[DIFF-INFORMED] Go: SSRF

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-918/SSRF.ql#L23

Author: d10c

go/ql/src/experimental/CWE-918/SSRF.qll

@@ -30,6 +30,14 @@ module ServerSideRequestForgery {
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
     predicate isBarrierOut(DataFlow::Node node) { node instanceof SanitizerEdge }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
+
+    Location getASelectedSourceLocation(DataFlow::Node source) { none() }
+
+    Location getASelectedSinkLocation(DataFlow::Node sink) {
+      result = sink.(Sink).getARequest().getLocation()
+    }
   }
 
   /** Tracks taint flow for reasoning about request forgery vulnerabilities. */