github
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/CookieInjectionQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/CookieInjectionQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/HttpHeaderInjectionQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/HttpHeaderInjectionQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll
Lines changed: 14 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll
Lines changed: 14 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/NoSqlInjectionQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/NoSqlInjectionQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll
Lines changed: 2 additions & 0 deletions b/‎python/ql/lib/semmle/python/security/dataflow/PamAuthorizationQuery.qll
Lines changed: 2 additions & 0 deletions
@@ -21,6 +21,8 @@ private module CleartextLoggingConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Global taint-tracking for detecting "Clear-text logging of sensitive information" vulnerabilities. */
 
@@ -21,6 +21,8 @@ private module CleartextStorageConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Global taint-tracking for detecting "Clear-text storage of sensitive information" vulnerabilities. */
 
@@ -17,6 +17,8 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Global taint-tracking for detecting "code injection" vulnerabilities. */
 
@@ -20,6 +20,8 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Global taint-tracking for detecting "command injection" vulnerabilities. */
 
@@ -20,6 +20,8 @@ module CookieInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Global taint-tracking for detecting "cookie injection" vulnerabilities. */
 
@@ -16,6 +16,8 @@ private module HeaderInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node node) { node instanceof HttpHeaderInjection::Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof HttpHeaderInjection::Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Global taint-tracking for detecting "HTTP Header injection" vulnerabilities. */
 
@@ -19,6 +19,13 @@ private module LdapInjectionDnConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof DnSink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof DnSanitizer }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // ql/src/Security/CWE-090/LdapInjection.ql:26: Column 1 does not select a source or sink originating from the flow call on line 21
+    // ql/src/Security/CWE-090/LdapInjection.ql:27: Column 5 does not select a source or sink originating from the flow call on line 21
+    none()
+  }
 }
 
 /** Global taint-tracking for detecting "LDAP injection via the distinguished name (DN) parameter" vulnerabilities. */
@@ -30,6 +37,13 @@ private module LdapInjectionFilterConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof FilterSink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof FilterSanitizer }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // ql/src/Security/CWE-090/LdapInjection.ql:26: Column 1 does not select a source or sink originating from the flow call on line 24
+    // ql/src/Security/CWE-090/LdapInjection.ql:27: Column 5 does not select a source or sink originating from the flow call on line 24
+    none()
+  }
 }
 
 /** Global taint-tracking for detecting "LDAP injection via the filter parameter" vulnerabilities. */
 
@@ -17,6 +17,8 @@ private module LogInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Global taint-tracking for detecting "log injection" vulnerabilities. */
 
@@ -56,6 +56,8 @@ module NoSqlInjectionConfig implements DataFlow::StateConfigSig {
   predicate isBarrier(DataFlow::Node node) {
     node = any(NoSqlSanitizer noSqlSanitizer).getAnInput()
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module NoSqlInjectionFlow = TaintTracking::GlobalWithState<NoSqlInjectionConfig>;
@@ -31,6 +31,8 @@ private module PamAuthorizationConfig implements DataFlow::ConfigSig {
     // Flow from handle to the authenticate call in the final step
     exists(VulnPamAuthCall c | c.getArg(0) = node1 | node2 = c)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Global taint-tracking for detecting "PAM Authorization" vulnerabilities. */
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@ private module CleartextLoggingConfig implements DataFlow::ConfigSig {`
`21`	`21`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`22`	`22`
`23`	`23`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`24`	`+`
	`25`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`24`	`26`	`}`
`25`	`27`
`26`	`28`	`/** Global taint-tracking for detecting "Clear-text logging of sensitive information" vulnerabilities. */`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {`
`17`	`17`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`18`	`18`
`19`	`19`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`20`	`+`
	`21`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`20`	`22`	`}`
`21`	`23`
`22`	`24`	`/** Global taint-tracking for detecting "code injection" vulnerabilities. */`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,8 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {`
`20`	`20`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`21`	`21`
`22`	`22`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`23`	`+`
	`24`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`23`	`25`	`}`
`24`	`26`
`25`	`27`	`/** Global taint-tracking for detecting "command injection" vulnerabilities. */`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,8 @@ module CookieInjectionConfig implements DataFlow::ConfigSig {`
`20`	`20`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`21`	`21`
`22`	`22`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`23`	`+`
	`24`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`23`	`25`	`}`
`24`	`26`
`25`	`27`	`/** Global taint-tracking for detecting "cookie injection" vulnerabilities. */`
Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,8 @@ private module HeaderInjectionConfig implements DataFlow::ConfigSig {`
`16`	`16`	`predicate isSink(DataFlow::Node node) { node instanceof HttpHeaderInjection::Sink }`
`17`	`17`
`18`	`18`	`predicate isBarrier(DataFlow::Node node) { node instanceof HttpHeaderInjection::Sanitizer }`
	`19`	`+`
	`20`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`19`	`21`	`}`
`20`	`22`
`21`	`23`	`/** Global taint-tracking for detecting "HTTP Header injection" vulnerabilities. */`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ private module LogInjectionConfig implements DataFlow::ConfigSig {`
`17`	`17`	`predicate isSink(DataFlow::Node sink) { sink instanceof Sink }`
`18`	`18`
`19`	`19`	`predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }`
	`20`	`+`
	`21`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`20`	`22`	`}`
`21`	`23`
`22`	`24`	`/** Global taint-tracking for detecting "log injection" vulnerabilities. */`
Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,8 @@ module NoSqlInjectionConfig implements DataFlow::StateConfigSig {`
`56`	`56`	`predicate isBarrier(DataFlow::Node node) {`
`57`	`57`	`node = any(NoSqlSanitizer noSqlSanitizer).getAnInput()`
`58`	`58`	`}`
	`59`	`+`
	`60`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`59`	`61`	`}`
`60`	`62`
`61`	`63`	`module NoSqlInjectionFlow = TaintTracking::GlobalWithState<NoSqlInjectionConfig>;`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,8 @@ private module PamAuthorizationConfig implements DataFlow::ConfigSig {`
`31`	`31`	`// Flow from handle to the authenticate call in the final step`
`32`	`32`	`exists(VulnPamAuthCall c \| c.getArg(0) = node1 \| node2 = c)`
`33`	`33`	`}`
	`34`	`+`
	`35`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`34`	`36`	`}`
`35`	`37`
`36`	`38`	`/** Global taint-tracking for detecting "PAM Authorization" vulnerabilities. */`