Rust: Make rust/summary/query-sinks less noisy and thus more useful. This is the one in the DCA meta queries output, not the grand total used in metrics.

2026-04-25 00:35:20 +02:00 · 2025-07-14 17:24:06 +01:00
parent b43a0e758b
commit 26dae8144c
1 changed files with 7 additions and 1 deletions
--- a/rust/ql/src/queries/summary/QuerySinks.ql
+++ b/rust/ql/src/queries/summary/QuerySinks.ql
@@ -2,7 +2,8 @@
 * @name Query Sinks
 * @description Lists query sinks that are found in the database. Query sinks are flow sinks that
 *              are used as possible locations for query results. Cryptographic operations are
- *              excluded (see `rust/summary/cryptographic-operations` instead).
+ *              excluded (see `rust/summary/cryptographic-operations` instead), as are certain
+ *              sink types that are ubiquitous in most code.
 * @kind problem
 * @problem.severity info
 * @id rust/summary/query-sinks
@@ -13,6 +14,11 @@ import rust
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.Concepts
 import Stats
+import codeql.rust.security.AccessInvalidPointerExtensions
+import codeql.rust.security.CleartextLoggingExtensions

 from QuerySink s
+where
+  not s instanceof AccessInvalidPointer::Sink and
+  not s instanceof CleartextLogging::Sink
 select s, "Sink for " + concat(s.getSinkType(), ", ") + "."