Rust: Remove visibility check in path resolution

[hvitved]

Visibility checking was originally introduced to reduce the number of path resolution inconsistencies. However, the current implementation is too restrictive, and my attempt to make it less restrictive is still not good enough.

So, instead I have come to the conclusion that we are better off without visibility checking. This also aligns with our general assumption that programs are valid, for instance our type inference logic does not actually check that the program is well-typed.

DCA shows that we gain an additional 4 % true-positive call edges (up 617,811 from 593,987).

[Copilot]

Pull Request Overview

This PR removes visibility checks during Rust path resolution and updates related test expectations to reflect the broader resolution scope. Key changes include:

• Removal of isPublic/resolvePathPrivate logic and related predicates.
• Replacement of resolvePath1 with resolvePathFull and updated resolvePath to favor source functions.
• Updated expected outputs in consistency and dataflow tests to account for additional resolutions.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
rust/ql/test/query-tests/security/CWE-022/CONSISTENCY/PathResolutionConsistency.expected	Expanded expected path resolutions across multiple locations
rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected	Added extra dataflow edges/nodes for inlined wrapper clones
rust/ql/lib/codeql/rust/internal/PathResolution.qll	Removed visibility‐based filtering, introduced resolvePathFull

Comments suppressed due to low confidence (2)

rust/ql/lib/codeql/rust/internal/PathResolution.qll:1066

• [nitpick] No tests appear to cover the new resolvesSourceFunction predicate or the updated resolvePath filtering when both library and source functions are present. Add a test case where a function exists in source and in a dependency to verify that only the source version is returned.

private predicate resolvesSourceFunction(RelevantPath path) {

rust/ql/lib/codeql/rust/internal/PathResolution.qll:1134

• Using resolvePathFull here bypasses the filtering and caching logic in resolvePath (which prioritizes source functions and applies extractor workarounds). Consider calling resolvePath(path) or applying the same post-filter to maintain consistent behavior for use-tree imports.

result = resolvePathFull(tree.getPath())

[paldepind]

Great :) Definitely seems nicer to have an over approximation than an under approximation.