Merge pull request #18636 from jbj/diff-informed-java-location-fixups

Java: make diff-informed queries exact

Author: jbj

java/ql/lib/semmle/code/java/security/CommandLineQuery.qll

@@ -59,12 +59,15 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
     any(CommandInjectionAdditionalTaintStep s).step(n1, n2)
   }
 
-  // It's valid to use diff-informed data flow for this configuration because
-  // the location of the selected element in the query is contained inside the
-  // location of the sink. The query, as a predicate, is used negated in
-  // another query, but that's only to prevent overlapping results between two
-  // queries.
+  // The query, as a predicate, is used negated in another query, but that's
+  // only to prevent overlapping results between two queries.
   predicate observeDiffInformedIncrementalMode() { any() }
+
+  // All queries use the argument as the primary location and do not use the
+  // sink as an associated location.
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(Expr argument | argumentToExec(argument, sink) | result = argument.getLocation())
+  }
 }
 
 /**

java/ql/lib/semmle/code/java/security/WebviewDebuggingEnabledQuery.qll

@@ -46,6 +46,12 @@ module WebviewDebugEnabledConfig implements DataFlow::ConfigSig {
   }
 
   predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSourceLocation(DataFlow::Node source) {
+    // This module is only used in `WebviewDebuggingEnabled.ql`, which doesn't
+    // select the source in any "$@" column.
+    none()
+  }
 }
 
 /**