github · geoffw0 · Aug 6, 2025 · Aug 19, 2025 · Aug 20, 2025 · Aug 20, 2025
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Improved modelling of the `std::fs`, `async_std::fs` and `tokio::fs` libraries. This may cause more alerts to be found by Rust injection queries, particularly `rust/path-injection`.
@@ -0,0 +1,42 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sourceModel
+    data:
+      - ["async_std::fs::read::read", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["async_std::fs::read_to_string::read_to_string", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["async_std::fs::read_link::read_link", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["<async_std::fs::dir_entry::DirEntry>::path", "ReturnValue", "file", "manual"]
+      - ["<async_std::fs::dir_entry::DirEntry>::file_name", "ReturnValue", "file", "manual"]
+      - ["<async_std::fs::file::File>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["<async_std::fs::open_options::OpenOptions>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sinkModel
+    data:
+      - ["async_std::fs::copy::copy", "Argument[0,1]", "path-injection", "manual"]
+      - ["async_std::fs::create_dir::create_dir", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::create_dir_all::create_dir_all", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::hard_link::hard_link", "Argument[0,1]", "path-injection", "manual"]
+      - ["async_std::fs::metadata::metadata", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::read::read", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::read_dir::read_dir", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::read_link::read_link", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::read_to_string::read_to_string", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::remove_dir::remove_dir", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::remove_dir_all::remove_dir_all", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::remove_file::remove_file", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::rename::rename", "Argument[0,1]", "path-injection", "manual"]
+      - ["async_std::fs::set_permissions::set_permissions", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::symlink_metadata::symlink_metadata", "Argument[0]", "path-injection", "manual"]
+      - ["async_std::fs::write::write", "Argument[0]", "path-injection", "manual"]
+      - ["<async_std::fs::dir_builder::DirBuilder>::create", "Argument[0]", "path-injection", "manual"]
+      - ["<async_std::fs::file::File>::create", "Argument[0]", "path-injection", "manual"]
+      - ["<async_std::fs::file::File>::open", "Argument[0]", "path-injection", "manual"]
+      - ["<async_std::fs::open_options::OpenOptions>::open", "Argument[0]", "path-injection", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: summaryModel
+    data:
+      - ["async_std::fs::canonicalize::canonicalize", "Argument[0].OptionalStep[normalize-path]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["async_std::fs::canonicalize::canonicalize", "Argument[0].OptionalBarrier[normalize-path]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
@@ -10,16 +10,15 @@ extensions:
       - ["<std::fs::DirEntry>::file_name", "ReturnValue", "file", "manual"]
       - ["<std::fs::File>::open", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
       - ["<std::fs::File>::open_buffered", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["<std::fs::OpenOptions>::open", "ReturnValue.Field[core::result::Result::Ok(0)]", "file", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: sinkModel
     data:
-      - ["std::fs::copy", "Argument[0]", "path-injection", "manual"]
-      - ["std::fs::copy", "Argument[1]", "path-injection", "manual"]
+      - ["std::fs::copy", "Argument[0,1]", "path-injection", "manual"]
       - ["std::fs::create_dir", "Argument[0]", "path-injection", "manual"]
       - ["std::fs::create_dir_all", "Argument[0]", "path-injection", "manual"]
-      - ["std::fs::hard_link", "Argument[0]", "path-injection", "manual"]
-      - ["std::fs::hard_link", "Argument[1]", "path-injection", "manual"]
+      - ["std::fs::hard_link", "Argument[0,1]", "path-injection", "manual"]
       - ["std::fs::metadata", "Argument[0]", "path-injection", "manual"]
       - ["std::fs::read", "Argument[0]", "path-injection", "manual"]
       - ["std::fs::read_dir", "Argument[0]", "path-injection", "manual"]
@@ -28,11 +27,9 @@ extensions:
       - ["std::fs::remove_dir", "Argument[0]", "path-injection", "manual"]
       - ["std::fs::remove_dir_all", "Argument[0]", "path-injection", "manual"]
       - ["std::fs::remove_file", "Argument[0]", "path-injection", "manual"]
-      - ["std::fs::rename", "Argument[0]", "path-injection", "manual"]
-      - ["std::fs::rename", "Argument[1]", "path-injection", "manual"]
+      - ["std::fs::rename", "Argument[0,1]", "path-injection", "manual"]
       - ["std::fs::set_permissions", "Argument[0]", "path-injection", "manual"]
-      - ["std::fs::soft_link", "Argument[0]", "path-injection", "manual"]
-      - ["std::fs::soft_link", "Argument[1]", "path-injection", "manual"]
+      - ["std::fs::soft_link", "Argument[0,1]", "path-injection", "manual"]
       - ["std::fs::symlink_metadata", "Argument[0]", "path-injection", "manual"]
       - ["std::fs::write", "Argument[0]", "path-injection", "manual"]
       - ["<std::fs::DirBuilder>::create", "Argument[0]", "path-injection", "manual"]
@@ -41,12 +38,34 @@ extensions:
       - ["<std::fs::File>::create_new", "Argument[0]", "path-injection", "manual"]
       - ["<std::fs::File>::open", "Argument[0]", "path-injection", "manual"]
       - ["<std::fs::File>::open_buffered", "Argument[0]", "path-injection", "manual"]
+      - ["<std::fs::OpenOptions>::open", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: summaryModel
     data:
-      - ["<std::path::PathBuf as core::convert::From>::from", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["std::fs::canonicalize", "Argument[0].OptionalStep[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["std::fs::canonicalize", "Argument[0].OptionalBarrier[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["<std::path::PathBuf as core::convert::From>::from", "Argument[0]", "ReturnValue", "value", "manual"]
+      - ["<std::path::PathBuf>::as_path", "Argument[Self]", "ReturnValue.Reference", "value", "manual"]
+      - ["<std::path::PathBuf>::as_mut_os_string", "Argument[Self].Reference", "ReturnValue.Reference", "value", "manual"]
+      - ["<std::path::PathBuf>::into_os_string", "Argument[Self]", "ReturnValue", "value", "manual"]
+      - ["<std::path::PathBuf>::into_boxed_path", "Argument[Self]", "ReturnValue.Reference", "value", "manual"]
+      - ["<std::path::Path>::new", "Argument[0].Reference", "ReturnValue.Reference", "value", "manual"]
       - ["<std::path::Path>::join", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["<std::path::Path>::join", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["<std::path::Path>::canonicalize", "Argument[self].OptionalStep[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
-      - ["<std::path::Path>::canonicalize", "Argument[self].OptionalBarrier[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["<std::path::Path>::as_os_string", "Argument[Self].Reference", "ReturnValue.Reference", "value", "manual"]
+      - ["<std::path::Path>::as_mut_os_string", "Argument[Self].Reference", "ReturnValue.Reference", "value", "manual"]
+      - ["<std::path::Path>::canonicalize", "Argument[self].Reference.OptionalStep[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["<std::path::Path>::canonicalize", "Argument[self].Reference.OptionalBarrier[normalize-path]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["<std::path::Path>::extension", "Argument[Self].Reference", "ReturnValue.Field[core::option::Option::Some(0)].Reference", "taint", "manual"]
+      - ["<std::path::Path>::file_name", "Argument[Self].Reference", "ReturnValue.Field[core::option::Option::Some(0)].Reference", "taint", "manual"]
+      - ["<std::path::Path>::file_prefix", "Argument[Self].Reference", "ReturnValue.Field[core::option::Option::Some(0)].Reference", "taint", "manual"]
+      - ["<std::path::Path>::file_stem", "Argument[Self].Reference", "ReturnValue.Field[core::option::Option::Some(0)].Reference", "taint", "manual"]
+      - ["<std::path::Path>::into_path_buf", "Argument[Self].Reference", "ReturnValue", "value", "manual"]
+      - ["<std::path::Path>::parent", "Argument[Self].Reference", "ReturnValue.Field[core::option::Option::Some(0)].Reference", "taint", "manual"]
+      - ["<std::path::Path>::to_path_buf", "Argument[Self].Reference", "ReturnValue", "value", "manual"]
+      - ["<std::path::Path>::to_str", "Argument[Self].Reference", "ReturnValue.Field[core::option::Option::Some(0)].Reference", "value", "manual"]
+      - ["<std::path::Path>::with_added_extension", "Argument[Self].Reference", "ReturnValue", "taint", "manual"]
+      - ["<std::path::Path>::with_extension", "Argument[Self].Reference", "ReturnValue", "taint", "manual"]
+      - ["<std::path::Path>::with_file_name", "Argument[Self].Reference", "ReturnValue", "taint", "manual"]
+      - ["<std::path::Path>::with_file_name", "Argument[0]", "ReturnValue", "taint", "manual"]
@@ -9,3 +9,39 @@ extensions:
       - ["<tokio::fs::read_dir::DirEntry>::path", "ReturnValue", "file", "manual"]
       - ["<tokio::fs::read_dir::DirEntry>::file_name", "ReturnValue", "file", "manual"]
       - ["<tokio::fs::file::File>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+      - ["<tokio::fs::open_options::OpenOptions>::open", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "file", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: sinkModel
+    data:
+      - ["tokio::fs::copy::copy", "Argument[0,1]", "path-injection", "manual"]
+      - ["tokio::fs::create_dir::create_dir", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::create_dir_all::create_dir_all", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::hard_link::hard_link", "Argument[0,1]", "path-injection", "manual"]
+      - ["tokio::fs::metadata::metadata", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::read::read", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::read_dir::read_dir", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::read_link::read_link", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::read_to_string::read_to_string", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::remove_dir::remove_dir", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::remove_dir_all::remove_dir_all", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::remove_file::remove_file", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::rename::rename", "Argument[0,1]", "path-injection", "manual"]
+      - ["tokio::fs::set_permissions::set_permissions", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::symlink::symlink", "Argument[0,1]", "path-injection", "manual"]
+      - ["tokio::fs::symlink_dir::symlink_dir", "Argument[0,1]", "path-injection", "manual"]
+      - ["tokio::fs::symlink_file::symlink_file", "Argument[0,1]", "path-injection", "manual"]
+      - ["tokio::fs::symlink_metadata::symlink_metadata", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::try_exists::try_exists", "Argument[0]", "path-injection", "manual"]
+      - ["tokio::fs::write::write", "Argument[0]", "path-injection", "manual"]
+      - ["<tokio::fs::dir_builder::DirBuilder>::create", "Argument[0]", "path-injection", "manual"]
+      - ["<tokio::fs::file::File>::create", "Argument[0]", "path-injection", "manual"]
+      - ["<tokio::fs::file::File>::create_new", "Argument[0]", "path-injection", "manual"]
+      - ["<tokio::fs::file::File>::open", "Argument[0]", "path-injection", "manual"]
+      - ["<tokio::fs::open_options::OpenOptions>::open", "Argument[0]", "path-injection", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: summaryModel
+    data:
+      - ["tokio::fs::canonicalize::canonicalize", "Argument[0].OptionalStep[normalize-path]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
+      - ["tokio::fs::canonicalize::canonicalize", "Argument[0].OptionalBarrier[normalize-path]", "ReturnValue.Future.Field[core::result::Result::Ok(0)]", "taint", "manual"]
@@ -1,5 +1,6 @@
 localStep
-| file://:0:0:0:0 | [summary param] self in fn canonicalize | file://:0:0:0:0 | [summary] read: Argument[self].OptionalBarrier[normalize-path] in fn canonicalize |
+| file://:0:0:0:0 | [summary param] 0 in fn canonicalize | file://:0:0:0:0 | [summary] read: Argument[0].OptionalBarrier[normalize-path] in fn canonicalize |
+| file://:0:0:0:0 | [summary] read: Argument[self].Reference in fn canonicalize | file://:0:0:0:0 | [summary] read: Argument[self].Reference.OptionalBarrier[normalize-path] in fn canonicalize |
 | main.rs:4:11:4:11 | [SSA] i | main.rs:5:12:5:12 | i |
 | main.rs:4:11:4:11 | i | main.rs:4:11:4:11 | [SSA] i |
 | main.rs:4:11:4:11 | i | main.rs:4:11:4:11 | i |

@@ -11,68 +11,71 @@ multipleCallTargets
 | test.rs:179:30:179:68 | ...::_print(...) |
 | test.rs:188:26:188:105 | ...::_print(...) |
 | test.rs:229:22:229:72 | ... .read_to_string(...) |
-| test.rs:483:22:483:50 | file.read_to_end(...) |
-| test.rs:489:22:489:53 | file.read_to_string(...) |
-| test.rs:610:18:610:38 | ...::_print(...) |
-| test.rs:615:18:615:45 | ...::_print(...) |
-| test.rs:619:25:619:49 | address.to_socket_addrs() |
-| test.rs:633:38:633:42 | ...::_print(...) |
-| test.rs:637:38:637:54 | ...::_print(...) |
-| test.rs:642:38:642:51 | ...::_print(...) |
-| test.rs:652:34:652:52 | ...::_print(...) |
-| test.rs:671:14:671:43 | ...::_print(...) |
-| test.rs:686:18:686:42 | ...::_print(...) |
-| test.rs:690:18:690:42 | ...::_print(...) |
-| test.rs:695:18:695:45 | ...::_print(...) |
-| test.rs:702:30:702:34 | ...::_print(...) |
-| test.rs:706:30:706:52 | ...::_print(...) |
-| test.rs:715:30:715:43 | ...::_print(...) |
-| test.rs:725:30:725:34 | ...::_print(...) |
-| test.rs:729:30:729:52 | ...::_print(...) |
-| test.rs:738:30:738:43 | ...::_print(...) |
-| test.rs:753:14:753:43 | ...::_print(...) |
-| test.rs:767:14:767:34 | ...::_print(...) |
-| test.rs:807:50:807:66 | ...::from(...) |
-| test.rs:807:50:807:66 | ...::from(...) |
-| test.rs:809:14:809:31 | ...::_print(...) |
-| test.rs:812:14:812:31 | ...::_print(...) |
-| test.rs:815:14:815:31 | ...::_print(...) |
-| test.rs:818:14:818:30 | ...::_print(...) |
-| test.rs:820:27:820:36 | ...::_print(...) |
-| test.rs:821:28:821:41 | ...::_print(...) |
-| test.rs:824:14:824:33 | ...::_print(...) |
-| test.rs:826:27:826:36 | ...::_print(...) |
-| test.rs:827:28:827:41 | ...::_print(...) |
-| test.rs:830:14:830:31 | ...::_print(...) |
-| test.rs:832:27:832:36 | ...::_print(...) |
-| test.rs:833:28:833:41 | ...::_print(...) |
-| test.rs:836:14:836:34 | ...::_print(...) |
-| test.rs:838:27:838:36 | ...::_print(...) |
-| test.rs:839:28:839:41 | ...::_print(...) |
-| test.rs:842:14:842:25 | ...::_print(...) |
-| test.rs:844:27:844:36 | ...::_print(...) |
-| test.rs:845:28:845:41 | ...::_print(...) |
-| test.rs:848:14:848:31 | ...::_print(...) |
-| test.rs:850:27:850:36 | ...::_print(...) |
-| test.rs:851:28:851:41 | ...::_print(...) |
-| test.rs:854:14:854:30 | ...::_print(...) |
-| test.rs:856:27:856:36 | ...::_print(...) |
-| test.rs:857:28:857:41 | ...::_print(...) |
-| test.rs:860:14:860:33 | ...::_print(...) |
-| test.rs:862:27:862:36 | ...::_print(...) |
-| test.rs:863:28:863:41 | ...::_print(...) |
-| test.rs:866:14:866:36 | ...::_print(...) |
-| test.rs:868:27:868:36 | ...::_print(...) |
-| test.rs:869:28:869:41 | ...::_print(...) |
-| test.rs:872:14:872:38 | ...::_print(...) |
-| test.rs:874:27:874:36 | ...::_print(...) |
-| test.rs:875:28:875:41 | ...::_print(...) |
-| test.rs:878:14:878:45 | ...::_print(...) |
-| test.rs:880:27:880:36 | ...::_print(...) |
-| test.rs:881:28:881:41 | ...::_print(...) |
-| test.rs:884:14:884:29 | ...::_print(...) |
-| test.rs:886:27:886:36 | ...::_print(...) |
-| test.rs:887:28:887:41 | ...::_print(...) |
+| test.rs:513:22:513:50 | file.read_to_end(...) |
+| test.rs:519:22:519:53 | file.read_to_string(...) |
+| test.rs:697:18:697:38 | ...::_print(...) |
+| test.rs:702:18:702:45 | ...::_print(...) |
+| test.rs:706:25:706:49 | address.to_socket_addrs() |
+| test.rs:720:38:720:42 | ...::_print(...) |
+| test.rs:724:38:724:54 | ...::_print(...) |
+| test.rs:729:38:729:51 | ...::_print(...) |
+| test.rs:739:34:739:52 | ...::_print(...) |
+| test.rs:758:14:758:43 | ...::_print(...) |
+| test.rs:773:18:773:42 | ...::_print(...) |
+| test.rs:777:18:777:42 | ...::_print(...) |
+| test.rs:782:18:782:45 | ...::_print(...) |
+| test.rs:789:30:789:34 | ...::_print(...) |
+| test.rs:793:30:793:52 | ...::_print(...) |
+| test.rs:802:30:802:43 | ...::_print(...) |
+| test.rs:812:30:812:34 | ...::_print(...) |
+| test.rs:816:30:816:52 | ...::_print(...) |
+| test.rs:825:30:825:43 | ...::_print(...) |
+| test.rs:840:14:840:43 | ...::_print(...) |
+| test.rs:854:14:854:34 | ...::_print(...) |
+| test.rs:894:50:894:66 | ...::from(...) |
+| test.rs:894:50:894:66 | ...::from(...) |
+| test.rs:896:14:896:31 | ...::_print(...) |
+| test.rs:899:14:899:31 | ...::_print(...) |
+| test.rs:902:14:902:31 | ...::_print(...) |
+| test.rs:905:14:905:30 | ...::_print(...) |
+| test.rs:907:27:907:36 | ...::_print(...) |
+| test.rs:908:28:908:41 | ...::_print(...) |
+| test.rs:911:14:911:33 | ...::_print(...) |
+| test.rs:913:27:913:36 | ...::_print(...) |
+| test.rs:914:28:914:41 | ...::_print(...) |
+| test.rs:917:14:917:31 | ...::_print(...) |
+| test.rs:919:27:919:36 | ...::_print(...) |
+| test.rs:920:28:920:41 | ...::_print(...) |
+| test.rs:923:14:923:34 | ...::_print(...) |
+| test.rs:925:27:925:36 | ...::_print(...) |
+| test.rs:926:28:926:41 | ...::_print(...) |
+| test.rs:929:14:929:25 | ...::_print(...) |
+| test.rs:931:27:931:36 | ...::_print(...) |
+| test.rs:932:28:932:41 | ...::_print(...) |
+| test.rs:935:14:935:31 | ...::_print(...) |
+| test.rs:937:27:937:36 | ...::_print(...) |
+| test.rs:938:28:938:41 | ...::_print(...) |
+| test.rs:941:14:941:30 | ...::_print(...) |
+| test.rs:943:27:943:36 | ...::_print(...) |
+| test.rs:944:28:944:41 | ...::_print(...) |
+| test.rs:947:14:947:33 | ...::_print(...) |
+| test.rs:949:27:949:36 | ...::_print(...) |
+| test.rs:950:28:950:41 | ...::_print(...) |
+| test.rs:953:14:953:37 | ...::_print(...) |
+| test.rs:955:27:955:36 | ...::_print(...) |
+| test.rs:956:28:956:41 | ...::_print(...) |
+| test.rs:959:14:959:36 | ...::_print(...) |
+| test.rs:961:27:961:36 | ...::_print(...) |
+| test.rs:962:28:962:41 | ...::_print(...) |
+| test.rs:965:14:965:38 | ...::_print(...) |
+| test.rs:967:27:967:36 | ...::_print(...) |
+| test.rs:968:28:968:41 | ...::_print(...) |
+| test.rs:971:14:971:45 | ...::_print(...) |
+| test.rs:973:27:973:36 | ...::_print(...) |
+| test.rs:974:28:974:41 | ...::_print(...) |
+| test.rs:977:14:977:29 | ...::_print(...) |
+| test.rs:979:27:979:36 | ...::_print(...) |
+| test.rs:980:28:980:41 | ...::_print(...) |
 | test_futures_io.rs:35:26:35:63 | pinned.poll_read(...) |
 | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) |
 | test_futures_io.rs:69:23:69:67 | ... .poll_fill_buf(...) |