Python: ignore experimental for now

asgerf · asgerf · commit 15c2ccb88054 · 2025-02-06T10:27:43.000+01:00
diff --git a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql
@@ -26,12 +26,6 @@ private module PossibleTimingAttackAgainstHashConfig implements DataFlow::Config
   predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
-
-  predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.ql:41: Column 5 selects source.getResultType
-    none()
-  }
 }
 
 module PossibleTimingAttackAgainstHashFlow =
diff --git a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql
@@ -25,12 +25,6 @@ private module TimingAttackAgainstHashConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ProduceCryptoCall }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof NonConstantTimeComparisonSink }
-
-  predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql:39: Column 5 selects source.getResultType
-    none()
-  }
 }
 
 module TimingAttackAgainstHashFlow = TaintTracking::Global<TimingAttackAgainstHashConfig>;
diff --git a/python/ql/src/experimental/semmle/python/security/TimingAttack.qll b/python/ql/src/experimental/semmle/python/security/TimingAttack.qll
@@ -271,12 +271,6 @@ module UserInputSecretConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof CredentialExpr }
-
-  predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // ql/src/experimental/semmle/python/security/TimingAttack.qll:176: Flow call outside 'select' clause
-    none()
-  }
 }
 
 module UserInputSecretFlow = TaintTracking::Global<UserInputSecretConfig>;
@@ -294,12 +288,6 @@ module UserInputInComparisonConfig implements DataFlow::ConfigSig {
       sink.asExpr() = [left, right]
     )
   }
-
-  predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // ql/src/experimental/semmle/python/security/TimingAttack.qll:165: Flow call outside 'select' clause
-    none()
-  }
 }
 
 module UserInputInComparisonFlow = TaintTracking::Global<UserInputInComparisonConfig>;
@@ -316,12 +304,6 @@ private module ExcludeLenFuncConfig implements DataFlow::ConfigSig {
       sink.asExpr() = call.getArg(0)
     )
   }
-
-  predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // ql/src/experimental/semmle/python/security/TimingAttack.qll:347: Flow call outside 'select' clause
-    none()
-  }
 }
 
 module ExcludeLenFuncFlow = TaintTracking::Global<ExcludeLenFuncConfig>;

Original file line number	Diff line number	Diff line change
`@@ -271,12 +271,6 @@ module UserInputSecretConfig implements DataFlow::ConfigSig {`
`271`	`271`	`predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }`
`272`	`272`
`273`	`273`	`predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof CredentialExpr }`
`274`		`-`
`275`		`- predicate observeDiffInformedIncrementalMode() {`
`276`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`277`		`- // ql/src/experimental/semmle/python/security/TimingAttack.qll:176: Flow call outside 'select' clause`
`278`		`- none()`
`279`		`- }`
`280`	`274`	`}`
`281`	`275`
`282`	`276`	`module UserInputSecretFlow = TaintTracking::Global<UserInputSecretConfig>;`
`@@ -294,12 +288,6 @@ module UserInputInComparisonConfig implements DataFlow::ConfigSig {`
`294`	`288`	`sink.asExpr() = [left, right]`
`295`	`289`	`)`
`296`	`290`	`}`
`297`		`-`
`298`		`- predicate observeDiffInformedIncrementalMode() {`
`299`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`300`		`- // ql/src/experimental/semmle/python/security/TimingAttack.qll:165: Flow call outside 'select' clause`
`301`		`- none()`
`302`		`- }`
`303`	`291`	`}`
`304`	`292`
`305`	`293`	`module UserInputInComparisonFlow = TaintTracking::Global<UserInputInComparisonConfig>;`
`@@ -316,12 +304,6 @@ private module ExcludeLenFuncConfig implements DataFlow::ConfigSig {`
`316`	`304`	`sink.asExpr() = call.getArg(0)`
`317`	`305`	`)`
`318`	`306`	`}`
`319`		`-`
`320`		`- predicate observeDiffInformedIncrementalMode() {`
`321`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`322`		`- // ql/src/experimental/semmle/python/security/TimingAttack.qll:347: Flow call outside 'select' clause`
`323`		`- none()`
`324`		`- }`
`325`	`307`	`}`
`326`	`308`
`327`	`309`	`module ExcludeLenFuncFlow = TaintTracking::Global<ExcludeLenFuncConfig>;`