From 478f56b82f316fc0d05a4f5c968fb0ca6287a59c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 26 Feb 2026 12:17:10 +0000 Subject: [PATCH 1/2] Rust: Move the existing 'alloc' neutral models into alloc.model.yml. --- .../lib/codeql/rust/frameworks/stdlib/alloc.model.yml | 10 +++++++++- .../lib/codeql/rust/frameworks/stdlib/core.model.yml | 4 ---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml index 74432649bd83..8859bd1c3362 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml @@ -55,4 +55,12 @@ extensions: - ["::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"] # Vec - ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"] - - ["::deref", "Argument[self].Reference.Element", "ReturnValue.Reference.Element", "value", "manual"] \ No newline at end of file + - ["::deref", "Argument[self].Reference.Element", "ReturnValue.Reference.Element", "value", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: neutralModel + data: + - ["::from", "sink", "manual"] + - ["::from", "sink", "manual"] + - ["::from", "sink", "manual"] + - ["::from", "sink", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml index 5829d8915581..11a90cbe8ba1 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml @@ -165,11 +165,7 @@ extensions: extensible: neutralModel data: - ["::map", "sink", "manual"] - - ["::from", "sink", "manual"] - - ["::from", "sink", "manual"] - ["::from", "sink", "manual"] - - ["::from", "sink", "manual"] - - ["::from", "sink", "manual"] - addsTo: pack: codeql/rust-all extensible: excludeFieldTaintStep From f2dc5857514337e68e65d8aa158953b498e1558b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 26 Feb 2026 12:12:02 +0000 Subject: [PATCH 2/2] Rust: Convert split_off QL-defined barrier to a neutral model (which was always the intent). --- .../codeql/rust/frameworks/stdlib/alloc.model.yml | 2 ++ .../UncontrolledAllocationSizeExtensions.qll | 13 ------------- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml index 8859bd1c3362..78d1cbdec29e 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml @@ -64,3 +64,5 @@ extensions: - ["::from", "sink", "manual"] - ["::from", "sink", "manual"] - ["::from", "sink", "manual"] + - ["::split_off", "sink", "manual"] + - ["::split_off", "sink", "manual"] diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll index 0390ca779328..c6251563ea6f 100644 --- a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -63,17 +63,4 @@ module UncontrolledAllocationSize { branch = false ) } - - /** - * A barrier for uncontrolled allocation size flow into particular functions. - */ - private class ModeledBarrier extends Barrier { - ModeledBarrier() { - exists(MethodCall c | - c.getStaticTarget().getCanonicalPath() = - ["::split_off", "::split_off"] and - this.asExpr() = c.getAnArgument() - ) - } - } }