Java: Diff-informed TaintedPermissionsCheck.ql

2026-04-18 05:24:01 +02:00 · 2024-10-07 15:35:40 +02:00
parent 011d667f06
commit e799bff744
1 changed files with 9 additions and 0 deletions
--- a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll
@@ -59,6 +59,15 @@ module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) {
    sink.asExpr() = any(PermissionsConstruction p).getInput()
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(PermissionsConstruction p |
+      sink.asExpr() = p.getInput() and
+      result = p.getLocation()
+    )
+  }
 }

 /** Tracks flow from user input to a permissions check. */