Java: Diff-informed PolynomialReDoS.ql

This and other queries would also benefit from making `RegexFlow`
diff-informed. That will come later.

Author: jbj

java/ql/lib/semmle/code/java/security/regexp/PolynomialReDoSQuery.qll

@@ -47,6 +47,18 @@ module PolynomialRedosConfig implements DataFlow::ConfigSig {
     node instanceof SimpleTypeSanitizer or
     node.asExpr().(MethodCall).getMethod() instanceof LengthRestrictedMethod
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(SuperlinearBackTracking::PolynomialBackTrackingTerm regexp |
+      regexp.getRootTerm() = sink.(PolynomialRedosSink).getRegExp()
+    |
+      result = sink.getLocation()
+      or
+      result = regexp.getLocation()
+    )
+  }
 }
 
 module PolynomialRedosFlow = TaintTracking::Global<PolynomialRedosConfig>;