github
diff --git a/‎rust/ql/examples/snippets/simple_constant_password.ql‎
Lines changed: 2 additions & 2 deletions b/‎rust/ql/examples/snippets/simple_constant_password.ql‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎rust/ql/examples/snippets/simple_sql_injection.ql‎
Lines changed: 2 additions & 2 deletions b/‎rust/ql/examples/snippets/simple_sql_injection.ql‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎rust/ql/lib/codeql/rust/controlflow/CfgNodes.qll‎
Lines changed: 22 additions & 18 deletions b/‎rust/ql/lib/codeql/rust/controlflow/CfgNodes.qll‎
Lines changed: 22 additions & 18 deletions
diff --git a/‎rust/ql/lib/codeql/rust/controlflow/internal/CfgNodes.qll‎
Lines changed: 6 additions & 2 deletions b/‎rust/ql/lib/codeql/rust/controlflow/internal/CfgNodes.qll‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll‎
Lines changed: 1 addition & 1 deletion b/‎rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/internal/Content.qll‎
Lines changed: 1 addition & 3 deletions b/‎rust/ql/lib/codeql/rust/dataflow/internal/Content.qll‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll‎
Lines changed: 15 additions & 19 deletions b/‎rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll‎
Lines changed: 15 additions & 19 deletions
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll‎
Lines changed: 5 additions & 8 deletions b/‎rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll‎
Lines changed: 5 additions & 8 deletions
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll‎
Lines changed: 0 additions & 1 deletion b/‎rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/internal/Node.qll‎
Lines changed: 2 additions & 4 deletions b/‎rust/ql/lib/codeql/rust/dataflow/internal/Node.qll‎
Lines changed: 2 additions & 4 deletions
@@ -30,11 +30,11 @@ module ConstantPasswordConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) {
     // `node` is an argument whose corresponding parameter name matches the pattern "pass%"
-    exists(CallExpr call, Function target, int argIndex, Variable v |
+    exists(Call call, Function target, int argIndex, Variable v |
       call.getStaticTarget() = target and
       v.getParameter() = target.getParam(argIndex) and
       v.getText().matches("pass%") and
-      call.getArg(argIndex) = node.asExpr()
+      call.getArgument(argIndex) = node.asExpr()
     )
   }
 }
 
@@ -23,9 +23,9 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node node) {
     // `node` is the first argument of a call to `sqlx_core::query::query`
-    exists(CallExpr call |
+    exists(Call call |
       call.getStaticTarget().getCanonicalPath() = "sqlx_core::query::query" and
-      call.getArg(0) = node.asExpr()
+      call.getArgument(0) = node.asExpr()
     )
   }
 }
 
@@ -4,7 +4,6 @@
  */
 
 private import rust
-private import codeql.rust.elements.Call
 private import ControlFlowGraph
 private import internal.ControlFlowGraphImpl as CfgImpl
 private import internal.CfgNodes
@@ -201,28 +200,23 @@ final class BreakExprCfgNode extends Nodes::BreakExprCfgNode {
 }
 
 /**
- * A function or method call expression. See `CallExpr` and `MethodCallExpr` for further details.
+ * A method call expression. For example:
+ * ```rust
+ * x.foo(42);
+ * x.foo::<u32, u64>(42);
+ * ```
  */
-final class CallExprBaseCfgNode extends Nodes::CallExprBaseCfgNode {
-  private CallExprBaseChildMapping node;
+final class MethodCallExprCfgNode extends Nodes::MethodCallExprCfgNode {
+  private MethodCallExprChildMapping node;
 
-  CallExprBaseCfgNode() { node = this.getAstNode() }
+  MethodCallExprCfgNode() { node = this.getAstNode() }
 
   /** Gets the `i`th argument of this call. */
   ExprCfgNode getArgument(int i) {
     any(ChildMapping mapping).hasCfgChild(node, node.getArgList().getArg(i), this, result)
   }
 }
 
-/**
- * A method call expression. For example:
- * ```rust
- * x.foo(42);
- * x.foo::<u32, u64>(42);
- * ```
- */
-final class MethodCallExprCfgNode extends CallExprBaseCfgNode, Nodes::MethodCallExprCfgNode { }
-
 /**
  * A CFG node that calls a function.
  *
@@ -242,21 +236,31 @@ final class CallCfgNode extends ExprCfgNode {
   }
 
   /** Gets the `i`th argument of this call, if any. */
-  ExprCfgNode getPositionalArgument(int i) {
-    any(ChildMapping mapping).hasCfgChild(node, node.getPositionalArgument(i), this, result)
+  ExprCfgNode getArgument(int i) {
+    any(ChildMapping mapping).hasCfgChild(node, node.getArgument(i), this, result)
   }
 }
 
 /**
- * A function call expression. For example:
+ * An expression with parenthesized arguments. For example:
  * ```rust
  * foo(42);
  * foo::<u32, u64>(42);
  * foo[0](42);
  * foo(1) = 4;
+ * Option::Some(42);
  * ```
  */
-final class CallExprCfgNode extends CallExprBaseCfgNode, Nodes::CallExprCfgNode { }
+final class CallExprCfgNode extends Nodes::CallExprCfgNode {
+  private CallExprChildMapping node;
+
+  CallExprCfgNode() { node = this.getAstNode() }
+
+  /** Gets the `i`th argument of this call. */
+  ExprCfgNode getArgument(int i) {
+    any(ChildMapping mapping).hasCfgChild(node, node.getArgList().getArg(i), this, result)
+  }
+}
 
 /**
  * A FormatArgsExpr. For example:
 
@@ -57,8 +57,12 @@ class BreakExprTargetChildMapping extends ParentAstNode, Expr {
   override predicate relevantChild(AstNode child) { child.(BreakExpr).getTarget() = this }
 }
 
-class CallExprBaseChildMapping extends ParentAstNode, CallExprBase {
-  override predicate relevantChild(AstNode child) { child = this.getAnArg() }
+class CallExprChildMapping extends ParentAstNode, CallExpr {
+  override predicate relevantChild(AstNode child) { child = this.getArgList().getAnArg() }
+}
+
+class MethodCallExprChildMapping extends ParentAstNode, MethodCallExpr {
+  override predicate relevantChild(AstNode child) { child = this.getArgList().getAnArg() }
 }
 
 class StructExprChildMapping extends ParentAstNode, StructExpr {
 
@@ -512,7 +512,7 @@ module ExprTrees {
 
   class MethodCallExprTree extends StandardPostOrderTree, MethodCallExpr {
     override AstNode getChildNode(int i) {
-      if i = 0 then result = this.getReceiver() else result = this.getArg(i - 1)
+      if i = 0 then result = this.getReceiver() else result = this.getArgList().getArg(i - 1)
     }
   }
 
 
@@ -269,8 +269,6 @@ newtype TContent =
         )]
   } or
   TFunctionCallReturnContent() or
-  TFunctionCallArgumentContent(int pos) {
-    pos in [0 .. any(CallExpr c).getArgList().getNumberOfArgs() - 1]
-  } or
+  TFunctionCallArgumentContent(int pos) { pos in [0 .. any(CallExpr c).getNumberOfArguments() - 1] } or
   TCapturedVariableContent(VariableCapture::CapturedVariable v) or
   TReferenceContent()
@@ -8,7 +8,6 @@ private import codeql.util.Boolean
 private import codeql.dataflow.DataFlow
 private import codeql.dataflow.internal.DataFlowImpl
 private import rust
-private import codeql.rust.elements.Call
 private import SsaImpl as SsaImpl
 private import codeql.rust.controlflow.internal.Scope as Scope
 private import codeql.rust.internal.PathResolution
@@ -57,7 +56,7 @@ final class DataFlowCallable extends TDataFlowCallable {
 }
 
 final class DataFlowCall extends TDataFlowCall {
-  /** Gets the underlying call in the CFG, if any. */
+  /** Gets the underlying call, if any. */
   Call asCall() { this = TCall(result) }
 
   predicate isSummaryCall(
@@ -132,7 +131,7 @@ final class ParameterPosition extends TParameterPosition {
 final class ArgumentPosition extends ParameterPosition {
   /** Gets the argument of `call` at this position, if any. */
   Expr getArgument(Call call) {
-    result = call.getPositionalArgument(this.getPosition())
+    result = call.getArgument(this.getPosition())
     or
     result = call.getReceiver() and this.isSelf()
   }
@@ -142,8 +141,6 @@ final class ArgumentPosition extends ParameterPosition {
  * Holds if `arg` is an argument of `call` at the position `pos`.
  */
 predicate isArgumentForCall(Expr arg, Call call, ArgumentPosition pos) {
-  // TODO: Handle index expressions as calls in data flow.
-  not call instanceof IndexExpr and
   arg = pos.getArgument(call)
 }
 
@@ -293,10 +290,8 @@ predicate lambdaCreationExpr(Expr creation) {
  * Holds if `call` is a lambda call of kind `kind` where `receiver` is the
  * invoked expression.
  */
-predicate lambdaCallExpr(CallExpr call, LambdaCallKind kind, Expr receiver) {
-  receiver = call.getFunction() and
-  // All calls to complex expressions and local variable accesses are lambda call.
-  (receiver instanceof PathExpr implies receiver = any(Variable v).getAnAccess()) and
+predicate lambdaCallExpr(ClosureCallExpr call, LambdaCallKind kind, Expr receiver) {
+  receiver = call.getClosureExpr() and
   exists(kind)
 }
 
@@ -664,12 +659,19 @@ module RustDataFlow implements InputSig<Location> {
     )
   }
 
+  pragma[nomagic]
+  private TupleField getCallExprTupleField(CallExpr call, int pos) {
+    result = call.(TupleStructExpr).getStruct().getTupleField(pos)
+    or
+    result = call.(TupleVariantExpr).getVariant().getTupleField(pos)
+  }
+
   pragma[nomagic]
   additional predicate storeContentStep(Node node1, Content c, Node node2) {
     exists(CallExpr call, int pos |
-      node1.asExpr() = call.getArg(pragma[only_bind_into](pos)) and
+      node1.asExpr() = call.getArgument(pragma[only_bind_into](pos)) and
       node2.asExpr() = call and
-      c = TTupleFieldContent(call.getTupleField(pragma[only_bind_into](pos)))
+      c = TTupleFieldContent(getCallExprTupleField(call, pragma[only_bind_into](pos)))
     )
     or
     exists(StructExpr re, string field |
@@ -824,11 +826,7 @@ module RustDataFlow implements InputSig<Location> {
    */
   predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
     (
-      receiver.asExpr() = call.asCall().(CallExpr).getFunction() and
-      // All calls to complex expressions and local variable accesses are lambda call.
-      exists(Expr f | f = receiver.asExpr() |
-        f instanceof PathExpr implies f = any(Variable v).getAnAccess()
-      )
+      receiver.asExpr() = call.asCall().(ClosureCallExpr).getClosureExpr()
       or
       call.isSummaryCall(_, receiver.(FlowSummaryNode).getSummaryNode())
     ) and
@@ -992,9 +990,7 @@ private module Cached {
   newtype TDataFlowCall =
     TCall(Call call) {
       Stages::DataFlowStage::ref() and
-      call.hasEnclosingCfgScope() and
-      // TODO: Handle index expressions as calls in data flow.
-      not call instanceof IndexExpr
+      call.hasEnclosingCfgScope()
     } or
     TSummaryCall(
       FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver
 
@@ -12,18 +12,17 @@ private import codeql.rust.dataflow.Ssa
 private import Content
 
 module Input implements InputSig<Location, RustDataFlow> {
-  private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
   private import codeql.rust.frameworks.stdlib.Stdlib
 
   class SummarizedCallableBase = Function;
 
   abstract private class SourceSinkBase extends AstNode {
     /** Gets the associated call. */
-    abstract CallExprBase getCall();
+    abstract ArgsExpr getCall();
 
     /** Holds if the associated call resolves to `path`. */
     final predicate callResolvesTo(string path) {
-      path = this.getCall().getStaticTarget().(Addressable).getCanonicalPath()
+      path = this.getCall().getResolvedTarget().getCanonicalPath()
     }
   }
 
@@ -44,7 +43,7 @@ module Input implements InputSig<Location, RustDataFlow> {
 
     MethodCallExprNameRef() { this = call.getIdentifier() }
 
-    override MethodCallExpr getCall() { result = call }
+    override ArgsExpr getCall() { result = call }
   }
 
   RustDataFlow::ArgumentPosition callbackSelfParameterPosition() { result.isClosureSelf() }
@@ -53,9 +52,7 @@ module Input implements InputSig<Location, RustDataFlow> {
 
   string encodeParameterPosition(ParameterPosition pos) { result = pos.toString() }
 
-  string encodeArgumentPosition(RustDataFlow::ArgumentPosition pos) {
-    result = encodeParameterPosition(pos)
-  }
+  string encodeArgumentPosition(RustDataFlow::ArgumentPosition pos) { result = pos.toString() }
 
   string encodeContent(ContentSet cs, string arg) {
     exists(Content c | cs = TSingletonContentSet(c) |
@@ -173,7 +170,7 @@ private module StepsInput implements Impl::Private::StepsInputSig {
   }
 
   RustDataFlow::Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) {
-    exists(CallExprBase call, Expr arg, ArgumentPosition pos |
+    exists(ArgsExpr call, Expr arg, ArgumentPosition pos |
       result.asExpr() = arg and
       sc = Impl::Private::SummaryComponent::argument(pos) and
       call = sink.getCall() and
 
@@ -47,7 +47,6 @@ private import rust
 private import codeql.rust.dataflow.FlowSummary
 private import codeql.rust.dataflow.FlowSource
 private import codeql.rust.dataflow.FlowSink
-private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
 
 /**
  * Holds if in a call to the function with canonical path `path`, the value referred
 
@@ -294,13 +294,12 @@ final class SummaryArgumentNode extends FlowSummaryNode, ArgumentNode {
  * passed into the closure body at an invocation.
  */
 final class ClosureArgumentNode extends ArgumentNode, ExprNode {
-  private CallExpr call_;
+  private Call call_;
 
   ClosureArgumentNode() { lambdaCallExpr(call_, _, this.asExpr()) }
 
   override predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos) {
-    call.asCall() = call_ and
-    pos.isClosureSelf()
+    call.asCall() = call_ and pos.isClosureSelf()
   }
 }
 
@@ -527,7 +526,6 @@ newtype TNode =
       or
       e =
         [
-          any(IndexExpr i).getBase(), //
           any(FieldExpr access).getContainer(), //
           any(TryExpr try).getExpr(), //
           any(AwaitExpr a).getExpr(), //
Original file line number	Diff line number	Diff line change
`@@ -30,11 +30,11 @@ module ConstantPasswordConfig implements DataFlow::ConfigSig {`
`30`	`30`
`31`	`31`	`predicate isSink(DataFlow::Node node) {`
`32`	`32`	// `node` is an argument whose corresponding parameter name matches the pattern "pass%"
`33`		`- exists(CallExpr call, Function target, int argIndex, Variable v \|`
	`33`	`+ exists(Call call, Function target, int argIndex, Variable v \|`
`34`	`34`	`call.getStaticTarget() = target and`
`35`	`35`	`v.getParameter() = target.getParam(argIndex) and`
`36`	`36`	`v.getText().matches("pass%") and`
`37`		`- call.getArg(argIndex) = node.asExpr()`
	`37`	`+ call.getArgument(argIndex) = node.asExpr()`
`38`	`38`	`)`
`39`	`39`	`}`
`40`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,9 +23,9 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {`
`23`	`23`
`24`	`24`	`predicate isSink(DataFlow::Node node) {`
`25`	`25`	// `node` is the first argument of a call to `sqlx_core::query::query`
`26`		`- exists(CallExpr call \|`
	`26`	`+ exists(Call call \|`
`27`	`27`	`call.getStaticTarget().getCanonicalPath() = "sqlx_core::query::query" and`
`28`		`- call.getArg(0) = node.asExpr()`
	`28`	`+ call.getArgument(0) = node.asExpr()`
`29`	`29`	`)`
`30`	`30`	`}`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,12 @@ class BreakExprTargetChildMapping extends ParentAstNode, Expr {`
`57`	`57`	`override predicate relevantChild(AstNode child) { child.(BreakExpr).getTarget() = this }`
`58`	`58`	`}`
`59`	`59`
`60`		`-class CallExprBaseChildMapping extends ParentAstNode, CallExprBase {`
`61`		`- override predicate relevantChild(AstNode child) { child = this.getAnArg() }`
	`60`	`+class CallExprChildMapping extends ParentAstNode, CallExpr {`
	`61`	`+ override predicate relevantChild(AstNode child) { child = this.getArgList().getAnArg() }`
	`62`	`+}`
	`63`	`+`
	`64`	`+class MethodCallExprChildMapping extends ParentAstNode, MethodCallExpr {`
	`65`	`+ override predicate relevantChild(AstNode child) { child = this.getArgList().getAnArg() }`
`62`	`66`	`}`
`63`	`67`
`64`	`68`	`class StructExprChildMapping extends ParentAstNode, StructExpr {`
Original file line number	Diff line number	Diff line change
`@@ -512,7 +512,7 @@ module ExprTrees {`
`512`	`512`
`513`	`513`	`class MethodCallExprTree extends StandardPostOrderTree, MethodCallExpr {`
`514`	`514`	`override AstNode getChildNode(int i) {`
`515`		`- if i = 0 then result = this.getReceiver() else result = this.getArg(i - 1)`
	`515`	`+ if i = 0 then result = this.getReceiver() else result = this.getArgList().getArg(i - 1)`
`516`	`516`	`}`
`517`	`517`	`}`
`518`	`518`