codeql-development-mcp-server 2.25.0 → 2.25.1-next.2

package/ql/rust/tools/src/CallGraphTo/CallGraphTo.md

@@ -0,0 +1,47 @@
+# CallGraphTo for Rust
+
+Displays calls made to a specified function, showing the call graph inbound to the target function.
+
+## Overview
+
+This query identifies all call sites that invoke a named function, producing an inbound call graph. Given a target function name, it reports each call site and the enclosing caller, which is useful for understanding how a function is used throughout the codebase.
+
+The query accepts function names via an external predicate (`targetFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Finding all callers of a specific function
+- Understanding how a function is used across modules
+- Impact analysis when modifying or deprecating a function
+
+## Example
+
+The following Rust code demonstrates inbound calls to `target_func`:
+
+```rust
+fn target_func() {}  // Target function for analysis
+
+fn caller1() {
+    target_func();
+}
+
+fn caller2() {
+    target_func();
+}
+```
+
+Running with `targetFunction = "target_func"` produces results showing each call site with the message pattern ``Call to `target_func` from `caller1` ``.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- ``select call, "Call to `callee` from `caller`"``
+
+## References
+
+- [Rust Functions](https://doc.rust-lang.org/book/ch03-03-how-functions-work.html)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)
+- [CodeQL Library for Rust](https://codeql.github.com/docs/codeql-language-guides/codeql-library-for-rust/)

package/ql/rust/tools/src/CallGraphTo/CallGraphTo.ql

@@ -0,0 +1,47 @@
+/**
+ * @name Call Graph To for rust
+ * @description Displays calls made to a specified function, showing the call graph inbound to the target function.
+ * @id rust/tools/call-graph-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import rust
+import ExternalPredicates
+
+/**
+ * Gets a single target function name from the comma-separated list.
+ */
+string getTargetFunctionName() {
+  exists(string s | targetFunction(s) | result = s.splitAt(",").trim())
+}
+
+/**
+ * Gets a function by matching against the selected target function names.
+ */
+Function getTargetFunction() { result.getName().getText() = getTargetFunctionName() }
+
+/**
+ * Gets the caller name for a call expression.
+ */
+string getCallerName(CallExpr call) {
+  if exists(call.getEnclosingCallable().(Function).getName())
+  then result = call.getEnclosingCallable().(Function).getName().getText()
+  else result = "Top-level"
+}
+
+/**
+ * Gets the name of the called function.
+ */
+string getCalleeName(CallExpr call) {
+  if exists(call.getResolvedTarget().(Function).getName())
+  then result = call.getResolvedTarget().(Function).getName().getText()
+  else result = call.toString()
+}
+
+from CallExpr call, Function target
+where
+  target = getTargetFunction() and
+  call.getResolvedTarget() = target
+select call, "Call to `" + getCalleeName(call) + "` from `" + getCallerName(call) + "`"

package/ql/rust/tools/src/ExternalPredicates.qll

@@ -0,0 +1,14 @@
+/**
+ * Shared extensible predicate declarations for MCP server tools queries.
+ * Values are provided via dataExtensions YAML files during testing,
+ * or via a temporary data extension pack at runtime from the MCP server.
+ */
+
+/** Holds for each source function name for call graph analysis. */
+extensible predicate sourceFunction(string name);
+
+/** Holds for each target function name for call graph analysis. */
+extensible predicate targetFunction(string name);
+
+/** Holds for each selected source file path for AST/CFG printing. */
+extensible predicate selectedSourceFiles(string path);

package/ql/rust/tools/src/PrintAST/PrintAST.md

@@ -0,0 +1,59 @@
+# Print AST for Rust
+
+Outputs a representation of the Abstract Syntax Tree (AST) for specified source files.
+
+## Overview
+
+The Abstract Syntax Tree is a hierarchical representation of source code structure. Each node represents a syntactic construct (declaration, statement, expression, etc.) and edges represent parent-child containment relationships.
+
+This query produces the full AST for specified Rust source files, which is useful for understanding code structure, inspecting how the CodeQL extractor parses modules and functions, and debugging query logic that operates on AST nodes.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Inspecting how CodeQL represents Rust functions, structs, and expressions
+- Debugging queries that match on AST node types
+- Understanding parent-child relationships between items and statements
+- Verifying extractor behavior for ownership, borrowing, and pattern matching
+- IDE integration for syntax tree visualization
+
+## Example
+
+The following Rust code demonstrates AST structure through function declarations and control flow:
+
+```rust
+struct Greeter {
+    name: String,
+}
+
+impl Greeter {
+    fn greet(&self) {
+        println!("Hello, {}!", self.name);
+    }
+}
+
+fn main() {
+    let g = Greeter { name: "World".to_string() };
+    g.greet();
+}
+```
+
+In the resulting AST:
+
+- The module contains struct and function declarations as children
+- Each function body contains a block expression with statement nodes
+- Call expressions reference their target and arguments as child nodes
+
+## Output Format
+
+The query produces a graph via the parameterized `PrintAst` library module:
+
+- `nodes`: Each AST node with its type, label, and properties
+- `edges`: Parent-child relationships forming the syntax tree
+
+## References
+
+- [The Rust Reference](https://doc.rust-lang.org/reference/)
+- [CodeQL Abstract Syntax Trees](https://codeql.github.com/docs/writing-codeql-queries/abstract-syntax-tree/)
+- [CodeQL Library for Rust](https://codeql.github.com/docs/codeql-language-guides/codeql-library-for-rust/)

package/ql/rust/tools/src/PrintAST/PrintAST.ql

@@ -0,0 +1,46 @@
+/**
+ * @name Print AST for rust
+ * @description Outputs a representation of the Abstract Syntax Tree for specified source files.
+ * @id rust/tools/print-ast
+ * @kind graph
+ * @tags ast
+ */
+
+import rust
+private import codeql.rust.printast.PrintAst
+import ExternalPredicates
+
+/**
+ * Gets a single source file from the comma-separated list.
+ */
+string getSelectedSourceFile() {
+  exists(string s | selectedSourceFiles(s) | result = s.splitAt(",").trim())
+}
+
+/**
+ * Gets a file by matching against the selected source file paths.
+ */
+File getSelectedFile() {
+  exists(string selectedFile |
+    selectedFile = getSelectedSourceFile() and
+    (
+      // Match by exact relative path from source root
+      result.getRelativePath() = selectedFile
+      or
+      // Match by file name if no path separators
+      not selectedFile.matches("%/%") and result.getBaseName() = selectedFile
+      or
+      // Match by ending path component
+      result.getAbsolutePath().suffix(result.getAbsolutePath().length() - selectedFile.length()) =
+        selectedFile
+    )
+  )
+}
+
+/**
+ * Holds if a locatable element should be printed in the AST output.
+ * Restricts output to elements from the selected file.
+ */
+predicate shouldPrint(Locatable e) { e.getLocation().getFile() = getSelectedFile() }
+
+import PrintAst<shouldPrint/1>

package/ql/rust/tools/src/PrintCFG/PrintCFG.md

@@ -0,0 +1,56 @@
+# Print CFG for Rust
+
+Produces a representation of a file's Control Flow Graph (CFG) for specified source files.
+
+## Overview
+
+The Control Flow Graph models the runtime execution order of statements and expressions within functions. Nodes represent individual executable elements and edges represent possible transitions between them, including branches, loops, and exceptional control flow.
+
+This query produces the CFG for specified Rust source files, which is useful for understanding execution paths, identifying dead code, and debugging data flow queries that depend on control flow ordering.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Visualizing execution paths through Rust functions
+- Understanding how `if`, `match`, `loop`, `while`, and `for` affect control flow
+- Debugging data flow queries that depend on CFG structure
+- Identifying unreachable code or unexpected control flow edges
+- Verifying CFG behavior for Rust-specific constructs like pattern matching
+
+## Example
+
+The following Rust code demonstrates control flow through branching and loops:
+
+```rust
+fn example(x: i32) -> i32 {
+    if x > 0 {
+        return x;
+    }
+
+    let mut val = x;
+    while val < 10 {
+        val += 1;
+    }
+    val
+}
+```
+
+In the resulting CFG:
+
+- The `if` condition creates a branch with two successors
+- The early `return` creates an edge to the function exit
+- The `while` loop creates a back-edge from the loop body to the condition
+
+## Output Format
+
+The query produces a graph with:
+
+- `nodes`: Each CFG node with a `semmle.label` property
+- `edges`: Control flow transitions between nodes
+
+## References
+
+- [The Rust Reference - Expressions](https://doc.rust-lang.org/reference/expressions.html)
+- [CodeQL Control Flow Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)
+- [CodeQL Library for Rust](https://codeql.github.com/docs/codeql-language-guides/codeql-library-for-rust/)

package/ql/rust/tools/src/PrintCFG/PrintCFG.ql

@@ -0,0 +1,58 @@
+/**
+ * @name Print CFG for rust
+ * @description Produces a representation of a file's Control Flow Graph for specified source files.
+ * @id rust/tools/print-cfg
+ * @kind graph
+ * @tags cfg
+ */
+
+import rust
+import codeql.rust.controlflow.ControlFlowGraph
+import ExternalPredicates
+
+/**
+ * Gets a single source file from the comma-separated list.
+ */
+string getSelectedSourceFile() {
+  exists(string s | selectedSourceFiles(s) | result = s.splitAt(",").trim())
+}
+
+/**
+ * Gets a file by matching against the selected source file paths.
+ */
+File getSelectedFile() {
+  exists(string selectedFile |
+    selectedFile = getSelectedSourceFile() and
+    (
+      // Match by exact relative path from source root
+      result.getRelativePath() = selectedFile
+      or
+      // Match by file name if no path separators
+      not selectedFile.matches("%/%") and result.getBaseName() = selectedFile
+      or
+      // Match by ending path component
+      result.getAbsolutePath().suffix(result.getAbsolutePath().length() - selectedFile.length()) =
+        selectedFile
+    )
+  )
+}
+
+/**
+ * Holds if this CFG node should be included in output.
+ */
+predicate shouldPrintNode(CfgNode node) { node.getLocation().getFile() = getSelectedFile() }
+
+/**
+ * Configuration for PrintCFG that outputs filtered CFG nodes and edges.
+ */
+query predicate nodes(CfgNode node, string property, string value) {
+  shouldPrintNode(node) and
+  property = "semmle.label" and
+  value = node.toString()
+}
+
+query predicate edges(CfgNode pred, CfgNode succ) {
+  shouldPrintNode(pred) and
+  shouldPrintNode(succ) and
+  pred.getASuccessor() = succ
+}

package/ql/rust/tools/src/codeql-pack.lock.yml

@@ -0,0 +1,28 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/concepts:
+    version: 0.0.20
+  codeql/controlflow:
+    version: 2.0.30
+  codeql/dataflow:
+    version: 2.1.2
+  codeql/mad:
+    version: 1.0.46
+  codeql/regex:
+    version: 1.0.46
+  codeql/rust-all:
+    version: 0.2.10
+  codeql/ssa:
+    version: 2.0.22
+  codeql/threat-models:
+    version: 1.0.46
+  codeql/tutorial:
+    version: 1.0.46
+  codeql/typeinference:
+    version: 0.0.27
+  codeql/typetracking:
+    version: 2.0.30
+  codeql/util:
+    version: 2.0.33
+compiled: false

package/ql/rust/tools/src/codeql-pack.yml

@@ -0,0 +1,6 @@
+name: advanced-security/ql-mcp-rust-tools-src
+version: 2.25.1-next.2
+description: 'Queries for codeql-development-mcp-server tools for rust language'
+library: false
+dependencies:
+  codeql/rust-all: 0.2.10

package/ql/swift/tools/src/codeql-pack.lock.yml

@@ -2,23 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/concepts:
-    version: 0.0.18
+    version: 0.0.20
   codeql/controlflow:
-    version: 2.0.28
+    version: 2.0.30
   codeql/dataflow:
-    version: 2.1.0
+    version: 2.1.2
   codeql/mad:
-    version: 1.0.44
+    version: 1.0.46
   codeql/regex:
-    version: 1.0.44
+    version: 1.0.46
   codeql/ssa:
-    version: 2.0.20
+    version: 2.0.22
   codeql/swift-all:
-    version: 6.3.0
+    version: 6.3.2
   codeql/tutorial:
-    version: 1.0.44
+    version: 1.0.46
   codeql/typetracking:
-    version: 2.0.28
+    version: 2.0.30
   codeql/util:
-    version: 2.0.31
+    version: 2.0.33
 compiled: false

package/ql/swift/tools/src/codeql-pack.yml

@@ -1,6 +1,6 @@
 name: advanced-security/ql-mcp-swift-tools-src
-version: 2.25.0
+version: 2.25.1-next.2
 description: 'Queries for codeql-development-mcp-server tools for swift language'
 library: false
 dependencies:
-  codeql/swift-all: 6.3.0
+  codeql/swift-all: 6.3.2

package/scripts/setup-packs.sh

@@ -31,7 +31,7 @@ Install CodeQL pack dependencies for bundled tool query packs.
 
 OPTIONS:
     --language <lang>  Install packs only for the specified language
-                       Valid values: actions, cpp, csharp, go, java, javascript, python, ruby, swift
+                       Valid values: actions, cpp, csharp, go, java, javascript, python, ruby, rust, swift
     -h, --help         Show this help message
 
 By default, installs pack dependencies for all supported languages.
@@ -62,7 +62,7 @@ while [[ $# -gt 0 ]]; do
 done
 
 ## Validate language if provided
-VALID_LANGUAGES=("actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "swift")
+VALID_LANGUAGES=("actions" "cpp" "csharp" "go" "java" "javascript" "python" "ruby" "rust" "swift")
 if [ -n "${LANGUAGE}" ]; then
   LANGUAGE_VALID=false
   for valid_lang in "${VALID_LANGUAGES[@]}"; do