Java: ExternallyControlledFormatString

Author: d10c

java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll

@@ -24,8 +24,12 @@ module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig {
     node.getType() instanceof NumericType or node.getType() instanceof BooleanType
   }
 
-  predicate observeDiffInformedIncrementalMode() {
-    any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 22 (/Users/d10c/src/semmle-code/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql@24:8:24:37)
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(StringFormat formatCall | result = formatCall.getFormatArgument().getLocation() |
+      sink.asExpr() = formatCall.getFormatArgument()
+    )
   }
 }