hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: ignore experimental for now

Browse Source
This commit is contained in:
Asger F
2025-01-23 13:50:02 +01:00
parent 9dfd1cc608
commit 15c2ccb880
3 changed files with 0 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql
View File

@@ -26,12 +26,6 @@ private module PossibleTimingAttackAgainstHashConfig implements DataFlow::Config
predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql:41: Column 5 selects source.getResultType
none()
}
}
module PossibleTimingAttackAgainstHashFlow =

6
python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql
View File

@@ -25,12 +25,6 @@ private module TimingAttackAgainstHashConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql:39: Column 5 selects source.getResultType
none()
}
}
module TimingAttackAgainstHashFlow = TaintTracking::Global<TimingAttackAgainstHashConfig>;

18
python/ql/src/experimental/semmle/python/security/TimingAttack.qll
View File

@@ -271,12 +271,6 @@ module UserInputSecretConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof CredentialExpr }
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/semmle/python/security/TimingAttack.qll:176: Flow call outside 'select' clause
none()
}
}
module UserInputSecretFlow = TaintTracking::Global<UserInputSecretConfig>;
@@ -294,12 +288,6 @@ module UserInputInComparisonConfig implements DataFlow::ConfigSig {
sink.asExpr() = [left, right]
)
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/semmle/python/security/TimingAttack.qll:165: Flow call outside 'select' clause
none()
}
}
module UserInputInComparisonFlow = TaintTracking::Global<UserInputInComparisonConfig>;
@@ -316,12 +304,6 @@ private module ExcludeLenFuncConfig implements DataFlow::ConfigSig {
sink.asExpr() = call.getArg(0)
)
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// ql/src/experimental/semmle/python/security/TimingAttack.qll:347: Flow call outside 'select' clause
none()
}
}
module ExcludeLenFuncFlow = TaintTracking::Global<ExcludeLenFuncConfig>;