From 40f629ebe63257778813cbca9bc0c0874014a7f0 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Mon, 1 Dec 2025 14:51:44 +0100
Subject: [PATCH 01/12] Rust: Add barriers  for `rust/access-invalid-pointer`

---
 .../AccessAfterLifetimeExtensions.qll         | 21 ++++++-
 .../AccessInvalidPointerExtensions.qll        | 55 ++++++++++++++++---
 rust/ql/src/queries/summary/Stats.qll         |  1 +
 3 files changed, 67 insertions(+), 10 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll
index 06438fef0c8f..3b589bb0d86b 100644
--- a/rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll
@@ -4,7 +4,9 @@
  */
 
 import rust
+private import codeql.rust.Concepts
 private import codeql.rust.dataflow.DataFlow
+private import codeql.rust.dataflow.FlowSink
 private import codeql.rust.security.AccessInvalidPointerExtensions
 private import codeql.rust.internal.Type
 private import codeql.rust.internal.TypeInference as TypeInference
@@ -29,10 +31,11 @@ module AccessAfterLifetime {
 
   /**
    * A data flow sink for accesses to a pointer after its lifetime has ended,
-   * that is, a dereference. We re-use the same sinks as for the accesses to
-   * invalid pointers query.
+   * that is, a dereference.
    */
-  class Sink = AccessInvalidPointer::Sink;
+  abstract class Sink extends QuerySink::Range {
+    override string getSinkType() { result = "AccessAfterLifetime" }
+  }
 
   /**
    * A barrier for accesses to a pointer after its lifetime has ended.
@@ -117,6 +120,18 @@ module AccessAfterLifetime {
     override Expr getTarget() { result = targetValue }
   }
 
+  /**
+   * A pointer access using the unary `*` operator.
+   */
+  private class DereferenceSink extends Sink {
+    DereferenceSink() { any(DerefExpr p).getExpr() = this.asExpr() }
+  }
+
+  /** A pointer access from model data. */
+  private class ModelsAsDataSink extends Sink {
+    ModelsAsDataSink() { sinkNode(this, "pointer-access") }
+  }
+
   /**
    * A barrier for nodes inside closures, as we don't model lifetimes of
    * variables through closures properly.
diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll
index b8b40ffa2578..ad4a5cbda56d 100644
--- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll
@@ -4,12 +4,15 @@
  */
 
 import rust
+private import codeql.rust.elements.Call
 private import codeql.rust.dataflow.DataFlow
 private import codeql.rust.dataflow.FlowSource
 private import codeql.rust.dataflow.FlowSink
 private import codeql.rust.Concepts
 private import codeql.rust.dataflow.internal.Node
 private import codeql.rust.security.Barriers as Barriers
+private import codeql.rust.internal.TypeInference as TypeInference
+private import codeql.rust.internal.Type
 
 /**
  * Provides default sources, sinks and barriers for detecting accesses to
@@ -47,20 +50,58 @@ module AccessInvalidPointer {
     ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") }
   }
 
-  /**
-   * A pointer access using the unary `*` operator.
-   */
+  /** A raw pointer access using the unary `*` operator. */
   private class DereferenceSink extends Sink {
-    DereferenceSink() { any(DerefExpr p).getExpr() = this.asExpr() }
+    DereferenceSink() {
+      exists(Expr p, DerefExpr d | p = d.getExpr() and p = this.asExpr() |
+        // Dereferencing a raw pointer is an unsafe operation. Hence relevant
+        // dereferences must occur inside code marked as unsafe.
+        // See: https://doc.rust-lang.org/reference/types/pointer.html#r-type.pointer.raw.safety
+        (p.getEnclosingBlock*().isUnsafe() or p.getEnclosingCallable().(Function).isUnsafe()) and
+        (not exists(TypeInference::inferType(p)) or TypeInference::inferType(p) instanceof PtrType)
+      )
+    }
   }
 
-  /**
-   * A pointer access from model data.
-   */
+  /** A pointer access from model data. */
   private class ModelsAsDataSink extends Sink {
     ModelsAsDataSink() { sinkNode(this, "pointer-access") }
   }
 
+  private class BarrierCall extends Barrier {
+    BarrierCall() {
+      exists(Call call, ArgumentPosition pos, string canonicalName |
+        call.getStaticTarget().getCanonicalPath() = canonicalName and
+        this.asExpr() = call.getArgument(pos)
+      |
+        canonicalName = "<core::ptr::non_null::NonNull>::new" and pos.asPosition() = 0
+      )
+    }
+  }
+
+  private class NumericTypeBarrier extends Barrier instanceof Barriers::NumericTypeBarrier { }
+
+  private class BooleanTypeBarrier extends Barrier instanceof Barriers::BooleanTypeBarrier { }
+
+  private class FieldlessEnumTypeBarrier extends Barrier instanceof Barriers::FieldlessEnumTypeBarrier
+  { }
+
+  private class DefaultBarrier extends Barrier {
+    DefaultBarrier() {
+      // A barrier for calls that statically resolve to the `Default::default`
+      // trait function. Such calls are imprecise, and can always resolve to the
+      // implementations for raw pointers that return a null pointer. This
+      // creates many false positives in combination with other inaccuracies
+      // (too many `pointer-access` sinks created by the model generator).
+      //
+      // We could try removing this barrier in the future when either 1/ the
+      // model generator creates fewer spurious sinks or 2/ data flow for calls
+      // to trait functions is more precise.
+      this.asExpr().(Call).getStaticTarget().getCanonicalPath() =
+        "<_ as core::default::Default>::default"
+    }
+  }
+
   /**
    * A barrier for invalid pointer access vulnerabilities for values checked to
    * be non-`null`.
diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll
index d06389fb6a77..64368db22b82 100644
--- a/rust/ql/src/queries/summary/Stats.qll
+++ b/rust/ql/src/queries/summary/Stats.qll
@@ -18,6 +18,7 @@ private import codeql.rust.security.SensitiveData
 private import TaintReach
 // import all query extensions files, so that all extensions of `QuerySink` are found
 private import codeql.rust.security.regex.RegexInjectionExtensions
+private import codeql.rust.security.AccessAfterLifetimeExtensions
 private import codeql.rust.security.AccessInvalidPointerExtensions
 private import codeql.rust.security.CleartextLoggingExtensions
 private import codeql.rust.security.CleartextStorageDatabaseExtensions

From 35cf6574121175fff9d8140153c0d27189bec6e0 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Wed, 3 Dec 2025 09:56:26 +0100
Subject: [PATCH 02/12] WIP

---
 .../AccessAfterLifetimeExtensions.qll         | 31 +++++++++----------
 .../security/CWE-825/AccessAfterLifetime.ql   |  6 ++--
 2 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll
index 3b589bb0d86b..1c2ca95d3342 100644
--- a/rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/AccessAfterLifetimeExtensions.qll
@@ -31,12 +31,18 @@ module AccessAfterLifetime {
 
   /**
    * A data flow sink for accesses to a pointer after its lifetime has ended,
-   * that is, a dereference.
+   * that is, a dereference. We re-use the same sinks as for the accesses to
+   * invalid pointers query.
    */
-  abstract class Sink extends QuerySink::Range {
-    override string getSinkType() { result = "AccessAfterLifetime" }
-  }
+  class Sink = AccessInvalidPointer::Sink;
 
+  // /**
+  //  * A data flow sink for accesses to a pointer after its lifetime has ended,
+  //  * that is, a dereference.
+  //  */
+  // abstract class Sink extends QuerySink::Range {
+  //   override string getSinkType() { result = "AccessAfterLifetime" }
+  // }
   /**
    * A barrier for accesses to a pointer after its lifetime has ended.
    */
@@ -115,23 +121,14 @@ module AccessAfterLifetime {
   private class RefExprSource extends Source {
     Expr targetValue;
 
-    RefExprSource() { this.asExpr().(RefExpr).getExpr() = targetValue }
+    RefExprSource() {
+      this.asExpr().(RefExpr).getExpr() = targetValue and
+      this.asExpr().(RefExpr).isRaw()
+    }
 
     override Expr getTarget() { result = targetValue }
   }
 
-  /**
-   * A pointer access using the unary `*` operator.
-   */
-  private class DereferenceSink extends Sink {
-    DereferenceSink() { any(DerefExpr p).getExpr() = this.asExpr() }
-  }
-
-  /** A pointer access from model data. */
-  private class ModelsAsDataSink extends Sink {
-    ModelsAsDataSink() { sinkNode(this, "pointer-access") }
-  }
-
   /**
    * A barrier for nodes inside closures, as we don't model lifetimes of
    * variables through closures properly.
diff --git a/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql b/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql
index b9bf80c94749..dd5bb816d8f8 100644
--- a/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql
+++ b/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql
@@ -26,7 +26,8 @@ module AccessAfterLifetimeConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) {
     node instanceof AccessAfterLifetime::Source and
     // exclude cases with sources in macros, since these results are difficult to interpret
-    not node.asExpr().isFromMacroExpansion()
+    not node.asExpr().isFromMacroExpansion() and
+    AccessAfterLifetime::sourceValueScope(node, _, _)
   }
 
   predicate isSink(DataFlow::Node node) {
@@ -36,7 +37,8 @@ module AccessAfterLifetimeConfig implements DataFlow::ConfigSig {
     // include only results inside `unsafe` blocks, as other results tend to be false positives
     (
       node.asExpr().getEnclosingBlock*().isUnsafe() or
-      node.asExpr().getEnclosingCallable().(Function).isUnsafe()
+      node.asExpr().getEnclosingCallable().(Function).isUnsafe() or
+      not exists(node.asExpr())
     )
   }
 

From 809bb288c6f3c86d10436dc26417f892e68015a5 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Thu, 20 Nov 2025 17:12:25 +0100
Subject: [PATCH 03/12] Rust: Lift content reads as taint steps

---
 .../dataflow/internal/TaintTrackingImpl.qll   | 24 +++++++++++++++----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
index 544bed64730f..6b998b89bb8a 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
@@ -7,6 +7,9 @@ private import Node as Node
 private import Content
 private import FlowSummaryImpl as FlowSummaryImpl
 private import codeql.rust.internal.CachedStages
+private import codeql.rust.internal.TypeInference as TypeInference
+private import codeql.rust.internal.Type as Type
+private import codeql.rust.frameworks.stdlib.Builtins as Builtins
 
 module RustTaintTracking implements InputSig<Location, RustDataFlow> {
   predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
@@ -40,11 +43,22 @@ module RustTaintTracking implements InputSig<Location, RustDataFlow> {
         succ.asExpr() = index
       )
       or
-      // Although data flow through collections and references is modeled using
-      // stores/reads, we also allow taint to flow out of a tainted collection
-      // or reference.
-      // This is needed in order to support taint-tracking configurations where
-      // the source is a collection or reference.
+      // Read steps give rise to taint steps. This has the effect that if `foo`
+      // is tainted and an operation reads from `foo` (e.g., `foo.bar`) then
+      // taint is propagated. We limit this to not apply if the type of the
+      // operation is a small primitive type as these are often uninteresting
+      // (for instance in the case of an injection query).
+      RustDataFlow::readContentStep(pred, _, succ) and
+      not exists(Struct s |
+        s = TypeInference::inferType(succ.asExpr()).(Type::StructType).getStruct()
+      |
+        s instanceof Builtins::NumericType or
+        s instanceof Builtins::Bool or
+        s instanceof Builtins::Char
+      )
+      or
+      // Let all read steps (including those from flow summaries and those that
+      // result in small primitive types) give rise to taint steps.
       exists(SingletonContentSet cs | RustDataFlow::readStep(pred, cs, succ) |
         cs.getContent() instanceof ElementContent
         or

From 970109aadd6a5a2b74d9b5431bf4a6db646ff2a5 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Fri, 21 Nov 2025 12:44:59 +0100
Subject: [PATCH 04/12] Rust: Remov unneeded model

---
 rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml b/rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml
index 17b76e137d82..bef64edf68d6 100644
--- a/rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml
@@ -15,9 +15,4 @@ extensions:
       pack: codeql/rust-all
       extensible: summaryModel
     data:
-        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue", "taint", "manual"]
-        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[0]", "taint", "manual"]
-        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[1]", "taint", "manual"]
-        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[2]", "taint", "manual"]
-        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[3]", "taint", "manual"]
-        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue.Field[4]", "taint", "manual"]
\ No newline at end of file
+        - ["<actix_web::types::path::Path>::into_inner", "Argument[self]", "ReturnValue", "taint", "manual"]
\ No newline at end of file

From a0248befc699ca549016199a25d357466614ba0d Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Fri, 21 Nov 2025 12:28:04 +0100
Subject: [PATCH 05/12] Rust: Update tests and expected files

---
 .../sources/database/InlineFlow.expected      |  28 ++++
 .../dataflow/sources/database/test.rs         |   8 +-
 .../dataflow/sources/env/InlineFlow.expected  |  66 ++++++---
 .../dataflow/sources/env/test.rs              |   8 +-
 .../dataflow/sources/file/InlineFlow.expected |  15 ++
 .../dataflow/sources/net/InlineFlow.expected  | 129 +++++++++--------
 .../dataflow/sources/net/test.rs              |   2 +-
 .../web_frameworks/InlineFlow.expected        | 130 +++++++-----------
 .../dataflow/sources/web_frameworks/test.rs   |  14 +-
 .../CWE-825/AccessAfterLifetime.expected      |  26 ++++
 10 files changed, 250 insertions(+), 176 deletions(-)

diff --git a/rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected
index db1e69c43fb5..1264446cb817 100644
--- a/rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected
@@ -50,6 +50,8 @@ edges
 | test.rs:42:20:42:21 | t1 [element] | test.rs:42:13:42:15 | row | provenance |  |
 | test.rs:48:22:48:30 | query_map | test.rs:50:14:50:24 | ...: i64 | provenance | Src:MaD:3  |
 | test.rs:50:14:50:24 | ...: i64 | test.rs:51:22:51:27 | values | provenance |  |
+| test.rs:55:22:55:30 | query_map | test.rs:57:14:57:39 | ...: ... | provenance | Src:MaD:3  |
+| test.rs:57:14:57:39 | ...: ... | test.rs:59:22:59:29 | values.1 | provenance |  |
 | test.rs:64:13:64:17 | total | test.rs:68:14:68:18 | total | provenance |  |
 | test.rs:64:21:67:10 | conn.query_fold(...) [Ok] | test.rs:64:21:67:11 | TryExpr | provenance |  |
 | test.rs:64:21:67:11 | TryExpr | test.rs:64:13:64:17 | total | provenance |  |
@@ -62,6 +64,9 @@ edges
 | test.rs:66:19:66:21 | row | test.rs:66:13:66:21 | ... + ... | provenance | MaD:11 |
 | test.rs:66:19:66:21 | row | test.rs:66:13:66:21 | ... + ... | provenance | MaD:12 |
 | test.rs:66:19:66:21 | row | test.rs:66:13:66:21 | ... + ... | provenance | MaD:15 |
+| test.rs:70:22:70:31 | query_fold | test.rs:70:83:70:105 | ...: ... | provenance | Src:MaD:2  |
+| test.rs:70:83:70:105 | ...: ... | test.rs:72:17:72:20 | name | provenance |  |
+| test.rs:72:17:72:20 | name | test.rs:75:18:75:21 | name | provenance |  |
 | test.rs:105:13:105:14 | v1 | test.rs:106:14:106:15 | v1 | provenance |  |
 | test.rs:105:24:105:33 | row.get(...) [Some] | test.rs:105:24:105:42 | ... .unwrap() | provenance | MaD:16 |
 | test.rs:105:24:105:42 | ... .unwrap() | test.rs:105:13:105:14 | v1 | provenance |  |
@@ -82,6 +87,8 @@ edges
 | test.rs:114:28:114:35 | take_opt | test.rs:114:24:114:38 | row.take_opt(...) [Some, Ok] | provenance | Src:MaD:10  |
 | test.rs:135:22:135:30 | query_map | test.rs:137:14:137:24 | ...: i64 | provenance | Src:MaD:5  |
 | test.rs:137:14:137:24 | ...: i64 | test.rs:138:22:138:27 | values | provenance |  |
+| test.rs:142:22:142:30 | query_map | test.rs:144:14:144:39 | ...: ... | provenance | Src:MaD:5  |
+| test.rs:144:14:144:39 | ...: ... | test.rs:146:22:146:29 | values.1 | provenance |  |
 | test.rs:151:13:151:17 | total | test.rs:155:14:155:18 | total | provenance |  |
 | test.rs:151:21:154:10 | conn.query_fold(...) [future, Ok] | test.rs:151:21:154:16 | await ... [Ok] | provenance |  |
 | test.rs:151:21:154:16 | await ... [Ok] | test.rs:151:21:154:17 | TryExpr | provenance |  |
@@ -95,6 +102,9 @@ edges
 | test.rs:153:19:153:21 | row | test.rs:153:13:153:21 | ... + ... | provenance | MaD:11 |
 | test.rs:153:19:153:21 | row | test.rs:153:13:153:21 | ... + ... | provenance | MaD:12 |
 | test.rs:153:19:153:21 | row | test.rs:153:13:153:21 | ... + ... | provenance | MaD:15 |
+| test.rs:157:22:157:31 | query_fold | test.rs:157:83:157:105 | ...: ... | provenance | Src:MaD:4  |
+| test.rs:157:83:157:105 | ...: ... | test.rs:159:17:159:20 | name | provenance |  |
+| test.rs:159:17:159:20 | name | test.rs:162:18:162:21 | name | provenance |  |
 nodes
 | test.rs:18:13:18:14 | v1 | semmle.label | v1 |
 | test.rs:18:24:18:33 | row.get(...) [Some] | semmle.label | row.get(...) [Some] |
@@ -137,6 +147,9 @@ nodes
 | test.rs:48:22:48:30 | query_map | semmle.label | query_map |
 | test.rs:50:14:50:24 | ...: i64 | semmle.label | ...: i64 |
 | test.rs:51:22:51:27 | values | semmle.label | values |
+| test.rs:55:22:55:30 | query_map | semmle.label | query_map |
+| test.rs:57:14:57:39 | ...: ... | semmle.label | ...: ... |
+| test.rs:59:22:59:29 | values.1 | semmle.label | values.1 |
 | test.rs:64:13:64:17 | total | semmle.label | total |
 | test.rs:64:21:67:10 | conn.query_fold(...) [Ok] | semmle.label | conn.query_fold(...) [Ok] |
 | test.rs:64:21:67:11 | TryExpr | semmle.label | TryExpr |
@@ -147,6 +160,10 @@ nodes
 | test.rs:66:13:66:21 | ... + ... | semmle.label | ... + ... |
 | test.rs:66:19:66:21 | row | semmle.label | row |
 | test.rs:68:14:68:18 | total | semmle.label | total |
+| test.rs:70:22:70:31 | query_fold | semmle.label | query_fold |
+| test.rs:70:83:70:105 | ...: ... | semmle.label | ...: ... |
+| test.rs:72:17:72:20 | name | semmle.label | name |
+| test.rs:75:18:75:21 | name | semmle.label | name |
 | test.rs:105:13:105:14 | v1 | semmle.label | v1 |
 | test.rs:105:24:105:33 | row.get(...) [Some] | semmle.label | row.get(...) [Some] |
 | test.rs:105:24:105:42 | ... .unwrap() | semmle.label | ... .unwrap() |
@@ -172,6 +189,9 @@ nodes
 | test.rs:135:22:135:30 | query_map | semmle.label | query_map |
 | test.rs:137:14:137:24 | ...: i64 | semmle.label | ...: i64 |
 | test.rs:138:22:138:27 | values | semmle.label | values |
+| test.rs:142:22:142:30 | query_map | semmle.label | query_map |
+| test.rs:144:14:144:39 | ...: ... | semmle.label | ...: ... |
+| test.rs:146:22:146:29 | values.1 | semmle.label | values.1 |
 | test.rs:151:13:151:17 | total | semmle.label | total |
 | test.rs:151:21:154:10 | conn.query_fold(...) [future, Ok] | semmle.label | conn.query_fold(...) [future, Ok] |
 | test.rs:151:21:154:16 | await ... [Ok] | semmle.label | await ... [Ok] |
@@ -183,6 +203,10 @@ nodes
 | test.rs:153:13:153:21 | ... + ... | semmle.label | ... + ... |
 | test.rs:153:19:153:21 | row | semmle.label | row |
 | test.rs:155:14:155:18 | total | semmle.label | total |
+| test.rs:157:22:157:31 | query_fold | semmle.label | query_fold |
+| test.rs:157:83:157:105 | ...: ... | semmle.label | ...: ... |
+| test.rs:159:17:159:20 | name | semmle.label | name |
+| test.rs:162:18:162:21 | name | semmle.label | name |
 subpaths
 testFailures
 #select
@@ -194,12 +218,16 @@ testFailures
 | test.rs:41:14:41:70 | ... .unwrap() | test.rs:41:42:41:44 | get | test.rs:41:14:41:70 | ... .unwrap() | $@ | test.rs:41:42:41:44 | get | get |
 | test.rs:44:22:44:22 | v | test.rs:40:27:40:35 | exec_iter | test.rs:44:22:44:22 | v | $@ | test.rs:40:27:40:35 | exec_iter | exec_iter |
 | test.rs:51:22:51:27 | values | test.rs:48:22:48:30 | query_map | test.rs:51:22:51:27 | values | $@ | test.rs:48:22:48:30 | query_map | query_map |
+| test.rs:59:22:59:29 | values.1 | test.rs:55:22:55:30 | query_map | test.rs:59:22:59:29 | values.1 | $@ | test.rs:55:22:55:30 | query_map | query_map |
 | test.rs:65:18:65:20 | row | test.rs:64:26:64:35 | query_fold | test.rs:65:18:65:20 | row | $@ | test.rs:64:26:64:35 | query_fold | query_fold |
 | test.rs:68:14:68:18 | total | test.rs:64:26:64:35 | query_fold | test.rs:68:14:68:18 | total | $@ | test.rs:64:26:64:35 | query_fold | query_fold |
+| test.rs:75:18:75:21 | name | test.rs:70:22:70:31 | query_fold | test.rs:75:18:75:21 | name | $@ | test.rs:70:22:70:31 | query_fold | query_fold |
 | test.rs:106:14:106:15 | v1 | test.rs:105:28:105:30 | get | test.rs:106:14:106:15 | v1 | $@ | test.rs:105:28:105:30 | get | get |
 | test.rs:109:14:109:15 | v2 | test.rs:108:28:108:34 | get_opt | test.rs:109:14:109:15 | v2 | $@ | test.rs:108:28:108:34 | get_opt | get_opt |
 | test.rs:112:14:112:15 | v3 | test.rs:111:28:111:31 | take | test.rs:112:14:112:15 | v3 | $@ | test.rs:111:28:111:31 | take | take |
 | test.rs:115:14:115:15 | v4 | test.rs:114:28:114:35 | take_opt | test.rs:115:14:115:15 | v4 | $@ | test.rs:114:28:114:35 | take_opt | take_opt |
 | test.rs:138:22:138:27 | values | test.rs:135:22:135:30 | query_map | test.rs:138:22:138:27 | values | $@ | test.rs:135:22:135:30 | query_map | query_map |
+| test.rs:146:22:146:29 | values.1 | test.rs:142:22:142:30 | query_map | test.rs:146:22:146:29 | values.1 | $@ | test.rs:142:22:142:30 | query_map | query_map |
 | test.rs:152:18:152:20 | row | test.rs:151:26:151:35 | query_fold | test.rs:152:18:152:20 | row | $@ | test.rs:151:26:151:35 | query_fold | query_fold |
 | test.rs:155:14:155:18 | total | test.rs:151:26:151:35 | query_fold | test.rs:155:14:155:18 | total | $@ | test.rs:151:26:151:35 | query_fold | query_fold |
+| test.rs:162:18:162:21 | name | test.rs:157:22:157:31 | query_fold | test.rs:162:18:162:21 | name | $@ | test.rs:157:22:157:31 | query_fold | query_fold |
diff --git a/rust/ql/test/library-tests/dataflow/sources/database/test.rs b/rust/ql/test/library-tests/dataflow/sources/database/test.rs
index 5fbaef711447..68943608ee4b 100644
--- a/rust/ql/test/library-tests/dataflow/sources/database/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/database/test.rs
@@ -56,7 +56,7 @@ mod test_mysql {
             "SELECT id, name, age FROM person",
             |values: (i64, String, i32)| -> () {
                 sink(values.0); // $ MISSING: hasTaintFlow
-                sink(values.1); // $ MISSING: hasTaintFlow
+                sink(values.1); // $ hasTaintFlow
                 sink(values.2); // $ MISSING: hasTaintFlow
             }
         )?;
@@ -72,7 +72,7 @@ mod test_mysql {
             let name: String = row.1;
             let age: i32 = row.2;
             sink(id); // $ MISSING: hasTaintFlow
-            sink(name); // $ MISSING: hasTaintFlow
+            sink(name); // $ hasTaintFlow
             sink(age); // $ MISSING: hasTaintFlow
             acc + 1
         })?;
@@ -143,7 +143,7 @@ mod test_mysql_async {
             "SELECT id, name, age FROM person",
             |values: (i64, String, i32)| -> () {
                 sink(values.0); // $ MISSING: hasTaintFlow
-                sink(values.1); // $ MISSING: hasTaintFlow
+                sink(values.1); // $ hasTaintFlow
                 sink(values.2); // $ MISSING: hasTaintFlow
             }
         ).await?;
@@ -159,7 +159,7 @@ mod test_mysql_async {
             let name: String = row.1;
             let age: i32 = row.2;
             sink(id); // $ MISSING: hasTaintFlow
-            sink(name); // $ MISSING: hasTaintFlow
+            sink(name); // $ hasTaintFlow
             sink(age); // $ MISSING: hasTaintFlow
             acc + 1
         }).await?;
diff --git a/rust/ql/test/library-tests/dataflow/sources/env/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/env/InlineFlow.expected
index 00821decfdfb..f053af8fda59 100644
--- a/rust/ql/test/library-tests/dataflow/sources/env/InlineFlow.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/env/InlineFlow.expected
@@ -6,28 +6,38 @@ models
 | 5 | Source: std::env::home_dir; ReturnValue.Field[core::option::Option::Some(0)]; commandargs |
 | 6 | Source: std::env::var; ReturnValue.Field[core::result::Result::Ok(0)]; environment |
 | 7 | Source: std::env::var_os; ReturnValue.Field[core::option::Option::Some(0)]; environment |
-| 8 | Summary: <_ as core::iter::traits::iterator::Iterator>::collect; Argument[self].Element; ReturnValue.Element; value |
-| 9 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
-| 10 | Summary: <core::option::Option>::expect; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 11 | Summary: <core::option::Option>::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 12 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 13 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 14 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 8 | Source: std::env::vars; ReturnValue.Element; environment |
+| 9 | Source: std::env::vars_os; ReturnValue.Element; environment |
+| 10 | Summary: <_ as core::iter::traits::iterator::Iterator>::collect; Argument[self].Element; ReturnValue.Element; value |
+| 11 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value |
+| 12 | Summary: <core::option::Option>::expect; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 13 | Summary: <core::option::Option>::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 14 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 15 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 16 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
 edges
 | test.rs:6:10:6:22 | ...::var | test.rs:6:10:6:30 | ...::var(...) | provenance | Src:MaD:6  |
 | test.rs:7:10:7:25 | ...::var_os | test.rs:7:10:7:33 | ...::var_os(...) | provenance | Src:MaD:7  |
 | test.rs:9:9:9:12 | var1 | test.rs:12:10:12:13 | var1 | provenance |  |
 | test.rs:9:16:9:28 | ...::var | test.rs:9:16:9:36 | ...::var(...) [Ok] | provenance | Src:MaD:6  |
-| test.rs:9:16:9:36 | ...::var(...) [Ok] | test.rs:9:16:9:59 | ... .expect(...) | provenance | MaD:12 |
+| test.rs:9:16:9:36 | ...::var(...) [Ok] | test.rs:9:16:9:59 | ... .expect(...) | provenance | MaD:14 |
 | test.rs:9:16:9:59 | ... .expect(...) | test.rs:9:9:9:12 | var1 | provenance |  |
 | test.rs:10:9:10:12 | var2 | test.rs:13:10:13:13 | var2 | provenance |  |
 | test.rs:10:16:10:31 | ...::var_os | test.rs:10:16:10:39 | ...::var_os(...) [Some] | provenance | Src:MaD:7  |
-| test.rs:10:16:10:39 | ...::var_os(...) [Some] | test.rs:10:16:10:48 | ... .unwrap() | provenance | MaD:11 |
+| test.rs:10:16:10:39 | ...::var_os(...) [Some] | test.rs:10:16:10:48 | ... .unwrap() | provenance | MaD:13 |
 | test.rs:10:16:10:48 | ... .unwrap() | test.rs:10:9:10:12 | var2 | provenance |  |
+| test.rs:15:9:15:20 | TuplePat | test.rs:16:14:16:16 | key | provenance |  |
+| test.rs:15:9:15:20 | TuplePat | test.rs:17:14:17:18 | value | provenance |  |
+| test.rs:15:25:15:38 | ...::vars | test.rs:15:25:15:40 | ...::vars(...) [element] | provenance | Src:MaD:8  |
+| test.rs:15:25:15:40 | ...::vars(...) [element] | test.rs:15:9:15:20 | TuplePat | provenance |  |
+| test.rs:20:9:20:20 | TuplePat | test.rs:21:14:21:16 | key | provenance |  |
+| test.rs:20:9:20:20 | TuplePat | test.rs:22:14:22:18 | value | provenance |  |
+| test.rs:20:25:20:41 | ...::vars_os | test.rs:20:25:20:43 | ...::vars_os(...) [element] | provenance | Src:MaD:9  |
+| test.rs:20:25:20:43 | ...::vars_os(...) [element] | test.rs:20:9:20:20 | TuplePat | provenance |  |
 | test.rs:27:9:27:12 | args [element] | test.rs:28:20:28:23 | args [element] | provenance |  |
 | test.rs:27:9:27:12 | args [element] | test.rs:29:17:29:20 | args [element] | provenance |  |
 | test.rs:27:29:27:42 | ...::args | test.rs:27:29:27:44 | ...::args(...) [element] | provenance | Src:MaD:1  |
-| test.rs:27:29:27:44 | ...::args(...) [element] | test.rs:27:29:27:54 | ... .collect() [element] | provenance | MaD:8 |
+| test.rs:27:29:27:44 | ...::args(...) [element] | test.rs:27:29:27:54 | ... .collect() [element] | provenance | MaD:10 |
 | test.rs:27:29:27:54 | ... .collect() [element] | test.rs:27:9:27:12 | args [element] | provenance |  |
 | test.rs:28:9:28:15 | my_path [&ref] | test.rs:34:10:34:16 | my_path | provenance |  |
 | test.rs:28:19:28:26 | &... [&ref] | test.rs:28:9:28:15 | my_path [&ref] | provenance |  |
@@ -39,20 +49,20 @@ edges
 | test.rs:29:17:29:23 | args[1] | test.rs:29:16:29:23 | &... [&ref] | provenance |  |
 | test.rs:30:9:30:12 | arg2 | test.rs:36:10:36:13 | arg2 | provenance |  |
 | test.rs:30:16:30:29 | ...::args | test.rs:30:16:30:31 | ...::args(...) [element] | provenance | Src:MaD:1  |
-| test.rs:30:16:30:31 | ...::args(...) [element] | test.rs:30:16:30:38 | ... .nth(...) [Some] | provenance | MaD:9 |
-| test.rs:30:16:30:38 | ... .nth(...) [Some] | test.rs:30:16:30:47 | ... .unwrap() | provenance | MaD:11 |
+| test.rs:30:16:30:31 | ...::args(...) [element] | test.rs:30:16:30:38 | ... .nth(...) [Some] | provenance | MaD:11 |
+| test.rs:30:16:30:38 | ... .nth(...) [Some] | test.rs:30:16:30:47 | ... .unwrap() | provenance | MaD:13 |
 | test.rs:30:16:30:47 | ... .unwrap() | test.rs:30:9:30:12 | arg2 | provenance |  |
 | test.rs:31:9:31:12 | arg3 | test.rs:37:10:37:13 | arg3 | provenance |  |
 | test.rs:31:16:31:32 | ...::args_os | test.rs:31:16:31:34 | ...::args_os(...) [element] | provenance | Src:MaD:2  |
-| test.rs:31:16:31:34 | ...::args_os(...) [element] | test.rs:31:16:31:41 | ... .nth(...) [Some] | provenance | MaD:9 |
-| test.rs:31:16:31:41 | ... .nth(...) [Some] | test.rs:31:16:31:50 | ... .unwrap() | provenance | MaD:11 |
+| test.rs:31:16:31:34 | ...::args_os(...) [element] | test.rs:31:16:31:41 | ... .nth(...) [Some] | provenance | MaD:11 |
+| test.rs:31:16:31:41 | ... .nth(...) [Some] | test.rs:31:16:31:50 | ... .unwrap() | provenance | MaD:13 |
 | test.rs:31:16:31:50 | ... .unwrap() | test.rs:31:9:31:12 | arg3 | provenance |  |
 | test.rs:32:9:32:12 | arg4 | test.rs:38:10:38:13 | arg4 | provenance |  |
 | test.rs:32:16:32:29 | ...::args | test.rs:32:16:32:31 | ...::args(...) [element] | provenance | Src:MaD:1  |
-| test.rs:32:16:32:31 | ...::args(...) [element] | test.rs:32:16:32:38 | ... .nth(...) [Some] | provenance | MaD:9 |
-| test.rs:32:16:32:38 | ... .nth(...) [Some] | test.rs:32:16:32:47 | ... .unwrap() | provenance | MaD:11 |
-| test.rs:32:16:32:47 | ... .unwrap() | test.rs:32:16:32:64 | ... .parse() [Ok] | provenance | MaD:14 |
-| test.rs:32:16:32:64 | ... .parse() [Ok] | test.rs:32:16:32:73 | ... .unwrap() | provenance | MaD:13 |
+| test.rs:32:16:32:31 | ...::args(...) [element] | test.rs:32:16:32:38 | ... .nth(...) [Some] | provenance | MaD:11 |
+| test.rs:32:16:32:38 | ... .nth(...) [Some] | test.rs:32:16:32:47 | ... .unwrap() | provenance | MaD:13 |
+| test.rs:32:16:32:47 | ... .unwrap() | test.rs:32:16:32:64 | ... .parse() [Ok] | provenance | MaD:16 |
+| test.rs:32:16:32:64 | ... .parse() [Ok] | test.rs:32:16:32:73 | ... .unwrap() | provenance | MaD:15 |
 | test.rs:32:16:32:73 | ... .unwrap() | test.rs:32:9:32:12 | arg4 | provenance |  |
 | test.rs:40:9:40:11 | arg | test.rs:41:14:41:16 | arg | provenance |  |
 | test.rs:40:16:40:29 | ...::args | test.rs:40:16:40:31 | ...::args(...) [element] | provenance | Src:MaD:1  |
@@ -62,15 +72,15 @@ edges
 | test.rs:44:16:44:34 | ...::args_os(...) [element] | test.rs:44:9:44:11 | arg | provenance |  |
 | test.rs:50:9:50:11 | dir | test.rs:54:10:54:12 | dir | provenance |  |
 | test.rs:50:15:50:35 | ...::current_dir | test.rs:50:15:50:37 | ...::current_dir(...) [Ok] | provenance | Src:MaD:3  |
-| test.rs:50:15:50:37 | ...::current_dir(...) [Ok] | test.rs:50:15:50:54 | ... .expect(...) | provenance | MaD:12 |
+| test.rs:50:15:50:37 | ...::current_dir(...) [Ok] | test.rs:50:15:50:54 | ... .expect(...) | provenance | MaD:14 |
 | test.rs:50:15:50:54 | ... .expect(...) | test.rs:50:9:50:11 | dir | provenance |  |
 | test.rs:51:9:51:11 | exe | test.rs:55:10:55:12 | exe | provenance |  |
 | test.rs:51:15:51:35 | ...::current_exe | test.rs:51:15:51:37 | ...::current_exe(...) [Ok] | provenance | Src:MaD:4  |
-| test.rs:51:15:51:37 | ...::current_exe(...) [Ok] | test.rs:51:15:51:54 | ... .expect(...) | provenance | MaD:12 |
+| test.rs:51:15:51:37 | ...::current_exe(...) [Ok] | test.rs:51:15:51:54 | ... .expect(...) | provenance | MaD:14 |
 | test.rs:51:15:51:54 | ... .expect(...) | test.rs:51:9:51:11 | exe | provenance |  |
 | test.rs:52:9:52:12 | home | test.rs:56:10:56:13 | home | provenance |  |
 | test.rs:52:16:52:33 | ...::home_dir | test.rs:52:16:52:35 | ...::home_dir(...) [Some] | provenance | Src:MaD:5  |
-| test.rs:52:16:52:35 | ...::home_dir(...) [Some] | test.rs:52:16:52:52 | ... .expect(...) | provenance | MaD:10 |
+| test.rs:52:16:52:35 | ...::home_dir(...) [Some] | test.rs:52:16:52:52 | ... .expect(...) | provenance | MaD:12 |
 | test.rs:52:16:52:52 | ... .expect(...) | test.rs:52:9:52:12 | home | provenance |  |
 nodes
 | test.rs:6:10:6:22 | ...::var | semmle.label | ...::var |
@@ -87,6 +97,16 @@ nodes
 | test.rs:10:16:10:48 | ... .unwrap() | semmle.label | ... .unwrap() |
 | test.rs:12:10:12:13 | var1 | semmle.label | var1 |
 | test.rs:13:10:13:13 | var2 | semmle.label | var2 |
+| test.rs:15:9:15:20 | TuplePat | semmle.label | TuplePat |
+| test.rs:15:25:15:38 | ...::vars | semmle.label | ...::vars |
+| test.rs:15:25:15:40 | ...::vars(...) [element] | semmle.label | ...::vars(...) [element] |
+| test.rs:16:14:16:16 | key | semmle.label | key |
+| test.rs:17:14:17:18 | value | semmle.label | value |
+| test.rs:20:9:20:20 | TuplePat | semmle.label | TuplePat |
+| test.rs:20:25:20:41 | ...::vars_os | semmle.label | ...::vars_os |
+| test.rs:20:25:20:43 | ...::vars_os(...) [element] | semmle.label | ...::vars_os(...) [element] |
+| test.rs:21:14:21:16 | key | semmle.label | key |
+| test.rs:22:14:22:18 | value | semmle.label | value |
 | test.rs:27:9:27:12 | args [element] | semmle.label | args [element] |
 | test.rs:27:29:27:42 | ...::args | semmle.label | ...::args |
 | test.rs:27:29:27:44 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
@@ -151,6 +171,10 @@ testFailures
 | test.rs:7:10:7:33 | ...::var_os(...) | test.rs:7:10:7:25 | ...::var_os | test.rs:7:10:7:33 | ...::var_os(...) | $@ | test.rs:7:10:7:25 | ...::var_os | ...::var_os |
 | test.rs:12:10:12:13 | var1 | test.rs:9:16:9:28 | ...::var | test.rs:12:10:12:13 | var1 | $@ | test.rs:9:16:9:28 | ...::var | ...::var |
 | test.rs:13:10:13:13 | var2 | test.rs:10:16:10:31 | ...::var_os | test.rs:13:10:13:13 | var2 | $@ | test.rs:10:16:10:31 | ...::var_os | ...::var_os |
+| test.rs:16:14:16:16 | key | test.rs:15:25:15:38 | ...::vars | test.rs:16:14:16:16 | key | $@ | test.rs:15:25:15:38 | ...::vars | ...::vars |
+| test.rs:17:14:17:18 | value | test.rs:15:25:15:38 | ...::vars | test.rs:17:14:17:18 | value | $@ | test.rs:15:25:15:38 | ...::vars | ...::vars |
+| test.rs:21:14:21:16 | key | test.rs:20:25:20:41 | ...::vars_os | test.rs:21:14:21:16 | key | $@ | test.rs:20:25:20:41 | ...::vars_os | ...::vars_os |
+| test.rs:22:14:22:18 | value | test.rs:20:25:20:41 | ...::vars_os | test.rs:22:14:22:18 | value | $@ | test.rs:20:25:20:41 | ...::vars_os | ...::vars_os |
 | test.rs:34:10:34:16 | my_path | test.rs:27:29:27:42 | ...::args | test.rs:34:10:34:16 | my_path | $@ | test.rs:27:29:27:42 | ...::args | ...::args |
 | test.rs:35:10:35:13 | arg1 | test.rs:27:29:27:42 | ...::args | test.rs:35:10:35:13 | arg1 | $@ | test.rs:27:29:27:42 | ...::args | ...::args |
 | test.rs:36:10:36:13 | arg2 | test.rs:30:16:30:29 | ...::args | test.rs:36:10:36:13 | arg2 | $@ | test.rs:30:16:30:29 | ...::args | ...::args |
diff --git a/rust/ql/test/library-tests/dataflow/sources/env/test.rs b/rust/ql/test/library-tests/dataflow/sources/env/test.rs
index e02aa7c8f1b2..b5af0b412d3c 100644
--- a/rust/ql/test/library-tests/dataflow/sources/env/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/env/test.rs
@@ -13,13 +13,13 @@ fn test_env_vars() {
     sink(var2); // $ hasTaintFlow="PATH"
 
     for (key, value) in std::env::vars() { // $ Alert[rust/summary/taint-sources]
-        sink(key); // $ MISSING: hasTaintFlow
-        sink(value); // $ MISSING: hasTaintFlow
+        sink(key); // $ hasTaintFlow
+        sink(value); // $ hasTaintFlow
     }
 
     for (key, value) in std::env::vars_os() { // $ Alert[rust/summary/taint-sources]
-        sink(key); // $ MISSING: hasTaintFlow
-        sink(value); // $ MISSING: hasTaintFlow
+        sink(key); // $ hasTaintFlow
+        sink(value); // $ hasTaintFlow
     }
 }
 
diff --git a/rust/ql/test/library-tests/dataflow/sources/file/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/file/InlineFlow.expected
index 90d01d250d0b..7ea2f38a751b 100644
--- a/rust/ql/test/library-tests/dataflow/sources/file/InlineFlow.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/file/InlineFlow.expected
@@ -45,20 +45,26 @@ models
 edges
 | test.rs:12:13:12:18 | buffer | test.rs:13:14:13:19 | buffer | provenance |  |
 | test.rs:12:31:12:43 | ...::read | test.rs:12:31:12:43 | ...::read [Ok] | provenance | Src:MaD:11  |
+| test.rs:12:31:12:43 | ...::read | test.rs:12:31:12:55 | ...::read(...) | provenance | Src:MaD:12 MaD:12 |
 | test.rs:12:31:12:43 | ...::read | test.rs:12:31:12:55 | ...::read(...) [Ok] | provenance | Src:MaD:11  |
 | test.rs:12:31:12:43 | ...::read [Ok] | test.rs:12:31:12:55 | ...::read(...) [Ok] | provenance | MaD:12 |
+| test.rs:12:31:12:55 | ...::read(...) | test.rs:12:13:12:18 | buffer | provenance |  |
 | test.rs:12:31:12:55 | ...::read(...) [Ok] | test.rs:12:31:12:56 | TryExpr | provenance |  |
 | test.rs:12:31:12:56 | TryExpr | test.rs:12:13:12:18 | buffer | provenance |  |
 | test.rs:17:13:17:18 | buffer | test.rs:18:14:18:19 | buffer | provenance |  |
 | test.rs:17:31:17:38 | ...::read | test.rs:17:31:17:38 | ...::read [Ok] | provenance | Src:MaD:11  |
+| test.rs:17:31:17:38 | ...::read | test.rs:17:31:17:50 | ...::read(...) | provenance | Src:MaD:12 MaD:12 |
 | test.rs:17:31:17:38 | ...::read | test.rs:17:31:17:50 | ...::read(...) [Ok] | provenance | Src:MaD:11  |
 | test.rs:17:31:17:38 | ...::read [Ok] | test.rs:17:31:17:50 | ...::read(...) [Ok] | provenance | MaD:12 |
+| test.rs:17:31:17:50 | ...::read(...) | test.rs:17:13:17:18 | buffer | provenance |  |
 | test.rs:17:31:17:50 | ...::read(...) [Ok] | test.rs:17:31:17:51 | TryExpr | provenance |  |
 | test.rs:17:31:17:51 | TryExpr | test.rs:17:13:17:18 | buffer | provenance |  |
 | test.rs:22:13:22:18 | buffer | test.rs:23:14:23:19 | buffer | provenance |  |
 | test.rs:22:22:22:39 | ...::read_to_string | test.rs:22:22:22:39 | ...::read_to_string [Ok] | provenance | Src:MaD:14  |
+| test.rs:22:22:22:39 | ...::read_to_string | test.rs:22:22:22:51 | ...::read_to_string(...) | provenance | Src:MaD:15 MaD:15 |
 | test.rs:22:22:22:39 | ...::read_to_string | test.rs:22:22:22:51 | ...::read_to_string(...) [Ok] | provenance | Src:MaD:14  |
 | test.rs:22:22:22:39 | ...::read_to_string [Ok] | test.rs:22:22:22:51 | ...::read_to_string(...) [Ok] | provenance | MaD:15 |
+| test.rs:22:22:22:51 | ...::read_to_string(...) | test.rs:22:13:22:18 | buffer | provenance |  |
 | test.rs:22:22:22:51 | ...::read_to_string(...) [Ok] | test.rs:22:22:22:52 | TryExpr | provenance |  |
 | test.rs:22:22:22:52 | TryExpr | test.rs:22:13:22:18 | buffer | provenance |  |
 | test.rs:29:13:29:16 | path | test.rs:30:14:30:17 | path | provenance |  |
@@ -263,19 +269,25 @@ edges
 nodes
 | test.rs:12:13:12:18 | buffer | semmle.label | buffer |
 | test.rs:12:31:12:43 | ...::read | semmle.label | ...::read |
+| test.rs:12:31:12:43 | ...::read | semmle.label | ...::read |
 | test.rs:12:31:12:43 | ...::read [Ok] | semmle.label | ...::read [Ok] |
+| test.rs:12:31:12:55 | ...::read(...) | semmle.label | ...::read(...) |
 | test.rs:12:31:12:55 | ...::read(...) [Ok] | semmle.label | ...::read(...) [Ok] |
 | test.rs:12:31:12:56 | TryExpr | semmle.label | TryExpr |
 | test.rs:13:14:13:19 | buffer | semmle.label | buffer |
 | test.rs:17:13:17:18 | buffer | semmle.label | buffer |
 | test.rs:17:31:17:38 | ...::read | semmle.label | ...::read |
+| test.rs:17:31:17:38 | ...::read | semmle.label | ...::read |
 | test.rs:17:31:17:38 | ...::read [Ok] | semmle.label | ...::read [Ok] |
+| test.rs:17:31:17:50 | ...::read(...) | semmle.label | ...::read(...) |
 | test.rs:17:31:17:50 | ...::read(...) [Ok] | semmle.label | ...::read(...) [Ok] |
 | test.rs:17:31:17:51 | TryExpr | semmle.label | TryExpr |
 | test.rs:18:14:18:19 | buffer | semmle.label | buffer |
 | test.rs:22:13:22:18 | buffer | semmle.label | buffer |
 | test.rs:22:22:22:39 | ...::read_to_string | semmle.label | ...::read_to_string |
+| test.rs:22:22:22:39 | ...::read_to_string | semmle.label | ...::read_to_string |
 | test.rs:22:22:22:39 | ...::read_to_string [Ok] | semmle.label | ...::read_to_string [Ok] |
+| test.rs:22:22:22:51 | ...::read_to_string(...) | semmle.label | ...::read_to_string(...) |
 | test.rs:22:22:22:51 | ...::read_to_string(...) [Ok] | semmle.label | ...::read_to_string(...) [Ok] |
 | test.rs:22:22:22:52 | TryExpr | semmle.label | TryExpr |
 | test.rs:23:14:23:19 | buffer | semmle.label | buffer |
@@ -488,8 +500,11 @@ subpaths
 testFailures
 #select
 | test.rs:13:14:13:19 | buffer | test.rs:12:31:12:43 | ...::read | test.rs:13:14:13:19 | buffer | $@ | test.rs:12:31:12:43 | ...::read | ...::read |
+| test.rs:13:14:13:19 | buffer | test.rs:12:31:12:43 | ...::read | test.rs:13:14:13:19 | buffer | $@ | test.rs:12:31:12:43 | ...::read | ...::read |
+| test.rs:18:14:18:19 | buffer | test.rs:17:31:17:38 | ...::read | test.rs:18:14:18:19 | buffer | $@ | test.rs:17:31:17:38 | ...::read | ...::read |
 | test.rs:18:14:18:19 | buffer | test.rs:17:31:17:38 | ...::read | test.rs:18:14:18:19 | buffer | $@ | test.rs:17:31:17:38 | ...::read | ...::read |
 | test.rs:23:14:23:19 | buffer | test.rs:22:22:22:39 | ...::read_to_string | test.rs:23:14:23:19 | buffer | $@ | test.rs:22:22:22:39 | ...::read_to_string | ...::read_to_string |
+| test.rs:23:14:23:19 | buffer | test.rs:22:22:22:39 | ...::read_to_string | test.rs:23:14:23:19 | buffer | $@ | test.rs:22:22:22:39 | ...::read_to_string | ...::read_to_string |
 | test.rs:30:14:30:25 | path.clone() | test.rs:29:22:29:25 | path | test.rs:30:14:30:25 | path.clone() | $@ | test.rs:29:22:29:25 | path | path |
 | test.rs:31:14:31:35 | ... .as_path() | test.rs:29:22:29:25 | path | test.rs:31:14:31:35 | ... .as_path() | $@ | test.rs:29:22:29:25 | path | path |
 | test.rs:41:14:41:17 | path | test.rs:29:22:29:25 | path | test.rs:41:14:41:17 | path | $@ | test.rs:29:22:29:25 | path | path |
diff --git a/rust/ql/test/library-tests/dataflow/sources/net/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/net/InlineFlow.expected
index d29b19fe58a4..0f474dbff38e 100644
--- a/rust/ql/test/library-tests/dataflow/sources/net/InlineFlow.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/net/InlineFlow.expected
@@ -17,56 +17,58 @@ models
 | 16 | Summary: <_ as futures_util::io::AsyncReadExt>::read; Argument[self]; Argument[0].Reference; taint |
 | 17 | Summary: <_ as futures_util::io::AsyncReadExt>::read_to_end; Argument[self].Reference; Argument[0].Reference; taint |
 | 18 | Summary: <_ as futures_util::io::AsyncReadExt>::read_to_end; Argument[self]; Argument[0].Reference; taint |
-| 19 | Summary: <_ as std::io::BufRead>::read_line; Argument[self]; Argument[0].Reference; taint |
-| 20 | Summary: <_ as std::io::Read>::read; Argument[self]; Argument[0].Reference; taint |
-| 21 | Summary: <_ as std::io::Read>::take; Argument[self]; ReturnValue; taint |
-| 22 | Summary: <_ as tokio::io::util::async_read_ext::AsyncReadExt>::read; Argument[self]; Argument[0].Reference; taint |
-| 23 | Summary: <core::option::Option>::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 24 | Summary: <core::pin::Pin>::new; Argument[0].Reference; ReturnValue; value |
-| 25 | Summary: <core::pin::Pin>::new; Argument[0]; ReturnValue; value |
-| 26 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 27 | Summary: <futures_rustls::TlsConnector>::connect; Argument[1]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint |
-| 28 | Summary: <futures_util::io::buf_reader::BufReader>::new; Argument[0]; ReturnValue; taint |
-| 29 | Summary: <reqwest::async_impl::response::Response>::bytes; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint |
-| 30 | Summary: <reqwest::async_impl::response::Response>::chunk; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint |
-| 31 | Summary: <reqwest::async_impl::response::Response>::text; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint |
-| 32 | Summary: <reqwest::blocking::response::Response>::bytes; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 33 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 34 | Summary: <reqwest::blocking::response::Response>::text_with_charset; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
-| 35 | Summary: <std::io::buffered::bufreader::BufReader>::new; Argument[0]; ReturnValue; taint |
-| 36 | Summary: <tokio::net::tcp::stream::TcpStream>::peek; Argument[self]; Argument[0].Reference; taint |
-| 37 | Summary: <tokio::net::tcp::stream::TcpStream>::try_read; Argument[self]; Argument[0].Reference; taint |
-| 38 | Summary: <tokio::net::tcp::stream::TcpStream>::try_read_buf; Argument[self]; Argument[0].Reference; taint |
+| 19 | Summary: <_ as std::io::BufRead>::lines; Argument[self]; ReturnValue; taint |
+| 20 | Summary: <_ as std::io::BufRead>::read_line; Argument[self]; Argument[0].Reference; taint |
+| 21 | Summary: <_ as std::io::Read>::read; Argument[self]; Argument[0].Reference; taint |
+| 22 | Summary: <_ as std::io::Read>::take; Argument[self]; ReturnValue; taint |
+| 23 | Summary: <_ as tokio::io::util::async_read_ext::AsyncReadExt>::read; Argument[self]; Argument[0].Reference; taint |
+| 24 | Summary: <core::option::Option>::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 25 | Summary: <core::pin::Pin>::new; Argument[0].Reference; ReturnValue; value |
+| 26 | Summary: <core::pin::Pin>::new; Argument[0]; ReturnValue; value |
+| 27 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 28 | Summary: <futures_rustls::TlsConnector>::connect; Argument[1]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint |
+| 29 | Summary: <futures_util::io::buf_reader::BufReader>::new; Argument[0]; ReturnValue; taint |
+| 30 | Summary: <reqwest::async_impl::response::Response>::bytes; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint |
+| 31 | Summary: <reqwest::async_impl::response::Response>::chunk; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint |
+| 32 | Summary: <reqwest::async_impl::response::Response>::text; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint |
+| 33 | Summary: <reqwest::blocking::response::Response>::bytes; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 34 | Summary: <reqwest::blocking::response::Response>::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 35 | Summary: <reqwest::blocking::response::Response>::text_with_charset; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 36 | Summary: <std::io::buffered::bufreader::BufReader>::new; Argument[0]; ReturnValue; taint |
+| 37 | Summary: <std::net::tcp::TcpStream>::try_clone; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 38 | Summary: <tokio::net::tcp::stream::TcpStream>::peek; Argument[self]; Argument[0].Reference; taint |
+| 39 | Summary: <tokio::net::tcp::stream::TcpStream>::try_read; Argument[self]; Argument[0].Reference; taint |
+| 40 | Summary: <tokio::net::tcp::stream::TcpStream>::try_read_buf; Argument[self]; Argument[0].Reference; taint |
 edges
 | test.rs:11:9:11:22 | remote_string1 | test.rs:12:10:12:23 | remote_string1 | provenance |  |
 | test.rs:11:26:11:47 | ...::get | test.rs:11:26:11:62 | ...::get(...) [Ok] | provenance | Src:MaD:6  |
 | test.rs:11:26:11:62 | ...::get(...) [Ok] | test.rs:11:26:11:63 | TryExpr | provenance |  |
-| test.rs:11:26:11:63 | TryExpr | test.rs:11:26:11:70 | ... .text() [Ok] | provenance | MaD:33 |
+| test.rs:11:26:11:63 | TryExpr | test.rs:11:26:11:70 | ... .text() [Ok] | provenance | MaD:34 |
 | test.rs:11:26:11:70 | ... .text() [Ok] | test.rs:11:26:11:71 | TryExpr | provenance |  |
 | test.rs:11:26:11:71 | TryExpr | test.rs:11:9:11:22 | remote_string1 | provenance |  |
 | test.rs:14:9:14:22 | remote_string2 | test.rs:15:10:15:23 | remote_string2 | provenance |  |
 | test.rs:14:26:14:47 | ...::get | test.rs:14:26:14:62 | ...::get(...) [Ok] | provenance | Src:MaD:6  |
-| test.rs:14:26:14:62 | ...::get(...) [Ok] | test.rs:14:26:14:71 | ... .unwrap() | provenance | MaD:26 |
-| test.rs:14:26:14:71 | ... .unwrap() | test.rs:14:26:14:78 | ... .text() [Ok] | provenance | MaD:33 |
-| test.rs:14:26:14:78 | ... .text() [Ok] | test.rs:14:26:14:87 | ... .unwrap() | provenance | MaD:26 |
+| test.rs:14:26:14:62 | ...::get(...) [Ok] | test.rs:14:26:14:71 | ... .unwrap() | provenance | MaD:27 |
+| test.rs:14:26:14:71 | ... .unwrap() | test.rs:14:26:14:78 | ... .text() [Ok] | provenance | MaD:34 |
+| test.rs:14:26:14:78 | ... .text() [Ok] | test.rs:14:26:14:87 | ... .unwrap() | provenance | MaD:27 |
 | test.rs:14:26:14:87 | ... .unwrap() | test.rs:14:9:14:22 | remote_string2 | provenance |  |
 | test.rs:17:9:17:22 | remote_string3 | test.rs:18:10:18:23 | remote_string3 | provenance |  |
 | test.rs:17:26:17:47 | ...::get | test.rs:17:26:17:62 | ...::get(...) [Ok] | provenance | Src:MaD:6  |
-| test.rs:17:26:17:62 | ...::get(...) [Ok] | test.rs:17:26:17:71 | ... .unwrap() | provenance | MaD:26 |
-| test.rs:17:26:17:71 | ... .unwrap() | test.rs:17:26:17:98 | ... .text_with_charset(...) [Ok] | provenance | MaD:34 |
-| test.rs:17:26:17:98 | ... .text_with_charset(...) [Ok] | test.rs:17:26:17:107 | ... .unwrap() | provenance | MaD:26 |
+| test.rs:17:26:17:62 | ...::get(...) [Ok] | test.rs:17:26:17:71 | ... .unwrap() | provenance | MaD:27 |
+| test.rs:17:26:17:71 | ... .unwrap() | test.rs:17:26:17:98 | ... .text_with_charset(...) [Ok] | provenance | MaD:35 |
+| test.rs:17:26:17:98 | ... .text_with_charset(...) [Ok] | test.rs:17:26:17:107 | ... .unwrap() | provenance | MaD:27 |
 | test.rs:17:26:17:107 | ... .unwrap() | test.rs:17:9:17:22 | remote_string3 | provenance |  |
 | test.rs:20:9:20:22 | remote_string4 | test.rs:21:10:21:23 | remote_string4 | provenance |  |
 | test.rs:20:26:20:47 | ...::get | test.rs:20:26:20:62 | ...::get(...) [Ok] | provenance | Src:MaD:6  |
-| test.rs:20:26:20:62 | ...::get(...) [Ok] | test.rs:20:26:20:71 | ... .unwrap() | provenance | MaD:26 |
-| test.rs:20:26:20:71 | ... .unwrap() | test.rs:20:26:20:79 | ... .bytes() [Ok] | provenance | MaD:32 |
-| test.rs:20:26:20:79 | ... .bytes() [Ok] | test.rs:20:26:20:88 | ... .unwrap() | provenance | MaD:26 |
+| test.rs:20:26:20:62 | ...::get(...) [Ok] | test.rs:20:26:20:71 | ... .unwrap() | provenance | MaD:27 |
+| test.rs:20:26:20:71 | ... .unwrap() | test.rs:20:26:20:79 | ... .bytes() [Ok] | provenance | MaD:33 |
+| test.rs:20:26:20:79 | ... .bytes() [Ok] | test.rs:20:26:20:88 | ... .unwrap() | provenance | MaD:27 |
 | test.rs:20:26:20:88 | ... .unwrap() | test.rs:20:9:20:22 | remote_string4 | provenance |  |
 | test.rs:23:9:23:22 | remote_string5 | test.rs:24:10:24:23 | remote_string5 | provenance |  |
 | test.rs:23:26:23:37 | ...::get | test.rs:23:26:23:52 | ...::get(...) [future, Ok] | provenance | Src:MaD:7  |
 | test.rs:23:26:23:52 | ...::get(...) [future, Ok] | test.rs:23:26:23:58 | await ... [Ok] | provenance |  |
 | test.rs:23:26:23:58 | await ... [Ok] | test.rs:23:26:23:59 | TryExpr | provenance |  |
-| test.rs:23:26:23:59 | TryExpr | test.rs:23:26:23:66 | ... .text() [future, Ok] | provenance | MaD:31 |
+| test.rs:23:26:23:59 | TryExpr | test.rs:23:26:23:66 | ... .text() [future, Ok] | provenance | MaD:32 |
 | test.rs:23:26:23:66 | ... .text() [future, Ok] | test.rs:23:26:23:72 | await ... [Ok] | provenance |  |
 | test.rs:23:26:23:72 | await ... [Ok] | test.rs:23:26:23:73 | TryExpr | provenance |  |
 | test.rs:23:26:23:73 | TryExpr | test.rs:23:9:23:22 | remote_string5 | provenance |  |
@@ -74,19 +76,19 @@ edges
 | test.rs:26:26:26:37 | ...::get | test.rs:26:26:26:52 | ...::get(...) [future, Ok] | provenance | Src:MaD:7  |
 | test.rs:26:26:26:52 | ...::get(...) [future, Ok] | test.rs:26:26:26:58 | await ... [Ok] | provenance |  |
 | test.rs:26:26:26:58 | await ... [Ok] | test.rs:26:26:26:59 | TryExpr | provenance |  |
-| test.rs:26:26:26:59 | TryExpr | test.rs:26:26:26:67 | ... .bytes() [future, Ok] | provenance | MaD:29 |
+| test.rs:26:26:26:59 | TryExpr | test.rs:26:26:26:67 | ... .bytes() [future, Ok] | provenance | MaD:30 |
 | test.rs:26:26:26:67 | ... .bytes() [future, Ok] | test.rs:26:26:26:73 | await ... [Ok] | provenance |  |
 | test.rs:26:26:26:73 | await ... [Ok] | test.rs:26:26:26:74 | TryExpr | provenance |  |
 | test.rs:26:26:26:74 | TryExpr | test.rs:26:9:26:22 | remote_string6 | provenance |  |
-| test.rs:29:9:29:20 | mut request1 | test.rs:30:10:30:25 | request1.chunk() [future, Ok, Some] | provenance | MaD:30 |
-| test.rs:29:9:29:20 | mut request1 | test.rs:31:29:31:44 | request1.chunk() [future, Ok, Some] | provenance | MaD:30 |
+| test.rs:29:9:29:20 | mut request1 | test.rs:30:10:30:25 | request1.chunk() [future, Ok, Some] | provenance | MaD:31 |
+| test.rs:29:9:29:20 | mut request1 | test.rs:31:29:31:44 | request1.chunk() [future, Ok, Some] | provenance | MaD:31 |
 | test.rs:29:24:29:35 | ...::get | test.rs:29:24:29:50 | ...::get(...) [future, Ok] | provenance | Src:MaD:7  |
 | test.rs:29:24:29:50 | ...::get(...) [future, Ok] | test.rs:29:24:29:56 | await ... [Ok] | provenance |  |
 | test.rs:29:24:29:56 | await ... [Ok] | test.rs:29:24:29:57 | TryExpr | provenance |  |
 | test.rs:29:24:29:57 | TryExpr | test.rs:29:9:29:20 | mut request1 | provenance |  |
 | test.rs:30:10:30:25 | request1.chunk() [future, Ok, Some] | test.rs:30:10:30:31 | await ... [Ok, Some] | provenance |  |
 | test.rs:30:10:30:31 | await ... [Ok, Some] | test.rs:30:10:30:32 | TryExpr [Some] | provenance |  |
-| test.rs:30:10:30:32 | TryExpr [Some] | test.rs:30:10:30:41 | ... .unwrap() | provenance | MaD:23 |
+| test.rs:30:10:30:32 | TryExpr [Some] | test.rs:30:10:30:41 | ... .unwrap() | provenance | MaD:24 |
 | test.rs:31:15:31:25 | Some(...) [Some] | test.rs:31:20:31:24 | chunk | provenance |  |
 | test.rs:31:20:31:24 | chunk | test.rs:32:14:32:18 | chunk | provenance |  |
 | test.rs:31:29:31:44 | request1.chunk() [future, Ok, Some] | test.rs:31:29:31:50 | await ... [Ok, Some] | provenance |  |
@@ -105,7 +107,7 @@ edges
 | test.rs:67:24:67:58 | TryExpr | test.rs:67:9:67:20 | mut response | provenance |  |
 | test.rs:67:31:67:42 | send_request | test.rs:67:24:67:51 | sender.send_request(...) [future, Ok] | provenance | Src:MaD:2  |
 | test.rs:68:11:68:18 | response | test.rs:68:10:68:18 | &response | provenance |  |
-| test.rs:155:13:155:22 | mut stream | test.rs:162:29:162:39 | [post] &mut buffer [&ref] | provenance | MaD:20 |
+| test.rs:155:13:155:22 | mut stream | test.rs:162:29:162:39 | [post] &mut buffer [&ref] | provenance | MaD:21 |
 | test.rs:155:26:155:53 | ...::connect | test.rs:155:26:155:62 | ...::connect(...) [Ok] | provenance | Src:MaD:3  |
 | test.rs:155:26:155:62 | ...::connect(...) [Ok] | test.rs:155:26:155:63 | TryExpr | provenance |  |
 | test.rs:155:26:155:63 | TryExpr | test.rs:155:13:155:22 | mut stream | provenance |  |
@@ -114,20 +116,28 @@ edges
 | test.rs:162:34:162:39 | [post] buffer | test.rs:166:14:166:22 | buffer[0] | provenance |  |
 | test.rs:165:15:165:20 | buffer | test.rs:165:14:165:20 | &buffer | provenance |  |
 | test.rs:174:13:174:22 | mut stream | test.rs:182:58:182:63 | stream | provenance |  |
+| test.rs:174:13:174:22 | mut stream | test.rs:203:54:203:71 | stream.try_clone() [Ok] | provenance | MaD:37 |
 | test.rs:174:26:174:61 | ...::connect_timeout | test.rs:174:26:174:105 | ...::connect_timeout(...) [Ok] | provenance | Src:MaD:4  |
 | test.rs:174:26:174:105 | ...::connect_timeout(...) [Ok] | test.rs:174:26:174:106 | TryExpr | provenance |  |
 | test.rs:174:26:174:106 | TryExpr | test.rs:174:13:174:22 | mut stream | provenance |  |
-| test.rs:182:21:182:30 | mut reader | test.rs:185:44:185:52 | [post] &mut line [&ref] | provenance | MaD:19 |
-| test.rs:182:34:182:64 | ...::new(...) | test.rs:182:34:182:74 | ... .take(...) | provenance | MaD:21 |
+| test.rs:182:21:182:30 | mut reader | test.rs:185:44:185:52 | [post] &mut line [&ref] | provenance | MaD:20 |
+| test.rs:182:34:182:64 | ...::new(...) | test.rs:182:34:182:74 | ... .take(...) | provenance | MaD:22 |
 | test.rs:182:34:182:74 | ... .take(...) | test.rs:182:21:182:30 | mut reader | provenance |  |
-| test.rs:182:58:182:63 | stream | test.rs:182:34:182:64 | ...::new(...) | provenance | MaD:35 |
+| test.rs:182:58:182:63 | stream | test.rs:182:34:182:64 | ...::new(...) | provenance | MaD:36 |
 | test.rs:185:44:185:52 | [post] &mut line [&ref] | test.rs:185:49:185:52 | [post] line | provenance |  |
 | test.rs:185:49:185:52 | [post] line | test.rs:192:35:192:38 | line | provenance |  |
 | test.rs:192:35:192:38 | line | test.rs:192:34:192:38 | &line | provenance |  |
-| test.rs:224:9:224:24 | mut tokio_stream | test.rs:232:35:232:46 | [post] &mut buffer1 [&ref] | provenance | MaD:36 |
-| test.rs:224:9:224:24 | mut tokio_stream | test.rs:236:36:236:47 | [post] &mut buffer2 [&ref] | provenance | MaD:22 |
-| test.rs:224:9:224:24 | mut tokio_stream | test.rs:252:41:252:51 | [post] &mut buffer [&ref] | provenance | MaD:37 |
-| test.rs:224:9:224:24 | mut tokio_stream | test.rs:275:45:275:55 | [post] &mut buffer [&ref] | provenance | MaD:38 |
+| test.rs:203:21:203:26 | reader | test.rs:204:29:204:42 | reader.lines() | provenance | MaD:19 |
+| test.rs:203:30:203:73 | ...::new(...) | test.rs:203:30:203:83 | ... .take(...) | provenance | MaD:22 |
+| test.rs:203:30:203:83 | ... .take(...) | test.rs:203:21:203:26 | reader | provenance |  |
+| test.rs:203:54:203:71 | stream.try_clone() [Ok] | test.rs:203:54:203:72 | TryExpr | provenance |  |
+| test.rs:203:54:203:72 | TryExpr | test.rs:203:30:203:73 | ...::new(...) | provenance | MaD:36 |
+| test.rs:204:29:204:42 | reader.lines() | test.rs:205:28:205:37 | Ok(...) | provenance |  |
+| test.rs:205:28:205:37 | Ok(...) | test.rs:207:30:207:35 | string | provenance |  |
+| test.rs:224:9:224:24 | mut tokio_stream | test.rs:232:35:232:46 | [post] &mut buffer1 [&ref] | provenance | MaD:38 |
+| test.rs:224:9:224:24 | mut tokio_stream | test.rs:236:36:236:47 | [post] &mut buffer2 [&ref] | provenance | MaD:23 |
+| test.rs:224:9:224:24 | mut tokio_stream | test.rs:252:41:252:51 | [post] &mut buffer [&ref] | provenance | MaD:39 |
+| test.rs:224:9:224:24 | mut tokio_stream | test.rs:275:45:275:55 | [post] &mut buffer [&ref] | provenance | MaD:40 |
 | test.rs:224:28:224:57 | ...::connect | test.rs:224:28:224:66 | ...::connect(...) [future, Ok] | provenance | Src:MaD:5  |
 | test.rs:224:28:224:66 | ...::connect(...) [future, Ok] | test.rs:224:28:224:72 | await ... [Ok] | provenance |  |
 | test.rs:224:28:224:72 | await ... [Ok] | test.rs:224:28:224:73 | TryExpr | provenance |  |
@@ -163,7 +173,7 @@ edges
 | test.rs:380:26:380:60 | connector.connect(...) [future, Ok] | test.rs:380:26:380:66 | await ... [Ok] | provenance |  |
 | test.rs:380:26:380:66 | await ... [Ok] | test.rs:380:26:380:67 | TryExpr | provenance |  |
 | test.rs:380:26:380:67 | TryExpr | test.rs:380:13:380:22 | mut reader | provenance |  |
-| test.rs:380:57:380:59 | tcp | test.rs:380:26:380:60 | connector.connect(...) [future, Ok] | provenance | MaD:27 |
+| test.rs:380:57:380:59 | tcp | test.rs:380:26:380:60 | connector.connect(...) [future, Ok] | provenance | MaD:28 |
 | test.rs:381:15:381:20 | reader | test.rs:381:14:381:20 | &reader | provenance |  |
 | test.rs:386:17:386:26 | mut pinned | test.rs:387:19:387:24 | pinned | provenance |  |
 | test.rs:386:17:386:26 | mut pinned | test.rs:389:56:389:66 | [post] &mut buffer [&ref] | provenance | MaD:9 |
@@ -171,8 +181,8 @@ edges
 | test.rs:386:17:386:26 | mut pinned [&ref] | test.rs:389:56:389:66 | [post] &mut buffer [&ref] | provenance | MaD:9 |
 | test.rs:386:30:386:50 | ...::new(...) | test.rs:386:17:386:26 | mut pinned | provenance |  |
 | test.rs:386:30:386:50 | ...::new(...) [&ref] | test.rs:386:17:386:26 | mut pinned [&ref] | provenance |  |
-| test.rs:386:39:386:49 | &mut reader [&ref] | test.rs:386:30:386:50 | ...::new(...) | provenance | MaD:24 |
-| test.rs:386:39:386:49 | &mut reader [&ref] | test.rs:386:30:386:50 | ...::new(...) [&ref] | provenance | MaD:25 |
+| test.rs:386:39:386:49 | &mut reader [&ref] | test.rs:386:30:386:50 | ...::new(...) | provenance | MaD:25 |
+| test.rs:386:39:386:49 | &mut reader [&ref] | test.rs:386:30:386:50 | ...::new(...) [&ref] | provenance | MaD:26 |
 | test.rs:386:44:386:49 | reader | test.rs:386:39:386:49 | &mut reader [&ref] | provenance |  |
 | test.rs:387:19:387:24 | pinned | test.rs:387:18:387:24 | &pinned | provenance |  |
 | test.rs:387:19:387:24 | pinned [&ref] | test.rs:387:18:387:24 | &pinned | provenance |  |
@@ -211,7 +221,7 @@ edges
 | test.rs:408:13:408:23 | mut reader2 | test.rs:500:51:500:61 | [post] &mut buffer [&ref] | provenance | MaD:17 |
 | test.rs:408:13:408:23 | mut reader2 | test.rs:500:51:500:61 | [post] &mut buffer [&ref] | provenance | MaD:18 |
 | test.rs:408:27:408:61 | ...::new(...) | test.rs:408:13:408:23 | mut reader2 | provenance |  |
-| test.rs:408:55:408:60 | reader | test.rs:408:27:408:61 | ...::new(...) | provenance | MaD:28 |
+| test.rs:408:55:408:60 | reader | test.rs:408:27:408:61 | ...::new(...) | provenance | MaD:29 |
 | test.rs:409:15:409:21 | reader2 | test.rs:409:14:409:21 | &reader2 | provenance |  |
 | test.rs:413:17:413:26 | mut pinned | test.rs:414:19:414:24 | pinned | provenance |  |
 | test.rs:413:17:413:26 | mut pinned | test.rs:416:26:416:54 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:8 |
@@ -219,8 +229,8 @@ edges
 | test.rs:413:17:413:26 | mut pinned [&ref] | test.rs:416:26:416:54 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:8 |
 | test.rs:413:30:413:51 | ...::new(...) | test.rs:413:17:413:26 | mut pinned | provenance |  |
 | test.rs:413:30:413:51 | ...::new(...) [&ref] | test.rs:413:17:413:26 | mut pinned [&ref] | provenance |  |
-| test.rs:413:39:413:50 | &mut reader2 [&ref] | test.rs:413:30:413:51 | ...::new(...) | provenance | MaD:24 |
-| test.rs:413:39:413:50 | &mut reader2 [&ref] | test.rs:413:30:413:51 | ...::new(...) [&ref] | provenance | MaD:25 |
+| test.rs:413:39:413:50 | &mut reader2 [&ref] | test.rs:413:30:413:51 | ...::new(...) | provenance | MaD:25 |
+| test.rs:413:39:413:50 | &mut reader2 [&ref] | test.rs:413:30:413:51 | ...::new(...) [&ref] | provenance | MaD:26 |
 | test.rs:413:44:413:50 | reader2 | test.rs:413:39:413:50 | &mut reader2 [&ref] | provenance |  |
 | test.rs:414:19:414:24 | pinned | test.rs:414:18:414:24 | &pinned | provenance |  |
 | test.rs:414:19:414:24 | pinned [&ref] | test.rs:414:18:414:24 | &pinned | provenance |  |
@@ -235,8 +245,8 @@ edges
 | test.rs:423:27:423:48 | ...::new(...) | test.rs:423:27:423:71 | ... .poll_fill_buf(...) [Ready, Ok] | provenance | MaD:8 |
 | test.rs:423:27:423:48 | ...::new(...) [&ref] | test.rs:423:27:423:71 | ... .poll_fill_buf(...) [Ready, Ok] | provenance | MaD:8 |
 | test.rs:423:27:423:71 | ... .poll_fill_buf(...) [Ready, Ok] | test.rs:423:17:423:23 | buffer2 [Ready, Ok] | provenance |  |
-| test.rs:423:36:423:47 | &mut reader2 [&ref] | test.rs:423:27:423:48 | ...::new(...) | provenance | MaD:24 |
-| test.rs:423:36:423:47 | &mut reader2 [&ref] | test.rs:423:27:423:48 | ...::new(...) [&ref] | provenance | MaD:25 |
+| test.rs:423:36:423:47 | &mut reader2 [&ref] | test.rs:423:27:423:48 | ...::new(...) | provenance | MaD:25 |
+| test.rs:423:36:423:47 | &mut reader2 [&ref] | test.rs:423:27:423:48 | ...::new(...) [&ref] | provenance | MaD:26 |
 | test.rs:423:41:423:47 | reader2 | test.rs:423:36:423:47 | &mut reader2 [&ref] | provenance |  |
 | test.rs:424:20:424:26 | buffer2 [Ready, Ok] | test.rs:425:17:425:36 | ...::Ready(...) [Ready, Ok] | provenance |  |
 | test.rs:424:20:424:26 | buffer2 [Ready, Ok] | test.rs:426:27:426:33 | buffer2 [Ready, Ok] | provenance |  |
@@ -254,8 +264,8 @@ edges
 | test.rs:444:17:444:26 | mut pinned [&ref] | test.rs:447:56:447:66 | [post] &mut buffer [&ref] | provenance | MaD:9 |
 | test.rs:444:30:444:51 | ...::new(...) | test.rs:444:17:444:26 | mut pinned | provenance |  |
 | test.rs:444:30:444:51 | ...::new(...) [&ref] | test.rs:444:17:444:26 | mut pinned [&ref] | provenance |  |
-| test.rs:444:39:444:50 | &mut reader2 [&ref] | test.rs:444:30:444:51 | ...::new(...) | provenance | MaD:24 |
-| test.rs:444:39:444:50 | &mut reader2 [&ref] | test.rs:444:30:444:51 | ...::new(...) [&ref] | provenance | MaD:25 |
+| test.rs:444:39:444:50 | &mut reader2 [&ref] | test.rs:444:30:444:51 | ...::new(...) | provenance | MaD:25 |
+| test.rs:444:39:444:50 | &mut reader2 [&ref] | test.rs:444:30:444:51 | ...::new(...) [&ref] | provenance | MaD:26 |
 | test.rs:444:44:444:50 | reader2 | test.rs:444:39:444:50 | &mut reader2 [&ref] | provenance |  |
 | test.rs:445:19:445:24 | pinned | test.rs:445:18:445:24 | &pinned | provenance |  |
 | test.rs:445:19:445:24 | pinned [&ref] | test.rs:445:18:445:24 | &pinned | provenance |  |
@@ -279,8 +289,8 @@ edges
 | test.rs:467:17:467:26 | mut pinned [&ref] | test.rs:470:26:470:54 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:8 |
 | test.rs:467:30:467:51 | ...::new(...) | test.rs:467:17:467:26 | mut pinned | provenance |  |
 | test.rs:467:30:467:51 | ...::new(...) [&ref] | test.rs:467:17:467:26 | mut pinned [&ref] | provenance |  |
-| test.rs:467:39:467:50 | &mut reader2 [&ref] | test.rs:467:30:467:51 | ...::new(...) | provenance | MaD:24 |
-| test.rs:467:39:467:50 | &mut reader2 [&ref] | test.rs:467:30:467:51 | ...::new(...) [&ref] | provenance | MaD:25 |
+| test.rs:467:39:467:50 | &mut reader2 [&ref] | test.rs:467:30:467:51 | ...::new(...) | provenance | MaD:25 |
+| test.rs:467:39:467:50 | &mut reader2 [&ref] | test.rs:467:30:467:51 | ...::new(...) [&ref] | provenance | MaD:26 |
 | test.rs:467:44:467:50 | reader2 | test.rs:467:39:467:50 | &mut reader2 [&ref] | provenance |  |
 | test.rs:468:19:468:24 | pinned | test.rs:468:18:468:24 | &pinned | provenance |  |
 | test.rs:468:19:468:24 | pinned [&ref] | test.rs:468:18:468:24 | &pinned | provenance |  |
@@ -405,6 +415,14 @@ nodes
 | test.rs:185:49:185:52 | [post] line | semmle.label | [post] line |
 | test.rs:192:34:192:38 | &line | semmle.label | &line |
 | test.rs:192:35:192:38 | line | semmle.label | line |
+| test.rs:203:21:203:26 | reader | semmle.label | reader |
+| test.rs:203:30:203:73 | ...::new(...) | semmle.label | ...::new(...) |
+| test.rs:203:30:203:83 | ... .take(...) | semmle.label | ... .take(...) |
+| test.rs:203:54:203:71 | stream.try_clone() [Ok] | semmle.label | stream.try_clone() [Ok] |
+| test.rs:203:54:203:72 | TryExpr | semmle.label | TryExpr |
+| test.rs:204:29:204:42 | reader.lines() | semmle.label | reader.lines() |
+| test.rs:205:28:205:37 | Ok(...) | semmle.label | Ok(...) |
+| test.rs:207:30:207:35 | string | semmle.label | string |
 | test.rs:224:9:224:24 | mut tokio_stream | semmle.label | mut tokio_stream |
 | test.rs:224:28:224:57 | ...::connect | semmle.label | ...::connect |
 | test.rs:224:28:224:66 | ...::connect(...) [future, Ok] | semmle.label | ...::connect(...) [future, Ok] |
@@ -588,6 +606,7 @@ testFailures
 | test.rs:165:14:165:20 | &buffer | test.rs:155:26:155:53 | ...::connect | test.rs:165:14:165:20 | &buffer | $@ | test.rs:155:26:155:53 | ...::connect | ...::connect |
 | test.rs:166:14:166:22 | buffer[0] | test.rs:155:26:155:53 | ...::connect | test.rs:166:14:166:22 | buffer[0] | $@ | test.rs:155:26:155:53 | ...::connect | ...::connect |
 | test.rs:192:34:192:38 | &line | test.rs:174:26:174:61 | ...::connect_timeout | test.rs:192:34:192:38 | &line | $@ | test.rs:174:26:174:61 | ...::connect_timeout | ...::connect_timeout |
+| test.rs:207:30:207:35 | string | test.rs:174:26:174:61 | ...::connect_timeout | test.rs:207:30:207:35 | string | $@ | test.rs:174:26:174:61 | ...::connect_timeout | ...::connect_timeout |
 | test.rs:239:14:239:21 | &buffer1 | test.rs:224:28:224:57 | ...::connect | test.rs:239:14:239:21 | &buffer1 | $@ | test.rs:224:28:224:57 | ...::connect | ...::connect |
 | test.rs:240:14:240:23 | buffer1[0] | test.rs:224:28:224:57 | ...::connect | test.rs:240:14:240:23 | buffer1[0] | $@ | test.rs:224:28:224:57 | ...::connect | ...::connect |
 | test.rs:243:14:243:21 | &buffer2 | test.rs:224:28:224:57 | ...::connect | test.rs:243:14:243:21 | &buffer2 | $@ | test.rs:224:28:224:57 | ...::connect | ...::connect |
diff --git a/rust/ql/test/library-tests/dataflow/sources/net/test.rs b/rust/ql/test/library-tests/dataflow/sources/net/test.rs
index 254a27349d92..df49e43e1289 100644
--- a/rust/ql/test/library-tests/dataflow/sources/net/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/net/test.rs
@@ -204,7 +204,7 @@ async fn test_std_tcpstream(case: i64) -> std::io::Result<()> {
                 for line in reader.lines() { // $ MISSING: Alert[rust/summary/taint-sources]
                     if let Ok(string) = line {
                         println!("line = {}", string);
-                        sink(string); // $ MISSING: hasTaintFlow
+                        sink(string); // $ hasTaintFlow=&sock_addr
                     }
                 }
             }
diff --git a/rust/ql/test/library-tests/dataflow/sources/web_frameworks/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/web_frameworks/InlineFlow.expected
index 24a0cf78aec0..6ed1ac9904ab 100644
--- a/rust/ql/test/library-tests/dataflow/sources/web_frameworks/InlineFlow.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/web_frameworks/InlineFlow.expected
@@ -4,80 +4,45 @@ models
 | 3 | Source: <_ as warp::filter::Filter>::then; Argument[0].Parameter[0..7]; remote |
 | 4 | Source: <actix_web::resource::Resource>::to; Argument[0].Parameter[0..7]; remote |
 | 5 | Source: <actix_web::route::Route>::to; Argument[0].Parameter[0..7]; remote |
-| 6 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue.Field[0]; taint |
-| 7 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue.Field[1]; taint |
-| 8 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue.Field[2]; taint |
-| 9 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue; taint |
-| 10 | Summary: <alloc::string::String>::as_bytes; Argument[self]; ReturnValue; value |
-| 11 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
+| 6 | Summary: <actix_web::types::path::Path>::into_inner; Argument[self]; ReturnValue; taint |
+| 7 | Summary: <alloc::string::String>::as_bytes; Argument[self]; ReturnValue; value |
+| 8 | Summary: <alloc::string::String>::as_str; Argument[self]; ReturnValue; value |
 edges
 | test.rs:11:31:11:31 | a | test.rs:13:14:13:14 | a | provenance |  |
-| test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:11 |
+| test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:8 |
 | test.rs:11:31:11:31 | a | test.rs:14:14:14:14 | a | provenance |  |
-| test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:10 |
+| test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:7 |
 | test.rs:11:31:11:31 | a | test.rs:15:14:15:14 | a | provenance |  |
-| test.rs:13:14:13:14 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:11 |
-| test.rs:14:14:14:14 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:10 |
+| test.rs:13:14:13:14 | a | test.rs:13:14:13:23 | a.as_str() | provenance | MaD:8 |
+| test.rs:14:14:14:14 | a | test.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:7 |
+| test.rs:22:14:22:19 | TuplePat | test.rs:24:14:24:14 | a | provenance |  |
+| test.rs:22:14:22:19 | TuplePat | test.rs:25:14:25:14 | b | provenance |  |
+| test.rs:48:14:48:30 | MyStruct {...} | test.rs:50:14:50:14 | a | provenance |  |
+| test.rs:48:14:48:30 | MyStruct {...} | test.rs:51:14:51:14 | b | provenance |  |
+| test.rs:58:14:58:15 | ms | test.rs:60:14:60:17 | ms.a | provenance |  |
+| test.rs:58:14:58:15 | ms | test.rs:61:14:61:17 | ms.b | provenance |  |
 | test.rs:68:15:68:15 | a | test.rs:70:14:70:14 | a | provenance |  |
-| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() | provenance | MaD:9 |
-| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() [tuple.0] | provenance | MaD:6 |
-| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() [tuple.1] | provenance | MaD:7 |
-| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() [tuple.2] | provenance | MaD:8 |
+| test.rs:98:9:98:31 | ...: ...::Path::<...> | test.rs:100:17:100:33 | path.into_inner() | provenance | MaD:6 |
 | test.rs:100:13:100:13 | a | test.rs:101:14:101:14 | a | provenance |  |
-| test.rs:100:13:100:13 | a | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
+| test.rs:100:13:100:13 | a | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:8 |
 | test.rs:100:13:100:13 | a | test.rs:102:14:102:14 | a | provenance |  |
-| test.rs:100:13:100:13 | a | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
+| test.rs:100:13:100:13 | a | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:7 |
 | test.rs:100:13:100:13 | a | test.rs:103:14:103:14 | a | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.0] | test.rs:101:14:101:14 | a [tuple.0] | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.0] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
-| test.rs:100:13:100:13 | a [tuple.0] | test.rs:102:14:102:14 | a [tuple.0] | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.0] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
-| test.rs:100:13:100:13 | a [tuple.0] | test.rs:103:14:103:14 | a | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.1] | test.rs:101:14:101:14 | a [tuple.1] | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.1] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
-| test.rs:100:13:100:13 | a [tuple.1] | test.rs:102:14:102:14 | a [tuple.1] | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.1] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
-| test.rs:100:13:100:13 | a [tuple.1] | test.rs:103:14:103:14 | a | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.2] | test.rs:101:14:101:14 | a [tuple.2] | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.2] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
-| test.rs:100:13:100:13 | a [tuple.2] | test.rs:102:14:102:14 | a [tuple.2] | provenance |  |
-| test.rs:100:13:100:13 | a [tuple.2] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
-| test.rs:100:13:100:13 | a [tuple.2] | test.rs:103:14:103:14 | a | provenance |  |
 | test.rs:100:17:100:33 | path.into_inner() | test.rs:100:13:100:13 | a | provenance |  |
-| test.rs:100:17:100:33 | path.into_inner() [tuple.0] | test.rs:100:13:100:13 | a [tuple.0] | provenance |  |
-| test.rs:100:17:100:33 | path.into_inner() [tuple.1] | test.rs:100:13:100:13 | a [tuple.1] | provenance |  |
-| test.rs:100:17:100:33 | path.into_inner() [tuple.2] | test.rs:100:13:100:13 | a [tuple.2] | provenance |  |
-| test.rs:101:14:101:14 | a | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
-| test.rs:101:14:101:14 | a [tuple.0] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
-| test.rs:101:14:101:14 | a [tuple.1] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
-| test.rs:101:14:101:14 | a [tuple.2] | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:11 |
-| test.rs:102:14:102:14 | a | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
-| test.rs:102:14:102:14 | a [tuple.0] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
-| test.rs:102:14:102:14 | a [tuple.1] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
-| test.rs:102:14:102:14 | a [tuple.2] | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:10 |
-| test.rs:109:9:109:41 | ...: ...::Path::<...> | test.rs:111:22:111:38 | path.into_inner() [tuple.0] | provenance | MaD:6 |
-| test.rs:109:9:109:41 | ...: ...::Path::<...> | test.rs:111:22:111:38 | path.into_inner() [tuple.1] | provenance | MaD:7 |
-| test.rs:111:13:111:18 | TuplePat [tuple.0] | test.rs:111:14:111:14 | a | provenance |  |
-| test.rs:111:13:111:18 | TuplePat [tuple.1] | test.rs:111:17:111:17 | b | provenance |  |
-| test.rs:111:14:111:14 | a | test.rs:113:14:113:14 | a | provenance |  |
-| test.rs:111:17:111:17 | b | test.rs:114:14:114:14 | b | provenance |  |
-| test.rs:111:22:111:38 | path.into_inner() [tuple.0] | test.rs:111:13:111:18 | TuplePat [tuple.0] | provenance |  |
-| test.rs:111:22:111:38 | path.into_inner() [tuple.1] | test.rs:111:13:111:18 | TuplePat [tuple.1] | provenance |  |
+| test.rs:101:14:101:14 | a | test.rs:101:14:101:23 | a.as_str() | provenance | MaD:8 |
+| test.rs:102:14:102:14 | a | test.rs:102:14:102:25 | a.as_bytes() | provenance | MaD:7 |
+| test.rs:109:9:109:41 | ...: ...::Path::<...> | test.rs:111:22:111:38 | path.into_inner() | provenance | MaD:6 |
+| test.rs:111:13:111:18 | TuplePat | test.rs:113:14:113:14 | a | provenance |  |
+| test.rs:111:13:111:18 | TuplePat | test.rs:114:14:114:14 | b | provenance |  |
+| test.rs:111:22:111:38 | path.into_inner() | test.rs:111:13:111:18 | TuplePat | provenance |  |
+| test.rs:120:9:120:41 | ...: ...::Query::<...> | test.rs:122:14:122:14 | a | provenance |  |
 | test.rs:127:5:127:20 | to | test.rs:129:9:129:31 | ...: ...::Path::<...> | provenance | Src:MaD:4  |
-| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() | provenance | MaD:9 |
-| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() [tuple.0] | provenance | MaD:6 |
-| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() [tuple.1] | provenance | MaD:7 |
-| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() [tuple.2] | provenance | MaD:8 |
+| test.rs:129:9:129:31 | ...: ...::Path::<...> | test.rs:131:17:131:33 | path.into_inner() | provenance | MaD:6 |
 | test.rs:131:13:131:13 | a | test.rs:132:14:132:14 | a | provenance |  |
-| test.rs:131:13:131:13 | a [tuple.0] | test.rs:132:14:132:14 | a | provenance |  |
-| test.rs:131:13:131:13 | a [tuple.1] | test.rs:132:14:132:14 | a | provenance |  |
-| test.rs:131:13:131:13 | a [tuple.2] | test.rs:132:14:132:14 | a | provenance |  |
 | test.rs:131:17:131:33 | path.into_inner() | test.rs:131:13:131:13 | a | provenance |  |
-| test.rs:131:17:131:33 | path.into_inner() [tuple.0] | test.rs:131:13:131:13 | a [tuple.0] | provenance |  |
-| test.rs:131:17:131:33 | path.into_inner() [tuple.1] | test.rs:131:13:131:13 | a [tuple.1] | provenance |  |
-| test.rs:131:17:131:33 | path.into_inner() [tuple.2] | test.rs:131:13:131:13 | a [tuple.2] | provenance |  |
 | test.rs:139:41:139:42 | to | test.rs:98:9:98:31 | ...: ...::Path::<...> | provenance | Src:MaD:5  |
 | test.rs:140:45:140:46 | to | test.rs:109:9:109:41 | ...: ...::Path::<...> | provenance | Src:MaD:5  |
+| test.rs:141:41:141:42 | to | test.rs:120:9:120:41 | ...: ...::Query::<...> | provenance | Src:MaD:5  |
 | test.rs:242:33:242:35 | map | test.rs:242:38:242:46 | ...: String | provenance | Src:MaD:2  |
 | test.rs:242:38:242:46 | ...: String | test.rs:244:18:244:18 | a | provenance |  |
 | test.rs:250:46:250:49 | then | test.rs:251:25:251:33 | ...: String | provenance | Src:MaD:3  |
@@ -93,50 +58,40 @@ nodes
 | test.rs:14:14:14:14 | a | semmle.label | a |
 | test.rs:14:14:14:25 | a.as_bytes() | semmle.label | a.as_bytes() |
 | test.rs:15:14:15:14 | a | semmle.label | a |
+| test.rs:22:14:22:19 | TuplePat | semmle.label | TuplePat |
+| test.rs:24:14:24:14 | a | semmle.label | a |
+| test.rs:25:14:25:14 | b | semmle.label | b |
+| test.rs:48:14:48:30 | MyStruct {...} | semmle.label | MyStruct {...} |
+| test.rs:50:14:50:14 | a | semmle.label | a |
+| test.rs:51:14:51:14 | b | semmle.label | b |
+| test.rs:58:14:58:15 | ms | semmle.label | ms |
+| test.rs:60:14:60:17 | ms.a | semmle.label | ms.a |
+| test.rs:61:14:61:17 | ms.b | semmle.label | ms.b |
 | test.rs:68:15:68:15 | a | semmle.label | a |
 | test.rs:70:14:70:14 | a | semmle.label | a |
 | test.rs:98:9:98:31 | ...: ...::Path::<...> | semmle.label | ...: ...::Path::<...> |
 | test.rs:100:13:100:13 | a | semmle.label | a |
-| test.rs:100:13:100:13 | a [tuple.0] | semmle.label | a [tuple.0] |
-| test.rs:100:13:100:13 | a [tuple.1] | semmle.label | a [tuple.1] |
-| test.rs:100:13:100:13 | a [tuple.2] | semmle.label | a [tuple.2] |
 | test.rs:100:17:100:33 | path.into_inner() | semmle.label | path.into_inner() |
-| test.rs:100:17:100:33 | path.into_inner() [tuple.0] | semmle.label | path.into_inner() [tuple.0] |
-| test.rs:100:17:100:33 | path.into_inner() [tuple.1] | semmle.label | path.into_inner() [tuple.1] |
-| test.rs:100:17:100:33 | path.into_inner() [tuple.2] | semmle.label | path.into_inner() [tuple.2] |
 | test.rs:101:14:101:14 | a | semmle.label | a |
-| test.rs:101:14:101:14 | a [tuple.0] | semmle.label | a [tuple.0] |
-| test.rs:101:14:101:14 | a [tuple.1] | semmle.label | a [tuple.1] |
-| test.rs:101:14:101:14 | a [tuple.2] | semmle.label | a [tuple.2] |
 | test.rs:101:14:101:23 | a.as_str() | semmle.label | a.as_str() |
 | test.rs:102:14:102:14 | a | semmle.label | a |
-| test.rs:102:14:102:14 | a [tuple.0] | semmle.label | a [tuple.0] |
-| test.rs:102:14:102:14 | a [tuple.1] | semmle.label | a [tuple.1] |
-| test.rs:102:14:102:14 | a [tuple.2] | semmle.label | a [tuple.2] |
 | test.rs:102:14:102:25 | a.as_bytes() | semmle.label | a.as_bytes() |
 | test.rs:103:14:103:14 | a | semmle.label | a |
 | test.rs:109:9:109:41 | ...: ...::Path::<...> | semmle.label | ...: ...::Path::<...> |
-| test.rs:111:13:111:18 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] |
-| test.rs:111:13:111:18 | TuplePat [tuple.1] | semmle.label | TuplePat [tuple.1] |
-| test.rs:111:14:111:14 | a | semmle.label | a |
-| test.rs:111:17:111:17 | b | semmle.label | b |
-| test.rs:111:22:111:38 | path.into_inner() [tuple.0] | semmle.label | path.into_inner() [tuple.0] |
-| test.rs:111:22:111:38 | path.into_inner() [tuple.1] | semmle.label | path.into_inner() [tuple.1] |
+| test.rs:111:13:111:18 | TuplePat | semmle.label | TuplePat |
+| test.rs:111:22:111:38 | path.into_inner() | semmle.label | path.into_inner() |
 | test.rs:113:14:113:14 | a | semmle.label | a |
 | test.rs:114:14:114:14 | b | semmle.label | b |
+| test.rs:120:9:120:41 | ...: ...::Query::<...> | semmle.label | ...: ...::Query::<...> |
+| test.rs:122:14:122:14 | a | semmle.label | a |
 | test.rs:127:5:127:20 | to | semmle.label | to |
 | test.rs:129:9:129:31 | ...: ...::Path::<...> | semmle.label | ...: ...::Path::<...> |
 | test.rs:131:13:131:13 | a | semmle.label | a |
-| test.rs:131:13:131:13 | a [tuple.0] | semmle.label | a [tuple.0] |
-| test.rs:131:13:131:13 | a [tuple.1] | semmle.label | a [tuple.1] |
-| test.rs:131:13:131:13 | a [tuple.2] | semmle.label | a [tuple.2] |
 | test.rs:131:17:131:33 | path.into_inner() | semmle.label | path.into_inner() |
-| test.rs:131:17:131:33 | path.into_inner() [tuple.0] | semmle.label | path.into_inner() [tuple.0] |
-| test.rs:131:17:131:33 | path.into_inner() [tuple.1] | semmle.label | path.into_inner() [tuple.1] |
-| test.rs:131:17:131:33 | path.into_inner() [tuple.2] | semmle.label | path.into_inner() [tuple.2] |
 | test.rs:132:14:132:14 | a | semmle.label | a |
 | test.rs:139:41:139:42 | to | semmle.label | to |
 | test.rs:140:45:140:46 | to | semmle.label | to |
+| test.rs:141:41:141:42 | to | semmle.label | to |
 | test.rs:242:33:242:35 | map | semmle.label | map |
 | test.rs:242:38:242:46 | ...: String | semmle.label | ...: String |
 | test.rs:244:18:244:18 | a | semmle.label | a |
@@ -155,12 +110,19 @@ testFailures
 | test.rs:13:14:13:23 | a.as_str() | test.rs:11:31:11:31 | a | test.rs:13:14:13:23 | a.as_str() | $@ | test.rs:11:31:11:31 | a | a |
 | test.rs:14:14:14:25 | a.as_bytes() | test.rs:11:31:11:31 | a | test.rs:14:14:14:25 | a.as_bytes() | $@ | test.rs:11:31:11:31 | a | a |
 | test.rs:15:14:15:14 | a | test.rs:11:31:11:31 | a | test.rs:15:14:15:14 | a | $@ | test.rs:11:31:11:31 | a | a |
+| test.rs:24:14:24:14 | a | test.rs:22:14:22:19 | TuplePat | test.rs:24:14:24:14 | a | $@ | test.rs:22:14:22:19 | TuplePat | TuplePat |
+| test.rs:25:14:25:14 | b | test.rs:22:14:22:19 | TuplePat | test.rs:25:14:25:14 | b | $@ | test.rs:22:14:22:19 | TuplePat | TuplePat |
+| test.rs:50:14:50:14 | a | test.rs:48:14:48:30 | MyStruct {...} | test.rs:50:14:50:14 | a | $@ | test.rs:48:14:48:30 | MyStruct {...} | MyStruct {...} |
+| test.rs:51:14:51:14 | b | test.rs:48:14:48:30 | MyStruct {...} | test.rs:51:14:51:14 | b | $@ | test.rs:48:14:48:30 | MyStruct {...} | MyStruct {...} |
+| test.rs:60:14:60:17 | ms.a | test.rs:58:14:58:15 | ms | test.rs:60:14:60:17 | ms.a | $@ | test.rs:58:14:58:15 | ms | ms |
+| test.rs:61:14:61:17 | ms.b | test.rs:58:14:58:15 | ms | test.rs:61:14:61:17 | ms.b | $@ | test.rs:58:14:58:15 | ms | ms |
 | test.rs:70:14:70:14 | a | test.rs:68:15:68:15 | a | test.rs:70:14:70:14 | a | $@ | test.rs:68:15:68:15 | a | a |
 | test.rs:101:14:101:23 | a.as_str() | test.rs:139:41:139:42 | to | test.rs:101:14:101:23 | a.as_str() | $@ | test.rs:139:41:139:42 | to | to |
 | test.rs:102:14:102:25 | a.as_bytes() | test.rs:139:41:139:42 | to | test.rs:102:14:102:25 | a.as_bytes() | $@ | test.rs:139:41:139:42 | to | to |
 | test.rs:103:14:103:14 | a | test.rs:139:41:139:42 | to | test.rs:103:14:103:14 | a | $@ | test.rs:139:41:139:42 | to | to |
 | test.rs:113:14:113:14 | a | test.rs:140:45:140:46 | to | test.rs:113:14:113:14 | a | $@ | test.rs:140:45:140:46 | to | to |
 | test.rs:114:14:114:14 | b | test.rs:140:45:140:46 | to | test.rs:114:14:114:14 | b | $@ | test.rs:140:45:140:46 | to | to |
+| test.rs:122:14:122:14 | a | test.rs:141:41:141:42 | to | test.rs:122:14:122:14 | a | $@ | test.rs:141:41:141:42 | to | to |
 | test.rs:132:14:132:14 | a | test.rs:127:5:127:20 | to | test.rs:132:14:132:14 | a | $@ | test.rs:127:5:127:20 | to | to |
 | test.rs:244:18:244:18 | a | test.rs:242:33:242:35 | map | test.rs:244:18:244:18 | a | $@ | test.rs:242:33:242:35 | map | map |
 | test.rs:252:22:252:22 | a | test.rs:250:46:250:49 | then | test.rs:252:22:252:22 | a | $@ | test.rs:250:46:250:49 | then | then |
diff --git a/rust/ql/test/library-tests/dataflow/sources/web_frameworks/test.rs b/rust/ql/test/library-tests/dataflow/sources/web_frameworks/test.rs
index 3bcea0dee4e3..124f7615ef1d 100644
--- a/rust/ql/test/library-tests/dataflow/sources/web_frameworks/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/web_frameworks/test.rs
@@ -21,8 +21,8 @@ mod poem_test {
     fn my_poem_handler_2(
         Path((a, b)): Path<(String, String)>, // $ Alert[rust/summary/taint-sources]
     ) -> String {
-        sink(a); // $ MISSING: hasTaintFlow
-        sink(b); // $ MISSING: hasTaintFlow
+        sink(a); // $ hasTaintFlow
+        sink(b); // $ hasTaintFlow
 
         "".to_string()
     }
@@ -47,8 +47,8 @@ mod poem_test {
     fn my_poem_handler_4(
         Path(MyStruct { a, b }): Path<MyStruct>, // $ Alert[rust/summary/taint-sources]
     ) -> String {
-        sink(a); // $ MISSING: hasTaintFlow
-        sink(b); // $ MISSING: hasTaintFlow
+        sink(a); // $ hasTaintFlow
+        sink(b); // $ hasTaintFlow
 
         "".to_string()
     }
@@ -57,8 +57,8 @@ mod poem_test {
     fn my_poem_handler_5(
         Path(ms): Path<MyStruct>, // $ Alert[rust/summary/taint-sources]
     ) -> String {
-        sink(ms.a); // $ MISSING: hasTaintFlow
-        sink(ms.b); // $ MISSING: hasTaintFlow
+        sink(ms.a); // $ hasTaintFlow
+        sink(ms.b); // $ hasTaintFlow
 
         "".to_string()
     }
@@ -119,7 +119,7 @@ mod actix_test {
     async fn my_actix_handler_3(
         web::Query(a): web::Query<String>,
     ) -> String {
-        sink(a); // $ MISSING: hasTaintFlow
+        sink(a); // $ hasTaintFlow=my_actix_handler_3
 
         "".to_string()
     }
diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
index c24c6a728bbf..b68a518e9247 100644
--- a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
+++ b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
@@ -141,6 +141,18 @@ edges
 | lifetime.rs:305:15:305:37 | get_pointer_from_enum(...) | lifetime.rs:305:6:305:11 | result | provenance |  |
 | lifetime.rs:313:10:313:29 | ...::Pointer(...) [Pointer] | lifetime.rs:313:27:313:28 | p2 | provenance |  |
 | lifetime.rs:313:27:313:28 | p2 | lifetime.rs:314:23:314:24 | p2 | provenance |  |
+| lifetime.rs:332:6:332:13 | mut ref1 | lifetime.rs:338:9:338:35 | ...::Pointer(...) | provenance |  |
+| lifetime.rs:332:17:332:22 | &enum1 | lifetime.rs:332:6:332:13 | mut ref1 | provenance |  |
+| lifetime.rs:336:3:336:6 | ref1 | lifetime.rs:338:9:338:35 | ...::Pointer(...) | provenance |  |
+| lifetime.rs:336:10:336:15 | &inner | lifetime.rs:336:3:336:6 | ref1 | provenance |  |
+| lifetime.rs:338:9:338:35 | ...::Pointer(...) | lifetime.rs:339:27:339:30 | * ... | provenance |  |
+| lifetime.rs:338:9:338:35 | ...::Pointer(...) | lifetime.rs:339:28:339:30 | ptr | provenance |  |
+| lifetime.rs:348:6:348:13 | mut ref1 | lifetime.rs:354:9:354:35 | ...::Pointer(...) | provenance |  |
+| lifetime.rs:348:17:348:22 | &enum1 | lifetime.rs:348:6:348:13 | mut ref1 | provenance |  |
+| lifetime.rs:352:3:352:6 | ref1 | lifetime.rs:354:9:354:35 | ...::Pointer(...) | provenance |  |
+| lifetime.rs:352:10:352:15 | &inner | lifetime.rs:352:3:352:6 | ref1 | provenance |  |
+| lifetime.rs:354:9:354:35 | ...::Pointer(...) | lifetime.rs:355:27:355:30 | * ... | provenance |  |
+| lifetime.rs:354:9:354:35 | ...::Pointer(...) | lifetime.rs:355:28:355:30 | ptr | provenance |  |
 | lifetime.rs:383:3:383:4 | p1 | lifetime.rs:388:15:388:16 | p1 | provenance |  |
 | lifetime.rs:383:3:383:4 | p1 | lifetime.rs:391:15:391:16 | p1 | provenance |  |
 | lifetime.rs:383:3:383:4 | p1 | lifetime.rs:399:6:399:7 | p1 | provenance |  |
@@ -350,6 +362,20 @@ nodes
 | lifetime.rs:313:27:313:28 | p2 | semmle.label | p2 |
 | lifetime.rs:314:23:314:24 | p2 | semmle.label | p2 |
 | lifetime.rs:317:13:317:18 | result | semmle.label | result |
+| lifetime.rs:332:6:332:13 | mut ref1 | semmle.label | mut ref1 |
+| lifetime.rs:332:17:332:22 | &enum1 | semmle.label | &enum1 |
+| lifetime.rs:336:3:336:6 | ref1 | semmle.label | ref1 |
+| lifetime.rs:336:10:336:15 | &inner | semmle.label | &inner |
+| lifetime.rs:338:9:338:35 | ...::Pointer(...) | semmle.label | ...::Pointer(...) |
+| lifetime.rs:339:27:339:30 | * ... | semmle.label | * ... |
+| lifetime.rs:339:28:339:30 | ptr | semmle.label | ptr |
+| lifetime.rs:348:6:348:13 | mut ref1 | semmle.label | mut ref1 |
+| lifetime.rs:348:17:348:22 | &enum1 | semmle.label | &enum1 |
+| lifetime.rs:352:3:352:6 | ref1 | semmle.label | ref1 |
+| lifetime.rs:352:10:352:15 | &inner | semmle.label | &inner |
+| lifetime.rs:354:9:354:35 | ...::Pointer(...) | semmle.label | ...::Pointer(...) |
+| lifetime.rs:355:27:355:30 | * ... | semmle.label | * ... |
+| lifetime.rs:355:28:355:30 | ptr | semmle.label | ptr |
 | lifetime.rs:383:3:383:4 | p1 | semmle.label | p1 |
 | lifetime.rs:383:31:383:37 | &raw mut my_pair | semmle.label | &raw mut my_pair |
 | lifetime.rs:384:3:384:4 | p2 | semmle.label | p2 |

From 88eee369668b87b70ab6cee77538396752a8146c Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Wed, 26 Nov 2025 13:02:17 +0100
Subject: [PATCH 06/12] Rust: Refactor flow summary implementation

---
 .../dataflow/internal/FlowSummaryImpl.qll     | 33 ++++++++++---------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
index d9457d795109..84a61949a5d4 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
@@ -11,6 +11,20 @@ private import codeql.rust.dataflow.FlowSummary
 private import codeql.rust.dataflow.Ssa
 private import Content
 
+predicate encodeContentTupleField(TupleFieldContent c, string arg) {
+  exists(Addressable a, int pos, string prefix |
+    arg = prefix + "(" + pos + ")" and prefix = a.getCanonicalPath()
+  |
+    c.isStructField(a, pos) or c.isVariantField(a, pos)
+  )
+}
+
+predicate encodeContentStructField(StructFieldContent c, string arg) {
+  exists(Addressable a, string field | arg = a.getCanonicalPath() + "::" + field |
+    c.isStructField(a, field) or c.isVariantField(a, field)
+  )
+}
+
 module Input implements InputSig<Location, RustDataFlow> {
   private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
   private import codeql.rust.frameworks.stdlib.Stdlib
@@ -61,24 +75,11 @@ module Input implements InputSig<Location, RustDataFlow> {
     exists(Content c | cs = TSingletonContentSet(c) |
       result = "Field" and
       (
-        exists(Addressable a, int pos, string prefix |
-          arg = prefix + "(" + pos + ")" and prefix = a.getCanonicalPath()
-        |
-          c.(TupleFieldContent).isStructField(a, pos)
-          or
-          c.(TupleFieldContent).isVariantField(a, pos)
-        )
+        encodeContentTupleField(c, arg)
         or
-        exists(Addressable a, string field | arg = a.getCanonicalPath() + "::" + field |
-          c.(StructFieldContent).isStructField(a, field)
-          or
-          c.(StructFieldContent).isVariantField(a, field)
-        )
+        encodeContentStructField(c, arg)
         or
-        exists(int pos |
-          c = TTuplePositionContent(pos) and
-          arg = pos.toString()
-        )
+        exists(int pos | c = TTuplePositionContent(pos) and arg = pos.toString())
       )
       or
       result = "Reference" and

From b634cb3b27e28dfc9e3d676bbcdfa96bb21f4986 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Wed, 26 Nov 2025 13:09:41 +0100
Subject: [PATCH 07/12] Rust: Add extensible predicate to exclude fields and
 block fieldless enum types

---
 .../dataflow/internal/TaintTrackingImpl.qll   | 32 +++++++++++++++----
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
index 6b998b89bb8a..aa058fadc93f 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
@@ -11,6 +11,20 @@ private import codeql.rust.internal.TypeInference as TypeInference
 private import codeql.rust.internal.Type as Type
 private import codeql.rust.frameworks.stdlib.Builtins as Builtins
 
+/**
+ * Holds if the field `field` should, by default, be excluded from taint steps.
+ * The syntax used to denote the field is the same as for `Field` in
+ * models-as-data.
+ */
+extensible predicate excludeFieldTaintStep(string field);
+
+private predicate excludedTaintStepContent(Content c) {
+  exists(string arg | excludeFieldTaintStep(arg) |
+    FlowSummaryImpl::encodeContentStructField(c, arg) or
+    FlowSummaryImpl::encodeContentTupleField(c, arg)
+  )
+}
+
 module RustTaintTracking implements InputSig<Location, RustDataFlow> {
   predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
 
@@ -48,13 +62,17 @@ module RustTaintTracking implements InputSig<Location, RustDataFlow> {
       // taint is propagated. We limit this to not apply if the type of the
       // operation is a small primitive type as these are often uninteresting
       // (for instance in the case of an injection query).
-      RustDataFlow::readContentStep(pred, _, succ) and
-      not exists(Struct s |
-        s = TypeInference::inferType(succ.asExpr()).(Type::StructType).getStruct()
-      |
-        s instanceof Builtins::NumericType or
-        s instanceof Builtins::Bool or
-        s instanceof Builtins::Char
+      exists(Content c |
+        RustDataFlow::readContentStep(pred, c, succ) and
+        forex(Type::Type t | t = TypeInference::inferType(succ.asExpr()) |
+          not exists(Struct s | s = t.(Type::StructType).getStruct() |
+            s instanceof Builtins::NumericType or
+            s instanceof Builtins::Bool or
+            s instanceof Builtins::Char
+          )
+        ) and
+        not excludedTaintStepContent(c) and
+        not TypeInference::inferType(succ.asExpr()).(Type::EnumType).getEnum().isFieldless()
       )
       or
       // Let all read steps (including those from flow summaries and those that

From f959b142b0d466c6f4885375f4550763a6e0437c Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Thu, 27 Nov 2025 09:24:18 +0100
Subject: [PATCH 08/12] Rust: Exclude range start and end from field taint
 steps

---
 rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
index 7d1761dd8885..81c09cf612bf 100644
--- a/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
+++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/core.model.yml
@@ -74,3 +74,9 @@ extensions:
       - ["core::ptr::write_bytes", "Argument[0]", "pointer-access", "manual"]
       - ["core::ptr::write_unaligned", "Argument[0]", "pointer-access", "manual"]
       - ["core::ptr::write_volatile", "Argument[0]", "pointer-access", "manual"]
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: excludeFieldTaintStep
+    data:
+      - ["core::ops::range::RangeInclusive::start"]
+      - ["core::ops::range::RangeInclusive::end"]
\ No newline at end of file

From 9eed4f0b8210afe20345bcb65fcf01f4fd6b2ebb Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <paldepind@github.com>
Date: Fri, 28 Nov 2025 09:24:31 +0100
Subject: [PATCH 09/12] Rust: Apply suggestions from code review

Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
---
 .../lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
index aa058fadc93f..eb7cf3bbe172 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
@@ -12,9 +12,9 @@ private import codeql.rust.internal.Type as Type
 private import codeql.rust.frameworks.stdlib.Builtins as Builtins
 
 /**
- * Holds if the field `field` should, by default, be excluded from taint steps.
- * The syntax used to denote the field is the same as for `Field` in
- * models-as-data.
+ * Holds if the field `field` should, by default, be excluded from taint steps
+ * from the containing type to reads of the field. The models-as-data syntax
+ * used to denote the field is the same as for `Field[]` access path elements.
  */
 extensible predicate excludeFieldTaintStep(string field);
 

From f0f134f6aadbee5eff5a645a258a44960fd298d4 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Fri, 28 Nov 2025 09:42:35 +0100
Subject: [PATCH 10/12] Rust: Address PR feedback

---
 .../codeql/rust/dataflow/internal/TaintTrackingImpl.qll  | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
index eb7cf3bbe172..5a36039a70e0 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
@@ -69,13 +69,14 @@ module RustTaintTracking implements InputSig<Location, RustDataFlow> {
             s instanceof Builtins::NumericType or
             s instanceof Builtins::Bool or
             s instanceof Builtins::Char
-          )
+          ) and
+          not t.(Type::EnumType).getEnum().isFieldless()
         ) and
-        not excludedTaintStepContent(c) and
-        not TypeInference::inferType(succ.asExpr()).(Type::EnumType).getEnum().isFieldless()
+        not excludedTaintStepContent(c)
       )
       or
-      // Let all read steps (including those from flow summaries and those that
+      // In addition to the above, for element and reference content we let
+      // _all_ read steps (including those from flow summaries and those that
       // result in small primitive types) give rise to taint steps.
       exists(SingletonContentSet cs | RustDataFlow::readStep(pred, cs, succ) |
         cs.getContent() instanceof ElementContent

From 800500ec2f8efa6c2117e5030ff0ea92950987e0 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Fri, 28 Nov 2025 11:27:30 +0100
Subject: [PATCH 11/12] Rust: Do not use types to limit lifting of reads to
 taint steps

---
 .../rust/dataflow/internal/TaintTrackingImpl.qll | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
index 5a36039a70e0..9ff621b493a0 100644
--- a/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
+++ b/rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll
@@ -18,6 +18,10 @@ private import codeql.rust.frameworks.stdlib.Builtins as Builtins
  */
 extensible predicate excludeFieldTaintStep(string field);
 
+/**
+ * Holds if the content `c` corresponds to a field that has explicitly been
+ * excluded as a taint step.
+ */
 private predicate excludedTaintStepContent(Content c) {
   exists(string arg | excludeFieldTaintStep(arg) |
     FlowSummaryImpl::encodeContentStructField(c, arg) or
@@ -59,19 +63,9 @@ module RustTaintTracking implements InputSig<Location, RustDataFlow> {
       or
       // Read steps give rise to taint steps. This has the effect that if `foo`
       // is tainted and an operation reads from `foo` (e.g., `foo.bar`) then
-      // taint is propagated. We limit this to not apply if the type of the
-      // operation is a small primitive type as these are often uninteresting
-      // (for instance in the case of an injection query).
+      // taint is propagated.
       exists(Content c |
         RustDataFlow::readContentStep(pred, c, succ) and
-        forex(Type::Type t | t = TypeInference::inferType(succ.asExpr()) |
-          not exists(Struct s | s = t.(Type::StructType).getStruct() |
-            s instanceof Builtins::NumericType or
-            s instanceof Builtins::Bool or
-            s instanceof Builtins::Char
-          ) and
-          not t.(Type::EnumType).getEnum().isFieldless()
-        ) and
         not excludedTaintStepContent(c)
       )
       or

From d27ac6191ee2180159391fdcc1073b539e6c7ac9 Mon Sep 17 00:00:00 2001
From: Simon Friis Vindum <simonfv@gmail.com>
Date: Fri, 28 Nov 2025 12:40:00 +0100
Subject: [PATCH 12/12] Rust: Update expected files

---
 .../dataflow/global/inline-flow.expected      | 102 +++++++++---------
 .../library-tests/dataflow/global/main.rs     |   2 +-
 .../sources/database/InlineFlow.expected      |  88 ++++++++++-----
 .../dataflow/sources/database/test.rs         |  16 +--
 4 files changed, 120 insertions(+), 88 deletions(-)

diff --git a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected
index 26984a1d377f..f88c15bd5b3c 100644
--- a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected
@@ -5,7 +5,7 @@ edges
 | main.rs:13:5:13:13 | source(...) | main.rs:12:28:14:1 | { ... } | provenance |  |
 | main.rs:17:9:17:9 | a | main.rs:18:10:18:10 | a | provenance |  |
 | main.rs:17:13:17:23 | get_data(...) | main.rs:17:9:17:9 | a | provenance |  |
-| main.rs:26:28:26:33 | ...: i64 | main.rs:27:24:27:24 | n | provenance |  |
+| main.rs:26:28:26:33 | n: i64 | main.rs:27:24:27:24 | n | provenance |  |
 | main.rs:27:10:27:14 | [post] * ... [MyStruct] | main.rs:27:11:27:14 | [post] self [&ref, MyStruct] | provenance |  |
 | main.rs:27:11:27:14 | [post] self [&ref, MyStruct] | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | provenance |  |
 | main.rs:27:24:27:24 | n | main.rs:27:10:27:14 | [post] * ... [MyStruct] | provenance |  |
@@ -15,48 +15,48 @@ edges
 | main.rs:31:11:31:14 | self [&ref, MyStruct] | main.rs:31:10:31:14 | * ... [MyStruct] | provenance |  |
 | main.rs:38:6:38:11 | [post] &mut a [&ref, MyStruct] | main.rs:38:11:38:11 | [post] a [MyStruct] | provenance |  |
 | main.rs:38:11:38:11 | [post] a [MyStruct] | main.rs:39:10:39:10 | a [MyStruct] | provenance |  |
-| main.rs:38:23:38:31 | source(...) | main.rs:26:28:26:33 | ...: i64 | provenance |  |
+| main.rs:38:23:38:31 | source(...) | main.rs:26:28:26:33 | n: i64 | provenance |  |
 | main.rs:38:23:38:31 | source(...) | main.rs:38:6:38:11 | [post] &mut a [&ref, MyStruct] | provenance |  |
 | main.rs:39:10:39:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | provenance |  |
 | main.rs:39:10:39:10 | a [MyStruct] | main.rs:39:10:39:21 | a.get_data() | provenance |  |
 | main.rs:46:9:46:14 | [post] &mut a [&ref, MyStruct] | main.rs:46:14:46:14 | [post] a [MyStruct] | provenance |  |
 | main.rs:46:14:46:14 | [post] a [MyStruct] | main.rs:49:10:49:10 | a [MyStruct] | provenance |  |
-| main.rs:48:15:48:23 | source(...) | main.rs:26:28:26:33 | ...: i64 | provenance |  |
+| main.rs:48:15:48:23 | source(...) | main.rs:26:28:26:33 | n: i64 | provenance |  |
 | main.rs:48:15:48:23 | source(...) | main.rs:46:9:46:14 | [post] &mut a [&ref, MyStruct] | provenance |  |
 | main.rs:49:10:49:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | provenance |  |
 | main.rs:49:10:49:10 | a [MyStruct] | main.rs:49:10:49:21 | a.get_data() | provenance |  |
-| main.rs:52:12:52:17 | ...: i64 | main.rs:53:10:53:10 | n | provenance |  |
+| main.rs:52:12:52:17 | n: i64 | main.rs:53:10:53:10 | n | provenance |  |
 | main.rs:57:9:57:9 | a | main.rs:58:13:58:13 | a | provenance |  |
 | main.rs:57:13:57:21 | source(...) | main.rs:57:9:57:9 | a | provenance |  |
-| main.rs:58:13:58:13 | a | main.rs:52:12:52:17 | ...: i64 | provenance |  |
-| main.rs:61:17:61:22 | ...: i64 | main.rs:61:32:63:1 | { ... } | provenance |  |
+| main.rs:58:13:58:13 | a | main.rs:52:12:52:17 | n: i64 | provenance |  |
+| main.rs:61:17:61:22 | i: i64 | main.rs:61:32:63:1 | { ... } | provenance |  |
 | main.rs:66:9:66:9 | a | main.rs:67:26:67:26 | a | provenance |  |
 | main.rs:66:13:66:21 | source(...) | main.rs:66:9:66:9 | a | provenance |  |
 | main.rs:67:9:67:9 | b | main.rs:68:10:68:10 | b | provenance |  |
 | main.rs:67:13:67:27 | pass_through(...) | main.rs:67:9:67:9 | b | provenance |  |
-| main.rs:67:26:67:26 | a | main.rs:61:17:61:22 | ...: i64 | provenance |  |
+| main.rs:67:26:67:26 | a | main.rs:61:17:61:22 | i: i64 | provenance |  |
 | main.rs:67:26:67:26 | a | main.rs:67:13:67:27 | pass_through(...) | provenance |  |
 | main.rs:72:9:72:9 | a | main.rs:76:10:76:10 | a | provenance |  |
 | main.rs:72:13:75:6 | pass_through(...) | main.rs:72:9:72:9 | a | provenance |  |
-| main.rs:72:26:75:5 | { ... } | main.rs:61:17:61:22 | ...: i64 | provenance |  |
+| main.rs:72:26:75:5 | { ... } | main.rs:61:17:61:22 | i: i64 | provenance |  |
 | main.rs:72:26:75:5 | { ... } | main.rs:72:13:75:6 | pass_through(...) | provenance |  |
 | main.rs:74:9:74:18 | source(...) | main.rs:72:26:75:5 | { ... } | provenance |  |
 | main.rs:80:9:80:9 | a | main.rs:86:26:86:26 | a | provenance |  |
 | main.rs:80:13:80:22 | source(...) | main.rs:80:9:80:9 | a | provenance |  |
-| main.rs:82:21:82:26 | ...: i64 | main.rs:82:36:84:5 | { ... } | provenance |  |
+| main.rs:82:21:82:26 | i: i64 | main.rs:82:36:84:5 | { ... } | provenance |  |
 | main.rs:86:9:86:9 | b | main.rs:87:10:87:10 | b | provenance |  |
 | main.rs:86:13:86:27 | pass_through(...) | main.rs:86:9:86:9 | b | provenance |  |
-| main.rs:86:26:86:26 | a | main.rs:82:21:82:26 | ...: i64 | provenance |  |
+| main.rs:86:26:86:26 | a | main.rs:82:21:82:26 | i: i64 | provenance |  |
 | main.rs:86:26:86:26 | a | main.rs:86:13:86:27 | pass_through(...) | provenance |  |
-| main.rs:104:22:104:27 | ...: i64 | main.rs:105:14:105:14 | n | provenance |  |
+| main.rs:104:22:104:27 | n: i64 | main.rs:105:14:105:14 | n | provenance |  |
 | main.rs:108:30:110:5 | { ... } | main.rs:138:13:138:25 | mn.get_data() | provenance |  |
 | main.rs:109:35:109:43 | source(...) | main.rs:108:30:110:5 | { ... } | provenance |  |
-| main.rs:112:27:112:32 | ...: i64 | main.rs:112:42:114:5 | { ... } | provenance |  |
-| main.rs:118:28:118:33 | ...: i64 | main.rs:119:14:119:14 | n | provenance |  |
+| main.rs:112:27:112:32 | n: i64 | main.rs:112:42:114:5 | { ... } | provenance |  |
+| main.rs:118:28:118:33 | n: i64 | main.rs:119:14:119:14 | n | provenance |  |
 | main.rs:122:36:124:5 | { ... } | main.rs:132:13:132:30 | x.get_data_trait() | provenance |  |
 | main.rs:122:36:124:5 | { ... } | main.rs:142:13:142:31 | mn.get_data_trait() | provenance |  |
 | main.rs:123:35:123:44 | source(...) | main.rs:122:36:124:5 | { ... } | provenance |  |
-| main.rs:126:33:126:38 | ...: i64 | main.rs:126:48:128:5 | { ... } | provenance |  |
+| main.rs:126:33:126:38 | n: i64 | main.rs:126:48:128:5 | { ... } | provenance |  |
 | main.rs:132:9:132:9 | a | main.rs:133:10:133:10 | a | provenance |  |
 | main.rs:132:13:132:30 | x.get_data_trait() | main.rs:132:9:132:9 | a | provenance |  |
 | main.rs:138:9:138:9 | a | main.rs:139:10:139:10 | a | provenance |  |
@@ -65,46 +65,46 @@ edges
 | main.rs:142:13:142:31 | mn.get_data_trait() | main.rs:142:9:142:9 | a | provenance |  |
 | main.rs:149:9:149:9 | a | main.rs:150:21:150:21 | a | provenance |  |
 | main.rs:149:13:149:22 | source(...) | main.rs:149:9:149:9 | a | provenance |  |
-| main.rs:150:21:150:21 | a | main.rs:118:28:118:33 | ...: i64 | provenance |  |
+| main.rs:150:21:150:21 | a | main.rs:118:28:118:33 | n: i64 | provenance |  |
 | main.rs:155:9:155:9 | a | main.rs:156:16:156:16 | a | provenance |  |
 | main.rs:155:13:155:21 | source(...) | main.rs:155:9:155:9 | a | provenance |  |
-| main.rs:156:16:156:16 | a | main.rs:104:22:104:27 | ...: i64 | provenance |  |
+| main.rs:156:16:156:16 | a | main.rs:104:22:104:27 | n: i64 | provenance |  |
 | main.rs:159:9:159:9 | a | main.rs:160:22:160:22 | a | provenance |  |
 | main.rs:159:13:159:22 | source(...) | main.rs:159:9:159:9 | a | provenance |  |
-| main.rs:160:22:160:22 | a | main.rs:118:28:118:33 | ...: i64 | provenance |  |
+| main.rs:160:22:160:22 | a | main.rs:118:28:118:33 | n: i64 | provenance |  |
 | main.rs:166:9:166:9 | a | main.rs:167:34:167:34 | a | provenance |  |
 | main.rs:166:13:166:22 | source(...) | main.rs:166:9:166:9 | a | provenance |  |
 | main.rs:167:9:167:9 | b | main.rs:168:10:168:10 | b | provenance |  |
 | main.rs:167:13:167:35 | x.data_through_trait(...) | main.rs:167:9:167:9 | b | provenance |  |
-| main.rs:167:34:167:34 | a | main.rs:126:33:126:38 | ...: i64 | provenance |  |
+| main.rs:167:34:167:34 | a | main.rs:126:33:126:38 | n: i64 | provenance |  |
 | main.rs:167:34:167:34 | a | main.rs:167:13:167:35 | x.data_through_trait(...) | provenance |  |
 | main.rs:173:9:173:9 | a | main.rs:174:29:174:29 | a | provenance |  |
 | main.rs:173:13:173:21 | source(...) | main.rs:173:9:173:9 | a | provenance |  |
 | main.rs:174:9:174:9 | b | main.rs:175:10:175:10 | b | provenance |  |
 | main.rs:174:13:174:30 | mn.data_through(...) | main.rs:174:9:174:9 | b | provenance |  |
-| main.rs:174:29:174:29 | a | main.rs:112:27:112:32 | ...: i64 | provenance |  |
+| main.rs:174:29:174:29 | a | main.rs:112:27:112:32 | n: i64 | provenance |  |
 | main.rs:174:29:174:29 | a | main.rs:174:13:174:30 | mn.data_through(...) | provenance |  |
 | main.rs:178:9:178:9 | a | main.rs:179:35:179:35 | a | provenance |  |
 | main.rs:178:13:178:22 | source(...) | main.rs:178:9:178:9 | a | provenance |  |
 | main.rs:179:9:179:9 | b | main.rs:180:10:180:10 | b | provenance |  |
 | main.rs:179:13:179:36 | mn.data_through_trait(...) | main.rs:179:9:179:9 | b | provenance |  |
-| main.rs:179:35:179:35 | a | main.rs:126:33:126:38 | ...: i64 | provenance |  |
+| main.rs:179:35:179:35 | a | main.rs:126:33:126:38 | n: i64 | provenance |  |
 | main.rs:179:35:179:35 | a | main.rs:179:13:179:36 | mn.data_through_trait(...) | provenance |  |
 | main.rs:187:9:187:9 | a | main.rs:188:25:188:25 | a | provenance |  |
 | main.rs:187:13:187:21 | source(...) | main.rs:187:9:187:9 | a | provenance |  |
-| main.rs:188:25:188:25 | a | main.rs:104:22:104:27 | ...: i64 | provenance |  |
+| main.rs:188:25:188:25 | a | main.rs:104:22:104:27 | n: i64 | provenance |  |
 | main.rs:193:9:193:9 | a | main.rs:194:38:194:38 | a | provenance |  |
 | main.rs:193:13:193:22 | source(...) | main.rs:193:9:193:9 | a | provenance |  |
 | main.rs:194:9:194:9 | b | main.rs:195:10:195:10 | b | provenance |  |
 | main.rs:194:13:194:39 | ...::data_through(...) | main.rs:194:9:194:9 | b | provenance |  |
-| main.rs:194:38:194:38 | a | main.rs:112:27:112:32 | ...: i64 | provenance |  |
+| main.rs:194:38:194:38 | a | main.rs:112:27:112:32 | n: i64 | provenance |  |
 | main.rs:194:38:194:38 | a | main.rs:194:13:194:39 | ...::data_through(...) | provenance |  |
-| main.rs:206:12:206:17 | ...: i64 | main.rs:207:24:207:24 | n | provenance |  |
+| main.rs:206:12:206:17 | n: i64 | main.rs:207:24:207:24 | n | provenance |  |
 | main.rs:207:9:207:26 | MyInt {...} [MyInt] | main.rs:206:28:208:5 | { ... } [MyInt] | provenance |  |
 | main.rs:207:24:207:24 | n | main.rs:207:9:207:26 | MyInt {...} [MyInt] | provenance |  |
 | main.rs:212:9:212:9 | n [MyInt] | main.rs:213:9:213:26 | MyInt {...} [MyInt] | provenance |  |
 | main.rs:212:13:212:34 | ...::new(...) [MyInt] | main.rs:212:9:212:9 | n [MyInt] | provenance |  |
-| main.rs:212:24:212:33 | source(...) | main.rs:206:12:206:17 | ...: i64 | provenance |  |
+| main.rs:212:24:212:33 | source(...) | main.rs:206:12:206:17 | n: i64 | provenance |  |
 | main.rs:212:24:212:33 | source(...) | main.rs:212:13:212:34 | ...::new(...) [MyInt] | provenance |  |
 | main.rs:213:9:213:26 | MyInt {...} [MyInt] | main.rs:213:24:213:24 | m | provenance |  |
 | main.rs:213:24:213:24 | m | main.rs:214:10:214:10 | m | provenance |  |
@@ -112,7 +112,7 @@ edges
 | main.rs:222:9:222:35 | MyInt {...} [MyInt] | main.rs:220:42:223:5 | { ... } [MyInt] | provenance |  |
 | main.rs:222:24:222:27 | self [MyInt] | main.rs:222:24:222:33 | self.value | provenance |  |
 | main.rs:222:24:222:33 | self.value | main.rs:222:9:222:35 | MyInt {...} [MyInt] | provenance |  |
-| main.rs:227:30:227:39 | ...: MyInt [MyInt] | main.rs:228:25:228:27 | rhs [MyInt] | provenance |  |
+| main.rs:227:30:227:39 | rhs: MyInt [MyInt] | main.rs:228:25:228:27 | rhs [MyInt] | provenance |  |
 | main.rs:228:10:228:14 | [post] * ... [MyInt] | main.rs:228:11:228:14 | [post] self [&ref, MyInt] | provenance |  |
 | main.rs:228:11:228:14 | [post] self [&ref, MyInt] | main.rs:227:19:227:27 | SelfParam [Return] [&ref, MyInt] | provenance |  |
 | main.rs:228:25:228:27 | rhs [MyInt] | main.rs:228:25:228:33 | rhs.value | provenance |  |
@@ -142,7 +142,7 @@ edges
 | main.rs:259:28:259:37 | source(...) | main.rs:259:13:259:39 | MyInt {...} [MyInt] | provenance |  |
 | main.rs:261:27:261:32 | [post] &mut a [&ref, MyInt] | main.rs:261:32:261:32 | [post] a [MyInt] | provenance |  |
 | main.rs:261:32:261:32 | [post] a [MyInt] | main.rs:262:10:262:10 | a [MyInt] | provenance |  |
-| main.rs:261:35:261:35 | b [MyInt] | main.rs:227:30:227:39 | ...: MyInt [MyInt] | provenance |  |
+| main.rs:261:35:261:35 | b [MyInt] | main.rs:227:30:227:39 | rhs: MyInt [MyInt] | provenance |  |
 | main.rs:261:35:261:35 | b [MyInt] | main.rs:261:27:261:32 | [post] &mut a [&ref, MyInt] | provenance |  |
 | main.rs:262:10:262:10 | a [MyInt] | main.rs:262:10:262:16 | a.value | provenance |  |
 | main.rs:270:9:270:9 | a [MyInt] | main.rs:272:28:272:28 | a [MyInt] | provenance |  |
@@ -155,7 +155,7 @@ edges
 | main.rs:272:27:272:28 | &a [&ref, MyInt] | main.rs:272:14:272:29 | ...::deref(...) [&ref] | provenance |  |
 | main.rs:272:28:272:28 | a [MyInt] | main.rs:272:27:272:28 | &a [&ref, MyInt] | provenance |  |
 | main.rs:289:18:289:21 | SelfParam [MyInt] | main.rs:289:48:291:5 | { ... } [MyInt] | provenance |  |
-| main.rs:293:26:293:37 | ...: MyInt [MyInt] | main.rs:293:49:295:5 | { ... } [MyInt] | provenance |  |
+| main.rs:293:26:293:37 | other: MyInt [MyInt] | main.rs:293:49:295:5 | { ... } [MyInt] | provenance |  |
 | main.rs:299:9:299:9 | a [MyInt] | main.rs:301:50:301:50 | a [MyInt] | provenance |  |
 | main.rs:299:13:299:38 | MyInt {...} [MyInt] | main.rs:299:9:299:9 | a [MyInt] | provenance |  |
 | main.rs:299:28:299:36 | source(...) | main.rs:299:13:299:38 | MyInt {...} [MyInt] | provenance |  |
@@ -170,7 +170,7 @@ edges
 | main.rs:306:9:306:26 | MyInt {...} [MyInt] | main.rs:306:24:306:24 | c | provenance |  |
 | main.rs:306:24:306:24 | c | main.rs:307:10:307:10 | c | provenance |  |
 | main.rs:306:30:306:56 | ...::take_second(...) [MyInt] | main.rs:306:9:306:26 | MyInt {...} [MyInt] | provenance |  |
-| main.rs:306:55:306:55 | b [MyInt] | main.rs:293:26:293:37 | ...: MyInt [MyInt] | provenance |  |
+| main.rs:306:55:306:55 | b [MyInt] | main.rs:293:26:293:37 | other: MyInt [MyInt] | provenance |  |
 | main.rs:306:55:306:55 | b [MyInt] | main.rs:306:30:306:56 | ...::take_second(...) [MyInt] | provenance |  |
 | main.rs:315:32:319:1 | { ... } | main.rs:334:41:334:54 | async_source(...) | provenance |  |
 | main.rs:316:9:316:9 | a | main.rs:315:32:319:1 | { ... } | provenance |  |
@@ -188,7 +188,7 @@ nodes
 | main.rs:17:13:17:23 | get_data(...) | semmle.label | get_data(...) |
 | main.rs:18:10:18:10 | a | semmle.label | a |
 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | semmle.label | SelfParam [Return] [&ref, MyStruct] |
-| main.rs:26:28:26:33 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:26:28:26:33 | n: i64 | semmle.label | n: i64 |
 | main.rs:27:10:27:14 | [post] * ... [MyStruct] | semmle.label | [post] * ... [MyStruct] |
 | main.rs:27:11:27:14 | [post] self [&ref, MyStruct] | semmle.label | [post] self [&ref, MyStruct] |
 | main.rs:27:24:27:24 | n | semmle.label | n |
@@ -207,12 +207,12 @@ nodes
 | main.rs:48:15:48:23 | source(...) | semmle.label | source(...) |
 | main.rs:49:10:49:10 | a [MyStruct] | semmle.label | a [MyStruct] |
 | main.rs:49:10:49:21 | a.get_data() | semmle.label | a.get_data() |
-| main.rs:52:12:52:17 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:52:12:52:17 | n: i64 | semmle.label | n: i64 |
 | main.rs:53:10:53:10 | n | semmle.label | n |
 | main.rs:57:9:57:9 | a | semmle.label | a |
 | main.rs:57:13:57:21 | source(...) | semmle.label | source(...) |
 | main.rs:58:13:58:13 | a | semmle.label | a |
-| main.rs:61:17:61:22 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:61:17:61:22 | i: i64 | semmle.label | i: i64 |
 | main.rs:61:32:63:1 | { ... } | semmle.label | { ... } |
 | main.rs:66:9:66:9 | a | semmle.label | a |
 | main.rs:66:13:66:21 | source(...) | semmle.label | source(...) |
@@ -227,23 +227,23 @@ nodes
 | main.rs:76:10:76:10 | a | semmle.label | a |
 | main.rs:80:9:80:9 | a | semmle.label | a |
 | main.rs:80:13:80:22 | source(...) | semmle.label | source(...) |
-| main.rs:82:21:82:26 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:82:21:82:26 | i: i64 | semmle.label | i: i64 |
 | main.rs:82:36:84:5 | { ... } | semmle.label | { ... } |
 | main.rs:86:9:86:9 | b | semmle.label | b |
 | main.rs:86:13:86:27 | pass_through(...) | semmle.label | pass_through(...) |
 | main.rs:86:26:86:26 | a | semmle.label | a |
 | main.rs:87:10:87:10 | b | semmle.label | b |
-| main.rs:104:22:104:27 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:104:22:104:27 | n: i64 | semmle.label | n: i64 |
 | main.rs:105:14:105:14 | n | semmle.label | n |
 | main.rs:108:30:110:5 | { ... } | semmle.label | { ... } |
 | main.rs:109:35:109:43 | source(...) | semmle.label | source(...) |
-| main.rs:112:27:112:32 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:112:27:112:32 | n: i64 | semmle.label | n: i64 |
 | main.rs:112:42:114:5 | { ... } | semmle.label | { ... } |
-| main.rs:118:28:118:33 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:118:28:118:33 | n: i64 | semmle.label | n: i64 |
 | main.rs:119:14:119:14 | n | semmle.label | n |
 | main.rs:122:36:124:5 | { ... } | semmle.label | { ... } |
 | main.rs:123:35:123:44 | source(...) | semmle.label | source(...) |
-| main.rs:126:33:126:38 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:126:33:126:38 | n: i64 | semmle.label | n: i64 |
 | main.rs:126:48:128:5 | { ... } | semmle.label | { ... } |
 | main.rs:132:9:132:9 | a | semmle.label | a |
 | main.rs:132:13:132:30 | x.get_data_trait() | semmle.label | x.get_data_trait() |
@@ -290,7 +290,7 @@ nodes
 | main.rs:194:13:194:39 | ...::data_through(...) | semmle.label | ...::data_through(...) |
 | main.rs:194:38:194:38 | a | semmle.label | a |
 | main.rs:195:10:195:10 | b | semmle.label | b |
-| main.rs:206:12:206:17 | ...: i64 | semmle.label | ...: i64 |
+| main.rs:206:12:206:17 | n: i64 | semmle.label | n: i64 |
 | main.rs:206:28:208:5 | { ... } [MyInt] | semmle.label | { ... } [MyInt] |
 | main.rs:207:9:207:26 | MyInt {...} [MyInt] | semmle.label | MyInt {...} [MyInt] |
 | main.rs:207:24:207:24 | n | semmle.label | n |
@@ -306,7 +306,7 @@ nodes
 | main.rs:222:24:222:27 | self [MyInt] | semmle.label | self [MyInt] |
 | main.rs:222:24:222:33 | self.value | semmle.label | self.value |
 | main.rs:227:19:227:27 | SelfParam [Return] [&ref, MyInt] | semmle.label | SelfParam [Return] [&ref, MyInt] |
-| main.rs:227:30:227:39 | ...: MyInt [MyInt] | semmle.label | ...: MyInt [MyInt] |
+| main.rs:227:30:227:39 | rhs: MyInt [MyInt] | semmle.label | rhs: MyInt [MyInt] |
 | main.rs:228:10:228:14 | [post] * ... [MyInt] | semmle.label | [post] * ... [MyInt] |
 | main.rs:228:11:228:14 | [post] self [&ref, MyInt] | semmle.label | [post] self [&ref, MyInt] |
 | main.rs:228:25:228:27 | rhs [MyInt] | semmle.label | rhs [MyInt] |
@@ -351,7 +351,7 @@ nodes
 | main.rs:273:10:273:10 | c | semmle.label | c |
 | main.rs:289:18:289:21 | SelfParam [MyInt] | semmle.label | SelfParam [MyInt] |
 | main.rs:289:48:291:5 | { ... } [MyInt] | semmle.label | { ... } [MyInt] |
-| main.rs:293:26:293:37 | ...: MyInt [MyInt] | semmle.label | ...: MyInt [MyInt] |
+| main.rs:293:26:293:37 | other: MyInt [MyInt] | semmle.label | other: MyInt [MyInt] |
 | main.rs:293:49:295:5 | { ... } [MyInt] | semmle.label | { ... } [MyInt] |
 | main.rs:299:9:299:9 | a [MyInt] | semmle.label | a [MyInt] |
 | main.rs:299:13:299:38 | MyInt {...} [MyInt] | semmle.label | MyInt {...} [MyInt] |
@@ -381,24 +381,24 @@ nodes
 | main.rs:334:41:334:54 | async_source(...) | semmle.label | async_source(...) |
 | main.rs:335:10:335:10 | a | semmle.label | a |
 subpaths
-| main.rs:38:23:38:31 | source(...) | main.rs:26:28:26:33 | ...: i64 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | main.rs:38:6:38:11 | [post] &mut a [&ref, MyStruct] |
+| main.rs:38:23:38:31 | source(...) | main.rs:26:28:26:33 | n: i64 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | main.rs:38:6:38:11 | [post] &mut a [&ref, MyStruct] |
 | main.rs:39:10:39:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:39:10:39:21 | a.get_data() |
-| main.rs:48:15:48:23 | source(...) | main.rs:26:28:26:33 | ...: i64 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | main.rs:46:9:46:14 | [post] &mut a [&ref, MyStruct] |
+| main.rs:48:15:48:23 | source(...) | main.rs:26:28:26:33 | n: i64 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | main.rs:46:9:46:14 | [post] &mut a [&ref, MyStruct] |
 | main.rs:49:10:49:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:49:10:49:21 | a.get_data() |
-| main.rs:67:26:67:26 | a | main.rs:61:17:61:22 | ...: i64 | main.rs:61:32:63:1 | { ... } | main.rs:67:13:67:27 | pass_through(...) |
-| main.rs:72:26:75:5 | { ... } | main.rs:61:17:61:22 | ...: i64 | main.rs:61:32:63:1 | { ... } | main.rs:72:13:75:6 | pass_through(...) |
-| main.rs:86:26:86:26 | a | main.rs:82:21:82:26 | ...: i64 | main.rs:82:36:84:5 | { ... } | main.rs:86:13:86:27 | pass_through(...) |
-| main.rs:167:34:167:34 | a | main.rs:126:33:126:38 | ...: i64 | main.rs:126:48:128:5 | { ... } | main.rs:167:13:167:35 | x.data_through_trait(...) |
-| main.rs:174:29:174:29 | a | main.rs:112:27:112:32 | ...: i64 | main.rs:112:42:114:5 | { ... } | main.rs:174:13:174:30 | mn.data_through(...) |
-| main.rs:179:35:179:35 | a | main.rs:126:33:126:38 | ...: i64 | main.rs:126:48:128:5 | { ... } | main.rs:179:13:179:36 | mn.data_through_trait(...) |
-| main.rs:194:38:194:38 | a | main.rs:112:27:112:32 | ...: i64 | main.rs:112:42:114:5 | { ... } | main.rs:194:13:194:39 | ...::data_through(...) |
-| main.rs:212:24:212:33 | source(...) | main.rs:206:12:206:17 | ...: i64 | main.rs:206:28:208:5 | { ... } [MyInt] | main.rs:212:13:212:34 | ...::new(...) [MyInt] |
+| main.rs:67:26:67:26 | a | main.rs:61:17:61:22 | i: i64 | main.rs:61:32:63:1 | { ... } | main.rs:67:13:67:27 | pass_through(...) |
+| main.rs:72:26:75:5 | { ... } | main.rs:61:17:61:22 | i: i64 | main.rs:61:32:63:1 | { ... } | main.rs:72:13:75:6 | pass_through(...) |
+| main.rs:86:26:86:26 | a | main.rs:82:21:82:26 | i: i64 | main.rs:82:36:84:5 | { ... } | main.rs:86:13:86:27 | pass_through(...) |
+| main.rs:167:34:167:34 | a | main.rs:126:33:126:38 | n: i64 | main.rs:126:48:128:5 | { ... } | main.rs:167:13:167:35 | x.data_through_trait(...) |
+| main.rs:174:29:174:29 | a | main.rs:112:27:112:32 | n: i64 | main.rs:112:42:114:5 | { ... } | main.rs:174:13:174:30 | mn.data_through(...) |
+| main.rs:179:35:179:35 | a | main.rs:126:33:126:38 | n: i64 | main.rs:126:48:128:5 | { ... } | main.rs:179:13:179:36 | mn.data_through_trait(...) |
+| main.rs:194:38:194:38 | a | main.rs:112:27:112:32 | n: i64 | main.rs:112:42:114:5 | { ... } | main.rs:194:13:194:39 | ...::data_through(...) |
+| main.rs:212:24:212:33 | source(...) | main.rs:206:12:206:17 | n: i64 | main.rs:206:28:208:5 | { ... } [MyInt] | main.rs:212:13:212:34 | ...::new(...) [MyInt] |
 | main.rs:244:13:244:13 | a [MyInt] | main.rs:220:12:220:15 | SelfParam [MyInt] | main.rs:220:42:223:5 | { ... } [MyInt] | main.rs:244:13:244:17 | ... + ... [MyInt] |
 | main.rs:252:9:252:9 | a [MyInt] | main.rs:220:12:220:15 | SelfParam [MyInt] | main.rs:220:42:223:5 | { ... } [MyInt] | main.rs:254:13:254:20 | a.add(...) [MyInt] |
-| main.rs:261:35:261:35 | b [MyInt] | main.rs:227:30:227:39 | ...: MyInt [MyInt] | main.rs:227:19:227:27 | SelfParam [Return] [&ref, MyInt] | main.rs:261:27:261:32 | [post] &mut a [&ref, MyInt] |
+| main.rs:261:35:261:35 | b [MyInt] | main.rs:227:30:227:39 | rhs: MyInt [MyInt] | main.rs:227:19:227:27 | SelfParam [Return] [&ref, MyInt] | main.rs:261:27:261:32 | [post] &mut a [&ref, MyInt] |
 | main.rs:272:27:272:28 | &a [&ref, MyInt] | main.rs:235:14:235:18 | SelfParam [&ref, MyInt] | main.rs:235:38:237:5 | { ... } [&ref] | main.rs:272:14:272:29 | ...::deref(...) [&ref] |
 | main.rs:301:50:301:50 | a [MyInt] | main.rs:289:18:289:21 | SelfParam [MyInt] | main.rs:289:48:291:5 | { ... } [MyInt] | main.rs:301:30:301:54 | ...::take_self(...) [MyInt] |
-| main.rs:306:55:306:55 | b [MyInt] | main.rs:293:26:293:37 | ...: MyInt [MyInt] | main.rs:293:49:295:5 | { ... } [MyInt] | main.rs:306:30:306:56 | ...::take_second(...) [MyInt] |
+| main.rs:306:55:306:55 | b [MyInt] | main.rs:293:26:293:37 | other: MyInt [MyInt] | main.rs:293:49:295:5 | { ... } [MyInt] | main.rs:306:30:306:56 | ...::take_second(...) [MyInt] |
 testFailures
 #select
 | main.rs:18:10:18:10 | a | main.rs:13:5:13:13 | source(...) | main.rs:18:10:18:10 | a | $@ | main.rs:13:5:13:13 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/global/main.rs b/rust/ql/test/library-tests/dataflow/global/main.rs
index e378f16b4dea..93b59b933d02 100644
--- a/rust/ql/test/library-tests/dataflow/global/main.rs
+++ b/rust/ql/test/library-tests/dataflow/global/main.rs
@@ -320,7 +320,7 @@ async fn async_source() -> i64 {
 
 async fn test_async_await_async_part() {
     let a = async_source().await;
-    sink(a); // $ MISSING: hasValueFlow=1
+    sink(a); // $ hasTaintFlow=1 MISSING: hasValueFlow=1
 
     let b = async {
         let c = source(2);
diff --git a/rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected
index 1264446cb817..6808cf279ef1 100644
--- a/rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected
+++ b/rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected
@@ -48,25 +48,31 @@ edges
 | test.rs:41:42:41:44 | get | test.rs:41:14:41:61 | ... .get(...) [Some] | provenance | Src:MaD:7  |
 | test.rs:42:13:42:15 | row | test.rs:44:22:44:22 | v | provenance |  |
 | test.rs:42:20:42:21 | t1 [element] | test.rs:42:13:42:15 | row | provenance |  |
-| test.rs:48:22:48:30 | query_map | test.rs:50:14:50:24 | ...: i64 | provenance | Src:MaD:3  |
-| test.rs:50:14:50:24 | ...: i64 | test.rs:51:22:51:27 | values | provenance |  |
-| test.rs:55:22:55:30 | query_map | test.rs:57:14:57:39 | ...: ... | provenance | Src:MaD:3  |
-| test.rs:57:14:57:39 | ...: ... | test.rs:59:22:59:29 | values.1 | provenance |  |
+| test.rs:48:22:48:30 | query_map | test.rs:50:14:50:24 | values: i64 | provenance | Src:MaD:3  |
+| test.rs:50:14:50:24 | values: i64 | test.rs:51:22:51:27 | values | provenance |  |
+| test.rs:55:22:55:30 | query_map | test.rs:57:14:57:39 | values: ... | provenance | Src:MaD:3  |
+| test.rs:57:14:57:39 | values: ... | test.rs:58:22:58:29 | values.0 | provenance |  |
+| test.rs:57:14:57:39 | values: ... | test.rs:59:22:59:29 | values.1 | provenance |  |
+| test.rs:57:14:57:39 | values: ... | test.rs:60:22:60:29 | values.2 | provenance |  |
 | test.rs:64:13:64:17 | total | test.rs:68:14:68:18 | total | provenance |  |
 | test.rs:64:21:67:10 | conn.query_fold(...) [Ok] | test.rs:64:21:67:11 | TryExpr | provenance |  |
 | test.rs:64:21:67:11 | TryExpr | test.rs:64:13:64:17 | total | provenance |  |
-| test.rs:64:26:64:35 | query_fold | test.rs:64:76:64:83 | ...: i64 | provenance | Src:MaD:2  |
-| test.rs:64:76:64:83 | ...: i64 | test.rs:64:86:67:9 | { ... } | provenance |  |
-| test.rs:64:76:64:83 | ...: i64 | test.rs:65:18:65:20 | row | provenance |  |
-| test.rs:64:76:64:83 | ...: i64 | test.rs:66:19:66:21 | row | provenance |  |
+| test.rs:64:26:64:35 | query_fold | test.rs:64:76:64:83 | row: i64 | provenance | Src:MaD:2  |
+| test.rs:64:76:64:83 | row: i64 | test.rs:64:86:67:9 | { ... } | provenance |  |
+| test.rs:64:76:64:83 | row: i64 | test.rs:65:18:65:20 | row | provenance |  |
+| test.rs:64:76:64:83 | row: i64 | test.rs:66:19:66:21 | row | provenance |  |
 | test.rs:64:86:67:9 | { ... } | test.rs:64:21:67:10 | conn.query_fold(...) [Ok] | provenance | MaD:13 |
 | test.rs:66:13:66:21 | ... + ... | test.rs:64:86:67:9 | { ... } | provenance |  |
 | test.rs:66:19:66:21 | row | test.rs:66:13:66:21 | ... + ... | provenance | MaD:11 |
 | test.rs:66:19:66:21 | row | test.rs:66:13:66:21 | ... + ... | provenance | MaD:12 |
 | test.rs:66:19:66:21 | row | test.rs:66:13:66:21 | ... + ... | provenance | MaD:15 |
-| test.rs:70:22:70:31 | query_fold | test.rs:70:83:70:105 | ...: ... | provenance | Src:MaD:2  |
-| test.rs:70:83:70:105 | ...: ... | test.rs:72:17:72:20 | name | provenance |  |
+| test.rs:70:22:70:31 | query_fold | test.rs:70:83:70:105 | row: ... | provenance | Src:MaD:2  |
+| test.rs:70:83:70:105 | row: ... | test.rs:71:17:71:18 | id | provenance |  |
+| test.rs:70:83:70:105 | row: ... | test.rs:72:17:72:20 | name | provenance |  |
+| test.rs:70:83:70:105 | row: ... | test.rs:73:17:73:19 | age | provenance |  |
+| test.rs:71:17:71:18 | id | test.rs:74:18:74:19 | id | provenance |  |
 | test.rs:72:17:72:20 | name | test.rs:75:18:75:21 | name | provenance |  |
+| test.rs:73:17:73:19 | age | test.rs:76:18:76:20 | age | provenance |  |
 | test.rs:105:13:105:14 | v1 | test.rs:106:14:106:15 | v1 | provenance |  |
 | test.rs:105:24:105:33 | row.get(...) [Some] | test.rs:105:24:105:42 | ... .unwrap() | provenance | MaD:16 |
 | test.rs:105:24:105:42 | ... .unwrap() | test.rs:105:13:105:14 | v1 | provenance |  |
@@ -85,26 +91,32 @@ edges
 | test.rs:114:24:114:47 | ... .unwrap() [Ok] | test.rs:114:24:114:56 | ... .unwrap() | provenance | MaD:17 |
 | test.rs:114:24:114:56 | ... .unwrap() | test.rs:114:13:114:14 | v4 | provenance |  |
 | test.rs:114:28:114:35 | take_opt | test.rs:114:24:114:38 | row.take_opt(...) [Some, Ok] | provenance | Src:MaD:10  |
-| test.rs:135:22:135:30 | query_map | test.rs:137:14:137:24 | ...: i64 | provenance | Src:MaD:5  |
-| test.rs:137:14:137:24 | ...: i64 | test.rs:138:22:138:27 | values | provenance |  |
-| test.rs:142:22:142:30 | query_map | test.rs:144:14:144:39 | ...: ... | provenance | Src:MaD:5  |
-| test.rs:144:14:144:39 | ...: ... | test.rs:146:22:146:29 | values.1 | provenance |  |
+| test.rs:135:22:135:30 | query_map | test.rs:137:14:137:24 | values: i64 | provenance | Src:MaD:5  |
+| test.rs:137:14:137:24 | values: i64 | test.rs:138:22:138:27 | values | provenance |  |
+| test.rs:142:22:142:30 | query_map | test.rs:144:14:144:39 | values: ... | provenance | Src:MaD:5  |
+| test.rs:144:14:144:39 | values: ... | test.rs:145:22:145:29 | values.0 | provenance |  |
+| test.rs:144:14:144:39 | values: ... | test.rs:146:22:146:29 | values.1 | provenance |  |
+| test.rs:144:14:144:39 | values: ... | test.rs:147:22:147:29 | values.2 | provenance |  |
 | test.rs:151:13:151:17 | total | test.rs:155:14:155:18 | total | provenance |  |
 | test.rs:151:21:154:10 | conn.query_fold(...) [future, Ok] | test.rs:151:21:154:16 | await ... [Ok] | provenance |  |
 | test.rs:151:21:154:16 | await ... [Ok] | test.rs:151:21:154:17 | TryExpr | provenance |  |
 | test.rs:151:21:154:17 | TryExpr | test.rs:151:13:151:17 | total | provenance |  |
-| test.rs:151:26:151:35 | query_fold | test.rs:151:76:151:83 | ...: i64 | provenance | Src:MaD:4  |
-| test.rs:151:76:151:83 | ...: i64 | test.rs:151:86:154:9 | { ... } | provenance |  |
-| test.rs:151:76:151:83 | ...: i64 | test.rs:152:18:152:20 | row | provenance |  |
-| test.rs:151:76:151:83 | ...: i64 | test.rs:153:19:153:21 | row | provenance |  |
+| test.rs:151:26:151:35 | query_fold | test.rs:151:76:151:83 | row: i64 | provenance | Src:MaD:4  |
+| test.rs:151:76:151:83 | row: i64 | test.rs:151:86:154:9 | { ... } | provenance |  |
+| test.rs:151:76:151:83 | row: i64 | test.rs:152:18:152:20 | row | provenance |  |
+| test.rs:151:76:151:83 | row: i64 | test.rs:153:19:153:21 | row | provenance |  |
 | test.rs:151:86:154:9 | { ... } | test.rs:151:21:154:10 | conn.query_fold(...) [future, Ok] | provenance | MaD:14 |
 | test.rs:153:13:153:21 | ... + ... | test.rs:151:86:154:9 | { ... } | provenance |  |
 | test.rs:153:19:153:21 | row | test.rs:153:13:153:21 | ... + ... | provenance | MaD:11 |
 | test.rs:153:19:153:21 | row | test.rs:153:13:153:21 | ... + ... | provenance | MaD:12 |
 | test.rs:153:19:153:21 | row | test.rs:153:13:153:21 | ... + ... | provenance | MaD:15 |
-| test.rs:157:22:157:31 | query_fold | test.rs:157:83:157:105 | ...: ... | provenance | Src:MaD:4  |
-| test.rs:157:83:157:105 | ...: ... | test.rs:159:17:159:20 | name | provenance |  |
+| test.rs:157:22:157:31 | query_fold | test.rs:157:83:157:105 | row: ... | provenance | Src:MaD:4  |
+| test.rs:157:83:157:105 | row: ... | test.rs:158:17:158:18 | id | provenance |  |
+| test.rs:157:83:157:105 | row: ... | test.rs:159:17:159:20 | name | provenance |  |
+| test.rs:157:83:157:105 | row: ... | test.rs:160:17:160:19 | age | provenance |  |
+| test.rs:158:17:158:18 | id | test.rs:161:18:161:19 | id | provenance |  |
 | test.rs:159:17:159:20 | name | test.rs:162:18:162:21 | name | provenance |  |
+| test.rs:160:17:160:19 | age | test.rs:163:18:163:20 | age | provenance |  |
 nodes
 | test.rs:18:13:18:14 | v1 | semmle.label | v1 |
 | test.rs:18:24:18:33 | row.get(...) [Some] | semmle.label | row.get(...) [Some] |
@@ -145,25 +157,31 @@ nodes
 | test.rs:42:20:42:21 | t1 [element] | semmle.label | t1 [element] |
 | test.rs:44:22:44:22 | v | semmle.label | v |
 | test.rs:48:22:48:30 | query_map | semmle.label | query_map |
-| test.rs:50:14:50:24 | ...: i64 | semmle.label | ...: i64 |
+| test.rs:50:14:50:24 | values: i64 | semmle.label | values: i64 |
 | test.rs:51:22:51:27 | values | semmle.label | values |
 | test.rs:55:22:55:30 | query_map | semmle.label | query_map |
-| test.rs:57:14:57:39 | ...: ... | semmle.label | ...: ... |
+| test.rs:57:14:57:39 | values: ... | semmle.label | values: ... |
+| test.rs:58:22:58:29 | values.0 | semmle.label | values.0 |
 | test.rs:59:22:59:29 | values.1 | semmle.label | values.1 |
+| test.rs:60:22:60:29 | values.2 | semmle.label | values.2 |
 | test.rs:64:13:64:17 | total | semmle.label | total |
 | test.rs:64:21:67:10 | conn.query_fold(...) [Ok] | semmle.label | conn.query_fold(...) [Ok] |
 | test.rs:64:21:67:11 | TryExpr | semmle.label | TryExpr |
 | test.rs:64:26:64:35 | query_fold | semmle.label | query_fold |
-| test.rs:64:76:64:83 | ...: i64 | semmle.label | ...: i64 |
+| test.rs:64:76:64:83 | row: i64 | semmle.label | row: i64 |
 | test.rs:64:86:67:9 | { ... } | semmle.label | { ... } |
 | test.rs:65:18:65:20 | row | semmle.label | row |
 | test.rs:66:13:66:21 | ... + ... | semmle.label | ... + ... |
 | test.rs:66:19:66:21 | row | semmle.label | row |
 | test.rs:68:14:68:18 | total | semmle.label | total |
 | test.rs:70:22:70:31 | query_fold | semmle.label | query_fold |
-| test.rs:70:83:70:105 | ...: ... | semmle.label | ...: ... |
+| test.rs:70:83:70:105 | row: ... | semmle.label | row: ... |
+| test.rs:71:17:71:18 | id | semmle.label | id |
 | test.rs:72:17:72:20 | name | semmle.label | name |
+| test.rs:73:17:73:19 | age | semmle.label | age |
+| test.rs:74:18:74:19 | id | semmle.label | id |
 | test.rs:75:18:75:21 | name | semmle.label | name |
+| test.rs:76:18:76:20 | age | semmle.label | age |
 | test.rs:105:13:105:14 | v1 | semmle.label | v1 |
 | test.rs:105:24:105:33 | row.get(...) [Some] | semmle.label | row.get(...) [Some] |
 | test.rs:105:24:105:42 | ... .unwrap() | semmle.label | ... .unwrap() |
@@ -187,26 +205,32 @@ nodes
 | test.rs:114:28:114:35 | take_opt | semmle.label | take_opt |
 | test.rs:115:14:115:15 | v4 | semmle.label | v4 |
 | test.rs:135:22:135:30 | query_map | semmle.label | query_map |
-| test.rs:137:14:137:24 | ...: i64 | semmle.label | ...: i64 |
+| test.rs:137:14:137:24 | values: i64 | semmle.label | values: i64 |
 | test.rs:138:22:138:27 | values | semmle.label | values |
 | test.rs:142:22:142:30 | query_map | semmle.label | query_map |
-| test.rs:144:14:144:39 | ...: ... | semmle.label | ...: ... |
+| test.rs:144:14:144:39 | values: ... | semmle.label | values: ... |
+| test.rs:145:22:145:29 | values.0 | semmle.label | values.0 |
 | test.rs:146:22:146:29 | values.1 | semmle.label | values.1 |
+| test.rs:147:22:147:29 | values.2 | semmle.label | values.2 |
 | test.rs:151:13:151:17 | total | semmle.label | total |
 | test.rs:151:21:154:10 | conn.query_fold(...) [future, Ok] | semmle.label | conn.query_fold(...) [future, Ok] |
 | test.rs:151:21:154:16 | await ... [Ok] | semmle.label | await ... [Ok] |
 | test.rs:151:21:154:17 | TryExpr | semmle.label | TryExpr |
 | test.rs:151:26:151:35 | query_fold | semmle.label | query_fold |
-| test.rs:151:76:151:83 | ...: i64 | semmle.label | ...: i64 |
+| test.rs:151:76:151:83 | row: i64 | semmle.label | row: i64 |
 | test.rs:151:86:154:9 | { ... } | semmle.label | { ... } |
 | test.rs:152:18:152:20 | row | semmle.label | row |
 | test.rs:153:13:153:21 | ... + ... | semmle.label | ... + ... |
 | test.rs:153:19:153:21 | row | semmle.label | row |
 | test.rs:155:14:155:18 | total | semmle.label | total |
 | test.rs:157:22:157:31 | query_fold | semmle.label | query_fold |
-| test.rs:157:83:157:105 | ...: ... | semmle.label | ...: ... |
+| test.rs:157:83:157:105 | row: ... | semmle.label | row: ... |
+| test.rs:158:17:158:18 | id | semmle.label | id |
 | test.rs:159:17:159:20 | name | semmle.label | name |
+| test.rs:160:17:160:19 | age | semmle.label | age |
+| test.rs:161:18:161:19 | id | semmle.label | id |
 | test.rs:162:18:162:21 | name | semmle.label | name |
+| test.rs:163:18:163:20 | age | semmle.label | age |
 subpaths
 testFailures
 #select
@@ -218,16 +242,24 @@ testFailures
 | test.rs:41:14:41:70 | ... .unwrap() | test.rs:41:42:41:44 | get | test.rs:41:14:41:70 | ... .unwrap() | $@ | test.rs:41:42:41:44 | get | get |
 | test.rs:44:22:44:22 | v | test.rs:40:27:40:35 | exec_iter | test.rs:44:22:44:22 | v | $@ | test.rs:40:27:40:35 | exec_iter | exec_iter |
 | test.rs:51:22:51:27 | values | test.rs:48:22:48:30 | query_map | test.rs:51:22:51:27 | values | $@ | test.rs:48:22:48:30 | query_map | query_map |
+| test.rs:58:22:58:29 | values.0 | test.rs:55:22:55:30 | query_map | test.rs:58:22:58:29 | values.0 | $@ | test.rs:55:22:55:30 | query_map | query_map |
 | test.rs:59:22:59:29 | values.1 | test.rs:55:22:55:30 | query_map | test.rs:59:22:59:29 | values.1 | $@ | test.rs:55:22:55:30 | query_map | query_map |
+| test.rs:60:22:60:29 | values.2 | test.rs:55:22:55:30 | query_map | test.rs:60:22:60:29 | values.2 | $@ | test.rs:55:22:55:30 | query_map | query_map |
 | test.rs:65:18:65:20 | row | test.rs:64:26:64:35 | query_fold | test.rs:65:18:65:20 | row | $@ | test.rs:64:26:64:35 | query_fold | query_fold |
 | test.rs:68:14:68:18 | total | test.rs:64:26:64:35 | query_fold | test.rs:68:14:68:18 | total | $@ | test.rs:64:26:64:35 | query_fold | query_fold |
+| test.rs:74:18:74:19 | id | test.rs:70:22:70:31 | query_fold | test.rs:74:18:74:19 | id | $@ | test.rs:70:22:70:31 | query_fold | query_fold |
 | test.rs:75:18:75:21 | name | test.rs:70:22:70:31 | query_fold | test.rs:75:18:75:21 | name | $@ | test.rs:70:22:70:31 | query_fold | query_fold |
+| test.rs:76:18:76:20 | age | test.rs:70:22:70:31 | query_fold | test.rs:76:18:76:20 | age | $@ | test.rs:70:22:70:31 | query_fold | query_fold |
 | test.rs:106:14:106:15 | v1 | test.rs:105:28:105:30 | get | test.rs:106:14:106:15 | v1 | $@ | test.rs:105:28:105:30 | get | get |
 | test.rs:109:14:109:15 | v2 | test.rs:108:28:108:34 | get_opt | test.rs:109:14:109:15 | v2 | $@ | test.rs:108:28:108:34 | get_opt | get_opt |
 | test.rs:112:14:112:15 | v3 | test.rs:111:28:111:31 | take | test.rs:112:14:112:15 | v3 | $@ | test.rs:111:28:111:31 | take | take |
 | test.rs:115:14:115:15 | v4 | test.rs:114:28:114:35 | take_opt | test.rs:115:14:115:15 | v4 | $@ | test.rs:114:28:114:35 | take_opt | take_opt |
 | test.rs:138:22:138:27 | values | test.rs:135:22:135:30 | query_map | test.rs:138:22:138:27 | values | $@ | test.rs:135:22:135:30 | query_map | query_map |
+| test.rs:145:22:145:29 | values.0 | test.rs:142:22:142:30 | query_map | test.rs:145:22:145:29 | values.0 | $@ | test.rs:142:22:142:30 | query_map | query_map |
 | test.rs:146:22:146:29 | values.1 | test.rs:142:22:142:30 | query_map | test.rs:146:22:146:29 | values.1 | $@ | test.rs:142:22:142:30 | query_map | query_map |
+| test.rs:147:22:147:29 | values.2 | test.rs:142:22:142:30 | query_map | test.rs:147:22:147:29 | values.2 | $@ | test.rs:142:22:142:30 | query_map | query_map |
 | test.rs:152:18:152:20 | row | test.rs:151:26:151:35 | query_fold | test.rs:152:18:152:20 | row | $@ | test.rs:151:26:151:35 | query_fold | query_fold |
 | test.rs:155:14:155:18 | total | test.rs:151:26:151:35 | query_fold | test.rs:155:14:155:18 | total | $@ | test.rs:151:26:151:35 | query_fold | query_fold |
+| test.rs:161:18:161:19 | id | test.rs:157:22:157:31 | query_fold | test.rs:161:18:161:19 | id | $@ | test.rs:157:22:157:31 | query_fold | query_fold |
 | test.rs:162:18:162:21 | name | test.rs:157:22:157:31 | query_fold | test.rs:162:18:162:21 | name | $@ | test.rs:157:22:157:31 | query_fold | query_fold |
+| test.rs:163:18:163:20 | age | test.rs:157:22:157:31 | query_fold | test.rs:163:18:163:20 | age | $@ | test.rs:157:22:157:31 | query_fold | query_fold |
diff --git a/rust/ql/test/library-tests/dataflow/sources/database/test.rs b/rust/ql/test/library-tests/dataflow/sources/database/test.rs
index 68943608ee4b..618830091a6c 100644
--- a/rust/ql/test/library-tests/dataflow/sources/database/test.rs
+++ b/rust/ql/test/library-tests/dataflow/sources/database/test.rs
@@ -55,9 +55,9 @@ mod test_mysql {
         let _ = conn.query_map( // $ Alert[rust/summary/taint-sources]
             "SELECT id, name, age FROM person",
             |values: (i64, String, i32)| -> () {
-                sink(values.0); // $ MISSING: hasTaintFlow
+                sink(values.0); // $ hasTaintFlow
                 sink(values.1); // $ hasTaintFlow
-                sink(values.2); // $ MISSING: hasTaintFlow
+                sink(values.2); // $ hasTaintFlow
             }
         )?;
 
@@ -71,9 +71,9 @@ mod test_mysql {
             let id: i64 = row.0;
             let name: String = row.1;
             let age: i32 = row.2;
-            sink(id); // $ MISSING: hasTaintFlow
+            sink(id); // $ hasTaintFlow
             sink(name); // $ hasTaintFlow
-            sink(age); // $ MISSING: hasTaintFlow
+            sink(age); // $ hasTaintFlow
             acc + 1
         })?;
 
@@ -142,9 +142,9 @@ mod test_mysql_async {
         let _ = conn.query_map( // $ Alert[rust/summary/taint-sources]
             "SELECT id, name, age FROM person",
             |values: (i64, String, i32)| -> () {
-                sink(values.0); // $ MISSING: hasTaintFlow
+                sink(values.0); // $ hasTaintFlow
                 sink(values.1); // $ hasTaintFlow
-                sink(values.2); // $ MISSING: hasTaintFlow
+                sink(values.2); // $ hasTaintFlow
             }
         ).await?;
 
@@ -158,9 +158,9 @@ mod test_mysql_async {
             let id: i64 = row.0;
             let name: String = row.1;
             let age: i32 = row.2;
-            sink(id); // $ MISSING: hasTaintFlow
+            sink(id); // $ hasTaintFlow
             sink(name); // $ hasTaintFlow
-            sink(age); // $ MISSING: hasTaintFlow
+            sink(age); // $ hasTaintFlow
             acc + 1
         }).await?;