From 0cf1195678226bdb502834ef2e5907aeba1434b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= <d10c@users.noreply.github.com>
Date: Wed, 16 Jul 2025 15:04:11 +0200
Subject: [PATCH] [DIFF-INFORMED] Java: ConditionalBypass

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
---
 .../semmle/code/java/security/ConditionalBypassQuery.qll | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll
index 03ba8d46197..31457036937 100644
--- a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll
@@ -47,6 +47,15 @@ module ConditionalBypassFlowConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     endsWithStep(node1, node2)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(MethodCall m, Expr e | result = [m, e].getLocation() |
+      conditionControlsMethod(m, e) and
+      sink.asExpr() = e
+    )
+  }
 }
 
 /**