From 74b37e71a0b074d71e7751a4114ac7d58ba627b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= <d10c@users.noreply.github.com>
Date: Wed, 16 Jul 2025 15:30:16 +0200
Subject: [PATCH] [DIFF-INFORMED] Java: InsecureCookie

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21
---
 java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll
index e8c3052acdf..eda07658866 100644
--- a/java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll
@@ -35,6 +35,10 @@ module SecureCookieConfig implements DataFlow::ConfigSig {
     sink.asExpr() =
       any(MethodCall add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    none() // only used negatively in InsecureCookie.ql
+  }
 }
 
 /** Data flow to reason about the failure to use secure cookies. */