From 26dae8144c571f8d1ed3328ec7d287e37dbb07e2 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 14 Jul 2025 17:24:06 +0100
Subject: [PATCH] Rust: Make rust/summary/query-sinks less noisy and thus more
 useful.  This is the one in the DCA meta queries output, not the grand total
 used in metrics.

---
 rust/ql/src/queries/summary/QuerySinks.ql | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/rust/ql/src/queries/summary/QuerySinks.ql b/rust/ql/src/queries/summary/QuerySinks.ql
index a94ab2f8e804..714f5a8ab745 100644
--- a/rust/ql/src/queries/summary/QuerySinks.ql
+++ b/rust/ql/src/queries/summary/QuerySinks.ql
@@ -2,7 +2,8 @@
  * @name Query Sinks
  * @description Lists query sinks that are found in the database. Query sinks are flow sinks that
  *              are used as possible locations for query results. Cryptographic operations are
- *              excluded (see `rust/summary/cryptographic-operations` instead).
+ *              excluded (see `rust/summary/cryptographic-operations` instead), as are certain
+ *              sink types that are ubiquitous in most code.
  * @kind problem
  * @problem.severity info
  * @id rust/summary/query-sinks
@@ -13,6 +14,11 @@ import rust
 import codeql.rust.dataflow.DataFlow
 import codeql.rust.Concepts
 import Stats
+import codeql.rust.security.AccessInvalidPointerExtensions
+import codeql.rust.security.CleartextLoggingExtensions
 
 from QuerySink s
+where
+  not s instanceof AccessInvalidPointer::Sink and
+  not s instanceof CleartextLogging::Sink
 select s, "Sink for " + concat(s.getSinkType(), ", ") + "."