diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected index a4b0d0a16415..1ce4e784cbf2 100644 --- a/rust/ql/integration-tests/hello-project/summary.expected +++ b/rust/ql/integration-tests/hello-project/summary.expected @@ -1,5 +1,3 @@ -| Elements extracted | 67 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 1 | | Files extracted - total | 5 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1691 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/integration-tests/hello-project/summary.qlref b/rust/ql/integration-tests/hello-project/summary.qlref index b94ba40446a0..926fc7903911 100644 --- a/rust/ql/integration-tests/hello-project/summary.qlref +++ b/rust/ql/integration-tests/hello-project/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStats.ql +queries/summary/SummaryStatsReduced.ql diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index 564cbfd7bc97..67da3bcf3090 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -1,5 +1,3 @@ -| Elements extracted | 90 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 0 | | Files extracted - total | 4 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1691 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.qlref b/rust/ql/integration-tests/hello-workspace/summary.qlref index b94ba40446a0..926fc7903911 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.qlref +++ b/rust/ql/integration-tests/hello-workspace/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStats.ql +queries/summary/SummaryStatsReduced.ql diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index 564cbfd7bc97..67da3bcf3090 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -1,5 +1,3 @@ -| Elements extracted | 90 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 0 | | Files extracted - total | 4 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1691 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2220398b415..a24a4eac9c96 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -11,6 +11,9 @@ private import codeql.rust.internal.PathResolutionConsistency as PathResolutionC private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency private import codeql.rust.Concepts +private import codeql.rust.Diagnostics +private import codeql.rust.security.SensitiveData +private import TaintReach // import all query extensions files, so that all extensions of `QuerySink` are found private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.SqlInjectionExtensions @@ -72,3 +75,92 @@ int getTaintEdgesCount() { * Gets a count of the total number of query sinks in the database. */ int getQuerySinksCount() { result = count(QuerySink s) } + +class CrateElement extends Element { + CrateElement() { + this instanceof Crate or + this instanceof NamedCrate or + this.(AstNode).getParentNode*() = any(Crate c).getModule() + } +} + +/** + * Gets summary statistics about individual elements in the database. + */ +predicate elementStats(string key, int value) { + key = "Elements extracted" and + value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement) + or + key = "Elements unextracted" and value = count(Unextracted e) +} + +/** + * Gets summary statistics about extraction. + */ +predicate extractionStats(string key, int value) { + key = "Extraction errors" and value = count(ExtractionError e) + or + key = "Extraction warnings" and value = count(ExtractionWarning w) + or + key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath())) + or + key = "Files extracted - with errors" and + value = + count(ExtractedFile f | + exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile + ) + or + key = "Files extracted - without errors" and + value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) + or + key = "Files extracted - without errors %" and + value = + (count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) * 100) / + count(ExtractedFile f | exists(f.getRelativePath())) + or + key = "Lines of code extracted" and value = getLinesOfCode() + or + key = "Lines of user code extracted" and value = getLinesOfUserCode() + or + key = "Macro calls - total" and value = count(MacroCall mc) + or + key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) + or + key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) +} + +/** + * Gets summary statistics about inconsistencies. + */ +predicate inconsistencyStats(string key, int value) { + key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() + or + key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies() + or + key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() + or + key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() +} + +/** + * Gets summary statistics about taint. + */ +predicate taintStats(string key, int value) { + key = "Taint sources - active" and value = count(ActiveThreatModelSource s) + or + key = "Taint sources - disabled" and + value = count(ThreatModelSource s | not s instanceof ActiveThreatModelSource) + or + key = "Taint sources - sensitive data" and value = count(SensitiveData d) + or + key = "Taint edges - number of edges" and value = getTaintEdgesCount() + or + key = "Taint reach - nodes tainted" and value = getTaintedNodesCount() + or + key = "Taint reach - per million nodes" and value = getTaintReach().floor() + or + key = "Taint sinks - query sinks" and value = getQuerySinksCount() + or + key = "Taint sinks - cryptographic operations" and + value = count(Cryptography::CryptographicOperation o) +} diff --git a/rust/ql/src/queries/summary/SummaryStats.ql b/rust/ql/src/queries/summary/SummaryStats.ql index 69ab796c8696..57ac5b4004e3 100644 --- a/rust/ql/src/queries/summary/SummaryStats.ql +++ b/rust/ql/src/queries/summary/SummaryStats.ql @@ -7,81 +7,15 @@ */ import rust -import codeql.rust.Concepts -import codeql.rust.security.SensitiveData -import codeql.rust.security.WeakSensitiveDataHashingExtensions -import codeql.rust.Diagnostics import Stats -import TaintReach - -class CrateElement extends Element { - CrateElement() { - this instanceof Crate or - this instanceof NamedCrate or - this.(AstNode).getParentNode*() = any(Crate c).getModule() - } -} from string key, int value where - key = "Elements extracted" and - value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement) - or - key = "Elements unextracted" and value = count(Unextracted e) - or - key = "Extraction errors" and value = count(ExtractionError e) - or - key = "Extraction warnings" and value = count(ExtractionWarning w) - or - key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath())) - or - key = "Files extracted - with errors" and - value = - count(ExtractedFile f | - exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile - ) - or - key = "Files extracted - without errors" and - value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) - or - key = "Files extracted - without errors %" and - value = - (count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) * 100) / - count(ExtractedFile f | exists(f.getRelativePath())) - or - key = "Lines of code extracted" and value = getLinesOfCode() - or - key = "Lines of user code extracted" and value = getLinesOfUserCode() - or - key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() - or - key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies() - or - key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() - or - key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() - or - key = "Macro calls - total" and value = count(MacroCall mc) - or - key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) - or - key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) - or - key = "Taint sources - active" and value = count(ActiveThreatModelSource s) - or - key = "Taint sources - disabled" and - value = count(ThreatModelSource s | not s instanceof ActiveThreatModelSource) - or - key = "Taint sources - sensitive data" and value = count(SensitiveData d) - or - key = "Taint edges - number of edges" and value = getTaintEdgesCount() - or - key = "Taint reach - nodes tainted" and value = getTaintedNodesCount() + elementStats(key, value) or - key = "Taint reach - per million nodes" and value = getTaintReach().floor() + extractionStats(key, value) or - key = "Taint sinks - query sinks" and value = getQuerySinksCount() + inconsistencyStats(key, value) or - key = "Taint sinks - cryptographic operations" and - value = count(Cryptography::CryptographicOperation o) + taintStats(key, value) select key, value order by key diff --git a/rust/ql/src/queries/summary/SummaryStatsReduced.ql b/rust/ql/src/queries/summary/SummaryStatsReduced.ql new file mode 100644 index 000000000000..47669f9da589 --- /dev/null +++ b/rust/ql/src/queries/summary/SummaryStatsReduced.ql @@ -0,0 +1,18 @@ +/** + * @name Summary Statistics Reduced + * @description A table of summary statistics about a database, with data that + * has been found to be noisy on tests removed. + * @kind metric + * @id rust/summary/reduced-summary-statistics + * @tags summary + */ + +import rust +import Stats + +from string key, int value +where + extractionStats(key, value) + or + inconsistencyStats(key, value) +select key, value order by key diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref deleted file mode 100644 index b94ba40446a0..000000000000 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref +++ /dev/null @@ -1 +0,0 @@ -queries/summary/SummaryStats.ql diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected similarity index 58% rename from rust/ql/test/query-tests/diagnostics/SummaryStats.expected rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected index 13cbcbdf4ef1..640bd179abd3 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected @@ -1,5 +1,3 @@ -| Elements extracted | 406 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 7 | | Files extracted - total | 7 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1691 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 3 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.qlref new file mode 100644 index 000000000000..926fc7903911 --- /dev/null +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.qlref @@ -0,0 +1 @@ +queries/summary/SummaryStatsReduced.ql