diff --git a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll index be8eea879c50..8c833bb79d60 100644 --- a/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll @@ -23,6 +23,10 @@ module ApkInstallationConfig implements DataFlow::ConfigSig { ) ) } + + predicate observeDiffInformedIncrementalMode() { any() } + + Location getASelectedSourceLocation(DataFlow::Node sink) { none() } } module ApkInstallationFlow = DataFlow::Global; diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll index f623973a6573..c0e04424ec68 100644 --- a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll +++ b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll @@ -49,6 +49,8 @@ module HardcodedCredentialApiCallConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node n) { n.asExpr().(MethodCall).getMethod() instanceof MethodSystemGetenv } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll index 06d7869ce996..e3b5b235a4eb 100644 --- a/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll +++ b/java/ql/lib/semmle/code/java/security/HardcodedCredentialsSourceCallQuery.qll @@ -14,6 +14,8 @@ module HardcodedCredentialSourceCallConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node n) { n.asExpr() instanceof HardcodedExpr } predicate isSink(DataFlow::Node n) { n.asExpr() instanceof FinalCredentialsSourceSink } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll b/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll index 031066d506e0..1e67e3ca59a7 100644 --- a/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll +++ b/java/ql/lib/semmle/code/java/security/HttpsUrlsQuery.qll @@ -19,6 +19,8 @@ module HttpStringToUrlOpenMethodFlowConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll index 9e69308e458e..e2c188d956b8 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll @@ -17,6 +17,8 @@ module BasicAuthFlowConfig implements DataFlow::ConfigSig { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { any(HttpUrlsAdditionalTaintStep c).step(node1, node2) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** diff --git a/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll index a7e76d0e2e31..ea58c08e07ce 100644 --- a/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll +++ b/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll @@ -19,6 +19,8 @@ private module NotificationTrackingConfig implements DataFlow::ConfigSig { } predicate isBarrierIn(DataFlow::Node node) { isSource(node) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** Taint tracking flow for sensitive data flowing to system notifications. */ @@ -75,6 +77,8 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer } predicate isBarrierIn(DataFlow::Node node) { isSource(node) } + + predicate observeDiffInformedIncrementalMode() { any() } } /** A local flow step that also flows through access to fields containing `View`s */ diff --git a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll index 1c9d2809eba7..6fe849c7983e 100644 --- a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll +++ b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccessQuery.qll @@ -15,6 +15,8 @@ module FetchUntrustedResourceConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink } predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof RequestForgerySanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } } /**