Ruby: fix TODOs left by the patch query

asgerf · asgerf · commit 871cdb014d90 · 2025-01-17T13:21:54.000+01:00
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Excon.qll
@@ -120,9 +120,7 @@ private module ExconDisablesCertificateValidationConfig implements DataFlow::Con
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // lib/codeql/ruby/frameworks/http_clients/Excon.qll:74: Flow call outside 'select' clause
-    none()
+    none() // Used for a library model
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll
@@ -101,9 +101,7 @@ private module FaradayDisablesCertificateValidationConfig implements DataFlow::S
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // lib/codeql/ruby/frameworks/http_clients/Faraday.qll:80: Flow call outside 'select' clause
-    none()
+    none() // Used for a library model
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/HttpClient.qll
@@ -82,9 +82,7 @@ private module HttpClientDisablesCertificateValidationConfig implements DataFlow
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // lib/codeql/ruby/frameworks/http_clients/HttpClient.qll:67: Flow call outside 'select' clause
-    none()
+    none() // Used for a library model
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Httparty.qll
@@ -72,9 +72,7 @@ private module HttpartyDisablesCertificateValidationConfig implements DataFlow::
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // lib/codeql/ruby/frameworks/http_clients/Httparty.qll:59: Flow call outside 'select' clause
-    none()
+    none() // Used for a library model
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
@@ -105,9 +105,7 @@ private module NetHttpDisablesCertificateValidationConfig implements DataFlow::C
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // lib/codeql/ruby/frameworks/http_clients/NetHttp.qll:90: Flow call outside 'select' clause
-    none()
+    none() // Used for a library model
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/OpenURI.qll
@@ -112,10 +112,7 @@ private module OpenUriDisablesCertificateValidationConfig implements DataFlow::C
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // lib/codeql/ruby/frameworks/http_clients/OpenURI.qll:48: Flow call outside 'select' clause
-    // lib/codeql/ruby/frameworks/http_clients/OpenURI.qll:95: Flow call outside 'select' clause
-    none()
+    none() // Used for a library model
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/RestClient.qll
@@ -75,9 +75,7 @@ private module RestClientDisablesCertificateValidationConfig implements DataFlow
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // lib/codeql/ruby/frameworks/http_clients/RestClient.qll:60: Flow call outside 'select' clause
-    none()
+    none() // Used for a library model
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll
@@ -66,9 +66,7 @@ private module TyphoeusDisablesCertificateValidationConfig implements DataFlow::
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll:53: Flow call outside 'select' clause
-    none()
+    none() // Used for a library model
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll b/ruby/ql/lib/codeql/ruby/frameworks/stdlib/Pathname.qll
@@ -54,9 +54,7 @@ module Pathname {
     }
 
     predicate observeDiffInformedIncrementalMode() {
-      // TODO(diff-informed): Manually verify if config can be diff-informed.
-      // lib/codeql/ruby/frameworks/stdlib/Pathname.qll:30: Flow call outside 'select' clause
-      none()
+      none() // Used for a library model
     }
   }
 
diff --git a/ruby/ql/lib/codeql/ruby/security/ConditionalBypassQuery.qll b/ruby/ql/lib/codeql/ruby/security/ConditionalBypassQuery.qll
@@ -18,11 +18,7 @@ private module Config implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
-  predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // src/experimental/cwe-807/ConditionalBypass.ql:78: Flow call outside 'select' clause
-    none()
-  }
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll b/ruby/ql/lib/codeql/ruby/security/SensitiveGetQueryQuery.qll
@@ -18,9 +18,7 @@ private module SensitiveGetQueryConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // src/queries/security/cwe-598/SensitiveGetQuery.ql:21: Column 3 does not select a source or sink originating from the flow call on line 20
-    none()
+    none() // Disabled since the alert references `Source.getHandler()`
   }
 }
 
diff --git a/ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll b/ruby/ql/lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll
@@ -29,11 +29,7 @@ module NormalHashFunction {
 
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
-    predicate observeDiffInformedIncrementalMode() {
-      // TODO(diff-informed): Manually verify if config can be diff-informed.
-      // lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll:79: Flow call outside 'select' clause
-      none()
-    }
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on sensitive data" vulnerabilities. */
@@ -61,11 +57,7 @@ module ComputationallyExpensiveHashFunction {
 
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
-    predicate observeDiffInformedIncrementalMode() {
-      // TODO(diff-informed): Manually verify if config can be diff-informed.
-      // lib/codeql/ruby/security/WeakSensitiveDataHashingQuery.qll:86: Flow call outside 'select' clause
-      none()
-    }
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /** Global taint-tracking for detecting "use of a broken or weak cryptographic hashing algorithm on passwords" vulnerabilities. */

Original file line number	Diff line number	Diff line change
`@@ -120,9 +120,7 @@ private module ExconDisablesCertificateValidationConfig implements DataFlow::Con`
`120`	`120`	`}`
`121`	`121`
`122`	`122`	`predicate observeDiffInformedIncrementalMode() {`
`123`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`124`		`- // lib/codeql/ruby/frameworks/http_clients/Excon.qll:74: Flow call outside 'select' clause`
`125`		`- none()`
	`123`	`+ none() // Used for a library model`
`126`	`124`	`}`
`127`	`125`	`}`
`128`	`126`
Original file line number	Diff line number	Diff line change
`@@ -101,9 +101,7 @@ private module FaradayDisablesCertificateValidationConfig implements DataFlow::S`
`101`	`101`	`}`
`102`	`102`
`103`	`103`	`predicate observeDiffInformedIncrementalMode() {`
`104`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`105`		`- // lib/codeql/ruby/frameworks/http_clients/Faraday.qll:80: Flow call outside 'select' clause`
`106`		`- none()`
	`104`	`+ none() // Used for a library model`
`107`	`105`	`}`
`108`	`106`	`}`
`109`	`107`
Original file line number	Diff line number	Diff line change
`@@ -82,9 +82,7 @@ private module HttpClientDisablesCertificateValidationConfig implements DataFlow`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`predicate observeDiffInformedIncrementalMode() {`
`85`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`86`		`- // lib/codeql/ruby/frameworks/http_clients/HttpClient.qll:67: Flow call outside 'select' clause`
`87`		`- none()`
	`85`	`+ none() // Used for a library model`
`88`	`86`	`}`
`89`	`87`	`}`
`90`	`88`
Original file line number	Diff line number	Diff line change
`@@ -72,9 +72,7 @@ private module HttpartyDisablesCertificateValidationConfig implements DataFlow::`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`predicate observeDiffInformedIncrementalMode() {`
`75`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`76`		`- // lib/codeql/ruby/frameworks/http_clients/Httparty.qll:59: Flow call outside 'select' clause`
`77`		`- none()`
	`75`	`+ none() // Used for a library model`
`78`	`76`	`}`
`79`	`77`	`}`
`80`	`78`
Original file line number	Diff line number	Diff line change
`@@ -105,9 +105,7 @@ private module NetHttpDisablesCertificateValidationConfig implements DataFlow::C`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`predicate observeDiffInformedIncrementalMode() {`
`108`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`109`		`- // lib/codeql/ruby/frameworks/http_clients/NetHttp.qll:90: Flow call outside 'select' clause`
`110`		`- none()`
	`108`	`+ none() // Used for a library model`
`111`	`109`	`}`
`112`	`110`	`}`
`113`	`111`
Original file line number	Diff line number	Diff line change
`@@ -112,10 +112,7 @@ private module OpenUriDisablesCertificateValidationConfig implements DataFlow::C`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`predicate observeDiffInformedIncrementalMode() {`
`115`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`116`		`- // lib/codeql/ruby/frameworks/http_clients/OpenURI.qll:48: Flow call outside 'select' clause`
`117`		`- // lib/codeql/ruby/frameworks/http_clients/OpenURI.qll:95: Flow call outside 'select' clause`
`118`		`- none()`
	`115`	`+ none() // Used for a library model`
`119`	`116`	`}`
`120`	`117`	`}`
`121`	`118`
Original file line number	Diff line number	Diff line change
`@@ -75,9 +75,7 @@ private module RestClientDisablesCertificateValidationConfig implements DataFlow`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`predicate observeDiffInformedIncrementalMode() {`
`78`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`79`		`- // lib/codeql/ruby/frameworks/http_clients/RestClient.qll:60: Flow call outside 'select' clause`
`80`		`- none()`
	`78`	`+ none() // Used for a library model`
`81`	`79`	`}`
`82`	`80`	`}`
`83`	`81`
Original file line number	Diff line number	Diff line change
`@@ -66,9 +66,7 @@ private module TyphoeusDisablesCertificateValidationConfig implements DataFlow::`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`predicate observeDiffInformedIncrementalMode() {`
`69`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`70`		`- // lib/codeql/ruby/frameworks/http_clients/Typhoeus.qll:53: Flow call outside 'select' clause`
`71`		`- none()`
	`69`	`+ none() // Used for a library model`
`72`	`70`	`}`
`73`	`71`	`}`
`74`	`72`
Original file line number	Diff line number	Diff line change
`@@ -54,9 +54,7 @@ module Pathname {`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`predicate observeDiffInformedIncrementalMode() {`
`57`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`58`		`- // lib/codeql/ruby/frameworks/stdlib/Pathname.qll:30: Flow call outside 'select' clause`
`59`		`- none()`
	`57`	`+ none() // Used for a library model`
`60`	`58`	`}`
`61`	`59`	`}`
`62`	`60`