Rust: CallExpr -> Call.

geoffw0 · geoffw0 · commit 3028e5dac00e · 2025-12-02T17:31:35.000Z
diff --git a/rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll b/rust/ql/lib/codeql/rust/security/HardcodedCryptographicValueExtensions.qll
@@ -107,9 +107,9 @@ module HardcodedCryptographicValue {
 
     HeuristicSinks() {
       // any argument going to a parameter whose name matches a credential name
-      exists(CallExprBase fc, Function f, int argIndex, string argName |
-        fc.getArg(argIndex) = this.asExpr() and
-        fc.getStaticTarget() = f and
+      exists(Call c, Function f, int argIndex, string argName |
+        c.getPositionalArgument(argIndex) = this.asExpr() and
+        c.getStaticTarget() = f and
         f.getParam(argIndex).getPat().(IdentPat).getName().getText() = argName and
         (
           argName = "password" and kind = "password"
@@ -123,7 +123,7 @@ module HardcodedCryptographicValue {
           // note: matching "key" results in too many false positives
         ) and
         // don't duplicate modeled sinks
-        not exists(ModelsAsDataSinks s | s.(Node::FlowSummaryNode).getSinkElement().getCall() = fc)
+        not exists(ModelsAsDataSinks s | s.(Node::FlowSummaryNode).getSinkElement().getCall() = c)
       )
     }
 

Original file line number	Diff line number	Diff line change
`@@ -107,9 +107,9 @@ module HardcodedCryptographicValue {`
`107`	`107`
`108`	`108`	`HeuristicSinks() {`
`109`	`109`	`// any argument going to a parameter whose name matches a credential name`
`110`		`- exists(CallExprBase fc, Function f, int argIndex, string argName \|`
`111`		`- fc.getArg(argIndex) = this.asExpr() and`
`112`		`- fc.getStaticTarget() = f and`
	`110`	`+ exists(Call c, Function f, int argIndex, string argName \|`
	`111`	`+ c.getPositionalArgument(argIndex) = this.asExpr() and`
	`112`	`+ c.getStaticTarget() = f and`
`113`	`113`	`f.getParam(argIndex).getPat().(IdentPat).getName().getText() = argName and`
`114`	`114`	`(`
`115`	`115`	`argName = "password" and kind = "password"`
`@@ -123,7 +123,7 @@ module HardcodedCryptographicValue {`
`123`	`123`	`// note: matching "key" results in too many false positives`
`124`	`124`	`) and`
`125`	`125`	`// don't duplicate modeled sinks`
`126`		`- not exists(ModelsAsDataSinks s \| s.(Node::FlowSummaryNode).getSinkElement().getCall() = fc)`
	`126`	`+ not exists(ModelsAsDataSinks s \| s.(Node::FlowSummaryNode).getSinkElement().getCall() = c)`
`127`	`127`	`)`
`128`	`128`	`}`
`129`	`129`