diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll index f92bb0d2f44a..ee345780654d 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll @@ -39,6 +39,15 @@ private module ConditionalBypassConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof Sink } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } + + Location getASelectedSinkLocation(DataFlow::Node sink) { + result = sink.getLocation() + or + // from ConditionalBypass.ql + result = sink.(Sink).getSensitiveMethodCall().getLocation() + } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll index f1a64f6810b8..419296fcc233 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll @@ -78,6 +78,8 @@ private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } + + predicate observeDiffInformedIncrementalMode() { any() } } /** A module for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */ diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll index 5d9d18dcbac6..27f6ab6935f7 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll @@ -59,6 +59,10 @@ private module TaintToObjectMethodTrackingConfig implements DataFlow::ConfigSig predicate isSink(DataFlow::Node sink) { sink instanceof InstanceMethodSink } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate observeDiffInformedIncrementalMode() { + any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -77,6 +81,10 @@ private module JsonConvertTrackingConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate observeDiffInformedIncrementalMode() { + any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -133,6 +141,10 @@ private module TypeNameTrackingConfig implements DataFlow::ConfigSig { ) ) } + + predicate observeDiffInformedIncrementalMode() { + none() // Only used as secondary config in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -149,6 +161,10 @@ private module TaintToConstructorOrStaticMethodTrackingConfig implements DataFlo predicate isSink(DataFlow::Node sink) { sink instanceof ConstructorOrStaticMethodSink } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate observeDiffInformedIncrementalMode() { + any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -186,6 +202,10 @@ private module TaintToObjectTypeTrackingConfig implements DataFlow::ConfigSig { oc.getObjectType() instanceof StrongTypeDeserializer ) } + + predicate observeDiffInformedIncrementalMode() { + none() // only used as secondary config in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -210,6 +230,10 @@ private module WeakTypeCreationToUsageTrackingConfig implements DataFlow::Config sink.asExpr() = mc.getQualifier() ) } + + predicate observeDiffInformedIncrementalMode() { + none() // only used as secondary config in UnsafeDeserializationUntrustedInput.ql + } } /** diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql index 9f70760ba602..8fcef4d4744f 100644 --- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql +++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql @@ -24,6 +24,8 @@ module NotThreadSafeCryptoUsageIntoParallelInvokeConfig implements DataFlow::Con } predicate isSink(DataFlow::Node sink) { sink instanceof ParallelSink } + + predicate observeDiffInformedIncrementalMode() { any() } } module NotThreadSafeCryptoUsageIntoParallelInvoke = diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql index 32508fa9d3fb..1e33ed6a1fde 100644 --- a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql +++ b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql @@ -38,6 +38,12 @@ module ConnectionStringConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { node instanceof StringFormatSanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } + + Location getASelectedSinkLocation(DataFlow::Node sink) { + any(Call call | call.getAnArgument() = sink.asExpr()).getLocation() = result + } } /**