Python: fix some of the TODOs

asgerf · asgerf · commit 6d41b4ae029a · 2025-01-23T10:16:38.000+01:00
diff --git a/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll b/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll
@@ -34,11 +34,7 @@ module NormalHashFunction {
       sensitiveDataExtraStepForCalls(node1, node2)
     }
 
-    predicate observeDiffInformedIncrementalMode() {
-      // TODO(diff-informed): Manually verify if config can be diff-informed.
-      // ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll:88: Flow call outside 'select' clause
-      none()
-    }
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on sensitive data" vulnerabilities. */
@@ -70,11 +66,7 @@ module ComputationallyExpensiveHashFunction {
       sensitiveDataExtraStepForCalls(node1, node2)
     }
 
-    predicate observeDiffInformedIncrementalMode() {
-      // TODO(diff-informed): Manually verify if config can be diff-informed.
-      // ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll:95: Flow call outside 'select' clause
-      none()
-    }
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on passwords" vulnerabilities. */
diff --git a/python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll b/python/ql/src/experimental/semmle/python/libraries/SmtpLib.qll
@@ -40,9 +40,7 @@ module SmtpLib {
     }
 
     predicate observeDiffInformedIncrementalMode() {
-      // TODO(diff-informed): Manually verify if config can be diff-informed.
-      // ql/src/experimental/semmle/python/libraries/SmtpLib.qll:91: Flow call outside 'select' clause
-      none()
+      none() // Used in library model
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -34,11 +34,7 @@ module NormalHashFunction {`
`34`	`34`	`sensitiveDataExtraStepForCalls(node1, node2)`
`35`	`35`	`}`
`36`	`36`
`37`		`- predicate observeDiffInformedIncrementalMode() {`
`38`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`39`		`- // ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll:88: Flow call outside 'select' clause`
`40`		`- none()`
`41`		`- }`
	`37`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`42`	`38`	`}`
`43`	`39`
`44`	`40`	`/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on sensitive data" vulnerabilities. */`
`@@ -70,11 +66,7 @@ module ComputationallyExpensiveHashFunction {`
`70`	`66`	`sensitiveDataExtraStepForCalls(node1, node2)`
`71`	`67`	`}`
`72`	`68`
`73`		`- predicate observeDiffInformedIncrementalMode() {`
`74`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`75`		`- // ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll:95: Flow call outside 'select' clause`
`76`		`- none()`
`77`		`- }`
	`69`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`78`	`70`	`}`
`79`	`71`
`80`	`72`	`/** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on passwords" vulnerabilities. */`
Original file line number	Diff line number	Diff line change
`@@ -40,9 +40,7 @@ module SmtpLib {`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`predicate observeDiffInformedIncrementalMode() {`
`43`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`44`		`- // ql/src/experimental/semmle/python/libraries/SmtpLib.qll:91: Flow call outside 'select' clause`
`45`		`- none()`
	`43`	`+ none() // Used in library model`
`46`	`44`	`}`
`47`	`45`	`}`
`48`	`46`