Skip to content

Fix taint propagation through Rust variable shadowing#572

Merged
dimitris-m merged 1 commit intomainfrom
dm/rust-variable-shadowing-taint
Feb 9, 2026
Merged

Fix taint propagation through Rust variable shadowing#572
dimitris-m merged 1 commit intomainfrom
dm/rust-variable-shadowing-taint

Conversation

@dimitris-m
Copy link
Collaborator

@dimitris-m dimitris-m commented Feb 5, 2026

Summary

  • Fix false negatives in taint analysis caused by Rust variable shadowing (let x = x;)
  • The name resolution was visiting the entity pattern (declaring the new variable) before visiting the initialiser expression, causing the RHS to incorrectly resolve to the newly declared variable instead of the outer binding

Changes

  • Modified Naming_AST.ml to visit vinit before declaring the variable for VarDef with patterns
  • Added test case for Rust variable shadowing taint propagation

@dimitris-m dimitris-m force-pushed the dm/rust-variable-shadowing-taint branch 3 times, most recently from 2a360a9 to d2428d6 Compare February 5, 2026 19:14
@dimitris-m
fix: propagate taint through Rust variable shadowing
c48384b 
In Rust, `let x = x;` creates a new binding that shadows the previous
one. The taint analysis was losing track of tainted data through such
shadowing because the name resolution was visiting the entity pattern
(which declares the new variable) before visiting the initialiser
expression (vinit).

The fix changes the VarDef handling in Naming_AST.ml to:
1. Visit vinit first (so RHS resolves to existing bindings)
2. Visit attrs and tparams (matching original visitor order)
3. Visit vtype (which may reference type parameters)
4. Then declare the new variable

This ensures the RHS of `let x = x;` correctly resolves to the outer
binding before the new variable shadows it.

Includes a test case for Rust variable shadowing taint propagation.
@dimitris-m dimitris-m force-pushed the dm/rust-variable-shadowing-taint branch from d2428d6 to c48384b Compare February 7, 2026 19:27
corneliuhoffman
corneliuhoffman approved these changes Feb 9, 2026
View reviewed changes
Copy link
Contributor

@corneliuhoffman corneliuhoffman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense, approving

@dimitris-m dimitris-m merged commit b9eaf98 into main Feb 9, 2026
6 checks passed
@dimitris-m dimitris-m deleted the dm/rust-variable-shadowing-taint branch February 9, 2026 12:08
@maciejpirog maciejpirog mentioned this pull request Feb 17, 2026
Merged
@dimitris-m dimitris-m mentioned this pull request Feb 17, 2026
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Feb 19, 2026
build(deps): update opengrep/opengrep to v1.16.1
d9bd3c2 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [opengrep/opengrep](https://github.com/opengrep/opengrep) | patch | `v1.16.0` → `v1.16.1` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>opengrep/opengrep (opengrep/opengrep)</summary>

### [`v1.16.1`](https://github.com/opengrep/opengrep/releases/tag/v1.16.1): Opengrep 1.16.1

[Compare Source](opengrep/opengrep@v1.16.0...v1.16.1)

#### Improvements

- Pin Nuitka to 2.8.9 across all build workflows by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;594](opengrep/opengrep#594)
- Remove redundant pip and Nuitka dependencies by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;573](opengrep/opengrep#573)
- Support split rule/target directories in test subcommand by [@&#8203;qkaiser](https://github.com/qkaiser) in [#&#8203;576](opengrep/opengrep#576)

#### Benchmarking

- New benchmarking using hyperfine by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;557](opengrep/opengrep#557) and [#&#8203;579](opengrep/opengrep#579)

#### Bug fixes

- Allow multiple logical operators in metavariable comparison by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;590](opengrep/opengrep#590)
- In `--experimental`, don't report git untracked files as skipped with `--use-git-ignore` by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;577](opengrep/opengrep#577)
- C#: Add primary constructor arguments to base class by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;589](opengrep/opengrep#589)
- Dockerfile: Add missing buildkit constructs by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;581](opengrep/opengrep#581)
- Dockerfile: Fix CRLF and comment-in-continuation parsing by [@&#8203;abezdina](https://github.com/abezdina) in [#&#8203;586](opengrep/opengrep#586)
- Rust: Fix taint propagation through variable shadowing by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;572](opengrep/opengrep#572)
- TS/TSX: Add support for the `satisfies` construct by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;592](opengrep/opengrep#592)

#### Installation

- Add Windows install script (pwsh) by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;569](opengrep/opengrep#569)
- Ensure that install.ps1 works on ARM by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;571](opengrep/opengrep#571)
- Fix: handle unparseable cosign version in install.sh by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;580](opengrep/opengrep#580)

#### Documentation

- Improve the README by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;570](opengrep/opengrep#570)

#### New Contributors

- [@&#8203;qkaiser](https://github.com/qkaiser) made their first contribution in [#&#8203;576](opengrep/opengrep#576)
- [@&#8203;abezdina](https://github.com/abezdina) made their first contribution in [#&#8203;586](opengrep/opengrep#586)

**Full Changelog**: <opengrep/opengrep@v1.16.0...v1.16.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNC4yIiwidXBkYXRlZEluVmVyIjoiNDMuMjQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6OnBhdGNoIl19-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@corneliuhoffman corneliuhoffman corneliuhoffman approved these changes

@willem-delbare willem-delbare Awaiting requested review from willem-delbare willem-delbare is a code owner

@maciejpirog maciejpirog Awaiting requested review from maciejpirog maciejpirog is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dimitris-m @corneliuhoffman