Rust: Fix default source and sink in inline flow test #17995
Conversation
| @@ -10,15 +10,16 @@ private import codeql.rust.dataflow.internal.DataFlowImpl | |||
| private import codeql.rust.dataflow.internal.TaintTrackingImpl | |||
| private import internal.InlineExpectationsTestImpl as InlineExpectationsTestImpl | |||
|
|
|||
| // Holds if the target expression of `call` is a path and the string representation of the path is `name`. | |||
| private predicate callTargetName(CallExpr call, string name) { | |||
| call.getExpr().(PathExpr).getPath().toString() = name | |||
There was a problem hiding this comment.
I think we should define the toString of PathExpr to be result = this.getPath().toString() .
There was a problem hiding this comment.
That sounds good to me. I'll update the PR to do that instead :)
There was a problem hiding this comment.
In general, we ought to implement a lot of more sensible toStrings, but that is of course not for this PR...
There was a problem hiding this comment.
I've added the suggested toString on PathExpr. Note that this added two inconsistencies here because the Path nodes on the last two lines in gen_path_expr.rs doesn't have a string representation. I don't know if this is a bug in the extractor? When I explore the AST for that file I also see that the last two let statements doesn't have an initializer which seems odd?
There was a problem hiding this comment.
That's not an extractor error. The qualifier of a path like <TypeRef as Trait>::foo does not have a nameRef so the toString() fails. See also:
codeql/rust/ql/lib/codeql/rust/elements/internal/PathSegmentImpl.qll
Lines 23 to 26 in e081b9a
paldepind
force-pushed
the
rust-df-source-sink-fix
branch
from
32fcdff
to
4b4080e
Compare
Before
toStringwas called on aPathExprand we want to call it on thePath. This fixes a test failure in the very simplesink(source("taint"))case.