Merge pull request #19661 from d10c/d10c/csharp/diff-informed

d10c · web-flow · commit 79e982af3883 · 2025-06-17T14:52:24.000+02:00
C#: mass enable diff-informed data flow
diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll
@@ -70,6 +70,8 @@ private module SymmetricKeyConfig implements DataFlow::ConfigSig {
 
   /** Holds if the node is a key sanitizer. */
   predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
@@ -82,6 +82,8 @@ module HardcodedSymmetricEncryptionKey {
         succ.asExpr() = mc
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
@@ -32,6 +32,8 @@ private module ClearTextStorageConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
@@ -33,6 +33,8 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
@@ -42,6 +42,8 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
    * `node` from the data flow graph.
    */
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
@@ -32,6 +32,8 @@ private module ExposureOfPrivateInformationConfig implements DataFlow::ConfigSig
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
@@ -45,6 +45,8 @@ module LdapInjectionConfig implements DataFlow::ConfigSig {
    * `node` from the data flow graph.
    */
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
@@ -35,6 +35,8 @@ private module LogForgingConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
@@ -39,6 +39,8 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { exists(sink.(Sink).getReason()) }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
@@ -33,6 +33,8 @@ private module ReDoSConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll
@@ -33,6 +33,8 @@ private module RegexInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll
@@ -32,6 +32,8 @@ private module ResourceInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
@@ -43,6 +43,8 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
    * `node` from the data flow graph.
    */
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll
@@ -35,6 +35,8 @@ private module TaintedPathConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
@@ -37,6 +37,8 @@ private module UrlRedirectConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll
@@ -43,6 +43,8 @@ module XpathInjectionConfig implements DataFlow::ConfigSig {
    * `node` from the data flow graph.
    */
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
@@ -30,6 +30,8 @@ private module ZipSlipConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql b/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql
@@ -26,6 +26,8 @@ module UnsafeYearCreationFromArithmeticConfig implements DataFlow::ConfigSig {
       oc.getObjectType().getABaseType*().hasFullyQualifiedName("System", "DateTime")
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module UnsafeYearCreationFromArithmetic =
diff --git a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
@@ -45,6 +45,8 @@ module XmlInjectionConfig implements DataFlow::ConfigSig {
       mc = node.asExpr()
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
@@ -41,6 +41,8 @@ module AssemblyPathInjectionConfig implements DataFlow::ConfigSig {
       name = "UnsafeLoadFrom" and arg = 0
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
@@ -22,6 +22,8 @@ module FormatStringConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(FormatStringParseCall call).getFormatExpr()
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module FormatString = TaintTracking::Global<FormatStringConfig>;
diff --git a/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql b/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql
@@ -41,6 +41,8 @@ module ExposureInTransmittedDataConfig implements DataFlow::ConfigSig {
   }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof RemoteFlowSink }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module ExposureInTransmittedData = TaintTracking::Global<ExposureInTransmittedDataConfig>;
diff --git a/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql b/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql
@@ -59,6 +59,8 @@ module ExceptionInformationExposureConfig implements DataFlow::ConfigSig {
     // Do not flow through Message
     sanitizer.asExpr().getType().(RefType).getABaseType*() instanceof SystemExceptionClass
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql
@@ -37,6 +37,8 @@ module AddCertToRootStoreConfig implements DataFlow::ConfigSig {
       sink.asExpr() = mc.getQualifier()
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module AddCertToRootStore = DataFlow::Global<AddCertToRootStoreConfig>;
diff --git a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
@@ -40,6 +40,8 @@ module InsecureSqlConnectionConfig implements DataFlow::ConfigSig {
       )
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
diff --git a/csharp/ql/src/Security Features/InsecureRandomness.ql b/csharp/ql/src/Security Features/InsecureRandomness.ql
@@ -49,6 +49,8 @@ module Random {
       // succ = array_or_indexer[pred] - use of random numbers in an index
       succ.asExpr().(ElementAccess).getAnIndex() = pred.asExpr()
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,8 @@ private module SymmetricKeyConfig implements DataFlow::ConfigSig {`
`70`	`70`
`71`	`71`	`/** Holds if the node is a key sanitizer. */`
`72`	`72`	`predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer }`
	`73`	`+`
	`74`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`73`	`75`	`}`
`74`	`76`
`75`	`77`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,8 @@ module HardcodedSymmetricEncryptionKey {`
`82`	`82`	`succ.asExpr() = mc`
`83`	`83`	`)`
`84`	`84`	`}`
	`85`	`+`
	`86`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`85`	`87`	`}`
`86`	`88`
`87`	`89`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,8 @@ private module ClearTextStorageConfig implements DataFlow::ConfigSig {`
`32`	`32`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`33`	`33`
`34`	`34`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`35`	`+`
	`36`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`35`	`37`	`}`
`36`	`38`
`37`	`39`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,8 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {`
`33`	`33`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`34`	`34`
`35`	`35`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`36`	`+`
	`37`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`36`	`38`	`}`
`37`	`39`
`38`	`40`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,8 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {`
`42`	`42`	* `node` from the data flow graph.
`43`	`43`	`*/`
`44`	`44`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`45`	`+`
	`46`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`45`	`47`	`}`
`46`	`48`
`47`	`49`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,8 @@ private module ExposureOfPrivateInformationConfig implements DataFlow::ConfigSig`
`32`	`32`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`33`	`33`
`34`	`34`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`35`	`+`
	`36`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`35`	`37`	`}`
`36`	`38`
`37`	`39`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,8 @@ module LdapInjectionConfig implements DataFlow::ConfigSig {`
`45`	`45`	* `node` from the data flow graph.
`46`	`46`	`*/`
`47`	`47`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`48`	`+`
	`49`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`48`	`50`	`}`
`49`	`51`
`50`	`52`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,8 @@ private module LogForgingConfig implements DataFlow::ConfigSig {`
`35`	`35`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`36`	`36`
`37`	`37`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`38`	`+`
	`39`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`38`	`40`	`}`
`39`	`41`
`40`	`42`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,8 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig {`
`39`	`39`	`predicate isSink(DataFlow::Node sink) { exists(sink.(Sink).getReason()) }`
`40`	`40`
`41`	`41`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`42`	`+`
	`43`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`42`	`44`	`}`
`43`	`45`
`44`	`46`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,8 @@ private module ReDoSConfig implements DataFlow::ConfigSig {`
`33`	`33`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`34`	`34`
`35`	`35`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`36`	`+`
	`37`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`36`	`38`	`}`
`37`	`39`
`38`	`40`	`/**`