[DIFF-INFORMED] Java: ConditionalBypass

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26
2026-03-01 13:23:49 +01:00 · 2025-07-16 15:04:11 +02:00
parent 0bcdb421ed
commit 0cf1195678
1 changed files with 9 additions and 0 deletions
--- a/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll
@@ -47,6 +47,15 @@ module ConditionalBypassFlowConfig implements DataFlow::ConfigSig {
  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
    endsWithStep(node1, node2)
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(MethodCall m, Expr e | result = [m, e].getLocation() |
+      conditionControlsMethod(m, e) and
+      sink.asExpr() = e
+    )
+  }
 }

 /**