Merge pull request #21376 from geoffw0/splitoff2

geoffw0 · web-flow · commit be9c1d074fa4 · 2026-03-09T09:22:36.000Z
Rust: Update split_off models
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml
@@ -55,4 +55,14 @@ extensions:
       - ["<alloc::string::String as core::ops::arith::Add>::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"]
       # Vec
       - ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"]
-      - ["<alloc::vec::Vec as core::ops::deref::Deref>::deref", "Argument[self].Reference.Element", "ReturnValue.Reference.Element", "value", "manual"]
+      - ["<alloc::vec::Vec as core::ops::deref::Deref>::deref", "Argument[self].Reference.Element", "ReturnValue.Reference.Element", "value", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: neutralModel
+    data:
+      - ["<alloc::vec::Vec as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::collections::vec_deque::VecDeque as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::sync::Arc as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::rc::Rc as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::string::String>::split_off", "sink", "manual"]
+      - ["<alloc::vec::Vec>::split_off", "sink", "manual"]
diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
@@ -165,11 +165,7 @@ extensions:
       extensible: neutralModel
     data:
       - ["<core::option::Option>::map", "sink", "manual"]
-      - ["<alloc::vec::Vec as core::convert::From>::from", "sink", "manual"]
-      - ["<alloc::collections::vec_deque::VecDeque as core::convert::From>::from", "sink", "manual"]
       - ["<std::io::error::Error as core::convert::From>::from", "sink", "manual"]
-      - ["<alloc::sync::Arc as core::convert::From>::from", "sink", "manual"]
-      - ["<alloc::rc::Rc as core::convert::From>::from", "sink", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: excludeFieldTaintStep
diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll
@@ -63,17 +63,4 @@ module UncontrolledAllocationSize {
         branch = false
       )
   }
-
-  /**
-   * A barrier for uncontrolled allocation size flow into particular functions.
-   */
-  private class ModeledBarrier extends Barrier {
-    ModeledBarrier() {
-      exists(MethodCall c |
-        c.getStaticTarget().getCanonicalPath() =
-          ["<alloc::string::String>::split_off", "<alloc::vec::Vec>::split_off"] and
-        this.asExpr() = c.getAnArgument()
-      )
-    }
-  }
 }

Original file line number	Diff line number	Diff line change
`@@ -63,17 +63,4 @@ module UncontrolledAllocationSize {`
`63`	`63`	`branch = false`
`64`	`64`	`)`
`65`	`65`	`}`
`66`		`-`
`67`		`- /**`
`68`		`- * A barrier for uncontrolled allocation size flow into particular functions.`
`69`		`- */`
`70`		`- private class ModeledBarrier extends Barrier {`
`71`		`- ModeledBarrier() {`
`72`		`- exists(MethodCall c \|`
`73`		`- c.getStaticTarget().getCanonicalPath() =`
`74`		`- ["<alloc::string::String>::split_off", "<alloc::vec::Vec>::split_off"] and`
`75`		`- this.asExpr() = c.getAnArgument()`
`76`		`- )`
`77`		`- }`
`78`		`- }`
`79`	`66`	`}`