Dataflow: apply diff-informed filtering consistently

shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll

@@ -167,7 +167,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
     private module SourceSinkFiltering {
       private import codeql.util.AlertFiltering
 
-      private module AlertFiltering = AlertFilteringImpl<Location>;
+      module AlertFiltering = AlertFilteringImpl<Location>;
 
       pragma[nomagic]
       private predicate isFilteredSource(Node source) {
@@ -3511,6 +3511,19 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
              * included in the module `PathGraph`.
              */
             predicate flowPath(PathNode source, PathNode sink) {
+              (
+                // When there are both sources and sinks in the diff range,
+                // diff-informed dataflow falls back to computing all paths without
+                // any filtering. To prevent significant alert flip-flopping due to
+                // minor code changes triggering the fallback, we consistently apply
+                // source-or-sink filtering here to ensure that we return the same
+                // paths regardless of whether the fallback is triggered.
+                if Config::observeDiffInformedIncrementalMode()
+                then
+                  AlertFiltering::filterByLocation(source.getLocation()) or
+                  AlertFiltering::filterByLocation(sink.getLocation())
+                else any()
+              ) and
               exists(PathNodeImpl flowsource, PathNodeImpl flowsink |
                 source = flowsource and sink = flowsink
               |