codeql icon indicating copy to clipboard operation
codeql copied to clipboard
verified publisher icon github

[Rust] Proc macro expansion support

Open drank40 opened this issue 2 months ago • 4 comments

Hello, is there any way or are you planning to implement analysis on expanded proc macros? Im currently trying codeQL on Anchor, which makes heavy use of proc macros.

When running a simple test, I see that by default, codeQL doesn't fully resolve references that exist in the expanded code, meaning i only get a reference to the macro that generated the referenced code, but I dont know which part of the macro is to blame (i used cargo expand) to test that. It seems though that placing the expanded file in the root dir does indeed make it be analyzed, but I dont know if this fully supported at the moment.

Is there a better way to do this?

drank40 avatar Oct 19 '25 11:10 drank40

Hi.

The Rust extractor should be expanding all macros, including procedural macros. Do you have a link to a run where this does not happen?

hvitved avatar Oct 20 '25 12:10 hvitved

Perhaps I misunderstood; If you are asking whether we can show results inside expanded macros, using the expanded source code, then the answer is no. While we do have the AST of the expanded macros, we only have locations of the original source code for use in alerts.

hvitved avatar Oct 21 '25 13:10 hvitved

Yep, should have been clearer sorry. I see, do you plan to implement that at any point?

drank40 avatar Nov 07 '25 04:11 drank40

I see, do you plan to implement that at any point?

No plans, sorry.

hvitved avatar Nov 07 '25 08:11 hvitved