From 4b6135c0f7af0134e0529019641d0a5efad1dc62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= <d10c@users.noreply.github.com>
Date: Wed, 16 Jul 2025 16:35:33 +0200
Subject: [PATCH] [DIFF-INFORMED] Ruby: MissingFullAnchor

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql#L18
---
 .../codeql/ruby/security/regexp/MissingFullAnchorQuery.qll    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ruby/ql/lib/codeql/ruby/security/regexp/MissingFullAnchorQuery.qll b/ruby/ql/lib/codeql/ruby/security/regexp/MissingFullAnchorQuery.qll
index febfa0712d9b..3516e8319bca 100644
--- a/ruby/ql/lib/codeql/ruby/security/regexp/MissingFullAnchorQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/regexp/MissingFullAnchorQuery.qll
@@ -17,6 +17,10 @@ private module MissingFullAnchorConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() {
+    none() // can't be made diff-informed because the locations of Ruby RegExpTerms aren't correct when the regexp is parsed from a string arising from constant folding
+  }
 }
 
 /**