wip

hvitved · hvitved · commit b55d5e024f85 · 2025-12-01T11:47:30.000+01:00
diff --git a/rust/ql/lib/codeql/rust/controlflow/CfgNodes.qll b/rust/ql/lib/codeql/rust/controlflow/CfgNodes.qll
@@ -232,7 +232,7 @@ final class CallCfgNode extends ExprCfgNode {
 
   /** Gets the receiver of this call if it is a method call. */
   ExprCfgNode getReceiver() {
-    any(ChildMapping mapping).hasCfgChild(node, node.getReceiver(), this, result)
+    any(ChildMapping mapping).hasCfgChild(node, node.(MethodCall).getReceiver(), this, result)
   }
 
   /** Gets the `i`th argument of this call, if any. */
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -133,7 +133,7 @@ final class ArgumentPosition extends ParameterPosition {
   Expr getArgument(Call call) {
     result = call.getPositionalArgument(this.getPosition())
     or
-    result = call.getReceiver() and this.isSelf()
+    result = call.(MethodCall).getReceiver() and this.isSelf()
   }
 }
 
diff --git a/rust/ql/lib/codeql/rust/elements/Call.qll b/rust/ql/lib/codeql/rust/elements/Call.qll
@@ -8,34 +8,7 @@ private import internal.CallExprImpl::Impl as CallExprImpl
 
 final class Call = Impl::Call;
 
-private predicate isGuaranteedMethodCall(ArgsExpr call) {
-  call instanceof MethodCallExpr
-  or
-  call.(Operation).isOverloaded(_, _, _)
-  or
-  call instanceof IndexExpr
-}
-
-/**
- * A call expression that targets a method.
- *
- * Either
- *
- * - a `CallExpr` where we can resolve the target as a method,
- * - a `MethodCallExpr`,
- * - an `Operation` that targets an overloadable operator, or
- * - an `IndexExpr`.
- */
-final class MethodCall extends Call {
-  MethodCall() {
-    this.getStaticTarget() instanceof Method
-    or
-    isGuaranteedMethodCall(this)
-  }
-
-  /** Gets the static target of this method call, if any. */
-  Method getStaticTarget() { result = super.getStaticTarget() }
-}
+final class MethodCall = Impl::MethodCall;
 
 /**
  * A call expression that targets a closure.
diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallExprImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallExprImpl.qll
@@ -72,15 +72,15 @@ module Impl {
       )
     }
 
-    private predicate isMethodCall() { this.getResolvedTarget() instanceof Method }
+    override Expr getPositionalArgument(int i) { result = super.getSyntacticArgument(i) }
+  }
 
-    override Expr getPositionalArgument(int i) {
-      if this.isMethodCall()
-      then result = this.getSyntacticArgument(i + 1)
-      else result = super.getSyntacticArgument(i)
-    }
+  class CallExprMethodCall extends CallExprCall, CallImpl::MethodCall {
+    CallExprMethodCall() { this.getResolvedTarget() instanceof Method }
+
+    override Expr getPositionalArgument(int i) { result = this.getSyntacticArgument(i + 1) }
 
-    override Expr getReceiver() { this.isMethodCall() and result = super.getSyntacticArgument(0) }
+    override Expr getReceiver() { result = super.getSyntacticArgument(0) }
   }
 
   /**
diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll
@@ -16,19 +16,6 @@ module Impl {
    * - an `IndexExpr`.
    */
   abstract class Call extends ArgsExprImpl::ArgsExpr {
-    /**
-     * Gets the receiver of this call, if any.
-     *
-     * Examples:
-     * ```rust
-     * foo(42, "bar"); // no receiver
-     * foo.bar(42);    // `foo` is receiver
-     * x + y;          // `x` is receiver
-     * x[y];           // `x` is receiver
-     * ```
-     */
-    Expr getReceiver() { none() }
-
     /**
      * Gets the `i`th positional argument of this call, if any.
      *
@@ -69,4 +56,31 @@ module Impl {
       )
     }
   }
+
+  /**
+   * A method call.
+   *
+   * Either
+   *
+   * - a `CallExpr` where we can resolve the target as a method,
+   * - a `MethodCallExpr`,
+   * - an `Operation` that targets an overloadable operator, or
+   * - an `IndexExpr`.
+   */
+  abstract class MethodCall extends Call {
+    /**
+     * Gets the receiver of this method call.
+     *
+     * Examples:
+     * ```rust
+     * foo(42, "bar"); // no receiver
+     * foo.bar(42);    // `foo` is receiver
+     * x + y;          // `x` is receiver
+     * x[y];           // `x` is receiver
+     * ```
+     */
+    Expr getReceiver() { none() }
+
+    override Method getStaticTarget() { result = super.getStaticTarget() }
+  }
 }
diff --git a/rust/ql/lib/codeql/rust/elements/internal/IndexExprImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/IndexExprImpl.qll
@@ -22,7 +22,7 @@ module Impl {
    * list[42] = 1;
    * ```
    */
-  class IndexExpr extends Generated::IndexExpr, CallImpl::Call {
+  class IndexExpr extends Generated::IndexExpr, CallImpl::MethodCall {
     override string toStringImpl() {
       result =
         this.getBase().toAbbreviatedString() + "[" + this.getIndex().toAbbreviatedString() + "]"
diff --git a/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll
@@ -27,7 +27,7 @@ module Impl {
    * x.foo::<u32, u64>(42);
    * ```
    */
-  class MethodCallExpr extends Generated::MethodCallExpr, CallImpl::Call {
+  class MethodCallExpr extends Generated::MethodCallExpr, CallImpl::MethodCall {
     private string toStringPart(int index) {
       index = 0 and
       result = this.getReceiver().toAbbreviatedString()
diff --git a/rust/ql/lib/codeql/rust/elements/internal/OperationImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/OperationImpl.qll
@@ -137,8 +137,8 @@ module Impl {
     }
   }
 
-  private class CallOperation extends CallImpl::Call instanceof Operation {
-    CallOperation() { super.isOverloaded(_, _, _) }
+  private class OperationMethodCall extends CallImpl::MethodCall instanceof Operation {
+    OperationMethodCall() { super.isOverloaded(_, _, _) }
 
     override Expr getPositionalArgument(int i) { result = super.getOperand(i + 1) and i >= 0 }
 
diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll
@@ -30,7 +30,7 @@ class StreamCipherInit extends Cryptography::CryptographicOperation::Range {
         ["new", "new_from_slice", "new_with_eff_key_len", "new_from_slices"] and
       // extract the algorithm name from the type of `ce` or its receiver.
       exists(Type t, TypePath tp |
-        t = inferType([call, call.getReceiver()], tp) and
+        t = inferType([call, call.(MethodCall).getReceiver()], tp) and
         rawAlgorithmName = t.(StructType).getStruct().(Addressable).getCanonicalPath().splitAt("::")
       ) and
       algorithmName = simplifyAlgorithmName(rawAlgorithmName) and
diff --git a/rust/ql/lib/codeql/rust/security/XssExtensions.qll b/rust/ql/lib/codeql/rust/security/XssExtensions.qll
@@ -55,7 +55,7 @@ module Xss {
     HeuristicHtmlEncodingBarrier() {
       exists(Call fc |
         fc.getStaticTarget().getName().getText().regexpMatch(".*(escape|encode).*") and
-        fc.getArgument(_) = this.asExpr()
+        fc.getAPositionalArgument() = this.asExpr()
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -232,7 +232,7 @@ final class CallCfgNode extends ExprCfgNode {`
`232`	`232`
`233`	`233`	`/** Gets the receiver of this call if it is a method call. */`
`234`	`234`	`ExprCfgNode getReceiver() {`
`235`		`- any(ChildMapping mapping).hasCfgChild(node, node.getReceiver(), this, result)`
	`235`	`+ any(ChildMapping mapping).hasCfgChild(node, node.(MethodCall).getReceiver(), this, result)`
`236`	`236`	`}`
`237`	`237`
`238`	`238`	/** Gets the `i`th argument of this call, if any. */
Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ final class ArgumentPosition extends ParameterPosition {`
`133`	`133`	`Expr getArgument(Call call) {`
`134`	`134`	`result = call.getPositionalArgument(this.getPosition())`
`135`	`135`	`or`
`136`		`- result = call.getReceiver() and this.isSelf()`
	`136`	`+ result = call.(MethodCall).getReceiver() and this.isSelf()`
`137`	`137`	`}`
`138`	`138`	`}`
`139`	`139`
Original file line number	Diff line number	Diff line change
`@@ -72,15 +72,15 @@ module Impl {`
`72`	`72`	`)`
`73`	`73`	`}`
`74`	`74`
`75`		`- private predicate isMethodCall() { this.getResolvedTarget() instanceof Method }`
	`75`	`+ override Expr getPositionalArgument(int i) { result = super.getSyntacticArgument(i) }`
	`76`	`+ }`
`76`	`77`
`77`		`- override Expr getPositionalArgument(int i) {`
`78`		`- if this.isMethodCall()`
`79`		`- then result = this.getSyntacticArgument(i + 1)`
`80`		`- else result = super.getSyntacticArgument(i)`
`81`		`- }`
	`78`	`+ class CallExprMethodCall extends CallExprCall, CallImpl::MethodCall {`
	`79`	`+ CallExprMethodCall() { this.getResolvedTarget() instanceof Method }`
	`80`	`+`
	`81`	`+ override Expr getPositionalArgument(int i) { result = this.getSyntacticArgument(i + 1) }`
`82`	`82`
`83`		`- override Expr getReceiver() { this.isMethodCall() and result = super.getSyntacticArgument(0) }`
	`83`	`+ override Expr getReceiver() { result = super.getSyntacticArgument(0) }`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -137,8 +137,8 @@ module Impl {`
`137`	`137`	`}`
`138`	`138`	`}`
`139`	`139`
`140`		`- private class CallOperation extends CallImpl::Call instanceof Operation {`
`141`		`- CallOperation() { super.isOverloaded(_, _, _) }`
	`140`	`+ private class OperationMethodCall extends CallImpl::MethodCall instanceof Operation {`
	`141`	`+ OperationMethodCall() { super.isOverloaded(_, _, _) }`
`142`	`142`
`143`	`143`	`override Expr getPositionalArgument(int i) { result = super.getOperand(i + 1) and i >= 0 }`
`144`	`144`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ module Xss {`
`55`	`55`	`HeuristicHtmlEncodingBarrier() {`
`56`	`56`	`exists(Call fc \|`
`57`	`57`	`fc.getStaticTarget().getName().getText().regexpMatch(".(escape\|encode).") and`
`58`		`- fc.getArgument(_) = this.asExpr()`
	`58`	`+ fc.getAPositionalArgument() = this.asExpr()`
`59`	`59`	`)`
`60`	`60`	`}`
`61`	`61`	`}`