diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll index b179a4f92e0..0943fe8feaf 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll @@ -18,6 +18,8 @@ module IntentRedirectionConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(IntentRedirectionAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks the flow of tainted Intents being used to start Android components. */ diff --git a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll index 606e31a07cb..4c8639010e2 100644 --- a/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll @@ -23,6 +23,8 @@ module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node.getType() instanceof NumericType or node.getType() instanceof BooleanType } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll index f625807470d..b2ab5464e23 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll @@ -17,6 +17,8 @@ module FragmentInjectionTaintConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { any(FragmentInjectionAdditionalTaintStep c).step(n1, n2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll index 3af836cac97..8151755f69f 100644 --- a/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll @@ -17,6 +17,8 @@ module GroovyInjectionConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node fromNode, DataFlow::Node toNode) { any(GroovyInjectionAdditionalTaintStep c).step(fromNode, toNode) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll index 0a8e0686549..a57f643d817 100644 --- a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll @@ -48,6 +48,8 @@ module ImplicitPendingIntentStartConfig implements DataFlow::StateConfigSig { node.getType().(Array).getElementType() instanceof TypeIntent and c instanceof DataFlow::ArrayContent } + + predicate observeDiffInformedIncrementalMode() { any() } } module ImplicitPendingIntentStartFlow = diff --git a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll index 1ad0677ca61..be42e09a1cc 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll @@ -49,6 +49,8 @@ module BeanValidationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow from user input to the argument of a method that builds constraint error messages. */ diff --git a/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll index 498a9401071..94d80b9b37b 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll @@ -22,6 +22,8 @@ module InsecureLdapUrlConfig implements DataFlow::ConfigSig { succ.asExpr() = ma.getQualifier() ) } + + predicate observeDiffInformedIncrementalMode() { any() } } module InsecureLdapUrlFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/InsecureRandomnessQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureRandomnessQuery.qll index 423046b6746..77da25d3586 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureRandomnessQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureRandomnessQuery.qll @@ -96,6 +96,8 @@ module InsecureRandomnessConfig implements DataFlow::ConfigSig { n2.asExpr() = c ) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll b/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll index e08cd50cdb3..876b2efd840 100644 --- a/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll @@ -16,6 +16,8 @@ module KeySizeConfig implements DataFlow::StateConfigSig { predicate isSink(DataFlow::Node sink, KeySizeState state) { sink.(InsufficientKeySizeSink).hasState(state) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks key sizes used in cryptographic algorithms. */ diff --git a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll index 740ce24bf62..855694b299b 100644 --- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll @@ -23,6 +23,8 @@ module IntentUriPermissionManipulationConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(IntentUriPermissionManipulationAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll index de49560e779..bf87df361b3 100644 --- a/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll @@ -51,6 +51,8 @@ module JexlInjectionConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(JexlInjectionAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll index 3c1f4b8e68e..167d56732cd 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll @@ -23,6 +23,8 @@ module JndiInjectionFlowConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(JndiInjectionAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow of unvalidated user input that is used in JNDI lookup */ diff --git a/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll index 5c055c00516..b6daea4b473 100644 --- a/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll @@ -17,6 +17,8 @@ module LdapInjectionFlowConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { any(LdapInjectionAdditionalTaintStep a).step(pred, succ) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow from remote sources to LDAP injection vulnerabilities. */ diff --git a/java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll b/java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll index eaa4c6320c1..4f1f614dbc4 100644 --- a/java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll +++ b/java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll @@ -16,6 +16,8 @@ module MissingJwtSignatureCheckConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(JwtParserWithInsecureParseAdditionalFlowStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } module MissingJwtSignatureCheckFlow = DataFlow::Global; diff --git a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll index 4bf81804f82..da5bcb6931b 100644 --- a/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll @@ -19,6 +19,8 @@ module MvelInjectionFlowConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(MvelInjectionAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow of unsafe user input that is used to construct and evaluate a MVEL expression. */ diff --git a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll index b6bd505c38b..2dd3cf89add 100644 --- a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll +++ b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll @@ -102,6 +102,8 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig { } predicate isBarrierIn(DataFlow::Node node) { isSource(node) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll index 3acf18c453c..a25b257574b 100644 --- a/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll @@ -18,6 +18,8 @@ module OgnlInjectionFlowConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(OgnlInjectionAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow of unvalidated user input that is used in OGNL EL evaluation. */ diff --git a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll index c4c3e6b093c..e4d2d60b92e 100644 --- a/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll +++ b/java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll @@ -17,6 +17,8 @@ module PartialPathTraversalFromRemoteConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node node) { any(PartialPathTraversalMethodCall ma).getQualifier() = node.asExpr() } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow of unsafe user input that is used to validate against path traversal, but is insufficient and remains vulnerable to Partial Path Traversal. */ diff --git a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll index e8415cc1978..f929e97a8ff 100644 --- a/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll +++ b/java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll @@ -28,6 +28,8 @@ module RequestForgeryConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof RequestForgerySanitizer } predicate isBarrierIn(DataFlow::Node node) { isSource(node) } + + predicate observeDiffInformedIncrementalMode() { any() } } module RequestForgeryFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll index 40e1ec1b4db..7c43d32a407 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll @@ -31,6 +31,8 @@ module ResponseSplittingConfig implements DataFlow::ConfigSig { ) ) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll index 66e4a0537d2..8fed05f2186 100644 --- a/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll +++ b/java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll @@ -20,6 +20,8 @@ module RsaWithoutOaepConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { exists(CryptoAlgoSpec cr | sink.asExpr() = cr.getAlgoSpec()) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Flow for finding RSA ciphers initialized without using OAEP padding. */ diff --git a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll index 848aae8da30..55e8eb94f83 100644 --- a/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll @@ -18,6 +18,8 @@ module SpelInjectionConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(SpelExpressionInjectionAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow of unsafe user input that is used to construct and evaluate a SpEL expression. */ diff --git a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll index 9ba848d1e0d..282133ec5c6 100644 --- a/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll +++ b/java/ql/lib/semmle/code/java/security/StaticInitializationVectorQuery.qll @@ -126,6 +126,8 @@ module StaticInitializationVectorConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof StaticInitializationVectorSource } predicate isSink(DataFlow::Node sink) { sink instanceof EncryptionInitializationSink } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks the flow from a static initialization vector to the initialization of a cipher */ diff --git a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll index c396b48a7b8..6be7b4dc83f 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll @@ -72,6 +72,8 @@ module TaintedPathConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { any(TaintedPathAdditionalTaintStep s).step(n1, n2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow from remote sources to the creation of a path. */ diff --git a/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll index a9595b0f6f1..536c8f33daf 100644 --- a/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll @@ -16,6 +16,8 @@ module TemplateInjectionFlowConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(TemplateInjectionAdditionalTaintStep a).isAdditionalTaintStep(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks server-side template injection (SST) vulnerabilities */ diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll index db629143d5c..8c214d59b9e 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolutionQuery.qll @@ -20,6 +20,8 @@ module UnsafeContentResolutionConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(ContentUriResolutionAdditionalTaintStep s).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Taint-tracking flow to find paths from remote sources to content URI resolutions. */ diff --git a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll index 739b2713780..de9a920446d 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll @@ -325,6 +325,8 @@ private module UnsafeDeserializationConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { isUnsafeDeserializationSanitizer(node) } + + predicate observeDiffInformedIncrementalMode() { any() } } module UnsafeDeserializationFlow = TaintTracking::Global; diff --git a/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll b/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll index 2ca38d69551..48c8e50bfaf 100644 --- a/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UrlForwardQuery.qll @@ -195,6 +195,8 @@ module UrlForwardFlowConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof UrlForwardBarrier } DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll b/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll index 675937985c4..fff546fc503 100644 --- a/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UrlRedirectQuery.qll @@ -13,6 +13,8 @@ module UrlRedirectConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink } predicate isBarrier(DataFlow::Node node) { node instanceof UrlRedirectSanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll b/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll index 8e5b177268d..90e47521bf0 100644 --- a/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll +++ b/java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll @@ -44,6 +44,8 @@ module WebviewDebugEnabledConfig implements DataFlow::ConfigSig { or node.getEnclosingCallable().getDeclaringType() instanceof NonSecurityTestClass } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll index 38dc1ff993c..6c541f66940 100644 --- a/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll @@ -12,6 +12,8 @@ module XPathInjectionConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll index d437ca860d5..304ec3327a1 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjectionQuery.qll @@ -20,6 +20,8 @@ module XsltInjectionFlowConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(XsltInjectionAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/XssQuery.qll b/java/ql/lib/semmle/code/java/security/XssQuery.qll index 6fec86a78dd..dba80ecc139 100644 --- a/java/ql/lib/semmle/code/java/security/XssQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XssQuery.qll @@ -20,6 +20,8 @@ module XssConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(XssAdditionalTaintStep s).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow from remote sources to cross site scripting vulnerabilities. */ diff --git a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll index 58b1e5bfed1..da092d2e11f 100644 --- a/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll +++ b/java/ql/lib/semmle/code/java/security/XxeRemoteQuery.qll @@ -18,6 +18,8 @@ module XxeConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { any(XxeAdditionalTaintStep s).step(n1, n2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll index 0055670d895..9e2e5e4a6c7 100644 --- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll @@ -43,6 +43,8 @@ module ZipSlipConfig implements DataFlow::ConfigSig { node instanceof SimpleTypeSanitizer or node instanceof PathInjectionSanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Tracks flow from archive entries to file creation. */ diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll index 88710061819..81246814dc2 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjectionQuery.qll @@ -14,6 +14,8 @@ module RegexInjectionConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink } predicate isBarrier(DataFlow::Node node) { node instanceof RegexInjectionSanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } } /**