Java: Diff-informed CommandLineQuery

jbj · jbj · commit 2561cec80c2d · 2024-12-20T11:22:56.000+01:00
diff --git a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
@@ -58,6 +58,13 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
     any(CommandInjectionAdditionalTaintStep s).step(n1, n2)
   }
+
+  // It's valid to use diff-informed data flow for this configuration because
+  // the location of the selected element in the query is contained inside the
+  // location of the sink. The query, as a predicate, is used negated in
+  // another query, but that's only to prevent overlapping results between two
+  // queries.
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,13 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {`
`58`	`58`	`predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {`
`59`	`59`	`any(CommandInjectionAdditionalTaintStep s).step(n1, n2)`
`60`	`60`	`}`
	`61`	`+`
	`62`	`+ // It's valid to use diff-informed data flow for this configuration because`
	`63`	`+ // the location of the selected element in the query is contained inside the`
	`64`	`+ // location of the sink. The query, as a predicate, is used negated in`
	`65`	`+ // another query, but that's only to prevent overlapping results between two`
	`66`	`+ // queries.`
	`67`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
`61`	`68`	`}`
`62`	`69`
`63`	`70`	`/**`