Skip to content

Commit 3792adf

Browse files
geoffw0geoffw0
committed
Rust: For now lets just exclude self parameters from the query sources.
1 parent 06c34fd commit 3792adf

File tree

3 files changed

+6
-18
lines changed

3 files changed

+6
-18
lines changed

rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,8 @@ module AccessAfterLifetime {
5757
// parameter
5858
exists(Callable c |
5959
var.getParameter().getEnclosingCallable() = c and
60-
scope.getParentNode() = c
60+
scope.getParentNode() = c and
61+
not var.getParameter() instanceof SelfParam
6162
)
6263
}
6364

rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,6 @@
2222
| lifetime.rs:667:14:667:17 | ref1 | lifetime.rs:655:11:655:25 | &raw const str2 | lifetime.rs:667:14:667:17 | ref1 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:651:7:651:10 | str2 | str2 |
2323
| lifetime.rs:789:12:789:13 | p1 | lifetime.rs:781:9:781:19 | &my_local10 | lifetime.rs:789:12:789:13 | p1 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:779:6:779:15 | my_local10 | my_local10 |
2424
| lifetime.rs:808:23:808:25 | ptr | lifetime.rs:798:9:798:12 | &val | lifetime.rs:808:23:808:25 | ptr | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:796:6:796:8 | val | val |
25-
| lifetime.rs:895:13:895:16 | ptr2 | lifetime.rs:880:3:880:23 | &raw const ... | lifetime.rs:895:13:895:16 | ptr2 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:879:25:879:28 | self | self |
26-
| lifetime.rs:903:21:903:24 | ptr2 | lifetime.rs:880:3:880:23 | &raw const ... | lifetime.rs:903:21:903:24 | ptr2 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:879:25:879:28 | self | self |
2725
| main.rs:64:23:64:24 | p2 | main.rs:44:26:44:28 | &b2 | main.rs:64:23:64:24 | p2 | Access of a pointer to $@ after its lifetime has ended. | main.rs:43:13:43:14 | b2 | b2 |
2826
edges
2927
| deallocation.rs:242:6:242:7 | p1 | deallocation.rs:245:14:245:15 | p1 | provenance | |
@@ -157,11 +155,6 @@ edges
157155
| lifetime.rs:798:9:798:12 | &val | lifetime.rs:798:2:798:12 | return ... | provenance | |
158156
| lifetime.rs:802:6:802:8 | ptr | lifetime.rs:808:23:808:25 | ptr | provenance | |
159157
| lifetime.rs:802:12:802:24 | get_pointer(...) | lifetime.rs:802:6:802:8 | ptr | provenance | |
160-
| lifetime.rs:879:45:882:5 | { ... } | lifetime.rs:892:10:892:23 | obj.get_ptr2() | provenance | |
161-
| lifetime.rs:880:3:880:23 | &raw const ... | lifetime.rs:879:45:882:5 | { ... } | provenance | |
162-
| lifetime.rs:892:3:892:6 | ptr2 | lifetime.rs:895:13:895:16 | ptr2 | provenance | |
163-
| lifetime.rs:892:3:892:6 | ptr2 | lifetime.rs:903:21:903:24 | ptr2 | provenance | |
164-
| lifetime.rs:892:10:892:23 | obj.get_ptr2() | lifetime.rs:892:3:892:6 | ptr2 | provenance | |
165158
| main.rs:18:9:18:10 | p1 [&ref] | main.rs:21:19:21:20 | p1 | provenance | |
166159
| main.rs:18:9:18:10 | p1 [&ref] | main.rs:29:19:29:20 | p1 | provenance | |
167160
| main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | main.rs:18:9:18:10 | p1 [&ref] | provenance | |
@@ -332,12 +325,6 @@ nodes
332325
| lifetime.rs:802:6:802:8 | ptr | semmle.label | ptr |
333326
| lifetime.rs:802:12:802:24 | get_pointer(...) | semmle.label | get_pointer(...) |
334327
| lifetime.rs:808:23:808:25 | ptr | semmle.label | ptr |
335-
| lifetime.rs:879:45:882:5 | { ... } | semmle.label | { ... } |
336-
| lifetime.rs:880:3:880:23 | &raw const ... | semmle.label | &raw const ... |
337-
| lifetime.rs:892:3:892:6 | ptr2 | semmle.label | ptr2 |
338-
| lifetime.rs:892:10:892:23 | obj.get_ptr2() | semmle.label | obj.get_ptr2() |
339-
| lifetime.rs:895:13:895:16 | ptr2 | semmle.label | ptr2 |
340-
| lifetime.rs:903:21:903:24 | ptr2 | semmle.label | ptr2 |
341328
| main.rs:18:9:18:10 | p1 [&ref] | semmle.label | p1 [&ref] |
342329
| main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | semmle.label | ...::as_ptr(...) [&ref] |
343330
| main.rs:18:26:18:28 | &b1 | semmle.label | &b1 |

rust/ql/test/query-tests/security/CWE-825/lifetime.rs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -877,7 +877,7 @@ impl MyObjectWithGetters {
877877
}
878878

879879
pub unsafe fn get_ptr2(self) -> *const i64 {
880-
&raw const self.value // $ Source[rust/access-after-lifetime-ended]=self_value
880+
&raw const self.value // $ MISSING: Source[rust/access-after-lifetime-ended]=self_value
881881
// (the returned pointer is valid as long as the containing object is)
882882
}
883883
}
@@ -891,16 +891,16 @@ pub fn test_struct_methods() {
891891
ptr1 = obj.get_ptr1();
892892
ptr2 = obj.get_ptr2();
893893

894-
let v1 = *ptr1;
895-
let v2 = *ptr2; // $ SPURIOUS: Alert[rust/access-after-lifetime-ended]=self_value
894+
let v1 = *ptr1; // GOOD
895+
let v2 = *ptr2; // GOOD
896896
println!(" v1 = {}", v1);
897897
println!(" v2 = {}", v2);
898898
}
899899

900900
use_the_stack();
901901

902902
let v3 = unsafe { *ptr1 }; // $ MISSING: Alert[rust/access-after-lifetime-ended]=self_value
903-
let v4 = unsafe { *ptr2 }; // $ Alert[rust/access-after-lifetime-ended]=self_value
903+
let v4 = unsafe { *ptr2 }; // $ MISSING: Alert[rust/access-after-lifetime-ended]=self_value
904904
println!(" v3 = {} (!)", v3);
905905
println!(" v4 = {} (!)", v4); // corrupt in practice
906906
}

0 commit comments

Comments
 (0)