github
diff --git a/‎rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md‎
Lines changed: 4 additions & 0 deletions b/‎rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml‎
Lines changed: 13 additions & 0 deletions b/‎rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎rust/ql/test/query-tests/security/CWE-117/CONSISTENCY/PathResolutionConsistency.expected‎
Lines changed: 2 additions & 0 deletions b/‎rust/ql/test/query-tests/security/CWE-117/CONSISTENCY/PathResolutionConsistency.expected‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎rust/ql/test/query-tests/security/CWE-117/Cargo.lock‎
Lines changed: 125 additions & 4 deletions b/‎rust/ql/test/query-tests/security/CWE-117/Cargo.lock‎
Lines changed: 125 additions & 4 deletions
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results.
@@ -102,6 +102,9 @@ extensions:
       - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[self]", "ReturnValue", "taint", "manual"]
       - ["<_ as core::iter::traits::iterator::Iterator>::chain", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["<_ as core::iter::traits::iterator::Iterator>::take", "Argument[self]", "ReturnValue", "taint", "manual"]
+      # Option
+      - ["<core::option::Option>::map", "Argument[self].Field[core::option::Option::Some(0)]", "Argument[0].Parameter[0]", "value", "manual"]
+      - ["<core::option::Option>::map", "Argument[0].ReturnValue", "ReturnValue.Field[core::option::Option::Some(0)]", "value", "manual"]
       # Pin
       - ["<core::pin::Pin>::new", "Argument[0]", "ReturnValue.Field[core::pin::Pin::pointer]", "value", "manual"]
       # This model is not precise, but helps in cases where a `Pin` is implicitly dereferenced.
@@ -157,6 +160,16 @@ extensions:
       - ["core::ptr::write_bytes", "Argument[0]", "pointer-access", "manual"]
       - ["core::ptr::write_unaligned", "Argument[0]", "pointer-access", "manual"]
       - ["core::ptr::write_volatile", "Argument[0]", "pointer-access", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: neutralModel
+    data:
+      - ["<core::option::Option>::map", "sink", "manual"]
+      - ["<alloc::vec::Vec as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::collections::vec_deque::VecDeque as core::convert::From>::from", "sink", "manual"]
+      - ["<std::io::error::Error as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::sync::Arc as core::convert::From>::from", "sink", "manual"]
+      - ["<alloc::rc::Rc as core::convert::From>::from", "sink", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: excludeFieldTaintStep
 
@@ -0,0 +1,2 @@
+multipleResolvedTargets
+| main.rs:123:28:123:48 | ...::from(...) |
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+multipleResolvedTargets`
	`2`	`+\| main.rs:123:28:123:48 \| ...::from(...) \|`