Python: resolve remaining TODOs

2026-04-25 00:35:20 +02:00 · 2024-12-20 11:02:40 +01:00
parent 975ce064fc
commit d3ee658399
8 changed files with 33 additions and 50 deletions
--- a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
+++ b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll
@@ -173,10 +173,7 @@ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }

  predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll:181: Flow call outside 'select' clause
-    // ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIs.qll:184: Flow call outside 'select' clause
-    none()
+    none() // Not used for PR analysis
  }
 }

--- a/python/ql/src/Security/CWE-327/FluentApiModel.qll
+++ b/python/ql/src/Security/CWE-327/FluentApiModel.qll
@@ -112,9 +112,7 @@ module InsecureContextConfiguration implements DataFlow::StateConfigSig {
  }

  predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // ql/src/Security/CWE-327/FluentApiModel.qll:130: Flow call outside 'select' clause
-    none()
+    none() // Too complicated, but might be possible after some refactoring.
  }
 }

--- a/python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll
+++ b/python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll
@@ -40,9 +40,7 @@ module SmtpLib {
    }

    predicate observeDiffInformedIncrementalMode() {
-      // TODO(diff-informed): Manually verify if config can be diff-informed.
-      // ql/src/experimental/semmle/python/libraries/SmtpLib.qll:91: Flow call outside 'select' clause
-      none()
+      none() // Used in library model
    }
  }