Rust: Never skip assignment LHS in data flow

github · Dec 16, 2024 · 9f2b436 · 9f2b436
1 parent 54ba14d
commit 9f2b436
Show file tree

Hide file tree

Showing 7 changed files with 271 additions and 89 deletions.
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -855,6 +855,12 @@ module RustDataFlow implements InputSig<Location> {
     node instanceof Node::ClosureParameterNode
   }
 
+  predicate neverSkipInPathGraph(Node node) {
+    node.getCfgNode() = any(LetStmtCfgNode s).getPat()
+    or
+    node.getCfgNode() = any(AssignmentExprCfgNode a).getLhs()
+  }
+
   class DataFlowExpr = ExprCfgNode;
 
   /** Gets the node corresponding to `e`. */

diff --git a/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected
@@ -1,22 +1,30 @@
 models
 edges
 | main.rs:9:13:9:19 | ...: ... | main.rs:9:30:14:1 | { ... } | provenance |  |
-| main.rs:21:13:21:21 | source(...) | main.rs:22:10:22:10 | s | provenance |  |
-| main.rs:26:13:26:21 | source(...) | main.rs:27:22:27:22 | s | provenance |  |
-| main.rs:27:13:27:23 | sanitize(...) | main.rs:28:10:28:10 | s | provenance |  |
+| main.rs:21:9:21:9 | s | main.rs:22:10:22:10 | s | provenance |  |
+| main.rs:21:13:21:21 | source(...) | main.rs:21:9:21:9 | s | provenance |  |
+| main.rs:26:9:26:9 | s | main.rs:27:22:27:22 | s | provenance |  |
+| main.rs:26:13:26:21 | source(...) | main.rs:26:9:26:9 | s | provenance |  |
+| main.rs:27:9:27:9 | s | main.rs:28:10:28:10 | s | provenance |  |
+| main.rs:27:13:27:23 | sanitize(...) | main.rs:27:9:27:9 | s | provenance |  |
 | main.rs:27:22:27:22 | s | main.rs:9:13:9:19 | ...: ... | provenance |  |
 | main.rs:27:22:27:22 | s | main.rs:27:13:27:23 | sanitize(...) | provenance |  |
-| main.rs:32:13:32:21 | source(...) | main.rs:33:10:33:10 | s | provenance |  |
+| main.rs:32:9:32:9 | s | main.rs:33:10:33:10 | s | provenance |  |
+| main.rs:32:13:32:21 | source(...) | main.rs:32:9:32:9 | s | provenance |  |
 nodes
 | main.rs:9:13:9:19 | ...: ... | semmle.label | ...: ... |
 | main.rs:9:30:14:1 | { ... } | semmle.label | { ... } |
 | main.rs:17:10:17:18 | source(...) | semmle.label | source(...) |
+| main.rs:21:9:21:9 | s | semmle.label | s |
 | main.rs:21:13:21:21 | source(...) | semmle.label | source(...) |
 | main.rs:22:10:22:10 | s | semmle.label | s |
+| main.rs:26:9:26:9 | s | semmle.label | s |
 | main.rs:26:13:26:21 | source(...) | semmle.label | source(...) |
+| main.rs:27:9:27:9 | s | semmle.label | s |
 | main.rs:27:13:27:23 | sanitize(...) | semmle.label | sanitize(...) |
 | main.rs:27:22:27:22 | s | semmle.label | s |
 | main.rs:28:10:28:10 | s | semmle.label | s |
+| main.rs:32:9:32:9 | s | semmle.label | s |
 | main.rs:32:13:32:21 | source(...) | semmle.label | source(...) |
 | main.rs:33:10:33:10 | s | semmle.label | s |
 subpaths

diff --git a/rust/ql/test/library-tests/dataflow/closures/inline-flow.expected b/rust/ql/test/library-tests/dataflow/closures/inline-flow.expected
@@ -3,11 +3,14 @@ edges
 | main.rs:11:20:11:52 | if cond {...} else {...} | main.rs:12:10:12:16 | f(...) | provenance |  |
 | main.rs:11:30:11:39 | source(...) | main.rs:11:20:11:52 | if cond {...} else {...} | provenance |  |
 | main.rs:16:20:16:23 | ... | main.rs:18:18:18:21 | data | provenance |  |
-| main.rs:22:13:22:22 | source(...) | main.rs:23:13:23:13 | a | provenance |  |
+| main.rs:22:9:22:9 | a | main.rs:23:13:23:13 | a | provenance |  |
+| main.rs:22:13:22:22 | source(...) | main.rs:22:9:22:9 | a | provenance |  |
 | main.rs:23:13:23:13 | a | main.rs:16:20:16:23 | ... | provenance |  |
 | main.rs:27:20:27:23 | ... | main.rs:28:9:32:9 | if cond {...} else {...} | provenance |  |
-| main.rs:33:13:33:22 | source(...) | main.rs:34:21:34:21 | a | provenance |  |
-| main.rs:34:13:34:22 | f(...) | main.rs:35:10:35:10 | b | provenance |  |
+| main.rs:33:9:33:9 | a | main.rs:34:21:34:21 | a | provenance |  |
+| main.rs:33:13:33:22 | source(...) | main.rs:33:9:33:9 | a | provenance |  |
+| main.rs:34:9:34:9 | b | main.rs:35:10:35:10 | b | provenance |  |
+| main.rs:34:13:34:22 | f(...) | main.rs:34:9:34:9 | b | provenance |  |
 | main.rs:34:21:34:21 | a | main.rs:27:20:27:23 | ... | provenance |  |
 | main.rs:34:21:34:21 | a | main.rs:34:13:34:22 | f(...) | provenance |  |
 | main.rs:42:16:42:25 | source(...) | main.rs:44:5:44:5 | [post] f [captured capt] | provenance |  |
@@ -20,11 +23,14 @@ nodes
 | main.rs:12:10:12:16 | f(...) | semmle.label | f(...) |
 | main.rs:16:20:16:23 | ... | semmle.label | ... |
 | main.rs:18:18:18:21 | data | semmle.label | data |
+| main.rs:22:9:22:9 | a | semmle.label | a |
 | main.rs:22:13:22:22 | source(...) | semmle.label | source(...) |
 | main.rs:23:13:23:13 | a | semmle.label | a |
 | main.rs:27:20:27:23 | ... | semmle.label | ... |
 | main.rs:28:9:32:9 | if cond {...} else {...} | semmle.label | if cond {...} else {...} |
+| main.rs:33:9:33:9 | a | semmle.label | a |
 | main.rs:33:13:33:22 | source(...) | semmle.label | source(...) |
+| main.rs:34:9:34:9 | b | semmle.label | b |
 | main.rs:34:13:34:22 | f(...) | semmle.label | f(...) |
 | main.rs:34:21:34:21 | a | semmle.label | a |
 | main.rs:35:10:35:10 | b | semmle.label | b |

diff --git a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected
@@ -2,45 +2,59 @@ models
 edges
 | main.rs:12:28:14:1 | { ... } | main.rs:17:13:17:23 | get_data(...) | provenance |  |
 | main.rs:13:5:13:13 | source(...) | main.rs:12:28:14:1 | { ... } | provenance |  |
-| main.rs:17:13:17:23 | get_data(...) | main.rs:18:10:18:10 | a | provenance |  |
+| main.rs:17:9:17:9 | a | main.rs:18:10:18:10 | a | provenance |  |
+| main.rs:17:13:17:23 | get_data(...) | main.rs:17:9:17:9 | a | provenance |  |
 | main.rs:21:12:21:17 | ...: i64 | main.rs:22:10:22:10 | n | provenance |  |
-| main.rs:26:13:26:21 | source(...) | main.rs:27:13:27:13 | a | provenance |  |
+| main.rs:26:9:26:9 | a | main.rs:27:13:27:13 | a | provenance |  |
+| main.rs:26:13:26:21 | source(...) | main.rs:26:9:26:9 | a | provenance |  |
 | main.rs:27:13:27:13 | a | main.rs:21:12:21:17 | ...: i64 | provenance |  |
 | main.rs:30:17:30:22 | ...: i64 | main.rs:30:32:32:1 | { ... } | provenance |  |
-| main.rs:35:13:35:21 | source(...) | main.rs:36:26:36:26 | a | provenance |  |
-| main.rs:36:13:36:27 | pass_through(...) | main.rs:37:10:37:10 | b | provenance |  |
+| main.rs:35:9:35:9 | a | main.rs:36:26:36:26 | a | provenance |  |
+| main.rs:35:13:35:21 | source(...) | main.rs:35:9:35:9 | a | provenance |  |
+| main.rs:36:9:36:9 | b | main.rs:37:10:37:10 | b | provenance |  |
+| main.rs:36:13:36:27 | pass_through(...) | main.rs:36:9:36:9 | b | provenance |  |
 | main.rs:36:26:36:26 | a | main.rs:30:17:30:22 | ...: i64 | provenance |  |
 | main.rs:36:26:36:26 | a | main.rs:36:13:36:27 | pass_through(...) | provenance |  |
-| main.rs:41:13:44:6 | pass_through(...) | main.rs:45:10:45:10 | a | provenance |  |
+| main.rs:41:9:41:9 | a | main.rs:45:10:45:10 | a | provenance |  |
+| main.rs:41:13:44:6 | pass_through(...) | main.rs:41:9:41:9 | a | provenance |  |
 | main.rs:41:26:44:5 | { ... } | main.rs:30:17:30:22 | ...: i64 | provenance |  |
 | main.rs:41:26:44:5 | { ... } | main.rs:41:13:44:6 | pass_through(...) | provenance |  |
 | main.rs:43:9:43:18 | source(...) | main.rs:41:26:44:5 | { ... } | provenance |  |
 | main.rs:56:23:56:28 | ...: i64 | main.rs:57:14:57:14 | n | provenance |  |
 | main.rs:59:31:65:5 | { ... } | main.rs:77:13:77:25 | mn.get_data(...) | provenance |  |
 | main.rs:63:13:63:21 | source(...) | main.rs:59:31:65:5 | { ... } | provenance |  |
 | main.rs:66:28:66:33 | ...: i64 | main.rs:66:43:72:5 | { ... } | provenance |  |
-| main.rs:77:13:77:25 | mn.get_data(...) | main.rs:78:10:78:10 | a | provenance |  |
-| main.rs:83:13:83:21 | source(...) | main.rs:84:16:84:16 | a | provenance |  |
+| main.rs:77:9:77:9 | a | main.rs:78:10:78:10 | a | provenance |  |
+| main.rs:77:13:77:25 | mn.get_data(...) | main.rs:77:9:77:9 | a | provenance |  |
+| main.rs:83:9:83:9 | a | main.rs:84:16:84:16 | a | provenance |  |
+| main.rs:83:13:83:21 | source(...) | main.rs:83:9:83:9 | a | provenance |  |
 | main.rs:84:16:84:16 | a | main.rs:56:23:56:28 | ...: i64 | provenance |  |
-| main.rs:89:13:89:21 | source(...) | main.rs:90:29:90:29 | a | provenance |  |
-| main.rs:90:13:90:30 | mn.data_through(...) | main.rs:91:10:91:10 | b | provenance |  |
+| main.rs:89:9:89:9 | a | main.rs:90:29:90:29 | a | provenance |  |
+| main.rs:89:13:89:21 | source(...) | main.rs:89:9:89:9 | a | provenance |  |
+| main.rs:90:9:90:9 | b | main.rs:91:10:91:10 | b | provenance |  |
+| main.rs:90:13:90:30 | mn.data_through(...) | main.rs:90:9:90:9 | b | provenance |  |
 | main.rs:90:29:90:29 | a | main.rs:66:28:66:33 | ...: i64 | provenance |  |
 | main.rs:90:29:90:29 | a | main.rs:90:13:90:30 | mn.data_through(...) | provenance |  |
 nodes
 | main.rs:12:28:14:1 | { ... } | semmle.label | { ... } |
 | main.rs:13:5:13:13 | source(...) | semmle.label | source(...) |
+| main.rs:17:9:17:9 | a | semmle.label | a |
 | main.rs:17:13:17:23 | get_data(...) | semmle.label | get_data(...) |
 | main.rs:18:10:18:10 | a | semmle.label | a |
 | main.rs:21:12:21:17 | ...: i64 | semmle.label | ...: i64 |
 | main.rs:22:10:22:10 | n | semmle.label | n |
+| main.rs:26:9:26:9 | a | semmle.label | a |
 | main.rs:26:13:26:21 | source(...) | semmle.label | source(...) |
 | main.rs:27:13:27:13 | a | semmle.label | a |
 | main.rs:30:17:30:22 | ...: i64 | semmle.label | ...: i64 |
 | main.rs:30:32:32:1 | { ... } | semmle.label | { ... } |
+| main.rs:35:9:35:9 | a | semmle.label | a |
 | main.rs:35:13:35:21 | source(...) | semmle.label | source(...) |
+| main.rs:36:9:36:9 | b | semmle.label | b |
 | main.rs:36:13:36:27 | pass_through(...) | semmle.label | pass_through(...) |
 | main.rs:36:26:36:26 | a | semmle.label | a |
 | main.rs:37:10:37:10 | b | semmle.label | b |
+| main.rs:41:9:41:9 | a | semmle.label | a |
 | main.rs:41:13:44:6 | pass_through(...) | semmle.label | pass_through(...) |
 | main.rs:41:26:44:5 | { ... } | semmle.label | { ... } |
 | main.rs:43:9:43:18 | source(...) | semmle.label | source(...) |
@@ -51,11 +65,15 @@ nodes
 | main.rs:63:13:63:21 | source(...) | semmle.label | source(...) |
 | main.rs:66:28:66:33 | ...: i64 | semmle.label | ...: i64 |
 | main.rs:66:43:72:5 | { ... } | semmle.label | { ... } |
+| main.rs:77:9:77:9 | a | semmle.label | a |
 | main.rs:77:13:77:25 | mn.get_data(...) | semmle.label | mn.get_data(...) |
 | main.rs:78:10:78:10 | a | semmle.label | a |
+| main.rs:83:9:83:9 | a | semmle.label | a |
 | main.rs:83:13:83:21 | source(...) | semmle.label | source(...) |
 | main.rs:84:16:84:16 | a | semmle.label | a |
+| main.rs:89:9:89:9 | a | semmle.label | a |
 | main.rs:89:13:89:21 | source(...) | semmle.label | source(...) |
+| main.rs:90:9:90:9 | b | semmle.label | b |
 | main.rs:90:13:90:30 | mn.data_through(...) | semmle.label | mn.data_through(...) |
 | main.rs:90:29:90:29 | a | semmle.label | a |
 | main.rs:91:10:91:10 | b | semmle.label | b |