Skip to content

Commit

Permalink
Ruby: fix TODOs left by the patch query
Browse files Browse the repository at this point in the history
  • Loading branch information
@asgerf
asgerf committed Dec 20, 2024
1 parent 0f4b961 commit c9d17cc
Show file tree
Hide file tree
Showing 12 changed files with 13 additions and 46 deletions.
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,9 +120,7 @@ private module ExconDisablesCertificateValidationConfig implements DataFlow::Con
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/Excon.qll:74: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,7 @@ private module FaradayDisablesCertificateValidationConfig implements DataFlow::S
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/Faraday.qll:80: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,7 @@ private module HttpClientDisablesCertificateValidationConfig implements DataFlow
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/HttpClient.qll:67: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,7 @@ private module HttpartyDisablesCertificateValidationConfig implements DataFlow::
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/Httparty.qll:59: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,9 +105,7 @@ private module NetHttpDisablesCertificateValidationConfig implements DataFlow::C
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/NetHttp.qll:90: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
5 changes: 1 addition & 4 deletions ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,7 @@ private module OpenUriDisablesCertificateValidationConfig implements DataFlow::C
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/OpenURI.qll:48: Flow call outside 'select' clause
// lib/codeql/ruby/frameworks/http_clients/OpenURI.qll:95: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,7 @@ private module RestClientDisablesCertificateValidationConfig implements DataFlow
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/RestClient.qll:60: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,9 +66,7 @@ private module TyphoeusDisablesCertificateValidationConfig implements DataFlow::
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll:53: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,7 @@ module Pathname {
}

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/frameworks/stdlib/Pathname.qll:30: Flow call outside 'select' clause
none()
none() // Used for a library model
}
}

Expand Down
6 changes: 1 addition & 5 deletions ruby/ql/lib/codeql/ruby/security/ConditionalBypassQuery.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,7 @@ private module Config implements DataFlow::ConfigSig {

predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// src/experimental/cwe-807/ConditionalBypass.ql:78: Flow call outside 'select' clause
none()
}
predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
4 changes: 1 addition & 3 deletions ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,7 @@ private module SensitiveGetQueryConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// src/queries/security/cwe-598/SensitiveGetQuery.ql:21: Column 3 does not select a source or sink originating from the flow call on line 20
none()
none() // Disabled since the alert references `Source.getHandler()`
}
}

Expand Down
12 changes: 2 additions & 10 deletions ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,7 @@ module NormalHashFunction {

predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll:79: Flow call outside 'select' clause
none()
}
predicate observeDiffInformedIncrementalMode() { any() }
}

/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on sensitive data" vulnerabilities. */
Expand Down Expand Up @@ -61,11 +57,7 @@ module ComputationallyExpensiveHashFunction {

predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }

predicate observeDiffInformedIncrementalMode() {
// TODO(diff-informed): Manually verify if config can be diff-informed.
// lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll:86: Flow call outside 'select' clause
none()
}
predicate observeDiffInformedIncrementalMode() { any() }
}

/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on passwords" vulnerabilities. */
Expand Down

0 comments on commit c9d17cc

Please sign in to comment.