Skip to content

Rust: turn off macro expansion in code to be expanded by attribute macros #19572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 27, 2025
Merged

Rust: turn off macro expansion in code to be expanded by attribute macros #19572

merged 8 commits into from
May 27, 2025

Conversation

redsun82
Copy link
Contributor

@redsun82 redsun82 commented May 23, 2025
edited
Loading

This commits were separated from #19314

The QL part was already reviewed in the context of that PR.

@Copilot Copilot AI review requested due to automatic review settings May 23, 2025 12:40
@redsun82 redsun82 requested a review from a team as a code owner May 23, 2025 12:40
@github-actions github-actions bot added the Rust Pull requests that update Rust code label May 23, 2025
Copilot
Copilot AI reviewed May 23, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the Rust extractor and QL query for CWE-696 to stop expanding inner macros when under attribute macros, and adjusts templates and tests to match the new behavior.

  • Enhance edgesFwd to follow attribute macro expansions (with fallback) and refine alert messages.
  • Track macro_context_depth in the extractor and wrap AST emissions with pre_emit/post_emit to suppress nested expansions.
  • Update codegen templates and revise integration and query-test expectations to align spans and annotations.

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.

Show a summary per file
File Description
rust/ql/src/queries/security/CWE-696/BadCtorInitialization.ql Handle attribute-macro expansions in edgesFwd and update the alert text
rust/extractor/src/translate/base.rs Introduce macro_context_depth, setup_item_expansion, and skip nested macro-call emissions
rust/ast-generator/templates/extractor.mustache Replace emit_detached with pre_emit/post_emit hooks around node emissions
rust/ql/test/query-tests/security/CWE-696/test.rs Adjust test annotations (Source/Alert) for ctor initialization cases
rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected Update expected error spans and messages for ctor initialization tests
rust/ql/integration-tests/macro-expansion/src/lib.rs Add function body and nested #[repeat] call to test nested macro expansion
rust/ql/integration-tests/macro-expansion/test.expected Revise integration-test spans for expanded macros
rust/ql/integration-tests/macro-expansion/summary.qlref Add summary query for reduced macro-expansion statistics
rust/ql/integration-tests/macro-expansion/summary.expected Introduce expected macro-expansion summary stats
Comments suppressed due to low confidence (2)

rust/ql/test/query-tests/security/CWE-696/test.rs:168

  • The annotation on the #[ctor] for bad4_1 was changed to an Alert marker, and the corresponding Alert on the macro call was removed. To keep the test harness consistent, the attribute line should be // $ Source=source4_1 and the call line should have // $ Alert[rust/ctor-initialization]=source4_1.
#[ctor] // $ Alert[rust/ctor-initialization]

rust/ql/integration-tests/macro-expansion/test.expected:4

  • [nitpick] This mapping for fn innerfn inner_0 at 0 is repeated multiple times. Consolidate duplicate entries to one line per mapping for clarity.
| src/lib.rs:7:5:8:16 | fn inner | 0 | src/lib.rs:8:5:8:16 | fn inner_0 |

redsun82
redsun82 commented May 23, 2025
View reviewed changes
@redsun82 redsun82 mentioned this pull request May 23, 2025
Closed
@redsun82 redsun82 requested a review from aibaars May 26, 2025 13:12
@redsun82
Copy link
Contributor Author

This looks pretty good on the experiment prior to the merge from main (with the library extraction merge). @aibaars I think we can review this, I'll restart another DCA to see how this interacts with the library extraction work.

@aibaars
Copy link
Contributor

aibaars commented May 26, 2025
edited
Loading

Looks good to me. Let's not forget to remove

codeql/rust/extractor/src/translate/base.rs

Lines 737 to 740 in a749cf9

// TODO: remove this after fixing exponential expansion on libraries like funty-2.0.0
if self.source_kind == SourceKind::Library {
return;
}
in a followup pull request.

Done in #19588

@redsun82 redsun82 merged commit b99b25c into main May 27, 2025
17 checks passed
@redsun82 redsun82 deleted the redsun82/rust-macro branch May 27, 2025 06:29
@aibaars aibaars mentioned this pull request May 27, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@aibaars aibaars aibaars approved these changes

Assignees
No one assigned
Labels
Rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@redsun82 @aibaars
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy