DataFlow: Add has{Source,Sink}InDiffRange

jbj · jbj · commit 964a0a54143d · 2025-02-07T14:58:55.000+01:00
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
@@ -8,6 +8,7 @@ private import codeql.util.Unit
 private import codeql.util.Option
 private import codeql.util.Boolean
 private import codeql.util.Location
+private import codeql.util.AlertFiltering
 private import codeql.dataflow.DataFlow
 private import DataFlowImplStage1
 
@@ -19,6 +20,8 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
   private import DataFlowImplCommonPublic
   private import Aliases
 
+  private module AlertFiltering = AlertFilteringImpl<Location>;
+
   /**
    * An input configuration for data flow using flow state. This signature equals
    * `StateConfigSig`, but requires explicit implementation of all predicates.
@@ -3389,6 +3392,38 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
      */
     predicate flowToExpr(Expr sink) { flowTo(exprNode(sink)) }
 
+    /**
+     * Holds if the configuration has at least one source in the diff range as
+     * determined by `AlertFiltering`. This predicate is independent of whether
+     * diff-informed mode is observed by the configuration and is also
+     * independent whether there was flow.
+     */
+    pragma[nomagic]
+    predicate hasSourceInDiffRange() {
+      exists(Node source |
+        Config::isSource(source, _) and
+        AlertFiltering::filterByLocation(Config::getASelectedSourceLocation(source))
+        // TODO: also require `Config::isSink(_, _)`? Because if the source
+        // isn't reachable, it may as well not be there.
+      )
+    }
+
+    /**
+     * Holds if the configuration has at least one sink in the diff range as
+     * determined by `AlertFiltering`. This predicate is independent of whether
+     * diff-informed mode is observed by the configuration and is also
+     * independent whether there was flow.
+     */
+    pragma[nomagic]
+    predicate hasSinkInDiffRange() {
+      exists(Node sink |
+        Config::isSink(sink, _) and
+        AlertFiltering::filterByLocation(Config::getASelectedSinkLocation(sink))
+        // TODO: also require `Config::isSource(_, _)`? Because if the sink
+        // isn't reachable, it may as well not be there.
+      )
+    }
+
     /**
      * INTERNAL: Only for debugging.
      *
