Merge branch 'main' into remove-conflation-from-out-nodes

github · Jan 18, 2025 · d1bb597 · d1bb597
2 parents d661158 + d8b1d00
commit d1bb597
Show file tree

Hide file tree

Showing 19 changed files with 397 additions and 15 deletions.
diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
@@ -994,6 +994,18 @@ private module Cached {
     )
     or
     unary_compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, areEqual, value)
+    or
+    exists(BinaryLogicalOperation logical, Expr operand, boolean b |
+      test.getAnInstruction().getUnconvertedResultExpression() = logical and
+      op.getDef().getUnconvertedResultExpression() = operand and
+      logical.impliesValue(operand, b, value.(BooleanValue).getValue())
+    |
+      k = 1 and
+      areEqual = b
+      or
+      k = 0 and
+      areEqual = b.booleanNot()
+    )
   }
 
   /** Rearrange various simple comparisons into `left == right + k` form. */

diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected
@@ -69,3 +69,11 @@
 | test.cpp:168:8:168:8 | b |
 | test.cpp:176:7:176:8 | ! ... |
 | test.cpp:176:8:176:8 | c |
+| test.cpp:182:6:182:16 | ! ... |
+| test.cpp:182:8:182:9 | b1 |
+| test.cpp:182:8:182:15 | ... && ... |
+| test.cpp:182:14:182:15 | b2 |
+| test.cpp:193:6:193:16 | ! ... |
+| test.cpp:193:8:193:9 | b1 |
+| test.cpp:193:8:193:15 | ... \|\| ... |
+| test.cpp:193:14:193:15 | b2 |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
@@ -545,8 +545,12 @@
 | 182 | ! ... == 1 when ... && ... is false |
 | 182 | ... && ... != 0 when ! ... is false |
 | 182 | ... && ... != 0 when ... && ... is true |
+| 182 | ... && ... != 1 when ! ... is true |
+| 182 | ... && ... != 1 when ... && ... is false |
 | 182 | ... && ... == 0 when ! ... is true |
 | 182 | ... && ... == 0 when ... && ... is false |
+| 182 | ... && ... == 1 when ! ... is false |
+| 182 | ... && ... == 1 when ... && ... is true |
 | 182 | ... < ... != 0 when ... && ... is true |
 | 182 | ... < ... != 0 when ... < ... is true |
 | 182 | ... < ... != 1 when ... < ... is false |
@@ -559,6 +563,22 @@
 | 182 | ... >= ... == 0 when ... >= ... is false |
 | 182 | ... >= ... == 1 when ... && ... is true |
 | 182 | ... >= ... == 1 when ... >= ... is true |
+| 182 | b1 != 0 when ! ... is false |
+| 182 | b1 != 0 when ... && ... is true |
+| 182 | b1 != 0 when b1 is true |
+| 182 | b1 != 1 when b1 is false |
+| 182 | b1 == 0 when b1 is false |
+| 182 | b1 == 1 when ! ... is false |
+| 182 | b1 == 1 when ... && ... is true |
+| 182 | b1 == 1 when b1 is true |
+| 182 | b2 != 0 when ! ... is false |
+| 182 | b2 != 0 when ... && ... is true |
+| 182 | b2 != 0 when b2 is true |
+| 182 | b2 != 1 when b2 is false |
+| 182 | b2 == 0 when b2 is false |
+| 182 | b2 == 1 when ! ... is false |
+| 182 | b2 == 1 when ... && ... is true |
+| 182 | b2 == 1 when b2 is true |
 | 182 | foo < 1.0+0 when ... && ... is true |
 | 182 | foo < 1.0+0 when ... < ... is true |
 | 182 | foo < 9.999999999999999547e-07+0 when ... >= ... is false |
@@ -577,6 +597,38 @@
 | 190 | c != 0 when c is true |
 | 190 | c == 0 when ! ... is true |
 | 190 | c == 0 when c is false |
+| 193 | ! ... != 0 when ! ... is true |
+| 193 | ! ... != 0 when ... \|\| ... is false |
+| 193 | ! ... != 1 when ! ... is false |
+| 193 | ! ... != 1 when ... \|\| ... is true |
+| 193 | ! ... == 0 when ! ... is false |
+| 193 | ! ... == 0 when ... \|\| ... is true |
+| 193 | ! ... == 1 when ! ... is true |
+| 193 | ! ... == 1 when ... \|\| ... is false |
+| 193 | ... \|\| ... != 0 when ! ... is false |
+| 193 | ... \|\| ... != 0 when ... \|\| ... is true |
+| 193 | ... \|\| ... != 1 when ! ... is true |
+| 193 | ... \|\| ... != 1 when ... \|\| ... is false |
+| 193 | ... \|\| ... == 0 when ! ... is true |
+| 193 | ... \|\| ... == 0 when ... \|\| ... is false |
+| 193 | ... \|\| ... == 1 when ! ... is false |
+| 193 | ... \|\| ... == 1 when ... \|\| ... is true |
+| 193 | b1 != 0 when b1 is true |
+| 193 | b1 != 1 when ! ... is true |
+| 193 | b1 != 1 when ... \|\| ... is false |
+| 193 | b1 != 1 when b1 is false |
+| 193 | b1 == 0 when ! ... is true |
+| 193 | b1 == 0 when ... \|\| ... is false |
+| 193 | b1 == 0 when b1 is false |
+| 193 | b1 == 1 when b1 is true |
+| 193 | b2 != 0 when b2 is true |
+| 193 | b2 != 1 when ! ... is true |
+| 193 | b2 != 1 when ... \|\| ... is false |
+| 193 | b2 != 1 when b2 is false |
+| 193 | b2 == 0 when ! ... is true |
+| 193 | b2 == 0 when ... \|\| ... is false |
+| 193 | b2 == 0 when b2 is false |
+| 193 | b2 == 1 when b2 is true |
 | 198 | ! ... != 0 when ! ... is true |
 | 198 | ! ... != 0 when b is false |
 | 198 | ! ... != 1 when ! ... is false |

diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected
@@ -130,3 +130,19 @@
 | test.cpp:168:8:168:8 | b | false | 168 | 170 |
 | test.cpp:176:7:176:8 | ! ... | true | 176 | 178 |
 | test.cpp:176:8:176:8 | c | false | 176 | 178 |
+| test.cpp:182:6:182:16 | ! ... | false | 185 | 188 |
+| test.cpp:182:6:182:16 | ! ... | true | 182 | 184 |
+| test.cpp:182:8:182:9 | b1 | true | 181 | 182 |
+| test.cpp:182:8:182:9 | b1 | true | 182 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | false | 182 | 184 |
+| test.cpp:182:8:182:15 | ... && ... | true | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | true | 185 | 188 |
+| test.cpp:182:14:182:15 | b2 | true | 181 | 182 |
+| test.cpp:193:6:193:16 | ! ... | false | 197 | 199 |
+| test.cpp:193:6:193:16 | ! ... | true | 193 | 196 |
+| test.cpp:193:8:193:9 | b1 | false | 192 | 193 |
+| test.cpp:193:8:193:9 | b1 | false | 193 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | false | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | false | 193 | 196 |
+| test.cpp:193:8:193:15 | ... \|\| ... | true | 197 | 199 |
+| test.cpp:193:14:193:15 | b2 | false | 192 | 193 |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
@@ -636,3 +636,79 @@ unary
 | test.cpp:176:8:176:8 | c | test.cpp:176:7:176:8 | ! ... | == | 1 | 176 | 178 |
 | test.cpp:176:8:176:8 | c | test.cpp:176:8:176:8 | c | != | 1 | 176 | 178 |
 | test.cpp:176:8:176:8 | c | test.cpp:176:8:176:8 | c | == | 0 | 176 | 178 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | != | 0 | 182 | 184 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | != | 1 | 185 | 188 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | == | 0 | 185 | 188 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | == | 1 | 182 | 184 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:8:182:9 | b1 | != | 0 | 185 | 188 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:8:182:9 | b1 | == | 1 | 185 | 188 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:8:182:15 | ... && ... | != | 0 | 185 | 188 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:8:182:15 | ... && ... | != | 1 | 182 | 184 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:8:182:15 | ... && ... | == | 0 | 182 | 184 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:8:182:15 | ... && ... | == | 1 | 185 | 188 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:14:182:15 | b2 | != | 0 | 185 | 188 |
+| test.cpp:182:6:182:16 | ! ... | test.cpp:182:14:182:15 | b2 | == | 1 | 185 | 188 |
+| test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | 181 | 182 |
+| test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | 182 | 182 |
+| test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | 181 | 182 |
+| test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | 182 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 0 | 182 | 184 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 1 | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 1 | 185 | 188 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | == | 0 | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | == | 0 | 185 | 188 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | == | 1 | 182 | 184 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:9 | b1 | != | 0 | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:9 | b1 | != | 0 | 185 | 188 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:9 | b1 | == | 1 | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:9 | b1 | == | 1 | 185 | 188 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:15 | ... && ... | != | 0 | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:15 | ... && ... | != | 0 | 185 | 188 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:15 | ... && ... | != | 1 | 182 | 184 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:15 | ... && ... | == | 0 | 182 | 184 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:15 | ... && ... | == | 1 | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:8:182:15 | ... && ... | == | 1 | 185 | 188 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:14:182:15 | b2 | != | 0 | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:14:182:15 | b2 | != | 0 | 185 | 188 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:14:182:15 | b2 | == | 1 | 181 | 182 |
+| test.cpp:182:8:182:15 | ... && ... | test.cpp:182:14:182:15 | b2 | == | 1 | 185 | 188 |
+| test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | 181 | 182 |
+| test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | 181 | 182 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | != | 0 | 193 | 196 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | != | 1 | 197 | 199 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | == | 0 | 197 | 199 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | == | 1 | 193 | 196 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:8:193:9 | b1 | != | 1 | 193 | 196 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:8:193:9 | b1 | == | 0 | 193 | 196 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:8:193:15 | ... \|\| ... | != | 0 | 197 | 199 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:8:193:15 | ... \|\| ... | != | 1 | 193 | 196 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:8:193:15 | ... \|\| ... | == | 0 | 193 | 196 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:8:193:15 | ... \|\| ... | == | 1 | 197 | 199 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:14:193:15 | b2 | != | 1 | 193 | 196 |
+| test.cpp:193:6:193:16 | ! ... | test.cpp:193:14:193:15 | b2 | == | 0 | 193 | 196 |
+| test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | 192 | 193 |
+| test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | 193 | 193 |
+| test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | 192 | 193 |
+| test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | 193 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 0 | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 0 | 193 | 196 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 1 | 197 | 199 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | == | 0 | 197 | 199 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | == | 1 | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | == | 1 | 193 | 196 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:9 | b1 | != | 1 | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:9 | b1 | != | 1 | 193 | 196 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:9 | b1 | == | 0 | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:9 | b1 | == | 0 | 193 | 196 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:15 | ... \|\| ... | != | 0 | 197 | 199 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:15 | ... \|\| ... | != | 1 | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:15 | ... \|\| ... | != | 1 | 193 | 196 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:15 | ... \|\| ... | == | 0 | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:15 | ... \|\| ... | == | 0 | 193 | 196 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:8:193:15 | ... \|\| ... | == | 1 | 197 | 199 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:14:193:15 | b2 | != | 1 | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:14:193:15 | b2 | != | 1 | 193 | 196 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:14:193:15 | b2 | == | 0 | 192 | 193 |
+| test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:14:193:15 | b2 | == | 0 | 193 | 196 |
+| test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | 192 | 193 |
+| test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | 192 | 193 |
diff --git a/cpp/ql/test/library-tests/controlflow/guards/test.cpp b/cpp/ql/test/library-tests/controlflow/guards/test.cpp
@@ -176,4 +176,26 @@ void test_with_negated_binary_relational(int a, int b) {
   if (!c) {
 
   }
+}
+
+void test_logical_and(bool b1, bool b2) {
+  if(!(b1 && b2)) {
+    use(b1);
+    use(b2);
+  } else {
+    // b1 = true and b2 = true
+    use(b1);
+    use(b2);
+  }
+}
+
+void test_logical_or(bool b1, bool b2) {
+  if(!(b1 || b2)) {
+    // b1 = false and b2 = false
+    use(b1);
+    use(b2);
+  } else {
+    use(b1);
+    use(b2);
+  }
 }
diff --git a/cpp/ql/test/library-tests/preprocessor/preprocessor/pp.cpp b/cpp/ql/test/library-tests/preprocessor/preprocessor/pp.cpp
@@ -68,3 +68,10 @@ int templateClassContext<T> :: val = MACRO_TEMPLATECLASSCONTEXT_REFERENCED;
 
 #define INSTANTIATION
 templateClassContext<int> tcci;
+
+#define BAR
+
+#if defined(BAR) && \
+  defined(BAR)
+#warning BAR defined
+#endif
diff --git a/cpp/ql/test/library-tests/preprocessor/preprocessor/pp.h b/cpp/ql/test/library-tests/preprocessor/preprocessor/pp.h
@@ -4,15 +4,15 @@
 //#pragma byte_order(big_endian)
 #warning "Not in Kansas any more"
 
-//#define MULTILINE \
+#define MULTILINE \
   /* Hello */ \
   world \
   /* from */ \
   a long \
   /* macro */
-//#undef \
+#undef \
   MULTILINE
 
-//#include \
-  <pp.h> \
+#include \
+  "pp.h" \
   \
diff --git a/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected b/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected
@@ -27,6 +27,13 @@
 | pp.cpp:0:0:0:0 | pp.cpp | 60 | 3 | 60 | 21 | Macro | IN_TEMPLATE |  |
 | pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | N/A | N/A |
 | pp.cpp:0:0:0:0 | pp.cpp | 69 | 1 | 69 | 21 | Macro | INSTANTIATION |  |
+| pp.cpp:0:0:0:0 | pp.cpp | 72 | 1 | 72 | 11 | Macro | BAR |  |
+| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 74 | 21 | PreprocessorIf | defined(BAR) && \\ | N/A |
+| pp.cpp:0:0:0:0 | pp.cpp | 76 | 1 | 76 | 20 | PreprocessorWarning | BAR defined | N/A |
+| pp.cpp:0:0:0:0 | pp.cpp | 77 | 1 | 77 | 6 | PreprocessorEndif | N/A | N/A |
 | pp.h:0:0:0:0 | pp.h | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A |
 | pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33  "emerald_city.h" | N/A |
 | pp.h:0:0:0:0 | pp.h | 5 | 1 | 5 | 33 | PreprocessorWarning | "Not in Kansas any more" | N/A |
+| pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | Macro | MULTILINE | world a long |
+| pp.h:0:0:0:0 | pp.h | 13 | 1 | 14 | 11 | PreprocessorUndef | MULTILINE | N/A |
+| pp.h:0:0:0:0 | pp.h | 16 | 1 | 17 | 8 | Include | "pp.h" | N/A |
diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected
@@ -14,6 +14,11 @@
 | Macro calls - resolved | 2 |
 | Macro calls - total | 2 |
 | Macro calls - unresolved | 0 |
-| Sensitive data | 0 |
+| Taint edges - number of edges | 2 |
+| Taint reach - nodes tainted | 0 |
+| Taint reach - per million nodes | 0 |
+| Taint sinks - cryptographic operations | 0 |
+| Taint sinks - query sinks | 0 |
 | Taint sources - active | 0 |
-| Taint sources - total | 0 |
+| Taint sources - disabled | 0 |
+| Taint sources - sensitive data | 0 |
diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected
@@ -14,6 +14,11 @@
 | Macro calls - resolved | 2 |
 | Macro calls - total | 2 |
 | Macro calls - unresolved | 0 |
-| Sensitive data | 0 |
+| Taint edges - number of edges | 2 |
+| Taint reach - nodes tainted | 0 |
+| Taint reach - per million nodes | 0 |
+| Taint sinks - cryptographic operations | 0 |
+| Taint sinks - query sinks | 0 |
 | Taint sources - active | 0 |
-| Taint sources - total | 0 |
+| Taint sources - disabled | 0 |
+| Taint sources - sensitive data | 0 |
diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected
@@ -14,6 +14,11 @@
 | Macro calls - resolved | 2 |
 | Macro calls - total | 2 |
 | Macro calls - unresolved | 0 |
-| Sensitive data | 0 |
+| Taint edges - number of edges | 2 |
+| Taint reach - nodes tainted | 0 |
+| Taint reach - per million nodes | 0 |
+| Taint sinks - cryptographic operations | 0 |
+| Taint sinks - query sinks | 0 |
 | Taint sources - active | 0 |
-| Taint sources - total | 0 |
+| Taint sources - disabled | 0 |
+| Taint sources - sensitive data | 0 |
diff --git a/rust/ql/src/queries/summary/CryptographicOperations.ql b/rust/ql/src/queries/summary/CryptographicOperations.ql
@@ -0,0 +1,59 @@
+/**
+ * @name Cryptographic Operations
+ * @description List all cryptographic operations found in the database.
+ * @kind problem
+ * @problem.severity info
+ * @id rust/summary/cryptographic-operations
+ * @tags summary
+ */
+
+import rust
+import codeql.rust.Concepts
+import codeql.rust.security.WeakSensitiveDataHashingExtensions
+
+/**
+ * Gets the type of cryptographic algorithm `alg`.
+ */
+string getAlgorithmType(Cryptography::CryptographicAlgorithm alg) {
+  alg instanceof Cryptography::EncryptionAlgorithm and result = "EncryptionAlgorithm"
+  or
+  alg instanceof Cryptography::HashingAlgorithm and result = "HashingAlgorithm"
+  or
+  alg instanceof Cryptography::PasswordHashingAlgorithm and result = "PasswordHashingAlgorithm"
+}
+
+/**
+ * Gets a feature of cryptographic algorithm `alg`.
+ */
+string getAlgorithmFeature(Cryptography::CryptographicAlgorithm alg) {
+  alg.isWeak() and result = "WEAK"
+}
+
+/**
+ * Gets a description of cryptographic algorithm `alg`.
+ */
+string describeAlgorithm(Cryptography::CryptographicAlgorithm alg) {
+  result =
+    getAlgorithmType(alg) + " " + alg.getName() + " " + concat(getAlgorithmFeature(alg), ", ")
+}
+
+/**
+ * Gets a feature of cryptographic operation `op`.
+ */
+string getOperationFeature(Cryptography::CryptographicOperation op) {
+  result = "inputs:" + strictcount(op.getAnInput()).toString() or
+  result = "blockmodes:" + strictcount(op.getBlockMode()).toString()
+}
+
+/**
+ * Gets a description of cryptographic operation `op`.
+ */
+string describeOperation(Cryptography::CryptographicOperation op) {
+  result = describeAlgorithm(op.getAlgorithm()) + " " + concat(getOperationFeature(op), ", ")
+  or
+  not exists(op.getAlgorithm()) and
+  result = "(unknown) " + concat(getOperationFeature(op), ", ")
+}
+
+from Cryptography::CryptographicOperation operation
+select operation, describeOperation(operation)
diff --git a/rust/ql/src/queries/summary/QuerySinkCounts.ql b/rust/ql/src/queries/summary/QuerySinkCounts.ql
@@ -0,0 +1,17 @@
+/**
+ * @name Query Sink Counts
+ * @description Lists the number of query sinks of each type found in the database. Query sinks are
+ *              flow sinks that are used as possible locations for query results. Cryptographic
+ *              operations are excluded.
+ * @kind metric
+ * @id rust/summary/query-sink-counts
+ * @tags summary
+ */
+
+import rust
+import codeql.rust.dataflow.DataFlow
+import Stats
+
+from string kind, int num
+where num = strictcount(DataFlow::Node n | getAQuerySinkKind(n) = kind)
+select kind, num