Java: mass enable diff-informed data flow + none() overrides

d10c · d10c · commit aa5dd7bb4ea0 · 2025-06-17T14:05:36.000+02:00
An auto-generated patch that enables diff-informed data flow in the obvious cases. Builds on github#18346 and github/codeql-patch#88
diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll
@@ -23,6 +23,10 @@ module ApkInstallationConfig implements DataFlow::ConfigSig {
       )
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSourceLocation(DataFlow::Node sink) { none() }
 }
 
 module ApkInstallationFlow = DataFlow::Global<ApkInstallationConfig>;
diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll
@@ -49,6 +49,8 @@ module HardcodedCredentialApiCallConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node n) {
     n.asExpr().(MethodCall).getMethod() instanceof MethodSystemGetenv
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll
@@ -14,6 +14,8 @@ module HardcodedCredentialSourceCallConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node n) { n.asExpr() instanceof HardcodedExpr }
 
   predicate isSink(DataFlow::Node n) { n.asExpr() instanceof FinalCredentialsSourceSink }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll b/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll
@@ -19,6 +19,8 @@ module HttpStringToUrlOpenMethodFlowConfig implements DataFlow::ConfigSig {
   }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll
@@ -17,6 +17,8 @@ module BasicAuthFlowConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(HttpUrlsAdditionalTaintStep c).step(node1, node2)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll
@@ -19,6 +19,8 @@ private module NotificationTrackingConfig implements DataFlow::ConfigSig {
   }
 
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Taint tracking flow for sensitive data flowing to system notifications. */
@@ -75,6 +77,8 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
 
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** A local flow step that also flows through access to fields containing `View`s */
diff --git a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll
@@ -15,6 +15,8 @@ module FetchUntrustedResourceConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink }
 
   predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof RequestForgerySanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,10 @@ module ApkInstallationConfig implements DataFlow::ConfigSig {`
`23`	`23`	`)`
`24`	`24`	`)`
`25`	`25`	`}`
	`26`	`+`
	`27`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
	`28`	`+`
	`29`	`+ Location getASelectedSourceLocation(DataFlow::Node sink) { none() }`
`26`	`30`	`}`
`27`	`31`
`28`	`32`	`module ApkInstallationFlow = DataFlow::Global<ApkInstallationConfig>;`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,8 @@ module HardcodedCredentialApiCallConfig implements DataFlow::ConfigSig {`
`49`	`49`	`predicate isBarrier(DataFlow::Node n) {`
`50`	`50`	`n.asExpr().(MethodCall).getMethod() instanceof MethodSystemGetenv`
`51`	`51`	`}`
	`52`	`+`
	`53`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`52`	`54`	`}`
`53`	`55`
`54`	`56`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@ module HardcodedCredentialSourceCallConfig implements DataFlow::ConfigSig {`
`14`	`14`	`predicate isSource(DataFlow::Node n) { n.asExpr() instanceof HardcodedExpr }`
`15`	`15`
`16`	`16`	`predicate isSink(DataFlow::Node n) { n.asExpr() instanceof FinalCredentialsSourceSink }`
	`17`	`+`
	`18`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`17`	`19`	`}`
`18`	`20`
`19`	`21`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,8 @@ module HttpStringToUrlOpenMethodFlowConfig implements DataFlow::ConfigSig {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }`
	`22`	`+`
	`23`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`22`	`24`	`}`
`23`	`25`
`24`	`26`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ module BasicAuthFlowConfig implements DataFlow::ConfigSig {`
`17`	`17`	`predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {`
`18`	`18`	`any(HttpUrlsAdditionalTaintStep c).step(node1, node2)`
`19`	`19`	`}`
	`20`	`+`
	`21`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`20`	`22`	`}`
`21`	`23`
`22`	`24`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,8 @@ private module NotificationTrackingConfig implements DataFlow::ConfigSig {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`predicate isBarrierIn(DataFlow::Node node) { isSource(node) }`
	`22`	`+`
	`23`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`22`	`24`	`}`
`23`	`25`
`24`	`26`	`/** Taint tracking flow for sensitive data flowing to system notifications. */`
`@@ -75,6 +77,8 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {`
`75`	`77`	`predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }`
`76`	`78`
`77`	`79`	`predicate isBarrierIn(DataFlow::Node node) { isSource(node) }`
	`80`	`+`
	`81`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`78`	`82`	`}`
`79`	`83`
`80`	`84`	/** A local flow step that also flows through access to fields containing `View`s */
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,8 @@ module FetchUntrustedResourceConfig implements DataFlow::ConfigSig {`
`15`	`15`	`predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink }`
`16`	`16`
`17`	`17`	`predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof RequestForgerySanitizer }`
	`18`	`+`
	`19`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`18`	`20`	`}`
`19`	`21`
`20`	`22`	`/**`