Ruby: mass enable diff-informed data flow

ruby/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql

@@ -57,6 +57,8 @@ module BombsConfig implements DataFlow::ConfigSig {
       nodeTo = cn
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module Bombs = TaintTracking::Global<BombsConfig>;

ruby/ql/src/experimental/decompression-api/DecompressionApi.ql

@@ -39,6 +39,8 @@ private module DecompressionApiConfig implements DataFlow::ConfigSig {
 
   // our Decompression APIs defined above will be the sinks we use for this query
   predicate isSink(DataFlow::Node sink) { sink instanceof DecompressionApiUse }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 private module DecompressionApiFlow = TaintTracking::Global<DecompressionApiConfig>;

ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql

@@ -86,6 +86,8 @@ private module HttpVerbConfig implements DataFlow::ConfigSig {
     exists(ExprNodes::ConditionalExprCfgNode c | c.getCondition() = sink.asExpr()) or
     exists(ExprNodes::CaseExprCfgNode c | c.getValue() = sink.asExpr())
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 private module HttpVerbFlow = TaintTracking::Global<HttpVerbConfig>;

ruby/ql/src/experimental/weak-params/WeakParams.ql

@@ -46,6 +46,8 @@ private module WeakParamsConfig implements DataFlow::ConfigSig {
 
   // the sink is an instance of a Model class that receives a method call
   predicate isSink(DataFlow::Node node) { node = any(PersistentWriteAccess a).getValue() }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 private module WeakParamsFlow = TaintTracking::Global<WeakParamsConfig>;

ruby/ql/src/queries/meta/TaintedNodes.ql

@@ -19,6 +19,8 @@ private module BasicTaintConfig implements DataFlow::ConfigSig {
     // To reduce noise from synthetic nodes, only count nodes that have an associated expression.
     exists(node.asExpr().getExpr())
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 private module BasicTaintFlow = TaintTracking::Global<BasicTaintConfig>;

ruby/ql/src/queries/security/cwe-611/Xxe.ql

@@ -31,6 +31,8 @@ private module XxeConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 private module XxeFlow = TaintTracking::Global<XxeConfig>;

ruby/ql/src/queries/security/cwe-732/WeakFilePermissions.ql

@@ -54,6 +54,8 @@ private module PermissivePermissionsConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     exists(FileSystemPermissionModification mod | mod.getAPermissionNode() = sink)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 private module PermissivePermissionsFlow = DataFlow::Global<PermissivePermissionsConfig>;

ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql

@@ -147,6 +147,8 @@ private module HardcodedCredentialsConfig implements DataFlow::ConfigSig {
       binop.getExpr() instanceof AddExpr
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 private module HardcodedCredentialsFlow = DataFlow::Global<HardcodedCredentialsConfig>;