From eb674d08d63c48e9beb4f94e773cb5281b801540 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Fri, 21 Nov 2025 18:45:47 +0000
Subject: [PATCH] Rust: Reinstate the original function names model but call it
 a heuristic now.

---
 .../lib/codeql/rust/frameworks/attohttpc.model.yml  | 13 -------------
 .../security/DisabledCertificateCheckExtensions.qll | 13 +++++++++++++
 2 files changed, 13 insertions(+), 13 deletions(-)
 delete mode 100644 rust/ql/lib/codeql/rust/frameworks/attohttpc.model.yml

diff --git a/rust/ql/lib/codeql/rust/frameworks/attohttpc.model.yml b/rust/ql/lib/codeql/rust/frameworks/attohttpc.model.yml
deleted file mode 100644
index 47e1beb3925..00000000000
--- a/rust/ql/lib/codeql/rust/frameworks/attohttpc.model.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/rust-all
-      extensible: sinkModel
-    data:
-      - ["<attohttpc::request::session::Session>::danger_accept_invalid_certs", "Argument[0]", "disable-certificate", "manual"]
-      - ["<attohttpc::request::session::Session>::danger_accept_invalid_hostnames", "Argument[0]", "disable-certificate", "manual"]
-      - ["<attohttpc::request::builder::RequestBuilder>::danger_accept_invalid_certs", "Argument[0]", "disable-certificate", "manual"]
-      - ["<attohttpc::request::builder::RequestBuilder>::danger_accept_invalid_hostnames", "Argument[0]", "disable-certificate", "manual"]
-      - ["<attohttpc::tls::native_tls_impl::TlsHandshaker>::danger_accept_invalid_certs", "Argument[0]", "disable-certificate", "manual"]
-      - ["<attohttpc::tls::native_tls_impl::TlsHandshaker>::danger_accept_invalid_hostnames", "Argument[0]", "disable-certificate", "manual"]
-      - ["<attohttpc::tls::rustls_impl::TlsHandshaker>::danger_accept_invalid_certs", "Argument[0]", "disable-certificate", "manual"]
-      - ["<attohttpc::tls::rustls_impl::TlsHandshaker>::danger_accept_invalid_hostnames", "Argument[0]", "disable-certificate", "manual"]
diff --git a/rust/ql/lib/codeql/rust/security/DisabledCertificateCheckExtensions.qll b/rust/ql/lib/codeql/rust/security/DisabledCertificateCheckExtensions.qll
index 08cf20670d6..67efbc5b5ad 100644
--- a/rust/ql/lib/codeql/rust/security/DisabledCertificateCheckExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/DisabledCertificateCheckExtensions.qll
@@ -26,4 +26,17 @@ module DisabledCertificateCheckExtensions {
   private class ModelsAsDataSink extends Sink {
     ModelsAsDataSink() { sinkNode(this, "disable-certificate") }
   }
+
+  /**
+   * A heuristic sink for disabled certificate check vulnerabilities based on function names.
+   */
+  private class HeuristicSink extends Sink {
+    HeuristicSink() {
+      exists(CallExprBase fc |
+        fc.getStaticTarget().(Function).getName().getText() =
+          ["danger_accept_invalid_certs", "danger_accept_invalid_hostnames"] and
+        fc.getArg(0) = this.asExpr()
+      )
+    }
+  }
 }