JS: Update PrototypePollutingFunction.ql

asgerf · asgerf · commit 8fe622f572fd · 2025-01-20T11:20:29.000+01:00
diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
@@ -285,12 +285,7 @@ module PropNameTrackingConfig implements DataFlow::StateConfigSig {
   }
 
   predicate observeDiffInformedIncrementalMode() {
-    // TODO(diff-informed): Manually verify if config can be diff-informed.
-    // ql/src/Security/CWE-915/PrototypePollutingFunction.ql:516: Flow call outside 'select' clause
-    // ql/src/Security/CWE-915/PrototypePollutingFunction.ql:519: Flow call outside 'select' clause
-    // ql/src/Security/CWE-915/PrototypePollutingFunction.ql:520: Flow call outside 'select' clause
-    // ql/src/Security/CWE-915/PrototypePollutingFunction.ql:524: Flow call outside 'select' clause
-    none()
+    none() // Disabled since the alert references some locations other than the source or sink
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -285,12 +285,7 @@ module PropNameTrackingConfig implements DataFlow::StateConfigSig {`
`285`	`285`	`}`
`286`	`286`
`287`	`287`	`predicate observeDiffInformedIncrementalMode() {`
`288`		`- // TODO(diff-informed): Manually verify if config can be diff-informed.`
`289`		`- // ql/src/Security/CWE-915/PrototypePollutingFunction.ql:516: Flow call outside 'select' clause`
`290`		`- // ql/src/Security/CWE-915/PrototypePollutingFunction.ql:519: Flow call outside 'select' clause`
`291`		`- // ql/src/Security/CWE-915/PrototypePollutingFunction.ql:520: Flow call outside 'select' clause`
`292`		`- // ql/src/Security/CWE-915/PrototypePollutingFunction.ql:524: Flow call outside 'select' clause`
`293`		`- none()`
	`288`	`+ none() // Disabled since the alert references some locations other than the source or sink`
`294`	`289`	`}`
`295`	`290`	`}`
`296`	`291`