From 8bb9f21c786b4a07f9adff630c88dee824d16719 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= <d10c@users.noreply.github.com>
Date: Wed, 8 Oct 2025 13:42:38 +0200
Subject: [PATCH] Go/PamAuthBypass: disable due to secondary flow

---
 go/ql/src/experimental/CWE-285/PamAuthBypass.ql | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
index 755a023ef625..a128cfc44e0b 100644
--- a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
+++ b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
@@ -43,9 +43,9 @@ module PamStartToAcctMgmtConfig implements DataFlow::ConfigSig {
     exists(PamAcctMgmt p | p.getACall().getReceiver() = sink)
   }
 
-  predicate observeDiffInformedIncrementalMode() { any() }
-
-  Location getASelectedSinkLocation(DataFlow::Node sink) { none() }
+  predicate observeDiffInformedIncrementalMode() {
+    none() // used as secondary flow
+  }
 }
 
 module PamStartToAcctMgmtFlow = TaintTracking::Global<PamStartToAcctMgmtConfig>;
@@ -60,9 +60,9 @@ module PamStartToAuthenticateConfig implements DataFlow::ConfigSig {
     exists(PamAuthenticate p | p.getACall().getReceiver() = sink)
   }
 
-  predicate observeDiffInformedIncrementalMode() { any() }
-
-  Location getASelectedSinkLocation(DataFlow::Node sink) { none() }
+  predicate observeDiffInformedIncrementalMode() {
+    none() // uses secondary flow
+  }
 }
 
 module PamStartToAuthenticateFlow = TaintTracking::Global<PamStartToAuthenticateConfig>;