From dfa3b82a688f3cc5f4425f02d7a6428cdfc44892 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Tue, 17 Dec 2024 16:15:55 +0100
Subject: [PATCH] Rust: Address review comments

---
 .../rust/dataflow/internal/DataFlowImpl.qll   |  2 +-
 .../codeql/rust/dataflow/internal/SsaImpl.qll | 18 +++----
 .../rust/elements/internal/VariableImpl.qll   |  1 +
 .../codeql/rust/frameworks/reqwest.model.yml  |  2 +-
 .../frameworks/stdlib/lang-core.model.yml     |  1 -
 .../dataflow/local/DataFlowStep.expected      |  1 +
 .../dataflow/pointers/inline-flow.expected    | 51 ++++++++++++++++---
 .../dataflow/pointers/inline-flow.ql          |  2 +-
 .../strings/inline-taint-flow.expected        | 50 +++++++++++++++---
 .../dataflow/strings/inline-taint-flow.ql     |  2 +-
 .../dataflow/taint/TaintFlowStep.expected     |  9 ++--
 .../security/CWE-089/SqlInjection.expected    | 22 ++++----
 12 files changed, 117 insertions(+), 44 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
index f718afa4887d8..39c0c2c4185e3 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -712,7 +712,7 @@ private class CapturedVariableContent extends Content, TCapturedVariableContent
   override string toString() { result = "captured " + v }
 }
 
-/** A value refered to by a reference. */
+/** A value referred to by a reference. */
 final class ReferenceContent extends Content, TReferenceContent {
   override string toString() { result = "&ref" }
 }
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
index 75b52b16c7070..f2078999e60d7 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
@@ -88,22 +88,16 @@ module SsaInput implements SsaImplCommon::InputSig<Location> {
     |
       va instanceof VariableReadAccess
       or
+      // For immutable variables, we model a read when they are borrowed
+      // (although the actual read happens later, if at all).
+      va = any(RefExpr re).getExpr()
+      or
       // Although compound assignments, like `x += y`, may in fact not read `x`,
       // it makes sense to treat them as such
       va = any(CompoundAssignmentExpr cae).getLhs()
     ) and
     certain = true
     or
-    // For immutable variables, we model a read when they are borrowed (although the
-    // actual read happens later, if at all). This only affects the SSA liveness
-    // analysis.
-    exists(VariableAccess va |
-      va = any(RefExpr re).getExpr() and
-      va = bb.getNode(i).getAstNode() and
-      v = va.getVariable() and
-      certain = false
-    )
-    or
     capturedCallRead(_, bb, i, v) and certain = false
     or
     capturedExitRead(bb, i, v) and certain = false
@@ -146,7 +140,9 @@ private predicate adjacentDefReadExt(
 
 /** Holds if `v` is read at index `i` in basic block `bb`. */
 private predicate variableReadActual(BasicBlock bb, int i, Variable v) {
-  exists(VariableReadAccess read |
+  exists(VariableAccess read |
+    read instanceof VariableReadAccess or read = any(RefExpr re).getExpr()
+  |
     read.getVariable() = v and
     read = bb.getNode(i).getAstNode()
   )
diff --git a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
index 61b81f266ec6c..b21cf924204ed 100644
--- a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
+++ b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll
@@ -484,6 +484,7 @@ module Impl {
   class VariableReadAccess extends VariableAccess {
     VariableReadAccess() {
       not this instanceof VariableWriteAccess and
+      not this = any(RefExpr re).getExpr() and
       not this = any(CompoundAssignmentExpr cae).getLhs()
     }
   }
diff --git a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
index 48835844e50cc..8b2b9afc79b44 100644
--- a/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/reqwest.model.yml
@@ -3,4 +3,4 @@ extensions:
       pack: codeql/rust-all
       extensible: summaryModel
     data:
-      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text", "Argument[self]", "ReturnValue", "taint", "manual"]
+      - ["repo:https://github.com/seanmonstar/reqwest:reqwest", "<crate::blocking::response::Response>::text", "Argument[self]", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "taint", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
index 9fc8d029a428f..30028d756b3d5 100644
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml
@@ -8,7 +8,6 @@ extensions:
       - ["lang:core", "<crate::option::Option>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self]", "ReturnValue", "taint", "manual"]
       # Result
       - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self]", "ReturnValue", "taint", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
index 31798fa0c4880..e77026b7e5c19 100644
--- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -458,6 +458,7 @@ localStep
 | main.rs:398:7:398:14 | [SSA] [input] SSA phi read(default_name) | main.rs:394:7:394:18 | [SSA] SSA phi read(default_name) |
 | main.rs:425:13:425:33 | result_questionmark(...) | main.rs:425:9:425:9 | _ |
 storeStep
+| file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text |
 | main.rs:94:14:94:22 | source(...) | tuple.0 | main.rs:94:13:94:26 | TupleExpr |
 | main.rs:94:25:94:25 | 2 | tuple.1 | main.rs:94:13:94:26 | TupleExpr |
 | main.rs:100:14:100:14 | 2 | tuple.0 | main.rs:100:13:100:30 | TupleExpr |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
index 9c4e671046b7e..4c3442683e76d 100644
--- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected
@@ -1,6 +1,45 @@
-ERROR: could not resolve module DefaultFlowTest (inline-flow.ql:7,8-23)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:8,8-17)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:10,6-15)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:10,34-43)
-ERROR: could not resolve module ValueFlow (inline-flow.ql:11,7-16)
-ERROR: could not resolve module utils.InlineFlowTest (inline-flow.ql:6,8-28)
+models
+edges
+| main.rs:13:9:13:9 | a | main.rs:14:14:14:14 | a | provenance |  |
+| main.rs:13:13:13:22 | source(...) | main.rs:13:9:13:9 | a | provenance |  |
+| main.rs:14:9:14:9 | b [&ref] | main.rs:15:14:15:14 | b [&ref] | provenance |  |
+| main.rs:14:13:14:14 | &a [&ref] | main.rs:14:9:14:9 | b [&ref] | provenance |  |
+| main.rs:14:14:14:14 | a | main.rs:14:13:14:14 | &a [&ref] | provenance |  |
+| main.rs:15:9:15:9 | c | main.rs:16:10:16:10 | c | provenance |  |
+| main.rs:15:13:15:14 | * ... | main.rs:15:9:15:9 | c | provenance |  |
+| main.rs:15:14:15:14 | b [&ref] | main.rs:15:13:15:14 | * ... | provenance |  |
+| main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:41:15:41:18 | self [MyNumber] | provenance |  |
+| main.rs:41:15:41:18 | self [MyNumber] | main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | provenance |  |
+| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | main.rs:42:32:42:37 | number | provenance |  |
+| main.rs:42:32:42:37 | number | main.rs:40:31:46:5 | { ... } | provenance |  |
+| main.rs:58:9:58:17 | my_number [MyNumber] | main.rs:59:10:59:18 | my_number [MyNumber] | provenance |  |
+| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | main.rs:58:9:58:17 | my_number [MyNumber] | provenance |  |
+| main.rs:58:40:58:49 | source(...) | main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | provenance |  |
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | provenance |  |
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:59:10:59:30 | my_number.to_number(...) | provenance |  |
+nodes
+| main.rs:13:9:13:9 | a | semmle.label | a |
+| main.rs:13:13:13:22 | source(...) | semmle.label | source(...) |
+| main.rs:14:9:14:9 | b [&ref] | semmle.label | b [&ref] |
+| main.rs:14:13:14:14 | &a [&ref] | semmle.label | &a [&ref] |
+| main.rs:14:14:14:14 | a | semmle.label | a |
+| main.rs:15:9:15:9 | c | semmle.label | c |
+| main.rs:15:13:15:14 | * ... | semmle.label | * ... |
+| main.rs:15:14:15:14 | b [&ref] | semmle.label | b [&ref] |
+| main.rs:16:10:16:10 | c | semmle.label | c |
+| main.rs:40:18:40:21 | SelfParam [MyNumber] | semmle.label | SelfParam [MyNumber] |
+| main.rs:40:31:46:5 | { ... } | semmle.label | { ... } |
+| main.rs:41:15:41:18 | self [MyNumber] | semmle.label | self [MyNumber] |
+| main.rs:42:13:42:38 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
+| main.rs:42:32:42:37 | number | semmle.label | number |
+| main.rs:58:9:58:17 | my_number [MyNumber] | semmle.label | my_number [MyNumber] |
+| main.rs:58:21:58:50 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] |
+| main.rs:58:40:58:49 | source(...) | semmle.label | source(...) |
+| main.rs:59:10:59:18 | my_number [MyNumber] | semmle.label | my_number [MyNumber] |
+| main.rs:59:10:59:30 | my_number.to_number(...) | semmle.label | my_number.to_number(...) |
+subpaths
+| main.rs:59:10:59:18 | my_number [MyNumber] | main.rs:40:18:40:21 | SelfParam [MyNumber] | main.rs:40:31:46:5 | { ... } | main.rs:59:10:59:30 | my_number.to_number(...) |
+testFailures
+#select
+| main.rs:16:10:16:10 | c | main.rs:13:13:13:22 | source(...) | main.rs:16:10:16:10 | c | $@ | main.rs:13:13:13:22 | source(...) | source(...) |
+| main.rs:59:10:59:30 | my_number.to_number(...) | main.rs:58:40:58:49 | source(...) | main.rs:59:10:59:30 | my_number.to_number(...) | $@ | main.rs:58:40:58:49 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
index ad553fe548dc9..e399ea0e5d71d 100644
--- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
+++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.ql
@@ -3,7 +3,7 @@
  */
 
 import rust
-import utils.InlineFlowTest
+import utils.test.InlineFlowTest
 import DefaultFlowTest
 import ValueFlow::PathGraph
 
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
index 16bca2d4d8648..e59994c86ccc0 100644
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected
@@ -1,6 +1,44 @@
-ERROR: could not resolve module DefaultFlowTest (inline-taint-flow.ql:7,8-23)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:8,8-17)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:10,6-15)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:10,34-43)
-ERROR: could not resolve module TaintFlow (inline-taint-flow.ql:11,7-16)
-ERROR: could not resolve module utils.InlineFlowTest (inline-taint-flow.ql:6,8-28)
+models
+| 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
+edges
+| main.rs:20:9:20:9 | s | main.rs:21:9:21:14 | sliced | provenance |  |
+| main.rs:20:9:20:9 | s | main.rs:21:19:21:25 | s[...] | provenance |  |
+| main.rs:20:13:20:22 | source(...) | main.rs:20:9:20:9 | s | provenance |  |
+| main.rs:21:9:21:14 | sliced | main.rs:22:16:22:21 | sliced | provenance |  |
+| main.rs:21:9:21:14 | sliced [&ref] | main.rs:22:16:22:21 | sliced | provenance |  |
+| main.rs:21:18:21:25 | &... [&ref] | main.rs:21:9:21:14 | sliced [&ref] | provenance |  |
+| main.rs:21:19:21:25 | s[...] | main.rs:21:18:21:25 | &... [&ref] | provenance |  |
+| main.rs:26:9:26:10 | s1 | main.rs:29:9:29:10 | s4 | provenance |  |
+| main.rs:26:14:26:23 | source(...) | main.rs:26:9:26:10 | s1 | provenance |  |
+| main.rs:29:9:29:10 | s4 | main.rs:32:10:32:11 | s4 | provenance |  |
+| main.rs:37:9:37:10 | s1 | main.rs:40:10:40:35 | ... + ... | provenance |  |
+| main.rs:37:14:37:23 | source(...) | main.rs:37:9:37:10 | s1 | provenance |  |
+| main.rs:57:9:57:9 | s | main.rs:58:16:58:16 | s | provenance |  |
+| main.rs:57:13:57:22 | source(...) | main.rs:57:9:57:9 | s | provenance |  |
+| main.rs:58:16:58:16 | s | main.rs:58:16:58:25 | s.as_str(...) | provenance | MaD:1 |
+nodes
+| main.rs:20:9:20:9 | s | semmle.label | s |
+| main.rs:20:13:20:22 | source(...) | semmle.label | source(...) |
+| main.rs:21:9:21:14 | sliced | semmle.label | sliced |
+| main.rs:21:9:21:14 | sliced [&ref] | semmle.label | sliced [&ref] |
+| main.rs:21:18:21:25 | &... [&ref] | semmle.label | &... [&ref] |
+| main.rs:21:19:21:25 | s[...] | semmle.label | s[...] |
+| main.rs:22:16:22:21 | sliced | semmle.label | sliced |
+| main.rs:26:9:26:10 | s1 | semmle.label | s1 |
+| main.rs:26:14:26:23 | source(...) | semmle.label | source(...) |
+| main.rs:29:9:29:10 | s4 | semmle.label | s4 |
+| main.rs:32:10:32:11 | s4 | semmle.label | s4 |
+| main.rs:37:9:37:10 | s1 | semmle.label | s1 |
+| main.rs:37:14:37:23 | source(...) | semmle.label | source(...) |
+| main.rs:40:10:40:35 | ... + ... | semmle.label | ... + ... |
+| main.rs:57:9:57:9 | s | semmle.label | s |
+| main.rs:57:13:57:22 | source(...) | semmle.label | source(...) |
+| main.rs:58:16:58:16 | s | semmle.label | s |
+| main.rs:58:16:58:25 | s.as_str(...) | semmle.label | s.as_str(...) |
+subpaths
+testFailures
+#select
+| main.rs:22:16:22:21 | sliced | main.rs:20:13:20:22 | source(...) | main.rs:22:16:22:21 | sliced | $@ | main.rs:20:13:20:22 | source(...) | source(...) |
+| main.rs:32:10:32:11 | s4 | main.rs:26:14:26:23 | source(...) | main.rs:32:10:32:11 | s4 | $@ | main.rs:26:14:26:23 | source(...) | source(...) |
+| main.rs:40:10:40:35 | ... + ... | main.rs:37:14:37:23 | source(...) | main.rs:40:10:40:35 | ... + ... | $@ | main.rs:37:14:37:23 | source(...) | source(...) |
+| main.rs:58:16:58:25 | s.as_str(...) | main.rs:57:13:57:22 | source(...) | main.rs:58:16:58:25 | s.as_str(...) | $@ | main.rs:57:13:57:22 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
index 2929ae90964f7..5dcb7ee70a9d2 100644
--- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
+++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.ql
@@ -3,7 +3,7 @@
  */
 
 import rust
-import utils.InlineFlowTest
+import utils.test.InlineFlowTest
 import DefaultFlowTest
 import TaintFlow::PathGraph
 
diff --git a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
index b044999e57fe7..a5963684d0008 100644
--- a/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
+++ b/rust/ql/test/library-tests/dataflow/taint/TaintFlowStep.expected
@@ -1,9 +1,8 @@
-| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:11 |
+| file://:0:0:0:0 | [summary param] self in lang:alloc::_::<crate::string::String>::as_str | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::<crate::string::String>::as_str | MaD:10 |
 | file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap | MaD:2 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::option::Option>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::option::Option>::unwrap_or | MaD:5 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap | MaD:7 |
-| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or | MaD:10 |
-| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap | MaD:6 |
+| file://:0:0:0:0 | [summary param] self in lang:core::_::<crate::result::Result>::unwrap_or | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::<crate::result::Result>::unwrap_or | MaD:9 |
+| file://:0:0:0:0 | [summary param] self in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | file://:0:0:0:0 | [summary] to write: ReturnValue.Variant[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::<crate::blocking::response::Response>::text | MaD:0 |
 | main.rs:4:5:4:8 | 1000 | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:4:12:4:12 | i | main.rs:4:5:4:12 | ... + ... |  |
 | main.rs:13:10:13:10 | a | main.rs:13:10:13:14 | ... + ... |  |
diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
index e04397c16347e..97649ce9c67e6 100644
--- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected
@@ -14,8 +14,8 @@
 | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:184:29:184:51 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:169:25:169:69 | ...::get(...) | user-provided value |
 edges
 | sqlx.rs:48:25:48:69 | ...::get(...) | sqlx.rs:48:25:48:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) | provenance | MaD:4 |
-| sqlx.rs:48:25:48:85 | ... .text(...) | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | provenance | MaD:4 |
+| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:3 |
 | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:65:30:65:43 | unsafe_query_2 | provenance |  |
 | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:66:30:66:43 | unsafe_query_3 | provenance |  |
 | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:76:29:76:42 | unsafe_query_2 | provenance |  |
@@ -25,8 +25,8 @@ edges
 | sqlx.rs:76:29:76:42 | unsafe_query_2 | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:77:29:77:42 | unsafe_query_3 | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:96:25:96:69 | ...::get(...) | sqlx.rs:96:25:96:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:96:25:96:78 | ... .unwrap(...) | sqlx.rs:96:25:96:85 | ... .text(...) | provenance | MaD:4 |
-| sqlx.rs:96:25:96:85 | ... .text(...) | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:96:25:96:78 | ... .unwrap(...) | sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | provenance | MaD:4 |
+| sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | provenance | MaD:3 |
 | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:104:30:104:43 | unsafe_query_1 | provenance |  |
 | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:109:31:109:44 | unsafe_query_1 | provenance |  |
 | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | sqlx.rs:116:29:116:42 | unsafe_query_1 | provenance |  |
@@ -42,8 +42,8 @@ edges
 | sqlx.rs:141:55:141:68 | unsafe_query_1 | sqlx.rs:141:55:141:77 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:149:29:149:42 | unsafe_query_1 | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
 | sqlx.rs:169:25:169:69 | ...::get(...) | sqlx.rs:169:25:169:78 | ... .unwrap(...) | provenance | MaD:2 |
-| sqlx.rs:169:25:169:78 | ... .unwrap(...) | sqlx.rs:169:25:169:85 | ... .text(...) | provenance | MaD:4 |
-| sqlx.rs:169:25:169:85 | ... .text(...) | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | provenance | MaD:3 |
+| sqlx.rs:169:25:169:78 | ... .unwrap(...) | sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | provenance | MaD:4 |
+| sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | provenance | MaD:3 |
 | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:177:30:177:43 | unsafe_query_1 | provenance |  |
 | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | sqlx.rs:184:29:184:42 | unsafe_query_1 | provenance |  |
 | sqlx.rs:177:30:177:43 | unsafe_query_1 | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | provenance | MaD:1 |
@@ -51,12 +51,12 @@ edges
 models
 | 1 | Summary: lang:alloc; <crate::string::String>::as_str; Argument[self]; ReturnValue; taint |
 | 2 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self]; ReturnValue; taint |
-| 3 | Summary: lang:core; <crate::result::Result>::unwrap_or; Argument[self]; ReturnValue; taint |
-| 4 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue; taint |
+| 3 | Summary: lang:core; <crate::result::Result>::unwrap_or; Argument[self].Variant[crate::result::Result::Ok(0)]; ReturnValue; value |
+| 4 | Summary: repo:https://github.com/seanmonstar/reqwest:reqwest; <crate::blocking::response::Response>::text; Argument[self]; ReturnValue.Variant[crate::result::Result::Ok(0)]; taint |
 nodes
 | sqlx.rs:48:25:48:69 | ...::get(...) | semmle.label | ...::get(...) |
 | sqlx.rs:48:25:48:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:48:25:48:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
 | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
 | sqlx.rs:65:30:65:43 | unsafe_query_2 | semmle.label | unsafe_query_2 |
 | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) |
@@ -68,7 +68,7 @@ nodes
 | sqlx.rs:77:29:77:51 | unsafe_query_3.as_str(...) | semmle.label | unsafe_query_3.as_str(...) |
 | sqlx.rs:96:25:96:69 | ...::get(...) | semmle.label | ...::get(...) |
 | sqlx.rs:96:25:96:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:96:25:96:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:96:25:96:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
 | sqlx.rs:96:25:96:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
 | sqlx.rs:104:30:104:43 | unsafe_query_1 | semmle.label | unsafe_query_1 |
 | sqlx.rs:104:30:104:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
@@ -86,7 +86,7 @@ nodes
 | sqlx.rs:149:29:149:51 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |
 | sqlx.rs:169:25:169:69 | ...::get(...) | semmle.label | ...::get(...) |
 | sqlx.rs:169:25:169:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
-| sqlx.rs:169:25:169:85 | ... .text(...) | semmle.label | ... .text(...) |
+| sqlx.rs:169:25:169:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] |
 | sqlx.rs:169:25:169:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
 | sqlx.rs:177:30:177:43 | unsafe_query_1 | semmle.label | unsafe_query_1 |
 | sqlx.rs:177:30:177:52 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) |