Rust: Lift content reads as taint steps

Author: paldepind

rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll

@@ -7,6 +7,9 @@ private import Node as Node
 private import Content
 private import FlowSummaryImpl as FlowSummaryImpl
 private import codeql.rust.internal.CachedStages
+private import codeql.rust.internal.TypeInference as TypeInference
+private import codeql.rust.internal.Type as Type
+private import codeql.rust.frameworks.stdlib.Builtins as Builtins
 
 module RustTaintTracking implements InputSig<Location, RustDataFlow> {
   predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
@@ -45,10 +48,13 @@ module RustTaintTracking implements InputSig<Location, RustDataFlow> {
       // or reference.
       // This is needed in order to support taint-tracking configurations where
       // the source is a collection or reference.
-      exists(SingletonContentSet cs | RustDataFlow::readStep(pred, cs, succ) |
-        cs.getContent() instanceof ElementContent
-        or
-        cs.getContent() instanceof ReferenceContent
+      RustDataFlow::readContentStep(pred, _, succ) and
+      not exists(Struct s |
+        s = TypeInference::inferType(succ.asExpr()).(Type::StructType).getStruct()
+      |
+        s instanceof Builtins::NumericType or
+        s instanceof Builtins::Bool or
+        s instanceof Builtins::Char
       )
       or
       exists(FormatArgsExpr format | succ.asExpr() = format |