From 6c024a5f9ebb98c8d7c9dd4624a755913246a081 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 4 Aug 2025 19:28:40 +0100
Subject: [PATCH 1/3] Rust: Remove unnecessary pattern matching in cleartext
 logging query sinks (probably inherited from another query or language where
 it is used).

---
 rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll
index 044236bc03c1..0961efd553fd 100644
--- a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll
@@ -40,6 +40,6 @@ module CleartextLogging {
    * A sink for logging from model data.
    */
   private class ModelsAsDataSink extends Sink {
-    ModelsAsDataSink() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) }
+    ModelsAsDataSink() { sinkNode(this, "log-injection") }
   }
 }

From 0a49b65887391a04a489693905f770d8a9dfae9f Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 4 Aug 2025 19:47:33 +0100
Subject: [PATCH 2/3] Rust: Make the rust/cleartext-transmission alert message
 more consistent with similar queries.

---
 .../queries/security/CWE-311/CleartextTransmission.ql  |  4 ++--
 .../security/CWE-311/CleartextTransmission.expected    | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
index 508937533899..50bf96f05738 100644
--- a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
+++ b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
@@ -48,6 +48,6 @@ import CleartextTransmissionFlow::PathGraph
 from CleartextTransmissionFlow::PathNode sourceNode, CleartextTransmissionFlow::PathNode sinkNode
 where CleartextTransmissionFlow::flowPath(sourceNode, sinkNode)
 select sinkNode.getNode(), sourceNode, sinkNode,
-  "The operation '" + sinkNode.getNode().toString() +
-    "', transmits data which may contain unencrypted sensitive data from $@.", sourceNode,
+  "This '" + sinkNode.getNode().toString() +
+    "' operation transmits data which may contain unencrypted sensitive data from $@.", sourceNode,
   sourceNode.getNode().toString()
diff --git a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected
index 5f5ddd261b62..0a229c72d757 100644
--- a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected
+++ b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected
@@ -1,9 +1,9 @@
 #select
-| main.rs:7:5:7:26 | ...::get | main.rs:6:50:6:57 | password | main.rs:7:5:7:26 | ...::get | The operation '...::get', transmits data which may contain unencrypted sensitive data from $@. | main.rs:6:50:6:57 | password | password |
-| main.rs:14:5:14:26 | ...::get | main.rs:12:50:12:57 | password | main.rs:14:5:14:26 | ...::get | The operation '...::get', transmits data which may contain unencrypted sensitive data from $@. | main.rs:12:50:12:57 | password | password |
-| main.rs:21:12:21:15 | post | main.rs:19:50:19:57 | password | main.rs:21:12:21:15 | post | The operation 'post', transmits data which may contain unencrypted sensitive data from $@. | main.rs:19:50:19:57 | password | password |
-| main.rs:28:12:28:18 | request | main.rs:26:50:26:57 | password | main.rs:28:12:28:18 | request | The operation 'request', transmits data which may contain unencrypted sensitive data from $@. | main.rs:26:50:26:57 | password | password |
-| main.rs:35:12:35:18 | request | main.rs:33:50:33:57 | password | main.rs:35:12:35:18 | request | The operation 'request', transmits data which may contain unencrypted sensitive data from $@. | main.rs:33:50:33:57 | password | password |
+| main.rs:7:5:7:26 | ...::get | main.rs:6:50:6:57 | password | main.rs:7:5:7:26 | ...::get | This '...::get' operation transmits data which may contain unencrypted sensitive data from $@. | main.rs:6:50:6:57 | password | password |
+| main.rs:14:5:14:26 | ...::get | main.rs:12:50:12:57 | password | main.rs:14:5:14:26 | ...::get | This '...::get' operation transmits data which may contain unencrypted sensitive data from $@. | main.rs:12:50:12:57 | password | password |
+| main.rs:21:12:21:15 | post | main.rs:19:50:19:57 | password | main.rs:21:12:21:15 | post | This 'post' operation transmits data which may contain unencrypted sensitive data from $@. | main.rs:19:50:19:57 | password | password |
+| main.rs:28:12:28:18 | request | main.rs:26:50:26:57 | password | main.rs:28:12:28:18 | request | This 'request' operation transmits data which may contain unencrypted sensitive data from $@. | main.rs:26:50:26:57 | password | password |
+| main.rs:35:12:35:18 | request | main.rs:33:50:33:57 | password | main.rs:35:12:35:18 | request | This 'request' operation transmits data which may contain unencrypted sensitive data from $@. | main.rs:33:50:33:57 | password | password |
 edges
 | main.rs:6:9:6:11 | url | main.rs:7:28:7:30 | url | provenance |  |
 | main.rs:6:15:6:58 | res | main.rs:6:23:6:57 | { ... } | provenance |  |

From dcda6db88b1c9f1745f15bb86523521961e9b37d Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 4 Aug 2025 19:51:34 +0100
Subject: [PATCH 3/3] Rust: Lets not try to maintain this list.

---
 rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
index be72255f7934..7f8df8d144ba 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
@@ -68,9 +68,8 @@ extensible predicate sourceModel(
  *
  * For example, `input = Argument[0]` means the first argument of the call.
  *
- * The following kinds are supported:
- *
- * - `sql-injection`: a flow sink for SQL injection.
+ * The sink kinds supported by queries can be found by searching for uses of
+ * the `sinkNode` predicate.
  */
 extensible predicate sinkModel(
   string path, string input, string kind, string provenance, QlBuiltins::ExtensionId madId