Fix CallGraph queries to use resolved target entities instead of name-based matching

Agent-Logs-Url: https://github.com/advanced-security/codeql-development-mcp-server/sessions/8ce53ee0-dea8-4a8f-b300-436d11463003

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

Author: Copilot

server/ql/rust/tools/src/CallGraphFrom/CallGraphFrom.md

@@ -33,7 +33,7 @@ fn source_func() {  // Source function for analysis
 }
 ```
 
-Running with `sourceFunction = "source_func"` produces results showing each call site with the message pattern ``Call from `source_func` to `helper1```.
+Running with `sourceFunction = "source_func"` produces results showing each call site with the message pattern ``Call from `source_func` to `helper1` ``.
 
 ## Output Format
 

server/ql/rust/tools/src/CallGraphFrom/CallGraphFrom.ql

@@ -17,6 +17,11 @@ string getSourceFunctionName() {
   exists(string s | sourceFunction(s) | result = s.splitAt(",").trim())
 }
 
+/**
+ * Gets a function by matching against the selected source function names.
+ */
+Function getSourceFunction() { result.getName().getText() = getSourceFunctionName() }
+
 /**
  * Gets the name of the called function.
  */
@@ -29,5 +34,5 @@ string getCalleeName(CallExpr call) {
 from CallExpr call, Function source
 where
   call.getEnclosingCallable() = source and
-  source.getName().getText() = getSourceFunctionName()
+  source = getSourceFunction()
 select call, "Call from `" + source.getName().getText() + "` to `" + getCalleeName(call) + "`"

server/ql/rust/tools/src/CallGraphFromTo/CallGraphFromTo.md

@@ -33,7 +33,7 @@ fn source() {
 }
 ```
 
-Running with `sourceFunction = "source"` and `targetFunction = "target"` produces results showing each call site on the path with the message pattern ``Reachable call from `intermediate` to `target```.
+Running with `sourceFunction = "source"` and `targetFunction = "target"` produces results showing each call site on the path with the message pattern ``Reachable call from `intermediate` to `target` ``.
 
 ## Output Format
 

server/ql/rust/tools/src/CallGraphFromTo/CallGraphFromTo.ql

@@ -25,12 +25,22 @@ string getTargetFunctionName() {
 }
 
 /**
- * Holds if function `caller` directly calls function `callee` by name.
+ * Gets a function by matching against the selected source function names.
+ */
+Function getSourceFunction() { result.getName().getText() = getSourceFunctionName() }
+
+/**
+ * Gets a function by matching against the selected target function names.
+ */
+Function getTargetFunction() { result.getName().getText() = getTargetFunctionName() }
+
+/**
+ * Holds if function `caller` directly calls function `callee`.
  */
 predicate calls(Function caller_, Function callee_) {
   exists(CallExpr c |
     c.getEnclosingCallable() = caller_ and
-    c.getResolvedTarget().(Function).getName().getText() = callee_.getName().getText()
+    c.getResolvedTarget().(Function) = callee_
   )
 }
 
@@ -47,11 +57,11 @@ from CallExpr call, Function caller
 where
   call.getEnclosingCallable() = caller and
   exists(Function source, Function target |
-    source.getName().getText() = getSourceFunctionName() and
-    target.getName().getText() = getTargetFunctionName() and
+    source = getSourceFunction() and
+    target = getTargetFunction() and
     calls*(source, caller) and
     exists(Function callee |
-      call.getResolvedTarget().(Function).getName().getText() = callee.getName().getText() and
+      call.getResolvedTarget().(Function) = callee and
       calls*(callee, target)
     )
   )

server/ql/rust/tools/src/CallGraphTo/CallGraphTo.md

@@ -32,7 +32,7 @@ fn caller2() {
 }
 ```
 
-Running with `targetFunction = "target_func"` produces results showing each call site with the message pattern ``Call to `target_func` from `caller1```.
+Running with `targetFunction = "target_func"` produces results showing each call site with the message pattern ``Call to `target_func` from `caller1` ``.
 
 ## Output Format
 

server/ql/rust/tools/src/CallGraphTo/CallGraphTo.ql

@@ -17,6 +17,11 @@ string getTargetFunctionName() {
   exists(string s | targetFunction(s) | result = s.splitAt(",").trim())
 }
 
+/**
+ * Gets a function by matching against the selected target function names.
+ */
+Function getTargetFunction() { result.getName().getText() = getTargetFunctionName() }
+
 /**
  * Gets the caller name for a call expression.
  */
@@ -35,6 +40,8 @@ string getCalleeName(CallExpr call) {
   else result = call.toString()
 }
 
-from CallExpr call
-where call.getResolvedTarget().(Function).getName().getText() = getTargetFunctionName()
+from CallExpr call, Function target
+where
+  target = getTargetFunction() and
+  call.getResolvedTarget() = target
 select call, "Call to `" + getCalleeName(call) + "` from `" + getCallerName(call) + "`"