Merge pull request #18576 from hvitved/rust/translate-mad-ids

github · Jan 23, 2025 · d60a81d · d60a81d
2 parents 8b2cfa9 + 33e07ed
commit d60a81d
Show file tree

Hide file tree

Showing 6 changed files with 524 additions and 470 deletions.
diff --git a/rust/ql/lib/utils/test/TranslateModels.qll b/rust/ql/lib/utils/test/TranslateModels.qll
@@ -0,0 +1,9 @@
+private import codeql.dataflow.test.ProvenancePathGraph as Graph
+private import codeql.rust.dataflow.internal.ModelsAsData as MaD
+
+private signature predicate provenanceSig(string model);
+
+/** Translates models-as-data provenance information into a format that can be used in tests. */
+module TranslateModels<provenanceSig/1 provenance> {
+  import Graph::TranslateModels<MaD::interpretModelForTest/2, provenance/1>
+}
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.ql b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.ql
@@ -1,7 +1,19 @@
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.dataflow.internal.DataFlowImpl
+import utils.test.TranslateModels
 
-query predicate localStep = DataFlow::localFlowStep/2;
+private predicate provenance(string model) { RustDataFlow::simpleLocalFlowStep(_, _, model) }
+
+private module Tm = TranslateModels<provenance/1>;
+
+query predicate models = Tm::models/2;
+
+query predicate localStep(Node nodeFrom, Node nodeTo, string model) {
+  exists(string madId |
+    RustDataFlow::simpleLocalFlowStep(nodeFrom, nodeTo, madId) and
+    Tm::translateModels(madId, model)
+  )
+}
 
 query predicate storeStep = RustDataFlow::storeStep/3;
 

diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
@@ -1,6 +1,7 @@
-| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:35 |
-| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:33 |
-| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:12 |
+additionalTaintStep
+| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:2 |
+| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:1 |
+| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:3 |
 | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:8:20:8:20 | s | main.rs:8:14:8:20 | FormatArgsExpr |  |
@@ -17,3 +18,7 @@
 | main.rs:64:24:64:24 | s | main.rs:64:24:64:27 | s[1] |  |
 | main.rs:64:24:64:27 | s[1] | main.rs:64:18:64:27 | FormatArgsExpr |  |
 | main.rs:69:9:69:12 | arr2 | main.rs:69:9:69:15 | arr2[1] |  |
+models
+| 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
+| 2 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint |
+| 3 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue.Variant[crate::result::Result::Ok(0)]; taint |
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.ql b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.ql
@@ -1,4 +1,18 @@
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.dataflow.internal.TaintTrackingImpl
+import utils.test.TranslateModels
 
-query predicate additionalTaintStep = RustTaintTracking::defaultAdditionalTaintStep/3;
+private predicate provenance(string model) {
+  RustTaintTracking::defaultAdditionalTaintStep(_, _, model)
+}
+
+private module Tm = TranslateModels<provenance/1>;
+
+query predicate models = Tm::models/2;
+
+query predicate additionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) {
+  exists(string madId |
+    RustTaintTracking::defaultAdditionalTaintStep(pred, succ, madId) and
+    Tm::translateModels(madId, model)
+  )
+}
diff --git a/shared/dataflow/codeql/dataflow/test/ProvenancePathGraph.qll b/shared/dataflow/codeql/dataflow/test/ProvenancePathGraph.qll
@@ -16,7 +16,8 @@ signature class PathNodeSig {
 
 private signature predicate provenanceSig(string model);
 
-private module TranslateModels<
+/** Translates models-as-data provenance information into a format that can be used in tests. */
+module TranslateModels<
   interpretModelForTestSig/2 interpretModelForTest0, provenanceSig/1 provenance>
 {
   private predicate madIds(string madId) {
@@ -79,6 +80,7 @@ private module TranslateModels<
     )
   }
 
+  /** Holds if the model `model1` should be translated to `model2`. */
   predicate translateModels(string model1, string model2) {
     exists(int i |
       translateModelsPart(model1, model2, i) and