Merge pull request #18671 from geoffw0/http

Rust: Model some sources for HTTP

Author: geoffw0

rust/ql/lib/codeql/rust/frameworks/http.model.yml

@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http1::SendRequest>::send_request", "ReturnValue.Future.Variant[crate::result::Result::Ok(0)]", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http2::SendRequest>::send_request", "ReturnValue.Future.Variant[crate::result::Result::Ok(0)]", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http1::SendRequest>::try_send_request", "ReturnValue.Future.Variant[crate::result::Result::Ok(0)]", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::conn::http2::SendRequest>::try_send_request", "ReturnValue.Future.Variant[crate::result::Result::Ok(0)]", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::Client>::get", "ReturnValue.Future", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper:hyper", "<crate::client::Client>::request", "ReturnValue.Future", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper-util:hyper-util", "<crate::client::legacy::Client>::get", "ReturnValue.Future", "remote", "manual"]
+      - ["repo:https://github.com/hyperium/hyper-util:hyper-util", "<crate::client::legacy::Client>::request", "ReturnValue.Future", "remote", "manual"]

rust/ql/test/library-tests/dataflow/global/inline-flow.expected

@@ -42,13 +42,17 @@ edges
 | main.rs:101:13:101:30 | mn.data_through(...) | main.rs:101:9:101:9 | b | provenance |  |
 | main.rs:101:29:101:29 | a | main.rs:77:28:77:33 | ...: i64 | provenance |  |
 | main.rs:101:29:101:29 | a | main.rs:101:13:101:30 | mn.data_through(...) | provenance |  |
-| main.rs:139:25:139:30 | ...: i64 | main.rs:140:10:140:10 | c | provenance |  |
-| main.rs:140:6:140:6 | [post] n [&ref] | main.rs:139:12:139:22 | ...: ... [Return] [&ref] | provenance |  |
-| main.rs:140:10:140:10 | c | main.rs:140:6:140:6 | [post] n [&ref] | provenance |  |
-| main.rs:148:13:148:13 | [post] m [&ref] | main.rs:149:11:149:11 | m [&ref] | provenance |  |
-| main.rs:148:16:148:25 | source(...) | main.rs:139:25:139:30 | ...: i64 | provenance |  |
-| main.rs:148:16:148:25 | source(...) | main.rs:148:13:148:13 | [post] m [&ref] | provenance |  |
-| main.rs:149:11:149:11 | m [&ref] | main.rs:149:10:149:11 | * ... | provenance |  |
+| main.rs:138:9:138:9 | a | main.rs:139:10:139:10 | a | provenance |  |
+| main.rs:138:13:138:21 | source(...) | main.rs:138:9:138:9 | a | provenance |  |
+| main.rs:148:13:148:13 | c | main.rs:149:14:149:14 | c | provenance |  |
+| main.rs:148:17:148:25 | source(...) | main.rs:148:13:148:13 | c | provenance |  |
+| main.rs:164:25:164:30 | ...: i64 | main.rs:165:10:165:10 | c | provenance |  |
+| main.rs:165:6:165:6 | [post] n [&ref] | main.rs:164:12:164:22 | ...: ... [Return] [&ref] | provenance |  |
+| main.rs:165:10:165:10 | c | main.rs:165:6:165:6 | [post] n [&ref] | provenance |  |
+| main.rs:173:13:173:13 | [post] m [&ref] | main.rs:174:11:174:11 | m [&ref] | provenance |  |
+| main.rs:173:16:173:25 | source(...) | main.rs:164:25:164:30 | ...: i64 | provenance |  |
+| main.rs:173:16:173:25 | source(...) | main.rs:173:13:173:13 | [post] m [&ref] | provenance |  |
+| main.rs:174:11:174:11 | m [&ref] | main.rs:174:10:174:11 | * ... | provenance |  |
 nodes
 | main.rs:12:28:14:1 | { ... } | semmle.label | { ... } |
 | main.rs:13:5:13:13 | source(...) | semmle.label | source(...) |
@@ -99,20 +103,26 @@ nodes
 | main.rs:101:13:101:30 | mn.data_through(...) | semmle.label | mn.data_through(...) |
 | main.rs:101:29:101:29 | a | semmle.label | a |
 | main.rs:102:10:102:10 | b | semmle.label | b |
-| main.rs:139:12:139:22 | ...: ... [Return] [&ref] | semmle.label | ...: ... [Return] [&ref] |
-| main.rs:139:25:139:30 | ...: i64 | semmle.label | ...: i64 |
-| main.rs:140:6:140:6 | [post] n [&ref] | semmle.label | [post] n [&ref] |
-| main.rs:140:10:140:10 | c | semmle.label | c |
-| main.rs:148:13:148:13 | [post] m [&ref] | semmle.label | [post] m [&ref] |
-| main.rs:148:16:148:25 | source(...) | semmle.label | source(...) |
-| main.rs:149:10:149:11 | * ... | semmle.label | * ... |
-| main.rs:149:11:149:11 | m [&ref] | semmle.label | m [&ref] |
+| main.rs:138:9:138:9 | a | semmle.label | a |
+| main.rs:138:13:138:21 | source(...) | semmle.label | source(...) |
+| main.rs:139:10:139:10 | a | semmle.label | a |
+| main.rs:148:13:148:13 | c | semmle.label | c |
+| main.rs:148:17:148:25 | source(...) | semmle.label | source(...) |
+| main.rs:149:14:149:14 | c | semmle.label | c |
+| main.rs:164:12:164:22 | ...: ... [Return] [&ref] | semmle.label | ...: ... [Return] [&ref] |
+| main.rs:164:25:164:30 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:165:6:165:6 | [post] n [&ref] | semmle.label | [post] n [&ref] |
+| main.rs:165:10:165:10 | c | semmle.label | c |
+| main.rs:173:13:173:13 | [post] m [&ref] | semmle.label | [post] m [&ref] |
+| main.rs:173:16:173:25 | source(...) | semmle.label | source(...) |
+| main.rs:174:10:174:11 | * ... | semmle.label | * ... |
+| main.rs:174:11:174:11 | m [&ref] | semmle.label | m [&ref] |
 subpaths
 | main.rs:36:26:36:26 | a | main.rs:30:17:30:22 | ...: i64 | main.rs:30:32:32:1 | { ... } | main.rs:36:13:36:27 | pass_through(...) |
 | main.rs:41:26:44:5 | { ... } | main.rs:30:17:30:22 | ...: i64 | main.rs:30:32:32:1 | { ... } | main.rs:41:13:44:6 | pass_through(...) |
 | main.rs:55:26:55:26 | a | main.rs:51:21:51:26 | ...: i64 | main.rs:51:36:53:5 | { ... } | main.rs:55:13:55:27 | pass_through(...) |
 | main.rs:101:29:101:29 | a | main.rs:77:28:77:33 | ...: i64 | main.rs:77:43:83:5 | { ... } | main.rs:101:13:101:30 | mn.data_through(...) |
-| main.rs:148:16:148:25 | source(...) | main.rs:139:25:139:30 | ...: i64 | main.rs:139:12:139:22 | ...: ... [Return] [&ref] | main.rs:148:13:148:13 | [post] m [&ref] |
+| main.rs:173:16:173:25 | source(...) | main.rs:164:25:164:30 | ...: i64 | main.rs:164:12:164:22 | ...: ... [Return] [&ref] | main.rs:173:13:173:13 | [post] m [&ref] |
 testFailures
 #select
 | main.rs:18:10:18:10 | a | main.rs:13:5:13:13 | source(...) | main.rs:18:10:18:10 | a | $@ | main.rs:13:5:13:13 | source(...) | source(...) |
@@ -123,4 +133,6 @@ testFailures
 | main.rs:68:14:68:14 | n | main.rs:94:13:94:21 | source(...) | main.rs:68:14:68:14 | n | $@ | main.rs:94:13:94:21 | source(...) | source(...) |
 | main.rs:89:10:89:10 | a | main.rs:74:13:74:21 | source(...) | main.rs:89:10:89:10 | a | $@ | main.rs:74:13:74:21 | source(...) | source(...) |
 | main.rs:102:10:102:10 | b | main.rs:100:13:100:21 | source(...) | main.rs:102:10:102:10 | b | $@ | main.rs:100:13:100:21 | source(...) | source(...) |
-| main.rs:149:10:149:11 | * ... | main.rs:148:16:148:25 | source(...) | main.rs:149:10:149:11 | * ... | $@ | main.rs:148:16:148:25 | source(...) | source(...) |
+| main.rs:139:10:139:10 | a | main.rs:138:13:138:21 | source(...) | main.rs:139:10:139:10 | a | $@ | main.rs:138:13:138:21 | source(...) | source(...) |
+| main.rs:149:14:149:14 | c | main.rs:148:17:148:25 | source(...) | main.rs:149:14:149:14 | c | $@ | main.rs:148:17:148:25 | source(...) | source(...) |
+| main.rs:174:10:174:11 | * ... | main.rs:173:16:173:25 | source(...) | main.rs:174:10:174:11 | * ... | $@ | main.rs:173:16:173:25 | source(...) | source(...) |

rust/ql/test/library-tests/dataflow/global/main.rs

@@ -134,6 +134,31 @@ pub fn test_operator_overloading() {
     sink(d.value); // $ MISSING: hasValueFlow=7
 }
 
+async fn async_source() -> i64 {
+    let a = source(1);
+    sink(a); // $ hasValueFlow=1
+    a
+}
+
+async fn test_async_await_async_part() {
+    let a = async_source().await;
+    sink(a); // $ MISSING: hasValueFlow=1
+
+    let b = async {
+        let c = source(2);
+        sink(c); // $ hasValueFlow=2
+        c
+    };
+    sink(b.await); // $ MISSING: hasValueFlow=2
+}
+
+fn test_async_await() {
+    let a = futures::executor::block_on(async_source());
+    sink(a); // $ MISSING: hasValueFlow=1
+
+    futures::executor::block_on(test_async_await_async_part());
+}
+
 // Flow out of mutable parameters.
 
 fn set_int(n: &mut i64, c: i64) {
@@ -168,6 +193,7 @@ fn main() {
     data_through_method();
 
     test_operator_overloading();
+    test_async_await();
     mutates_argument_1();
     mutates_argument_2();
 }

rust/ql/test/library-tests/dataflow/global/options.yml

@@ -0,0 +1,3 @@
+qltest_cargo_check: true
+qltest_dependencies:
+    - futures = { version = "0.3" }

rust/ql/test/library-tests/dataflow/global/viableCallable.expected

@@ -29,21 +29,32 @@
 | main.rs:131:28:131:36 | source(...) | main.rs:1:1:3:1 | fn source |
 | main.rs:133:13:133:20 | a.add(...) | main.rs:114:5:117:5 | fn add |
 | main.rs:134:5:134:17 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:147:5:147:12 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:148:5:148:26 | set_int(...) | main.rs:139:1:141:1 | fn set_int |
-| main.rs:148:16:148:25 | source(...) | main.rs:1:1:3:1 | fn source |
-| main.rs:149:5:149:12 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:155:5:155:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:156:5:156:31 | set_int(...) | main.rs:139:1:141:1 | fn set_int |
-| main.rs:156:21:156:30 | source(...) | main.rs:1:1:3:1 | fn source |
+| main.rs:138:13:138:21 | source(...) | main.rs:1:1:3:1 | fn source |
+| main.rs:139:5:139:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
+| main.rs:144:13:144:26 | async_source(...) | main.rs:137:1:141:1 | fn async_source |
+| main.rs:145:5:145:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
+| main.rs:148:17:148:25 | source(...) | main.rs:1:1:3:1 | fn source |
+| main.rs:149:9:149:15 | sink(...) | main.rs:5:1:7:1 | fn sink |
+| main.rs:152:5:152:17 | sink(...) | main.rs:5:1:7:1 | fn sink |
+| main.rs:156:41:156:54 | async_source(...) | main.rs:137:1:141:1 | fn async_source |
 | main.rs:157:5:157:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:161:5:161:22 | data_out_of_call(...) | main.rs:16:1:19:1 | fn data_out_of_call |
-| main.rs:162:5:162:21 | data_in_to_call(...) | main.rs:25:1:28:1 | fn data_in_to_call |
-| main.rs:163:5:163:23 | data_through_call(...) | main.rs:34:1:38:1 | fn data_through_call |
-| main.rs:164:5:164:34 | data_through_nested_function(...) | main.rs:48:1:57:1 | fn data_through_nested_function |
-| main.rs:166:5:166:24 | data_out_of_method(...) | main.rs:86:1:90:1 | fn data_out_of_method |
-| main.rs:167:5:167:28 | data_in_to_method_call(...) | main.rs:92:1:96:1 | fn data_in_to_method_call |
-| main.rs:168:5:168:25 | data_through_method(...) | main.rs:98:1:103:1 | fn data_through_method |
-| main.rs:170:5:170:31 | test_operator_overloading(...) | main.rs:120:1:135:1 | fn test_operator_overloading |
-| main.rs:171:5:171:24 | mutates_argument_1(...) | main.rs:143:1:150:1 | fn mutates_argument_1 |
-| main.rs:172:5:172:24 | mutates_argument_2(...) | main.rs:152:1:158:1 | fn mutates_argument_2 |
+| main.rs:159:33:159:61 | test_async_await_async_part(...) | main.rs:143:1:153:1 | fn test_async_await_async_part |
+| main.rs:172:5:172:12 | sink(...) | main.rs:5:1:7:1 | fn sink |
+| main.rs:173:5:173:26 | set_int(...) | main.rs:164:1:166:1 | fn set_int |
+| main.rs:173:16:173:25 | source(...) | main.rs:1:1:3:1 | fn source |
+| main.rs:174:5:174:12 | sink(...) | main.rs:5:1:7:1 | fn sink |
+| main.rs:180:5:180:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
+| main.rs:181:5:181:31 | set_int(...) | main.rs:164:1:166:1 | fn set_int |
+| main.rs:181:21:181:30 | source(...) | main.rs:1:1:3:1 | fn source |
+| main.rs:182:5:182:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
+| main.rs:186:5:186:22 | data_out_of_call(...) | main.rs:16:1:19:1 | fn data_out_of_call |
+| main.rs:187:5:187:21 | data_in_to_call(...) | main.rs:25:1:28:1 | fn data_in_to_call |
+| main.rs:188:5:188:23 | data_through_call(...) | main.rs:34:1:38:1 | fn data_through_call |
+| main.rs:189:5:189:34 | data_through_nested_function(...) | main.rs:48:1:57:1 | fn data_through_nested_function |
+| main.rs:191:5:191:24 | data_out_of_method(...) | main.rs:86:1:90:1 | fn data_out_of_method |
+| main.rs:192:5:192:28 | data_in_to_method_call(...) | main.rs:92:1:96:1 | fn data_in_to_method_call |
+| main.rs:193:5:193:25 | data_through_method(...) | main.rs:98:1:103:1 | fn data_through_method |
+| main.rs:195:5:195:31 | test_operator_overloading(...) | main.rs:120:1:135:1 | fn test_operator_overloading |
+| main.rs:196:5:196:22 | test_async_await(...) | main.rs:155:1:160:1 | fn test_async_await |
+| main.rs:197:5:197:24 | mutates_argument_1(...) | main.rs:168:1:175:1 | fn mutates_argument_1 |
+| main.rs:198:5:198:24 | mutates_argument_2(...) | main.rs:177:1:183:1 | fn mutates_argument_2 |

rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected

@@ -1,2 +1,2 @@
 identityLocalStep
-| main.rs:425:9:425:20 | phi(default_name) | Node steps to itself |
+| main.rs:428:9:428:20 | phi(default_name) | Node steps to itself |