github · paldepind · Aug 4, 2025 · Jul 31, 2025 · geoffw0 · Jul 31, 2025
@@ -19,6 +19,7 @@ ql/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.ql
 ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
 ql/rust/ql/src/queries/summary/LinesOfCode.ql
 ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
+ql/rust/ql/src/queries/summary/NodesWithTypeAtLengthLimit.ql
 ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
 ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
 ql/rust/ql/src/queries/summary/QuerySinkCounts.ql

@@ -21,6 +21,7 @@ ql/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql
 ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
 ql/rust/ql/src/queries/summary/LinesOfCode.ql
 ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
+ql/rust/ql/src/queries/summary/NodesWithTypeAtLengthLimit.ql
 ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
 ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
 ql/rust/ql/src/queries/summary/QuerySinkCounts.ql

@@ -20,6 +20,7 @@ ql/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql
 ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
 ql/rust/ql/src/queries/summary/LinesOfCode.ql
 ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
+ql/rust/ql/src/queries/summary/NodesWithTypeAtLengthLimit.ql
 ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
 ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
 ql/rust/ql/src/queries/summary/QuerySinkCounts.ql

@@ -127,6 +127,8 @@ private module Input1 implements InputSig1<Location> {
         tp0 order by kind, id1, id2
       )
   }
+
+  int getTypePathLimit() { result = 10 }
 }
 
 private import Input1
@@ -135,6 +137,8 @@ private module M1 = Make1<Location, Input1>;
 
 private import M1
 
+predicate getTypePathLimit = Input1::getTypePathLimit/0;
+
 class TypePath = M1::TypePath;
 
 module TypePath = M1::TypePath;
@@ -2265,6 +2269,16 @@ private module Debug {
     result = strictcount(Type t0 | t0 = inferType(n, path))
   }
 
+  Type debugInferTypeForNodeAtLimit(AstNode n, TypePath path) {
+    result = inferType(n, path) and
+    exists(TypePath path0 | exists(inferType(n, path0)) and path0.length() >= getTypePathLimit())
+  }
+
+  predicate countTypesForNodeAtLimit(AstNode n, int c) {
+    n = getRelevantLocatable() and
+    c = strictcount(Type t, TypePath path | t = debugInferTypeForNodeAtLimit(n, path))
+  }
+
   predicate maxTypes(AstNode n, TypePath path, Type t, int c) {
     c = countTypesAtPath(n, path, t) and
     c = max(countTypesAtPath(_, _, _))

@@ -0,0 +1,20 @@
+/**
+ * @name Nodes With Type At Length Limit
+ * @description Counts the number of AST nodes with a type at the type path length limit.
+ * @kind metric
+ * @id rust/summary/nodes-at-type-path-length-limit
+ * @tags summary
+ */
+
+import rust
+import codeql.rust.internal.TypeInference
+
+from int atLimit
+where
+  atLimit =
+    count(AstNode n, TypePath path |
+      exists(inferType(n, path)) and path.length() = getTypePathLimit()
+    |
+      n
+    )
+select atLimit