Merge pull request #20042 from geoffw0/sinknoise

geoffw0 · web-flow · commit d264fb58656a · 2025-07-16T08:36:16.000+01:00
Rust: Make rust/summary/query-sinks less noisy
diff --git a/rust/ql/src/queries/summary/QuerySinks.ql b/rust/ql/src/queries/summary/QuerySinks.ql
@@ -2,7 +2,8 @@
  * @name Query Sinks
  * @description Lists query sinks that are found in the database. Query sinks are flow sinks that
  *              are used as possible locations for query results. Cryptographic operations are
- *              excluded (see `rust/summary/cryptographic-operations` instead).
+ *              excluded (see `rust/summary/cryptographic-operations` instead), as are certain
+ *              sink types that are ubiquitous in most code.
  * @kind problem
  * @problem.severity info
  * @id rust/summary/query-sinks
@@ -13,6 +14,11 @@ import rust
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.Concepts
 import Stats
+import codeql.rust.security.AccessInvalidPointerExtensions
+import codeql.rust.security.CleartextLoggingExtensions
 
 from QuerySink s
+where
+  not s instanceof AccessInvalidPointer::Sink and
+  not s instanceof CleartextLogging::Sink
 select s, "Sink for " + concat(s.getSinkType(), ", ") + "."
