Rust: patch-generated stubs

Author: d10c

rust/ql/src/queries/security/CWE-020/RegexInjection.ql

@@ -34,6 +34,8 @@ module RegexInjectionConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     any(AdditionalFlowStep s).step(nodeFrom, nodeTo)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

rust/ql/src/queries/security/CWE-022/TaintedPath.ql

@@ -79,6 +79,8 @@ module TaintedPathConfig implements DataFlow::StateConfigSig {
     stateFrom instanceof NotNormalized and
     stateTo instanceof NormalizedUnchecked
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module TaintedPathFlow = TaintTracking::GlobalWithState<TaintedPathConfig>;

rust/ql/src/queries/security/CWE-089/SqlInjection.ql

@@ -26,6 +26,8 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node node) { node instanceof Sink }
 
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module SqlInjectionFlow = TaintTracking::Global<SqlInjectionConfig>;

rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql

@@ -37,6 +37,8 @@ module CleartextTransmissionConfig implements DataFlow::ConfigSig {
     // make sources barriers so that we only report the closest instance
     isSource(node)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module CleartextTransmissionFlow = TaintTracking::Global<CleartextTransmissionConfig>;

rust/ql/src/queries/security/CWE-312/CleartextLogging.ql

@@ -45,6 +45,8 @@ module CleartextLoggingConfig implements DataFlow::ConfigSig {
     isSink(node) and
     c.getAReadContent() instanceof DataFlow::TuplePositionContent
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module CleartextLoggingFlow = TaintTracking::Global<CleartextLoggingConfig>;

rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql

@@ -32,6 +32,8 @@ module UncontrolledAllocationConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module UncontrolledAllocationFlow = TaintTracking::Global<UncontrolledAllocationConfig>;

rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql

@@ -28,6 +28,10 @@ module AccessAfterLifetimeConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node node) { node instanceof AccessAfterLifetime::Sink }
 
   predicate isBarrier(DataFlow::Node barrier) { barrier instanceof AccessAfterLifetime::Barrier }
+
+  predicate observeDiffInformedIncrementalMode() {
+    any() // TODO: Make sure that the location overrides match the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 40 (/Users/d10c/src/semmle-code/ql/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql@52:62:52:67)
+  }
 }
 
 module AccessAfterLifetimeFlow = TaintTracking::Global<AccessAfterLifetimeConfig>;

rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql

@@ -32,6 +32,8 @@ module AccessInvalidPointerConfig implements DataFlow::ConfigSig {
     // make sinks barriers so that we only report the closest instance
     isSink(node)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module AccessInvalidPointerFlow = TaintTracking::Global<AccessInvalidPointerConfig>;