Shared: Make approximate location filtering the default behaviour

Author: asgerf

java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll

@@ -55,13 +55,7 @@ module PolynomialRedosConfig implements DataFlow::ConfigSig {
       regexp.getRootTerm() = sink.(PolynomialRedosSink).getRegExp()
     |
       result = sink.getLocation()
-    )
-  }
-
-  Location getASelectedSinkLocationApprox(DataFlow::Node sink) {
-    exists(SuperlinearBackTracking::PolynomialBackTrackingTerm regexp |
-      regexp.getRootTerm() = sink.(PolynomialRedosSink).getRegExp()
-    |
+      or
       result = regexp.getLocation()
     )
   }

python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll

@@ -22,9 +22,7 @@ private module PolynomialReDoSConfig implements DataFlow::ConfigSig {
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
     result = sink.(Sink).getHighlight().getLocation()
-  }
-
-  Location getASelectedSinkLocationApprox(DataFlow::Node sink) {
+    or
     result = sink.(Sink).getABacktrackingTerm().getLocation()
   }
 }

ruby/ql/lib/codeql/ruby/security/regexp/PolynomialReDoSQuery.qll

@@ -25,9 +25,7 @@ private module PolynomialReDoSConfig implements DataFlow::ConfigSig {
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
     result = sink.(Sink).getHighlight().getLocation()
-  }
-
-  Location getASelectedSinkLocationApprox(DataFlow::Node sink) {
+    or
     result = sink.(Sink).getRegExp().getRootTerm().getLocation()
   }
 }

shared/dataflow/codeql/dataflow/DataFlow.qll

@@ -459,15 +459,6 @@ module Configs<LocationSig Location, InputSig<Location> Lang> {
      */
     default Location getASelectedSourceLocation(Node source) { result = source.getLocation() }
 
-    /**
-     * Like `getASelectedSourceLocation`, but only has to get a location _containing_ the
-     * actual location associated with `source`.
-     *
-     * This prunes fewer sources than `getASelectedSourceLocation` but leaves room for the possibility
-     * that a more precise location can be selected in the query.
-     */
-    default Location getASelectedSourceLocationApprox(Node source) { none() }
-
     /**
      * Gets a location that will be associated with the given `sink` in a
      * diff-informed query that uses this configuration (see
@@ -478,15 +469,6 @@ module Configs<LocationSig Location, InputSig<Location> Lang> {
      * report the sink at all, this predicate can be `none()`.
      */
     default Location getASelectedSinkLocation(Node sink) { result = sink.getLocation() }
-
-    /**
-     * Like `getASelectedSinkLocation`, but only has to get a location _containing_ the
-     * actual location associated with `sink`.
-     *
-     * This prunes fewer sinks than `getASelectedSinkLocation` but leaves room for the possibility
-     * that a more precise location can be selected in the query.
-     */
-    default Location getASelectedSinkLocationApprox(Node sink) { none() }
   }
 
   /** An input configuration for data flow using flow state. */
@@ -626,15 +608,6 @@ module Configs<LocationSig Location, InputSig<Location> Lang> {
      */
     default Location getASelectedSourceLocation(Node source) { result = source.getLocation() }
 
-    /**
-     * Like `getASelectedSourceLocation`, but only has to get a location _containing_ the
-     * actual location associated with `source`.
-     *
-     * This prunes fewer sources than `getASelectedSourceLocation` but leaves room for the possibility
-     * that a more precise location can be selected in the query.
-     */
-    default Location getASelectedSourceLocationApprox(Node source) { none() }
-
     /**
      * Gets a location that will be associated with the given `sink` in a
      * diff-informed query that uses this configuration (see
@@ -645,15 +618,6 @@ module Configs<LocationSig Location, InputSig<Location> Lang> {
      * report the sink at all, this predicate can be `none()`.
      */
     default Location getASelectedSinkLocation(Node sink) { result = sink.getLocation() }
-
-    /**
-     * Like `getASelectedSinkLocation`, but only has to get a location _containing_ the
-     * actual location associated with `sink`.
-     *
-     * This prunes fewer sinks than `getASelectedSinkLocation` but leaves room for the possibility
-     * that a more precise location can be selected in the query.
-     */
-    default Location getASelectedSinkLocationApprox(Node sink) { none() }
   }
 }
 

shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll

@@ -145,11 +145,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
 
     Location getASelectedSourceLocation(Node source);
 
-    Location getASelectedSourceLocationApprox(Node source);
-
     Location getASelectedSinkLocation(Node sink);
-
-    Location getASelectedSinkLocationApprox(Node sink);
   }
 
   /**

shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll

@@ -133,9 +133,7 @@ module MakeImplStage1<LocationSig Location, InputSig<Location> Lang> {
       private predicate isFilteredSource(Node source) {
         Config::isSource(source, _) and
         if Config::observeDiffInformedIncrementalMode()
-        then
-          AlertFiltering::filterByLocation(Config::getASelectedSourceLocation(source)) or
-          AlertFiltering::filterByLocationApprox(Config::getASelectedSourceLocationApprox(source))
+        then AlertFiltering::filterByLocation(Config::getASelectedSourceLocation(source))
         else any()
       }
 
@@ -146,9 +144,7 @@ module MakeImplStage1<LocationSig Location, InputSig<Location> Lang> {
           Config::isSink(sink)
         ) and
         if Config::observeDiffInformedIncrementalMode()
-        then
-          AlertFiltering::filterByLocation(Config::getASelectedSinkLocation(sink)) or
-          AlertFiltering::filterByLocationApprox(Config::getASelectedSinkLocationApprox(sink))
+        then AlertFiltering::filterByLocation(Config::getASelectedSinkLocation(sink))
         else any()
       }
 

shared/util/codeql/util/AlertFiltering.qll

@@ -89,32 +89,6 @@ module AlertFilteringImpl<LocationSig Location> {
   /** Applies alert filtering to the given location. */
   bindingset[location]
   predicate filterByLocation(Location location) {
-    not restrictAlertsTo(_, _, _) and not restrictAlertsToExactLocation(_, _, _, _, _)
-    or
-    exists(string filePath |
-      restrictAlertsToEntireFile(filePath) and
-      location.hasLocationInfo(filePath, _, _, _, _)
-      or
-      exists(int line |
-        restrictAlertsToStartLine(filePath, line) and
-        location.hasLocationInfo(filePath, line, _, _, _)
-      )
-    )
-    or
-    exists(string filePath, int startLine, int startColumn, int endLine, int endColumn |
-      restrictAlertsToExactLocation(filePath, startLine, startColumn, endLine, endColumn)
-    |
-      location.hasLocationInfo(filePath, startLine, startColumn, endLine, endColumn)
-    )
-  }
-
-  /**
-   * Holds if some subrange within `location` would be accepted by alert filtering.
-   *
-   * There does not need to exist a `Location` corresponding to that subrange.
-   */
-  bindingset[location]
-  predicate filterByLocationApprox(Location location) {
     not restrictAlertsTo(_, _, _) and not restrictAlertsToExactLocation(_, _, _, _, _)
     or
     exists(string filePath |