Rust: Do no distinguish pub use from use in path resolution

Author: hvitved

rust/ql/lib/codeql/rust/internal/PathResolution.qll

@@ -1646,16 +1646,18 @@ private ItemNode resolveUseTreeListItemQualifier(
 
 pragma[nomagic]
 private ItemNode resolveUseTreeListItem(Use use, UseTree tree) {
-  tree = use.getUseTree() and
-  result = resolvePathCand(tree.getPath())
-  or
-  result = resolveUseTreeListItem(use, tree, tree.getPath(), _)
+  exists(Path path | path = tree.getPath() |
+    tree = use.getUseTree() and
+    result = resolvePathCand(path)
+    or
+    result = resolveUseTreeListItem(use, tree, path, _)
+  )
 }
 
 /** Holds if `use` imports `item` as `name`. */
 pragma[nomagic]
 private predicate useImportEdge(Use use, string name, ItemNode item, SuccessorKind kind) {
-  (if use.hasVisibility() then kind.isBoth() else kind.isInternal()) and
+  kind.isBoth() and
   exists(UseTree tree, ItemNode used |
     used = resolveUseTreeListItem(use, tree) and
     not tree.hasUseTreeList() and
@@ -1673,7 +1675,10 @@ private predicate useImportEdge(Use use, string name, ItemNode item, SuccessorKi
       item = used and
       (
         not tree.hasRename() and
-        name = item.getName()
+        exists(string pathName |
+          pathName = tree.getPath().getText() and
+          if pathName = "self" then name = item.getName() else name = pathName
+        )
         or
         exists(Rename rename | rename = tree.getRename() |
           name = rename.getName().getText()

rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected

@@ -11,6 +11,8 @@ multipleCallTargets
 | test.rs:179:30:179:68 | ...::_print(...) |
 | test.rs:188:26:188:105 | ...::_print(...) |
 | test.rs:229:22:229:72 | ... .read_to_string(...) |
+| test.rs:664:22:664:43 | file.read(...) |
+| test.rs:673:22:673:41 | f1.read(...) |
 | test.rs:697:18:697:38 | ...::_print(...) |
 | test.rs:702:18:702:45 | ...::_print(...) |
 | test.rs:720:38:720:42 | ...::_print(...) |

rust/ql/test/library-tests/dataflow/sources/test.rs

@@ -662,7 +662,7 @@ async fn test_async_std_file() -> std::io::Result<()> {
     {
         let mut buffer = [0u8; 100];
         let _bytes = file.read(&mut buffer).await?;
-        sink(&buffer); // $ MISSING: hasTaintFlow="file.txt"
+        sink(&buffer); // $ hasTaintFlow="file.txt"
     }
 
     // --- OpenOptions ---
@@ -671,7 +671,7 @@ async fn test_async_std_file() -> std::io::Result<()> {
         let mut f1 = async_std::fs::OpenOptions::new().open("f1.txt").await?; // $ Alert[rust/summary/taint-sources]
         let mut buffer = [0u8; 1024];
         let _bytes = f1.read(&mut buffer).await?;
-        sink(&buffer); // $ MISSING: hasTaintFlow="f1.txt"
+        sink(&buffer); // $ hasTaintFlow="f1.txt"
     }
 
     Ok(())

rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs

@@ -7,4 +7,4 @@ pub fn f() {
 use super::super::h; // $ item=I25
 use super::g; // $ item=I9
 
-use super::nested6_f; // $ MISSING: item=I116
+use super::nested6_f; // $ item=I116

rust/ql/test/library-tests/path-resolution/path-resolution.expected

@@ -436,6 +436,7 @@ resolvePath
 | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:19:30 | SourceFile |
 | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g |
 | my2/my3/mod.rs:10:5:10:9 | super | my2/mod.rs:1:1:19:30 | SourceFile |
+| my2/my3/mod.rs:10:5:10:20 | ...::nested6_f | my2/nested2.rs:15:9:17:9 | fn f |
 | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested |
 | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g |
 | my.rs:11:5:11:5 | g | my/nested.rs:19:1:22:1 | fn g |

rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/TypeInferenceConsistency.expected

@@ -0,0 +1,3 @@
+nonUniqueCertainType
+| sqlx.rs:158:13:158:24 | { ... } | E |
+| sqlx.rs:160:17:160:28 | { ... } | E |

rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/TypeInferenceConsistency.expected

@@ -0,0 +1,4 @@
+nonUniqueCertainType
+| test_logging.rs:17:8:19:12 | { ... } | E |
+| test_logging.rs:29:8:31:12 | { ... } | E |
+| test_storage.rs:177:8:179:9 | { ... } | E |