25 | ...::var_os | Flow source 'EnvironmentSource' of type environment. | | test.rs:11:16:11:28 | ...::var | Flow source 'EnvironmentSource' of type environment. | @@ -12,6 +13,7 @@ | test.rs:50:15:50:35 | ...::current_dir | Flow source 'CommandLineArgs' of type commandargs. | | test.rs:51:15:51:35 | ...::current_exe | Flow source 'CommandLineArgs' of type commandargs. | | test.rs:52:16:52:33 | ...::home_dir | Flow source 'CommandLineArgs' of type commandargs. | -| test.rs:60:26:60:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | -| test.rs:63:26:63:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | -| test.rs:66:26:66:60 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). | +testFailures +| test.rs:60:82:60:119 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:63:98:63:135 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:66:84:66:121 | //... | Missing result: Alert[rust/summary/taint-sources] | From b8aa518931a9be4526a024577883fd908a2b0203 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:40:58 +0000 Subject: [PATCH 4/9] Rust: Re-model reqwest sources using models-as-data. --- rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml | 6 ++++++ .../library-tests/dataflow/sources/TaintSources.expected | 8 +++----- .../library-tests/dataflow/taint/TaintFlowStep.expected | 6 +++--- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml index 8b2b9afc79b4..051687fa4e61 100644 --- a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml @@ -1,4 +1,10 @@ extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::get", "ReturnValue", "remote-source", "manual"] + - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::blocking::get", "ReturnValue", "remote-source", "manual"] - addsTo: pack: codeql/rust-all extensible: summaryModel diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index da51f4acfade..e127b06cce96 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -1,4 +1,3 @@ -#select | test.rs:8:10:8:22 | ...::var | Flow source 'EnvironmentSource' of type environment. | | test.rs:9:10:9:25 | ...::var_os | Flow source 'EnvironmentSource' of type environment. | | test.rs:11:16:11:28 | ...::var | Flow source 'EnvironmentSource' of type environment. | @@ -13,7 +12,6 @@ | test.rs:50:15:50:35 | ...::current_dir | Flow source 'CommandLineArgs' of type commandargs. | | test.rs:51:15:51:35 | ...::current_exe | Flow source 'CommandLineArgs' of type commandargs. | | test.rs:52:16:52:33 | ...::home_dir | Flow source 'CommandLineArgs' of type commandargs. | -testFailures -| test.rs:60:82:60:119 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:63:98:63:135 | //... | Missing result: Alert[rust/summary/taint-sources] | -| test.rs:66:84:66:121 | //... | Missing result: Alert[rust/summary/taint-sources] | +| test.rs:60:26:60:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). | +| test.rs:63:26:63:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). | +| test.rs:66:26:66:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). | diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected index c8bc30eda6f8..2182c664f4f7 100644 --- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected @@ -1,6 +1,6 @@ -| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:23 | -| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:21 | -| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:0 | +| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:25 | +| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:23 | +| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:2 | | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... | | | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... | | | main.rs:8:20:8:20 | s | main.rs:8:14:8:20 | FormatArgsExpr | | From ce982143fba42d8ef39ba8064aa548836c83d06a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 17 Jan 2025 13:25:29 +0000 Subject: [PATCH 5/9] Rust: Remove the now empty files. --- rust/ql/lib/codeql/rust/Frameworks.qll | 2 -- rust/ql/lib/codeql/rust/frameworks/Reqwest.qll | 6 ------ rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll | 6 ------ 3 files changed, 14 deletions(-) delete mode 100644 rust/ql/lib/codeql/rust/frameworks/Reqwest.qll delete mode 100644 rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll diff --git a/rust/ql/lib/codeql/rust/Frameworks.qll b/rust/ql/lib/codeql/rust/Frameworks.qll index 6a5e95c82e56..6d9dcaea5058 100644 --- a/rust/ql/lib/codeql/rust/Frameworks.qll +++ b/rust/ql/lib/codeql/rust/Frameworks.qll @@ -2,7 +2,5 @@ * This file imports all models of frameworks and libraries. */ -private import codeql.rust.frameworks.Reqwest private import codeql.rust.frameworks.rustcrypto.RustCrypto -private import codeql.rust.frameworks.stdlib.Env private import codeql.rust.frameworks.Sqlx diff --git a/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll b/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll deleted file mode 100644 index 801c36d8028c..000000000000 --- a/rust/ql/lib/codeql/rust/frameworks/Reqwest.qll +++ /dev/null @@ -1,6 +0,0 @@ -/** - * Provides modeling for the `reqwest` library. - */ - -private import rust -private import codeql.rust.Concepts diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll b/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll deleted file mode 100644 index 2d0ccfb6d99b..000000000000 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll +++ /dev/null @@ -1,6 +0,0 @@ -/** - * Provides modeling for the `std::env` library. - */ - -private import rust -private import codeql.rust.Concepts From 0ce1a1bef0837506d01555eebdf1eb74946bf312 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 17 Jan 2025 10:20:57 +0000 Subject: [PATCH 6/9] Rust: Make the qldoc for hasher-input MAD sinks a bit clearer. --- .../rust/security/WeakSensitiveDataHashingExtensions.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll index 8407ee4467d1..61caa4dd4758 100644 --- a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll @@ -174,7 +174,8 @@ module ComputationallyExpensiveHashFunction { } /** - * An externally modeled operation that hashes data, for example a call to `md5::Md5::digest(data)`. + * An externally modeled operation that hashes data, for example a call to `md5::Md5::digest(data)`. The + * model should identify the argument of a call that is the data to be hashed. */ class ModeledHashOperation extends Cryptography::CryptographicOperation::Range { DataFlow::Node input; From d6c5c00ca95d8982e4fc351ab83ec917e27315f9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 17 Jan 2025 21:16:02 +0000 Subject: [PATCH 7/9] Rust: Autoformat. --- rust/ql/lib/codeql/rust/Concepts.qll | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/rust/ql/lib/codeql/rust/Concepts.qll b/rust/ql/lib/codeql/rust/Concepts.qll index 4a0334b98bfd..9f1924095d7b 100644 --- a/rust/ql/lib/codeql/rust/Concepts.qll +++ b/rust/ql/lib/codeql/rust/Concepts.qll @@ -71,9 +71,7 @@ module CommandLineArgsSource { * An externally modeled source for command line arguments. */ class ModeledCommandLineArgsSource extends CommandLineArgsSource::Range { - ModeledCommandLineArgsSource() { - sourceNode(this, "command-line-source") - } + ModeledCommandLineArgsSource() { sourceNode(this, "command-line-source") } } /** @@ -99,9 +97,7 @@ module EnvironmentSource { * An externally modeled source for data from the program's environment. */ class ModeledEnvironmentSource extends EnvironmentSource::Range { - ModeledEnvironmentSource() { - sourceNode(this, "environment-source") - } + ModeledEnvironmentSource() { sourceNode(this, "environment-source") } } /** @@ -127,9 +123,7 @@ module RemoteSource { * An externally modeled source for remote (network) data. */ class ModeledRemoteSource extends RemoteSource::Range { - ModeledRemoteSource() { - sourceNode(this, "remote-source") - } + ModeledRemoteSource() { sourceNode(this, "remote-source") } } /** From d970fe7768f139f534b75b573d3eac2e55266e0f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 20 Jan 2025 09:20:44 +0000 Subject: [PATCH 8/9] Rust: remote-source -> remote. --- rust/ql/lib/codeql/rust/Concepts.qll | 2 +- rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rust/ql/lib/codeql/rust/Concepts.qll b/rust/ql/lib/codeql/rust/Concepts.qll index 9f1924095d7b..136d5f94d73f 100644 --- a/rust/ql/lib/codeql/rust/Concepts.qll +++ b/rust/ql/lib/codeql/rust/Concepts.qll @@ -123,7 +123,7 @@ module RemoteSource { * An externally modeled source for remote (network) data. */ class ModeledRemoteSource extends RemoteSource::Range { - ModeledRemoteSource() { sourceNode(this, "remote-source") } + ModeledRemoteSource() { sourceNode(this, "remote") } } /** diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml index 051687fa4e61..6e05730169ed 100644 --- a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/rust-all extensible: sourceModel data: - - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::get", "ReturnValue", "remote-source", "manual"] - - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::blocking::get", "ReturnValue", "remote-source", "manual"] + - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::get", "ReturnValue", "remote", "manual"] + - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::blocking::get", "ReturnValue", "remote", "manual"] - addsTo: pack: codeql/rust-all extensible: summaryModel From 24b35ed5a4ab2db67206d32698ed6125481ccb0a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 22 Jan 2025 09:14:31 +0000 Subject: [PATCH 9/9] Rust: Fixup .expected after merge. --- .../library-tests/dataflow/taint/TaintFlowStep.expected | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected index 726f0a09a8b9..21a028e8d41b 100644 --- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected @@ -1,9 +1,6 @@ -| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:25 | -| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:23 | -| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:2 | -| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:24 | -| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:22 | -| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:10 | +| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:35 | +| file://:0:0:0:0 | [summary param] self in lang:alloc::_::::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::as_str | MaD:33 | +| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text | MaD:12 | | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... | | | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... | | | main.rs:8:20:8:20 | s | main.rs:8:14:8:20 | FormatArgsExpr | |