hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: fix TODOs left by the patch query

Browse Source
This commit is contained in:
Asger F
2024-12-20 10:34:53 +01:00
parent 4dc632f742
commit 871cdb014d
12 changed files with 13 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
View File

@@ -120,9 +120,7 @@ private module ExconDisablesCertificateValidationConfig implements DataFlow::Con
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/Excon.qll:74: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
View File

@@ -101,9 +101,7 @@ private module FaradayDisablesCertificateValidationConfig implements DataFlow::S
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/Faraday.qll:80: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll
View File

@@ -82,9 +82,7 @@ private module HttpClientDisablesCertificateValidationConfig implements DataFlow
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/HttpClient.qll:67: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll
View File

@@ -72,9 +72,7 @@ private module HttpartyDisablesCertificateValidationConfig implements DataFlow::
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/Httparty.qll:59: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
View File

@@ -105,9 +105,7 @@ private module NetHttpDisablesCertificateValidationConfig implements DataFlow::C
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/NetHttp.qll:90: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

5
ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
View File

@@ -112,10 +112,7 @@ private module OpenUriDisablesCertificateValidationConfig implements DataFlow::C
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/OpenURI.qll:48: Flow call outside 'select' clause
// lib/codeql/ruby/frameworks/http_clients/OpenURI.qll:95: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll
View File

@@ -75,9 +75,7 @@ private module RestClientDisablesCertificateValidationConfig implements DataFlow
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/RestClient.qll:60: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

4
ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll
View File

@@ -66,9 +66,7 @@ private module TyphoeusDisablesCertificateValidationConfig implements DataFlow::
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll:53: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

4
ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll
View File

@@ -54,9 +54,7 @@ module Pathname {
}
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/stdlib/Pathname.qll:30: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

6
ruby/ql/lib/codeql/ruby/security/ConditionalBypassQuery.qll
View File

@@ -18,11 +18,7 @@ private module Config implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// src/experimental/cwe-807/ConditionalBypass.ql:78: Flow call outside 'select' clause
none()
}
predicate observeDiffInformedIncrementalMode() { any() }
}
/**

4
ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll
View File

@@ -18,9 +18,7 @@ private module SensitiveGetQueryConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// src/queries/security/cwe-598/SensitiveGetQuery.ql:21: Column 3 does not select a source or sink originating from the flow call on line 20
none()
none() // Disabled since the alert references `Source.getHandler()`
}
}

12
ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll
View File

@@ -29,11 +29,7 @@ module NormalHashFunction {
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll:79: Flow call outside 'select' clause
none()
}
predicate observeDiffInformedIncrementalMode() { any() }
}
/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on sensitive data" vulnerabilities. */
@@ -61,11 +57,7 @@ module ComputationallyExpensiveHashFunction {
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll:86: Flow call outside 'select' clause
none()
}
predicate observeDiffInformedIncrementalMode() { any() }
}
/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on passwords" vulnerabilities. */