From 71c078dbdd2bb56e38d0b2306faac6d046a4dd4f Mon Sep 17 00:00:00 2001
From: Jonas Jensen <jbj@github.com>
Date: Tue, 11 Feb 2025 13:49:15 +0100
Subject: [PATCH] Java: precise diff-informed NumericCastTainted

It was discovered by the upcoming support for exact locations matching
in diff-informed testing that this data-flow configuration did not
correspond exactly to the query.
---
 .../semmle/code/java/security/NumericCastTaintedQuery.qll  | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll
index 7efa6e03062..bfe22c69e64 100644
--- a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll
@@ -104,6 +104,13 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig {
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 
   predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(NumericNarrowingCastExpr cast |
+      cast.getExpr() = sink.asExpr() and
+      result = cast.getLocation()
+    )
+  }
 }
 
 /**