Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit cd0e37a

Browse files
asgerfasgerf
committed
Python: fix some of the TODOs
1 parent 6a493f3 commit cd0e37a

3 files changed

Lines changed: 4 additions & 16 deletions

File tree

python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,9 +31,7 @@ private module FullServerSideRequestForgeryConfig implements DataFlow::ConfigSig
3131
}
3232

3333
predicate observeDiffInformedIncrementalMode() {
34-
// TODO(diff-informed): Manually verify if config can be diff-informed.
35-
// ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll:47: Flow call outside 'select' clause
36-
none()
34+
none() // Disabled since the alert selects the associated request object
3735
}
3836
}
3937

python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -34,11 +34,7 @@ module NormalHashFunction {
3434
sensitiveDataExtraStepForCalls(node1, node2)
3535
}
3636

37-
predicate observeDiffInformedIncrementalMode() {
38-
// TODO(diff-informed): Manually verify if config can be diff-informed.
39-
// ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll:88: Flow call outside 'select' clause
40-
none()
41-
}
37+
predicate observeDiffInformedIncrementalMode() { any() }
4238
}
4339

4440
/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on sensitive data" vulnerabilities. */
@@ -70,11 +66,7 @@ module ComputationallyExpensiveHashFunction {
7066
sensitiveDataExtraStepForCalls(node1, node2)
7167
}
7268

73-
predicate observeDiffInformedIncrementalMode() {
74-
// TODO(diff-informed): Manually verify if config can be diff-informed.
75-
// ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll:95: Flow call outside 'select' clause
76-
none()
77-
}
69+
predicate observeDiffInformedIncrementalMode() { any() }
7870
}
7971

8072
/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on passwords" vulnerabilities. */

python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,7 @@ module SmtpLib {
4040
}
4141

4242
predicate observeDiffInformedIncrementalMode() {
43-
// TODO(diff-informed): Manually verify if config can be diff-informed.
44-
// ql/src/experimental/semmle/python/libraries/SmtpLib.qll:91: Flow call outside 'select' clause
45-
none()
43+
none() // Used in library model
4644
}
4745
}
4846

0 commit comments

Comments
 (0)