github
diff --git a/‎java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
Lines changed: 2 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll
Lines changed: 16 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll
Lines changed: 16 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/ArithmeticUncontrolledQuery.qll
Lines changed: 16 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/ArithmeticUncontrolledQuery.qll
Lines changed: 16 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll
Lines changed: 9 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll
Lines changed: 9 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/ExternalAPIs.qll
Lines changed: 4 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/ExternalAPIs.qll
Lines changed: 4 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionCodeSpecifiedQuery.qll
Lines changed: 9 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionCodeSpecifiedQuery.qll
Lines changed: 9 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll
Lines changed: 9 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll
Lines changed: 9 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexCodeSpecifiedQuery.qll
Lines changed: 2 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexCodeSpecifiedQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll
Lines changed: 2 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll
Lines changed: 4 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/InsecureCookieQuery.qll
Lines changed: 4 additions & 0 deletions
@@ -149,6 +149,8 @@ module SensitiveCommunicationConfig implements DataFlow::ConfigSig {
   predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
     isSink(node) and exists(c)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
 
@@ -13,6 +13,14 @@ module ArithmeticOverflowConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node n) { overflowBarrier(n) }
 
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+
+  predicate observeDiffInformedIncrementalMode() {
+    any() // merged with ArithmeticUnderflow in ArithmeticTainted.ql
+  }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(ArithExpr exp | result = exp.getLocation() | overflowSink(exp, sink.asExpr()))
+  }
 }
 
 /**
@@ -29,6 +37,14 @@ module ArithmeticUnderflowConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) }
 
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+
+  predicate observeDiffInformedIncrementalMode() {
+    any() // merged with ArithmeticOverflow in ArithmeticTainted.ql
+  }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(ArithExpr exp | result = exp.getLocation() | underflowSink(exp, sink.asExpr()))
+  }
 }
 
 /**
 
@@ -19,6 +19,14 @@ module ArithmeticUncontrolledOverflowConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) }
 
   predicate isBarrier(DataFlow::Node n) { overflowBarrier(n) }
+
+  predicate observeDiffInformedIncrementalMode() {
+    any() // merged with ArithmeticUncontrolledUnderflow in ArithmeticUncontrolled.ql
+  }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(ArithExpr exp | result = exp.getLocation() | overflowSink(exp, sink.asExpr()))
+  }
 }
 
 /** Taint-tracking flow to reason about overflow from arithmetic with uncontrolled values. */
@@ -32,6 +40,14 @@ module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) }
 
   predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) }
+
+  predicate observeDiffInformedIncrementalMode() {
+    any() // merged with ArithmeticUncontrolledOverflow in ArithmeticUncontrolled.ql
+  }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(ArithExpr exp | result = exp.getLocation() | underflowSink(exp, sink.asExpr()))
+  }
 }
 
 /** Taint-tracking flow to reason about underflow from arithmetic with uncontrolled values. */
 
@@ -47,6 +47,15 @@ module ConditionalBypassFlowConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     endsWithStep(node1, node2)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(MethodCall m, Expr e | result = [m, e].getLocation() |
+      conditionControlsMethod(m, e) and
+      sink.asExpr() = e
+    )
+  }
 }
 
 /**
 
@@ -101,6 +101,10 @@ module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
+
+  predicate observeDiffInformedIncrementalMode() {
+    any() // Simple use in UntrustedDataToExternalAPI.ql; also used through ExternalApiUsedWithUntrustedData in ExternalAPIsUsedWithUntrustedData.ql
+  }
 }
 
 /**
 
@@ -17,6 +17,15 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(ArrayCreationExpr arrayCreation, CheckableArrayAccess arrayAccess |
+      result = [arrayCreation, arrayAccess.getIndexExpr()].getLocation() and
+      arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), arrayCreation)
+    )
+  }
 }
 
 /**
 
@@ -14,6 +14,15 @@ module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSi
   predicate isSink(DataFlow::Node sink) {
     any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(ArrayCreationExpr arrayCreation, CheckableArrayAccess arrayAccess |
+      result = [arrayCreation, arrayAccess.getIndexExpr()].getLocation() and
+      arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), arrayCreation)
+    )
+  }
 }
 
 /**
 
@@ -14,6 +14,8 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     exists(CheckableArrayAccess arrayAccess | arrayAccess.canThrowOutOfBounds(sink.asExpr()))
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
 
@@ -18,6 +18,8 @@ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { node.getType() instanceof BooleanType }
 
   predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**
 
@@ -35,6 +35,10 @@ module SecureCookieConfig implements DataFlow::ConfigSig {
     sink.asExpr() =
       any(MethodCall add | add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)
   }
+
+  predicate observeDiffInformedIncrementalMode() {
+    none() // only used negatively in InsecureCookie.ql
+  }
 }
 
 /** Data flow to reason about the failure to use secure cookies. */
Original file line number	Diff line number	Diff line change
`@@ -149,6 +149,8 @@ module SensitiveCommunicationConfig implements DataFlow::ConfigSig {`
`149`	`149`	`predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {`
`150`	`150`	`isSink(node) and exists(c)`
`151`	`151`	`}`
	`152`	`+`
	`153`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`152`	`154`	`}`
`153`	`155`
`154`	`156`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,10 @@ module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {`
`101`	`101`	`predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }`
`102`	`102`
`103`	`103`	`predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }`
	`104`	`+`
	`105`	`+ predicate observeDiffInformedIncrementalMode() {`
	`106`	`+ any() // Simple use in UntrustedDataToExternalAPI.ql; also used through ExternalApiUsedWithUntrustedData in ExternalAPIsUsedWithUntrustedData.ql`
	`107`	`+ }`
`104`	`108`	`}`
`105`	`109`
`106`	`110`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@ module BoundedFlowSourceConfig implements DataFlow::ConfigSig {`
`14`	`14`	`predicate isSink(DataFlow::Node sink) {`
`15`	`15`	`exists(CheckableArrayAccess arrayAccess \| arrayAccess.canThrowOutOfBounds(sink.asExpr()))`
`16`	`16`	`}`
	`17`	`+`
	`18`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`17`	`19`	`}`
`18`	`20`
`19`	`21`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,8 @@ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig {`
`18`	`18`	`predicate isBarrier(DataFlow::Node node) { node.getType() instanceof BooleanType }`
`19`	`19`
`20`	`20`	`predicate isBarrierIn(DataFlow::Node node) { isSource(node) }`
	`21`	`+`
	`22`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`21`	`23`	`}`
`22`	`24`
`23`	`25`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,10 @@ module SecureCookieConfig implements DataFlow::ConfigSig {`
`35`	`35`	`sink.asExpr() =`
`36`	`36`	`any(MethodCall add \| add.getMethod() instanceof ResponseAddCookieMethod).getArgument(0)`
`37`	`37`	`}`
	`38`	`+`
	`39`	`+ predicate observeDiffInformedIncrementalMode() {`
	`40`	`+ none() // only used negatively in InsecureCookie.ql`
	`41`	`+ }`
`38`	`42`	`}`
`39`	`43`
`40`	`44`	`/** Data flow to reason about the failure to use secure cookies. */`