[DIFF-INFORMED] Go: RequestForgery, SafeUrlFlow

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-918/RequestForgery.ql#L21
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql#L24

Author: d10c

go/ql/lib/semmle/go/security/RequestForgery.qll

@@ -31,6 +31,14 @@ module RequestForgery {
         w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
+
+    Location getASelectedSinkLocation(DataFlow::Node sink) {
+      result = sink.getLocation()
+      or
+      result = sink.(Sink).getARequest().getLocation()
+    }
   }
 
   /** Tracks taint flow from untrusted data to request forgery attack vectors. */

go/ql/lib/semmle/go/security/SafeUrlFlow.qll

@@ -36,6 +36,10 @@ module SafeUrlFlow {
       or
       node instanceof SanitizerEdge
     }
+
+    predicate observeDiffInformedIncrementalMode() {
+      none() // only used as secondary configuration
+    }
   }
 
   /** Tracks taint flow for reasoning about safe URLs. */