Rust: Improve models for environment sources, expect and unwrap

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

@@ -49,16 +49,12 @@ final class DataFlowCallable extends TDataFlowCallable {
 }
 
 final class DataFlowCall extends TDataFlowCall {
-  private CallExprBaseCfgNode call;
-
-  DataFlowCall() { this = TCall(call) }
-
   /** Gets the underlying call in the CFG, if any. */
-  CallExprCfgNode asCallExprCfgNode() { result = call }
+  CallExprCfgNode asCallExprCfgNode() { result = this.asCallBaseExprCfgNode() }
 
-  MethodCallExprCfgNode asMethodCallExprCfgNode() { result = call }
+  MethodCallExprCfgNode asMethodCallExprCfgNode() { result = this.asCallBaseExprCfgNode() }
 
-  CallExprBaseCfgNode asCallBaseExprCfgNode() { result = call }
+  CallExprBaseCfgNode asCallBaseExprCfgNode() { this = TCall(result) }
 
   predicate isSummaryCall(
     FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver
@@ -67,7 +63,7 @@ final class DataFlowCall extends TDataFlowCall {
   }
 
   DataFlowCallable getEnclosingCallable() {
-    result = TCfgScope(call.getExpr().getEnclosingCfgScope())
+    result = TCfgScope(this.asCallBaseExprCfgNode().getExpr().getEnclosingCfgScope())
     or
     exists(FlowSummaryImpl::Public::SummarizedCallable c |
       this.isSummaryCall(c, _) and
@@ -1298,10 +1294,14 @@ module RustDataFlow implements InputSig<Location> {
    * invoked expression.
    */
   predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
-    receiver.asExpr() = call.asCallExprCfgNode().getFunction() and
-    // All calls to complex expressions and local variable accesses are lambda call.
-    exists(Expr f | f = receiver.asExpr().getExpr() |
-      f instanceof PathExpr implies f = any(Variable v).getAnAccess()
+    (
+      receiver.asExpr() = call.asCallExprCfgNode().getFunction() and
+      // All calls to complex expressions and local variable accesses are lambda call.
+      exists(Expr f | f = receiver.asExpr().getExpr() |
+        f instanceof PathExpr implies f = any(Variable v).getAnAccess()
+      )
+      or
+      call.isSummaryCall(_, receiver.(Node::FlowSummaryNode).getSummaryNode())
     ) and
     exists(kind)
   }

rust/ql/lib/codeql/rust/frameworks/stdlib/env.model.yml

@@ -5,10 +5,10 @@ extensions:
     data:
       - ["lang:std", "crate::env::args", "ReturnValue", "command-line-source", "manual"]
       - ["lang:std", "crate::env::args_os", "ReturnValue", "command-line-source", "manual"]
-      - ["lang:std", "crate::env::current_dir", "ReturnValue", "command-line-source", "manual"]
-      - ["lang:std", "crate::env::current_exe", "ReturnValue", "command-line-source", "manual"]
-      - ["lang:std", "crate::env::home_dir", "ReturnValue", "command-line-source", "manual"]
-      - ["lang:std", "crate::env::var", "ReturnValue", "environment-source", "manual"]
-      - ["lang:std", "crate::env::var_os", "ReturnValue", "environment-source", "manual"]
+      - ["lang:std", "crate::env::current_dir", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::current_exe", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::home_dir", "ReturnValue.Variant[crate::option::Option::Some(0)]", "command-line-source", "manual"]
+      - ["lang:std", "crate::env::var", "ReturnValue.Variant[crate::result::Result::Ok(0)]", "environment-source", "manual"]
+      - ["lang:std", "crate::env::var_os", "ReturnValue.Variant[crate::option::Option::Some(0)]", "environment-source", "manual"]
       - ["lang:std", "crate::env::vars", "ReturnValue", "environment-source", "manual"]
       - ["lang:std", "crate::env::vars_os", "ReturnValue", "environment-source", "manual"]

rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml

@@ -3,18 +3,31 @@ extensions:
       pack: codeql/rust-all
       extensible: summaryModel
     data:
+      # Fmt
+      - ["lang:alloc", "crate::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"]
+      # Hint
+      - ["lang:core", "crate::hint::must_use", "Argument[0]", "ReturnValue", "value", "manual"]
       # Option
       - ["lang:core", "<crate::option::Option>::unwrap", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::option::Option>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::option::Option>::unwrap_or_default", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::option::Option>::unwrap_or_else", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::option::Option>::unwrap_or_else", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::option::Option>::unwrap_unchecked", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::option::Option>::expect", "Argument[self].Variant[crate::option::Option::Some(0)]", "ReturnValue", "value", "manual"]
       # Result
       - ["lang:core", "<crate::result::Result>::unwrap", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
       - ["lang:core", "<crate::result::Result>::unwrap_or", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_or_default", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_or_else", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_or_else", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_unchecked", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_err", "Argument[self].Variant[crate::result::Result::Err(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::unwrap_err_unchecked", "Argument[self].Variant[crate::result::Result::Err(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::expect", "Argument[self].Variant[crate::result::Result::Ok(0)]", "ReturnValue", "value", "manual"]
+      - ["lang:core", "<crate::result::Result>::expect_err", "Argument[self].Variant[crate::result::Result::Err(0)]", "ReturnValue", "value", "manual"]
       # String
       - ["lang:alloc", "<crate::string::String>::as_str", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["lang:alloc", "<crate::string::String>::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"]
-      # Hint
-      - ["lang:core", "crate::hint::must_use", "Argument[0]", "ReturnValue", "value", "manual"]
-      # Fmt
-      - ["lang:alloc", "crate::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"]

rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected

@@ -1,2 +1,2 @@
 identityLocalStep
-| main.rs:394:7:394:18 | phi(default_name) | Node steps to itself |
+| main.rs:412:9:412:20 | phi(default_name) | Node steps to itself |