github · asgerf · Dec 20, 2024
@@ -127,6 +127,12 @@ module LiteralAlgorithmTracerConfig implements DataFlow::ConfigSig {
       c.(DataFlow::FieldContent).getField().getName() in ["nid", "sn", "ln"]
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll:141: Flow call outside 'select' clause
+    none()
+  }
 }
 
 module LiteralAlgorithmTracer = DataFlow::Global<LiteralAlgorithmTracerConfig>;
@@ -535,6 +541,12 @@ module KeyGeneration {
         c.getArgument(sizeInd) = node.asExpr()
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll:557: Flow call outside 'select' clause
+      none()
+    }
   }
 
   module AsymExplicitAlgKeyLengthFlow = DataFlow::Global<AsymExplicitAlgKeyLengthFlowConfig>;
@@ -574,6 +586,12 @@ module KeyGeneration {
         c.getArgument(3) = node.asExpr()
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll:598: Flow call outside 'select' clause
+      none()
+    }
   }
 
   module Length_to_RSA_EVP_PKEY_Q_keygen_Flow =
@@ -622,6 +640,12 @@ module KeyGeneration {
         isKeyGenOperationWithNoSize(c.getTarget()) and c.getAnArgument() = node.asExpr()
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll:689: Flow call outside 'select' clause
+      none()
+    }
   }
 
   module KeyGenKeySizeInitToKeyGenFlow = DataFlow::Global<KeyGenKeySizeInitToKeyGenConfig>;
@@ -656,6 +680,12 @@ module KeyGeneration {
     predicate isSource(DataFlow::Node source) { isEVP_PKEY_CTX_Source(source, _) }
 
     predicate isSink(DataFlow::Node sink) { isKeyGen_EVP_PKEY_CTX_Sink(sink, _) }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll:706: Flow call outside 'select' clause
+      none()
+    }
   }
 
   module EVP_PKEY_CTX_Ptr_Source_to_KeyGenOperationWithNoSize_Flow =

@@ -42,6 +42,8 @@ module PrivateCleartextWrite {
     predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   module WriteFlow = TaintTracking::Global<WriteConfig>;

@@ -756,6 +756,12 @@ private module FieldFlow {
       or
       node.asExpr().getParent() instanceof ThrowExpr
     }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll:764: Flow call outside 'select' clause
+      none()
+    }
   }
 
   private module Flow = DataFlow::Global<FieldConfig>;

@@ -387,6 +387,13 @@ module ProductFlow {
       predicate isBarrierIn(DataFlow::Node node) { Config::isBarrierIn1(node) }
 
       int fieldFlowBranchLimit() { result = Config::fieldFlowBranchLimit1() }
+
+      predicate observeDiffInformedIncrementalMode() {
+        // TODO(diff-informed): Manually verify if config can be diff-informed.
+        // cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll:400: Flow call outside 'select' clause
+        // cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll:407: Flow call outside 'select' clause
+        none()
+      }
     }
 
     private module Flow1 = DataFlow::GlobalWithState<Config1>;

@@ -142,6 +142,14 @@
     }
 
     predicate isSink(DataFlow::Node sink) { isSink(_, sink, _, _, _) }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll:151: Flow call outside 'select' clause
+      // cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll:162: Flow call outside 'select' clause
+      // cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll:211: Flow call outside 'select' clause
+      none()
+    }
   }
 
   module SizeBarrierFlow = DataFlow::Global<SizeBarrierConfig>;
@@ -330,6 +338,12 @@
   predicate isBarrierOut2(DataFlow::Node node) {
     node = any(DataFlow::SsaPhiNode phi).getAnInput(true)
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll:377: Flow call outside 'select' clause
+    none()
+  }
 }
 
 private module AllocToInvalidPointerFlow = ProductFlow::GlobalWithState<Config>;

@@ -110,6 +110,12 @@ private module InvalidPointerToDerefBarrier {
     predicate isSink(DataFlow::Node sink) { isSink(_, sink, _, _, _) }
 
     int fieldFlowBranchLimit() { result = invalidPointerToDereferenceFieldFlowBranchLimit() }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll:129: Flow call outside 'select' clause
+      none()
+    }
   }
 
   private module BarrierFlow = DataFlow::Global<BarrierConfig>;

@@ -503,6 +503,12 @@ module BoostorgAsio {
         not sink.getLocation().getFile().toString().matches("%/boost/asio/%")
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql:48: Flow call outside 'select' clause
+      none()
+    }
   }
 
   module SslOptionFlow = DataFlow::Global<SslOptionConfig>;

@@ -60,6 +60,12 @@ module UninitializedToScanfConfig implements ConfigSig {
   FlowFeature getAFeature() { result instanceof FeatureEqualSourceSinkCallContext }
 
   int accessPathLimit() { result = 0 }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Critical/MissingCheckScanf.ql:72: Flow call outside 'select' clause
+    none()
+  }
 }
 
 module UninitializedToScanfFlow = Global<UninitializedToScanfConfig>;
@@ -111,6 +117,12 @@ module ScanfToUseConfig implements ConfigSig {
     // modified, and thus it's safe to later read the value.
     exists(n.asIndirectArgument())
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Critical/MissingCheckScanf.ql:127: Flow call outside 'select' clause
+    none()
+  }
 }
 
 module ScanfToUseFlow = Global<ScanfToUseConfig>;

@@ -82,6 +82,8 @@ module OverflowDestinationConfig implements DataFlow::ConfigSig {
       nodeIsBarrierEqualityCandidate(node, access, checkedVar)
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module OverflowDestination = TaintTracking::Global<OverflowDestinationConfig>;

@@ -44,6 +44,8 @@ module CastToPointerArithFlowConfig implements DataFlow::StateConfigSig {
     ) and
     getFullyConvertedType(node) = state
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

@@ -168,6 +168,8 @@ module NonConstFlowConfig implements DataFlow::ConfigSig {
       cannotContainString(t)
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module NonConstFlow = TaintTracking::Global<NonConstFlowConfig>;

@@ -215,6 +215,17 @@ private module LeapYearCheckConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     exists(ChecksForLeapYearFunctionCall fc | sink.asExpr() = fc.getAnArgument())
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql:57: Column 1 does not select a source or sink originating from the flow call on line 34
+    // cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql:57: Column 1 does not select a source or sink originating from the flow call on line 41
+    // cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql:59: Column 3 does not select a source or sink originating from the flow call on line 34
+    // cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql:59: Column 3 does not select a source or sink originating from the flow call on line 41
+    // cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql:59: Column 5 does not select a source or sink originating from the flow call on line 34
+    // cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql:59: Column 5 does not select a source or sink originating from the flow call on line 41
+    none()
+  }
 }
 
 module LeapYearCheckFlow = DataFlow::Global<LeapYearCheckConfig>;
@@ -285,6 +296,13 @@ private module PossibleYearArithmeticOperationCheckConfig implements DataFlow::C
       aexpr.getLValue() = fa
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql:21: Column 1 does not select a source or sink originating from the flow call on line 19
+    // cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql:23: Column 3 does not select a source or sink originating from the flow call on line 19
+    none()
+  }
 }
 
 module PossibleYearArithmeticOperationCheckFlow =

@@ -141,6 +141,8 @@ private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig {
       gc.controls(node.asExpr().getBasicBlock(), _)
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module NetworkToBufferSizeFlow = DataFlow::Global<NetworkToBufferSizeConfig>;
@@ -28,6 +28,12 @@ module ExistsAnyFlowConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { isSourceImpl(source, _) }
 
   predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql:43: Flow call outside 'select' clause
+    none()
+  }
 }
 
 module ExistsAnyFlow = DataFlow::Global<ExistsAnyFlowConfig>;

@@ -51,6 +51,13 @@ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
   }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll:13: Flow call outside 'select' clause
+    // cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll:16: Flow call outside 'select' clause
+    none()
+  }
 }
 
 module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExternalApiConfig>;
@@ -46,6 +46,13 @@ private module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll:13: Flow call outside 'select' clause
+    // cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll:16: Flow call outside 'select' clause
+    none()
+  }
 }
 
 module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExternalApiConfig>;
@@ -93,6 +93,8 @@ module TaintedPathConfig implements DataFlow::ConfigSig {
     // make sinks barriers so that we only report the closest instance
     isSink(node)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module TaintedPath = TaintTracking::Global<TaintedPathConfig>;

@@ -106,6 +106,12 @@ module ExecStateConfig implements DataFlow::ConfigSig {
   predicate isBarrierOut(DataFlow::Node node) {
     isSink(node) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql:78: Flow call outside 'select' clause
+    none()
+  }
 }
 
 module ExecState = TaintTracking::Global<ExecStateConfig>;
@@ -136,6 +142,8 @@ module ExecTaintConfig implements DataFlow::StateConfigSig {
   predicate isBarrierOut(DataFlow::Node node) {
     isSink(node, _) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module ExecTaint = TaintTracking::GlobalWithState<ExecTaintConfig>;

@@ -39,6 +39,8 @@ module Config implements DataFlow::ConfigSig {
     or
     node.asInstruction().(StoreInstruction).getResultType() instanceof ArithmeticType
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module Flow = TaintTracking::Global<Config>;

@@ -51,6 +51,8 @@ module SqlTaintedConfig implements DataFlow::ConfigSig {
       sql.barrierSqlArgument(input, _)
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module SqlTainted = TaintTracking::Global<SqlTaintedConfig>;

@@ -39,6 +39,8 @@ module Config implements DataFlow::ConfigSig {
     or
     node.asInstruction().(StoreInstruction).getResultType() instanceof ArithmeticType
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module Flow = TaintTracking::Global<Config>;

@@ -225,6 +225,12 @@
       state1 = state2 + delta
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql:251: Flow call outside 'select' clause
+    none()
+  }
 }
 
 module StringSizeFlow = ProductFlow::GlobalWithState<StringSizeConfig>;

@@ -93,6 +93,8 @@ module Config implements DataFlow::ConfigSig {
     // Block flow if the node is guarded by any <, <= or = operations.
     node = DataFlow::BarrierGuard<lessThanOrEqual/3>::getABarrierNode()
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module Flow = TaintTracking::Global<Config>;

@@ -66,6 +66,8 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
       not offsetIsAlwaysInBounds(arrayExpr, offsetExpr)
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module ImproperArrayIndexValidation = TaintTracking::Global<ImproperArrayIndexValidationConfig>;

@@ -44,6 +44,8 @@ module Config implements DataFlow::ConfigSig {
     or
     isArithmeticNonCharType(node.asInstruction().(StoreInstruction).getResultType())
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module Flow = TaintTracking::Global<Config>;
-Original file line number
+Diff line change
@@ Expand Up @@
           nodeIsBarrierEqualityCandidate(node, access, checkedVar)
         )
       }
+      predicate observeDiffInformedIncrementalMode() { any() }
     }
     module OverflowDestination = TaintTracking::Global<OverflowDestinationConfig>;
@@ Expand Down @@