Open
Conversation
…enerated sink models).
Contributor
There was a problem hiding this comment.
Pull request overview
Adds/adjusts Rust CodeQL modeling to reduce false positives from spurious generated sink models around map and from, and updates/extends security query tests to validate the new behavior.
Changes:
- Add manual flow summary models for
<core::option::Option>::mapand add neutral models to suppress generated sink models for selectedmap/From::fromimplementations. - Extend
CWE-770andCWE-117tests to cover the new modeling (including anaxum-based scenario) and update expected outputs/lockfile. - Add a changenote describing the analysis impact.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| rust/ql/test/query-tests/security/CWE-770/main.rs | Adds a regression test ensuring Vec::from/From::from aren’t treated as allocation-size sinks while keeping malloc(a) flagged. |
| rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected | Updates expected results for the modified CWE-770 test. |
| rust/ql/test/query-tests/security/CWE-117/options.yml | Adds axum dependency for new log-injection test coverage. |
| rust/ql/test/query-tests/security/CWE-117/main.rs | Adds non-sink From::from conversions and an axum routing/Option::map scenario to exercise new models. |
| rust/ql/test/query-tests/security/CWE-117/LogInjection.expected | Updates expected results/models to reflect new Option::map summary and axum source modeling. |
| rust/ql/test/query-tests/security/CWE-117/Cargo.lock | Updates lockfile to include axum (and related dependency resolution changes). |
| rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml | Adds Option::map flow summaries and adds neutralModel entries to suppress generated sink models for listed functions/impls. |
| rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md | Adds a changenote for the analysis/modeling change. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add neutral models for particular versions of
mapandfrom, where we have spurious generated sink models that are a common cause of false positive results.The exact variations (i.e. the data in
extensible: neutralModelincore.model.yml) is a bit of an untidy list, because adding a neutral model for<_ as core::convert::From>::fromdoesn't work at present. I'm sure we'll want to refine it later, it's also possible we may want to alter the model generator itself. Nevertheless results in the tests are good, and I expect to see a significant reduction in real world false positive results forrust/uncontrolled-allocation-sizeandrust/log-injection(DCA should confirm).I've also added a missing flow model for
<core::option::Option>::map, that was exposed by one of the test cases.