Rust: Only resolve deref methods on references to avoid blowup

Author: paldepind

rust/ql/lib/codeql/rust/internal/TypeInference.qll

@@ -1157,6 +1157,15 @@ final class MethodCall extends Call {
         (
           path0.isCons(TRefTypeParameter(), path)
           or
+          (
+            not path0.isCons(TRefTypeParameter(), _) and
+            not (path0.isEmpty() and result = TRefType())
+            or
+            // Ideally we should find all methods on reference types, but as
+            // that currently causes a blowup we limit this to the `deref`
+            // method in order to make dereferencing work.
+            this.getMethodName() = "deref"
+          ) and
           path = path0
         )
       |

rust/ql/test/library-tests/type-inference/main.rs

@@ -1157,14 +1157,14 @@ mod method_call_type_conversion {
         // https://doc.rust-lang.org/std/string/struct.String.html#deref.
         let u = x9.parse::<u32>(); // $ method=parse type=u:T.u32
 
-        let my_thing = &MyInt { a: 37 }; // $ SPURIOUS: type=my_thing:&T.&T.MyInt
+        let my_thing = &MyInt { a: 37 };
         // implicit borrow of a `&`
-        let a = my_thing.method_on_borrow(); // $ method=MyInt::method_on_borrow
+        let a = my_thing.method_on_borrow(); // $ MISSING: method=MyInt::method_on_borrow
         println!("{:?}", a);
 
         // no implicit borrow
         let my_thing = &MyInt { a: 38 };
-        let a = my_thing.method_not_on_borrow(); // $ method=MyInt::method_not_on_borrow
+        let a = my_thing.method_not_on_borrow(); // $ MISSING: method=MyInt::method_not_on_borrow
         println!("{:?}", a);
     }
 }

rust/ql/test/library-tests/type-inference/type-inference.expected

@@ -1675,39 +1675,25 @@ inferType
 | main.rs:1158:17:1158:33 | x9.parse() |  | {EXTERNAL LOCATION} | Result |
 | main.rs:1158:17:1158:33 | x9.parse() | T | {EXTERNAL LOCATION} | u32 |
 | main.rs:1160:13:1160:20 | my_thing |  | file://:0:0:0:0 | & |
-| main.rs:1160:13:1160:20 | my_thing | &T | file://:0:0:0:0 | & |
 | main.rs:1160:13:1160:20 | my_thing | &T | main.rs:1082:5:1085:5 | MyInt |
-| main.rs:1160:13:1160:20 | my_thing | &T.&T | main.rs:1082:5:1085:5 | MyInt |
 | main.rs:1160:24:1160:39 | &... |  | file://:0:0:0:0 | & |
-| main.rs:1160:24:1160:39 | &... | &T | file://:0:0:0:0 | & |
 | main.rs:1160:24:1160:39 | &... | &T | main.rs:1082:5:1085:5 | MyInt |
-| main.rs:1160:24:1160:39 | &... | &T.&T | main.rs:1082:5:1085:5 | MyInt |
-| main.rs:1160:25:1160:39 | MyInt {...} |  | file://:0:0:0:0 | & |
 | main.rs:1160:25:1160:39 | MyInt {...} |  | main.rs:1082:5:1085:5 | MyInt |
-| main.rs:1160:25:1160:39 | MyInt {...} | &T | main.rs:1082:5:1085:5 | MyInt |
 | main.rs:1160:36:1160:37 | 37 |  | {EXTERNAL LOCATION} | i32 |
 | main.rs:1160:36:1160:37 | 37 |  | {EXTERNAL LOCATION} | i64 |
-| main.rs:1162:13:1162:13 | a |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1162:17:1162:24 | my_thing |  | file://:0:0:0:0 | & |
-| main.rs:1162:17:1162:24 | my_thing | &T | file://:0:0:0:0 | & |
 | main.rs:1162:17:1162:24 | my_thing | &T | main.rs:1082:5:1085:5 | MyInt |
-| main.rs:1162:17:1162:24 | my_thing | &T.&T | main.rs:1082:5:1085:5 | MyInt |
-| main.rs:1162:17:1162:43 | my_thing.method_on_borrow() |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1163:18:1163:23 | "{:?}\\n" |  | {EXTERNAL LOCATION} | str |
-| main.rs:1163:26:1163:26 | a |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1166:13:1166:20 | my_thing |  | file://:0:0:0:0 | & |
 | main.rs:1166:13:1166:20 | my_thing | &T | main.rs:1082:5:1085:5 | MyInt |
 | main.rs:1166:24:1166:39 | &... |  | file://:0:0:0:0 | & |
 | main.rs:1166:24:1166:39 | &... | &T | main.rs:1082:5:1085:5 | MyInt |
 | main.rs:1166:25:1166:39 | MyInt {...} |  | main.rs:1082:5:1085:5 | MyInt |
 | main.rs:1166:36:1166:37 | 38 |  | {EXTERNAL LOCATION} | i32 |
 | main.rs:1166:36:1166:37 | 38 |  | {EXTERNAL LOCATION} | i64 |
-| main.rs:1167:13:1167:13 | a |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1167:17:1167:24 | my_thing |  | file://:0:0:0:0 | & |
 | main.rs:1167:17:1167:24 | my_thing | &T | main.rs:1082:5:1085:5 | MyInt |
-| main.rs:1167:17:1167:47 | my_thing.method_not_on_borrow() |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1168:18:1168:23 | "{:?}\\n" |  | {EXTERNAL LOCATION} | str |
-| main.rs:1168:26:1168:26 | a |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1175:16:1175:20 | SelfParam |  | file://:0:0:0:0 | & |
 | main.rs:1175:16:1175:20 | SelfParam | &T | main.rs:1173:5:1181:5 | Self [trait MyTrait] |
 | main.rs:1178:16:1178:20 | SelfParam |  | file://:0:0:0:0 | & |

rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected

@@ -5,9 +5,3 @@ multipleMethodCallTargets
 | test_logging.rs:78:22:78:38 | password.as_str() | file://:0:0:0:0 | fn as_str |
 | test_logging.rs:88:18:88:34 | password.as_str() | file://:0:0:0:0 | fn as_str |
 | test_logging.rs:88:18:88:34 | password.as_str() | file://:0:0:0:0 | fn as_str |
-| test_logging.rs:103:12:103:44 | ... .write_fmt(...) | file://:0:0:0:0 | fn write_fmt |
-| test_logging.rs:103:12:103:44 | ... .write_fmt(...) | file://:0:0:0:0 | fn write_fmt |
-| test_logging.rs:107:14:107:46 | ... .write_fmt(...) | file://:0:0:0:0 | fn write_fmt |
-| test_logging.rs:107:14:107:46 | ... .write_fmt(...) | file://:0:0:0:0 | fn write_fmt |
-| test_logging.rs:111:12:111:44 | ... .write_fmt(...) | file://:0:0:0:0 | fn write_fmt |
-| test_logging.rs:111:12:111:44 | ... .write_fmt(...) | file://:0:0:0:0 | fn write_fmt |

rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected

@@ -1,30 +1,30 @@
 multiplePathResolutions
-| main.rs:218:14:218:17 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:218:14:218:17 | libc | file://:0:0:0:0 | Crate([email protected]) |
+| main.rs:218:14:218:17 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:218:14:218:25 | ...::malloc | file://:0:0:0:0 | fn malloc |
 | main.rs:218:14:218:25 | ...::malloc | file://:0:0:0:0 | fn malloc |
-| main.rs:219:13:219:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:219:13:219:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
+| main.rs:219:13:219:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:219:13:219:24 | ...::malloc | file://:0:0:0:0 | fn malloc |
 | main.rs:219:13:219:24 | ...::malloc | file://:0:0:0:0 | fn malloc |
-| main.rs:220:13:220:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:220:13:220:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
+| main.rs:220:13:220:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:220:13:220:31 | ...::aligned_alloc | file://:0:0:0:0 | fn aligned_alloc |
 | main.rs:220:13:220:31 | ...::aligned_alloc | file://:0:0:0:0 | fn aligned_alloc |
-| main.rs:221:13:221:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:221:13:221:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
+| main.rs:221:13:221:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:221:13:221:31 | ...::aligned_alloc | file://:0:0:0:0 | fn aligned_alloc |
 | main.rs:221:13:221:31 | ...::aligned_alloc | file://:0:0:0:0 | fn aligned_alloc |
-| main.rs:222:13:222:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:222:13:222:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
+| main.rs:222:13:222:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:222:13:222:24 | ...::calloc | file://:0:0:0:0 | fn calloc |
 | main.rs:222:13:222:24 | ...::calloc | file://:0:0:0:0 | fn calloc |
-| main.rs:223:13:223:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:223:13:223:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
+| main.rs:223:13:223:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:223:13:223:24 | ...::calloc | file://:0:0:0:0 | fn calloc |
 | main.rs:223:13:223:24 | ...::calloc | file://:0:0:0:0 | fn calloc |
-| main.rs:224:13:224:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:224:13:224:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
+| main.rs:224:13:224:16 | libc | file://:0:0:0:0 | Crate([email protected]) |
 | main.rs:224:13:224:25 | ...::realloc | file://:0:0:0:0 | fn realloc |
 | main.rs:224:13:224:25 | ...::realloc | file://:0:0:0:0 | fn realloc |
 | main.rs:229:13:229:37 | ...::with_capacity | file://:0:0:0:0 | fn with_capacity |