Go: mass enable diff-informed data flow

Author: asgerf

go/ql/lib/semmle/go/StringOps.qll

@@ -231,6 +231,12 @@ module StringOps {
           call.getTarget().hasQualifiedName("strings", "Replacer", ["Replace", "WriteString"])
         )
       }
+
+      predicate observeDiffInformedIncrementalMode() {
+        // TODO(diff-informed): Manually verify if config can be diff-informed.
+        // go/ql/lib/semmle/go/StringOps.qll:250: Flow call outside 'select' clause
+        none()
+      }
     }
 
     /**

go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll

@@ -19,6 +19,12 @@ module AllocationSizeOverflow {
     predicate isSink(DataFlow::Node nd) { nd = Builtin::len().getACall().getArgument(0) }
 
     predicate isBarrier(DataFlow::Node nd) { nd instanceof Sanitizer }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll:30: Flow call outside 'select' clause
+      none()
+    }
   }
 
   /**
@@ -56,6 +62,8 @@ module AllocationSizeOverflow {
         succ = c
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /** Tracks taint flow to find allocation-size overflows. */

go/ql/lib/semmle/go/security/CleartextLogging.qll

@@ -46,6 +46,8 @@ module CleartextLogging {
       // Also exclude protobuf field fetches, since they amount to single field reads.
       not any(Protobuf::GetMethod gm).taintStep(src, trg)
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /**

go/ql/lib/semmle/go/security/CommandInjection.qll

@@ -24,6 +24,8 @@ module CommandInjection {
     }
 
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /**
@@ -80,6 +82,8 @@ module CommandInjection {
       node instanceof Sanitizer or
       node = any(ArgumentArrayWithDoubleDash array).getASanitizedElement()
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /**

go/ql/lib/semmle/go/security/ExternalAPIs.qll

@@ -186,6 +186,13 @@ private module UntrustedDataConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
+
+  predicate observeDiffInformedIncrementalMode() {
+    // TODO(diff-informed): Manually verify if config can be diff-informed.
+    // go/ql/lib/semmle/go/security/ExternalAPIs.qll:210: Flow call outside 'select' clause
+    // go/ql/lib/semmle/go/security/ExternalAPIs.qll:213: Flow call outside 'select' clause
+    none()
+  }
 }
 
 /**
@@ -197,6 +204,8 @@ private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::Conf
   predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

go/ql/lib/semmle/go/security/HardcodedCredentials.qll

@@ -30,6 +30,8 @@ module HardcodedCredentials {
     predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /** Tracks taint flow for reasoning about hardcoded credentials. */

go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll

@@ -440,6 +440,8 @@ private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConf
     state2 = node2.(FlowStateTransformer).transform(state1) and
     DataFlow::simpleLocalFlowStep(node1, node2, _)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

go/ql/lib/semmle/go/security/InsecureRandomness.qll

@@ -39,6 +39,8 @@ module InsecureRandomness {
         n2.getType() instanceof IntegerType
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /**

go/ql/lib/semmle/go/security/LogInjection.qll

@@ -21,6 +21,13 @@ module LogInjection {
     predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
     predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // shared/dataflow/codeql/dataflow/test/InlineFlowTest.qll:122: Flow call outside 'select' clause
+      // shared/dataflow/codeql/dataflow/test/InlineFlowTest.qll:140: Flow call outside 'select' clause
+      none()
+    }
   }
 
   /** Tracks taint flow for reasoning about log injection vulnerabilities. */

go/ql/lib/semmle/go/security/MissingJwtSignatureCheck.qll

@@ -23,6 +23,8 @@ module MissingJwtSignatureCheck {
     predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
       any(AdditionalFlowStep s).step(nodeFrom, nodeTo)
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /** Tracks taint flow for reasoning about JWT vulnerabilities. */
@@ -36,6 +38,12 @@ module MissingJwtSignatureCheck {
     predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
       any(AdditionalFlowStep s).step(nodeFrom, nodeTo)
     }
+
+    predicate observeDiffInformedIncrementalMode() {
+      // TODO(diff-informed): Manually verify if config can be diff-informed.
+      // go/ql/lib/semmle/go/security/MissingJwtSignatureCheck.qll:18: Flow call outside 'select' clause
+      none()
+    }
   }
 
   private module SafeParse = TaintTracking::Global<SafeParseConfig>;