Rust: Test and model some string and iterator methods#18701
Rust: Test and model some string and iterator methods#18701geoffw0 merged 23 commits intogithub:mainfrom
Conversation
There was a problem hiding this comment.
PR Overview
This PR adds dataflow coverage for string parsing and iterator methods. It introduces new tests covering .parse, .to_string, and iterator usage in the local code, while also adding corresponding dataflow models in lang-core.model.yml.
- Adds tests for .parse and .to_string in main.rs
- Augments the dataflow model for parse and to_string in lang-core.model.yml
- Extends environment argument tests in sources/test.rs
Changes
| File | Description |
|---|---|
| rust/ql/test/library-tests/dataflow/local/main.rs | Adds new functions to test .parse, .to_string, and iterator behavior |
| rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml | Adds dataflow modeling lines for parse and to_string |
| rust/ql/test/library-tests/dataflow/sources/test.rs | Adds an additional arg parse test case |
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more
The model looks fine to me and my guess would be the same as yours, that it's the |
|
I'll have a closer look at those |
|
Ah, it looks like there's some overlap between this and #18621 . It probably makes sense to get that merged first, then merge latest |
| vs.iter().map(|x| sink(*x)); // $ MISSING: hasValueFlow=91 | ||
| vs.iter().for_each(|x| sink(*x)); // $ MISSING: hasValueFlow=91 | ||
|
|
||
| for v in vs.into_iter() { |
There was a problem hiding this comment.
For this call to into_iter() (from the IntoIter trait), we don't seem to have a result for resolvable_resolved_paths.
There was a problem hiding this comment.
@hvitved would you mind taking a quick look?
There was a problem hiding this comment.
I've created an issue to track this (to separate this concern from merging the PR). I'm keen to hear what people think we need to do.
…es of this query at some point; it's good that flow reaches it now).
|
note to self: I need to replace |
|
Done:
|
|
I didn't have much luck fixing the models with data flow as it is now - I can see nothing obviously wrong with them, writing them a few different ways (including in QL) didn't seem to help, and guessing that some things should be a |
|
Fixed merge conflict. There's some follow-up work, but it's all written up in issues. The sooner we merge this the better. |
3 participants
I decided to take a moment to test and model some string and iterator methods that I'm coming across frequently, in particular I want to get flow through the chain:
(
std::env::args()being a flow source)Modelling the string methods I wanted went fine (
.parseand its inverse.to_string), but I don't seem to be able to produce a working MaD model (that is, one producing any flow edges) for any of the iterator methods (.iter,.next,.nthetc). I'm suspicious of the paths I've been using, for example for.iterfor example I get:suggesting a model along the lines of:
I'm also suspicious of the reference return values causing problems.
@hvitved @paldepind do you have any thoughts?