Merge pull request #18530 from geoffw0/sourcemodels2

Rust: Convert source models to models-as-data

Author: geoffw0

rust/ql/lib/codeql/rust/Concepts.qll

@@ -7,6 +7,7 @@
 private import codeql.rust.dataflow.DataFlow
 private import codeql.threatmodels.ThreatModels
 private import codeql.rust.Frameworks
+private import codeql.rust.dataflow.FlowSource
 
 /**
  * A data flow source for a specific threat-model.
@@ -66,6 +67,13 @@ module CommandLineArgsSource {
   }
 }
 
+/**
+ * An externally modeled source for command line arguments.
+ */
+class ModeledCommandLineArgsSource extends CommandLineArgsSource::Range {
+  ModeledCommandLineArgsSource() { sourceNode(this, "command-line-source") }
+}
+
 /**
  * A data flow source corresponding to the program's environment.
  */
@@ -85,6 +93,13 @@ module EnvironmentSource {
   }
 }
 
+/**
+ * An externally modeled source for data from the program's environment.
+ */
+class ModeledEnvironmentSource extends EnvironmentSource::Range {
+  ModeledEnvironmentSource() { sourceNode(this, "environment-source") }
+}
+
 /**
  * A data flow source for remote (network) data.
  */
@@ -104,6 +119,13 @@ module RemoteSource {
   }
 }
 
+/**
+ * An externally modeled source for remote (network) data.
+ */
+class ModeledRemoteSource extends RemoteSource::Range {
+  ModeledRemoteSource() { sourceNode(this, "remote") }
+}
+
 /**
  * A data flow node that constructs a SQL statement (for later execution).
  *

rust/ql/lib/codeql/rust/Frameworks.qll

@@ -2,7 +2,5 @@
  * This file imports all models of frameworks and libraries.
  */
 
-private import codeql.rust.frameworks.Reqwest
 private import codeql.rust.frameworks.rustcrypto.RustCrypto
-private import codeql.rust.frameworks.stdlib.Env
 private import codeql.rust.frameworks.Sqlx

rust/ql/lib/codeql/rust/frameworks/Reqwest.qll

@@ -1,4 +1,10 @@
 extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::get", "ReturnValue", "remote", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "crate::blocking::get", "ReturnValue", "remote", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: summaryModel

rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml

@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["lang:std", "crate::env::args", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::args_os", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::current_dir", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::current_exe", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::home_dir", "ReturnValue", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::var", "ReturnValue", "environment-source", "manual"]
+      - ["lang:std", "crate::env::var_os", "ReturnValue", "environment-source", "manual"]
+      - ["lang:std", "crate::env::vars", "ReturnValue", "environment-source", "manual"]
+      - ["lang:std", "crate::env::vars_os", "ReturnValue", "environment-source", "manual"]

rust/ql/lib/codeql/rust/frameworks/stdlib/Env.qll

@@ -174,7 +174,8 @@ module ComputationallyExpensiveHashFunction {
 }
 
 /**
- * An externally modeled operation that hashes data, for example a call to `md5::Md5::digest(data)`.
+ * An externally modeled operation that hashes data, for example a call to `md5::Md5::digest(data)`. The
+ * model should identify the argument of a call that is the data to be hashed.
  */
 class ModeledHashOperation extends Cryptography::CryptographicOperation::Range {
   DataFlow::Node input;

rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml

@@ -1,17 +1,17 @@
-| test.rs:8:10:8:30 | ...::var(...) | Flow source 'EnvironmentSource' of type environment. |
-| test.rs:9:10:9:33 | ...::var_os(...) | Flow source 'EnvironmentSource' of type environment. |
-| test.rs:11:16:11:36 | ...::var(...) | Flow source 'EnvironmentSource' of type environment. |
-| test.rs:12:16:12:39 | ...::var_os(...) | Flow source 'EnvironmentSource' of type environment. |
-| test.rs:17:25:17:40 | ...::vars(...) | Flow source 'EnvironmentSource' of type environment. |
-| test.rs:22:25:22:43 | ...::vars_os(...) | Flow source 'EnvironmentSource' of type environment. |
-| test.rs:29:29:29:44 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. |
-| test.rs:32:16:32:31 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. |
-| test.rs:33:16:33:34 | ...::args_os(...) | Flow source 'CommandLineArgs' of type commandargs. |
-| test.rs:40:16:40:31 | ...::args(...) | Flow source 'CommandLineArgs' of type commandargs. |
-| test.rs:44:16:44:34 | ...::args_os(...) | Flow source 'CommandLineArgs' of type commandargs. |
-| test.rs:50:15:50:37 | ...::current_dir(...) | Flow source 'CommandLineArgs' of type commandargs. |
-| test.rs:51:15:51:37 | ...::current_exe(...) | Flow source 'CommandLineArgs' of type commandargs. |
-| test.rs:52:16:52:35 | ...::home_dir(...) | Flow source 'CommandLineArgs' of type commandargs. |
-| test.rs:60:26:60:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). |
-| test.rs:63:26:63:70 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). |
-| test.rs:66:26:66:60 | ...::get(...) | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:8:10:8:22 | ...::var | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:9:10:9:25 | ...::var_os | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:11:16:11:28 | ...::var | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:12:16:12:31 | ...::var_os | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:17:25:17:38 | ...::vars | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:22:25:22:41 | ...::vars_os | Flow source 'EnvironmentSource' of type environment. |
+| test.rs:29:29:29:42 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:32:16:32:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:33:16:33:32 | ...::args_os | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:40:16:40:29 | ...::args | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:44:16:44:32 | ...::args_os | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:50:15:50:35 | ...::current_dir | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:51:15:51:35 | ...::current_exe | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:52:16:52:33 | ...::home_dir | Flow source 'CommandLineArgs' of type commandargs. |
+| test.rs:60:26:60:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:63:26:63:47 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |
+| test.rs:66:26:66:37 | ...::get | Flow source 'RemoteSource' of type remote (DEFAULT). |

rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll

@@ -5,8 +5,8 @@ fn sink<T>(_: T) { }
 // --- tests ---
 
 fn test_env_vars() {
-    sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow
-    sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow
+    sink(std::env::var("HOME")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="HOME"
+    sink(std::env::var_os("PATH")); // $ Alert[rust/summary/taint-sources] hasTaintFlow="PATH"
 
     let var1 = std::env::var("HOME").expect("HOME not set"); // $ Alert[rust/summary/taint-sources]
     let var2 = std::env::var_os("PATH").unwrap(); // $ Alert[rust/summary/taint-sources]

rust/ql/test/library-tests/dataflow/sources/TaintSources.expected

@@ -1,6 +1,6 @@
-| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:24 |
-| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:22 |
-| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:10 |
+| file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::crate::fmt::format | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::crate::fmt::format | MaD:35 |
+| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:33 |
+| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:12 |
 | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:8:20:8:20 | s | main.rs:8:14:8:20 | FormatArgsExpr |  |