clean up queries

Azure · Aug 22, 2024 · 4811c85 · 4811c85
1 parent 7161fa4
commit 4811c85
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 4 deletions.
diff --git a/codeql/addipamconfig-to-exec.ql b/codeql/addipamconfig-to-exec.ql
@@ -10,7 +10,6 @@
  */
 
 // Detect inputs from CNS add ipam result / CNS multitenancy ipam add result to command injection
-// 1 linux, 2 windows
 import go
 
 private class Sink extends DataFlow2::Node {
@@ -29,7 +28,7 @@ private class Source extends DataFlow2::Node {
   Source() {
     exists(DataFlow::CallNode c, Method m |
       //m.hasQualifiedName("github.com/Azure/azure-container-networking/cni/network", "NetPlugin",
-      //  "addIpamInvoker") or // this is maybe not necessary since we call GetAllNetworkContainers right next to this = duplicated results
+      //  "addIpamInvoker") or // this is not necessary since we call GetAllNetworkContainers right next to this = duplicated results, but if this call moves, uncomment this
       m.hasQualifiedName("github.com/Azure/azure-container-networking/cni/network", "Multitenancy",
         "GetAllNetworkContainers") and
       c = m.getACall() and

diff --git a/codeql/cni-args-to-exec.ql b/codeql/cni-args-to-exec.ql
@@ -10,7 +10,6 @@
  */
 
 // Detect inputs from CNI ARGS to command injection
-// 2 windows, 1 linux
 import go
 
 private class Sink extends DataFlow2::Node {

diff --git a/codeql/decode-to-exec.ql b/codeql/decode-to-exec.ql
@@ -10,7 +10,6 @@
  */
 
 // Detect flow from the DECODE method (which decodes http requests) to a command execution
-// 4 windows, 1 linux
 import go
 
 private class Sink extends DataFlow2::Node {