Python: enable diff-informedness for poly redos using approximate related locations

Author: asgerf

python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll

@@ -18,21 +18,13 @@ private module PolynomialReDoSConfig implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
-  // Diff-informed incremental mode is currently disabled for this query due to
-  // API limitations. The query exposes sink.getABacktrackingTerm() as an alert
-  // location, but there is no way to express that information through
-  // getASelectedSinkLocation() because there is no @location in the CodeQL
-  // database that corresponds to a term inside a regular expression. As a
-  // result, this query could miss alerts in diff-informed incremental mode.
-  //
-  // To address this problem, we need to have a version of
-  // getASelectedSinkLocation() that uses hasLocationInfo() instead of
-  // returning Location objects.
-  predicate observeDiffInformedIncrementalMode() { none() }
+  predicate observeDiffInformedIncrementalMode() { any() }
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
     result = sink.(Sink).getHighlight().getLocation()
-    or
+  }
+
+  Location getASelectedSinkLocationApprox(DataFlow::Node sink) {
     result = sink.(Sink).getABacktrackingTerm().getLocation()
   }
 }