From 97d3da096d057a5f00f38da622878164fbb37314 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 24 Mar 2025 13:33:05 +0000
Subject: [PATCH 1/2] Rust: Have CleartextTransmissionSink extend
 QuerySink::Range.

---
 .../codeql/rust/security/CleartextTransmissionExtensions.qll | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
index 73495cd1c0d3..192abaf3baed 100644
--- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
@@ -5,6 +5,7 @@
 
 private import codeql.util.Unit
 private import rust
+private import codeql.rust.Concepts
 private import codeql.rust.dataflow.DataFlow
 private import codeql.rust.dataflow.FlowSink
 
@@ -12,7 +13,9 @@ private import codeql.rust.dataflow.FlowSink
  * A data flow sink for cleartext transmission vulnerabilities. That is,
  * a `DataFlow::Node` of something that is transmitted over a network.
  */
-abstract class CleartextTransmissionSink extends DataFlow::Node { }
+abstract class CleartextTransmissionSink extends QuerySink::Range {
+  override string getSinkType() { result = "CleartextTransmission" }
+}
 
 /**
  * A barrier for cleartext transmission vulnerabilities.

From 9183ed5755aafb1ee3bfb477ac3f6c417aac48cc Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Mon, 24 Mar 2025 13:33:05 +0000
Subject: [PATCH 2/2] Rust: Have CleartextTransmissionSink extend
 QuerySink::Range.

---
 .../security/CleartextLoggingExtensions.qll   |  4 +-
 .../CleartextTransmissionExtensions.qll       | 51 +++++++++++--------
 .../rust/security/SqlInjectionExtensions.qll  |  4 +-
 .../security/CWE-311/CleartextTransmission.ql |  6 +--
 4 files changed, 36 insertions(+), 29 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll
index e6bbc0d2a2be..9a4bfa65a92d 100644
--- a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll
@@ -37,7 +37,7 @@ module CleartextLogging {
   private class SensitiveDataAsSource extends Source instanceof SensitiveData { }
 
   /** A sink for logging from model data. */
-  private class ModelsAsDataSinks extends Sink {
-    ModelsAsDataSinks() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) }
+  private class ModelsAsDataSink extends Sink {
+    ModelsAsDataSink() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) }
   }
 }
diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
index 192abaf3baed..bf1698b5948c 100644
--- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll
@@ -10,32 +10,39 @@ private import codeql.rust.dataflow.DataFlow
 private import codeql.rust.dataflow.FlowSink
 
 /**
- * A data flow sink for cleartext transmission vulnerabilities. That is,
- * a `DataFlow::Node` of something that is transmitted over a network.
+ * Provides default sources, sinks and barriers for detecting cleartext
+ * transmission vulnerabilities, as well as extension points for adding your
+ * own.
  */
-abstract class CleartextTransmissionSink extends QuerySink::Range {
-  override string getSinkType() { result = "CleartextTransmission" }
-}
+module CleartextTransmission {
+  /**
+   * A data flow sink for cleartext transmission vulnerabilities. That is,
+   * a `DataFlow::Node` of something that is transmitted over a network.
+   */
+  abstract class Sink extends QuerySink::Range {
+    override string getSinkType() { result = "CleartextTransmission" }
+  }
 
-/**
- * A barrier for cleartext transmission vulnerabilities.
- */
-abstract class CleartextTransmissionBarrier extends DataFlow::Node { }
+  /**
+   * A barrier for cleartext transmission vulnerabilities.
+   */
+  abstract class Barrier extends DataFlow::Node { }
 
-/**
- * A unit class for adding additional flow steps.
- */
-class CleartextTransmissionAdditionalFlowStep extends Unit {
   /**
-   * Holds if the step from `node1` to `node2` should be considered a flow
-   * step for paths related to cleartext transmission vulnerabilities.
+   * A unit class for adding additional flow steps.
    */
-  abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
-}
+  class AdditionalFlowStep extends Unit {
+    /**
+     * Holds if the step from `node1` to `node2` should be considered a flow
+     * step for paths related to cleartext transmission vulnerabilities.
+     */
+    abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo);
+  }
 
-/**
- * A sink defined through MaD.
- */
-private class MadCleartextTransmissionSink extends CleartextTransmissionSink {
-  MadCleartextTransmissionSink() { sinkNode(this, "transmission") }
+  /**
+   * A sink defined through MaD.
+   */
+  private class ModelsAsDataSink extends Sink {
+    ModelsAsDataSink() { sinkNode(this, "transmission") }
+  }
 }
diff --git a/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll
index 9c61fe4aa52d..2e65597d96b2 100644
--- a/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll
@@ -52,7 +52,7 @@ module SqlInjection {
   }
 
   /** A sink for sql-injection from model data. */
-  private class ModelsAsDataSinks extends Sink {
-    ModelsAsDataSinks() { sinkNode(this, "sql-injection") }
+  private class ModelsAsDataSink extends Sink {
+    ModelsAsDataSink() { sinkNode(this, "sql-injection") }
   }
 }
diff --git a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
index ccf01f6fddad..082887759f4d 100644
--- a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
+++ b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
@@ -24,12 +24,12 @@ import codeql.rust.security.CleartextTransmissionExtensions
 module CleartextTransmissionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) { node instanceof SensitiveData }
 
-  predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmissionSink }
+  predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmission::Sink }
 
-  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmissionBarrier }
+  predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmission::Barrier }
 
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    any(CleartextTransmissionAdditionalFlowStep s).step(nodeFrom, nodeTo)
+    any(CleartextTransmission::AdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
 
   predicate isBarrierIn(DataFlow::Node node) {