Rust: Make all query sinks extend QuerySink::Range and import them into Stats.qll (this ensures that sink statistics are complete).

geoffw0 · geoffw0 · commit 1acbdbaaa2ab · 2025-04-04T18:02:59.000+01:00
diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
@@ -7,12 +7,15 @@ private import codeql.util.Unit
 private import rust
 private import codeql.rust.dataflow.DataFlow
 private import codeql.rust.dataflow.FlowSink
+private import codeql.rust.Concepts
 
 /**
  * A data flow sink for cleartext transmission vulnerabilities. That is,
  * a `DataFlow::Node` of something that is transmitted over a network.
  */
-abstract class CleartextTransmissionSink extends DataFlow::Node { }
+abstract class CleartextTransmissionSink extends QuerySink::Range {
+  override string getSinkType() { result = "CleartextTransmission" }
+}
 
 /**
  * A barrier for cleartext transmission vulnerabilities.
diff --git a/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll b/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll
@@ -23,7 +23,9 @@ module TaintedPath {
   /**
    * A data flow sink for path injection vulnerabilities.
    */
-  abstract class Sink extends DataFlow::Node { }
+  abstract class Sink extends QuerySink::Range {
+    override string getSinkType() { result = "TaintedPath" }
+  }
 
   /**
    * A barrier for path injection vulnerabilities.
diff --git a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll
@@ -44,6 +44,8 @@ module NormalHashFunction {
    * hashing. That is, a broken or weak hashing algorithm.
    */
   abstract class Sink extends QuerySink::Range {
+    override string getSinkType() { result = "WeakSensitiveDataHashing" }
+
     /**
      * Gets the name of the weak hashing algorithm.
      */
@@ -76,8 +78,6 @@ module NormalHashFunction {
   class WeakHashingOperationInputAsSink extends Sink {
     Cryptography::HashingAlgorithm algorithm;
 
-    override string getSinkType() { result = "WeakSensitiveDataHashing" }
-
     WeakHashingOperationInputAsSink() {
       exists(Cryptography::CryptographicOperation operation |
         algorithm.isWeak() and
diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll
@@ -15,10 +15,12 @@ private import codeql.rust.Diagnostics
 private import codeql.rust.security.SensitiveData
 private import TaintReach
 // import all query extensions files, so that all extensions of `QuerySink` are found
+private import codeql.rust.security.regex.RegexInjectionExtensions
 private import codeql.rust.security.CleartextLoggingExtensions
+private import codeql.rust.security.CleartextTransmissionExtensions
 private import codeql.rust.security.SqlInjectionExtensions
+private import codeql.rust.security.TaintedPathExtensions
 private import codeql.rust.security.WeakSensitiveDataHashingExtensions
-private import codeql.rust.security.regex.RegexInjectionExtensions
 
 /**
  * Gets a count of the total number of lines of code in the database.
